/**
* Edit an existing role. The role to edit must be placed in the request attribute
*
* @param mapping mapping
* @param form form
* @param request request
* @param response response
* @return forward
* @throws Exception on any error
*/
public ActionForward edit(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
Role role = (Role) request.getAttribute(Constants.EDITING_ITEM);
if (role == null) {
throw new Exception("No role configured for editing.");
}
PolicyUtil.checkPermission(
PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE,
PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN,
request);
SessionInfo sessionInfo = getSessionInfo(request);
UserDatabase userDatabase =
UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
List<User> users = Arrays.asList(userDatabase.getUsersInRole(role));
RoleForm roleForm = (RoleForm) form;
roleForm.initialize(users);
roleForm.setRolename(role.getPrincipalName());
roleForm.setReferer(CoreUtil.getReferer(request));
roleForm.setEditing();
CoreUtil.addRequiredFieldMessage(this, request);
return mapping.findForward("display");
}
/**
* Create a new role.
*
* @param mapping mapping
* @param form form
* @param request request
* @param response response
* @return forward
* @throws Exception on any error
*/
public ActionForward create(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
SessionInfo sessionInfo = getSessionInfo(request);
UserDatabase userDatabase =
UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
if (!userDatabase.supportsAccountCreation()) {
throw new Exception("The underlying user database does not support role creation.");
}
PolicyUtil.checkPermission(
PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE,
PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN,
request);
RoleForm roleForm = (RoleForm) form;
roleForm.initialize(Collections.<User>emptyList());
roleForm.setReferer(CoreUtil.getReferer(request));
CoreUtil.addRequiredFieldMessage(this, request);
return mapping.findForward("display");
}
private void createRole(RoleForm roleForm, SessionInfo sessionInfo) throws Exception {
UserDatabase userDatabase =
UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
try {
Role role = userDatabase.createRole(roleForm.getRolename());
List<String> selectedUsers = roleForm.getUserList();
updateUserRoles(role, selectedUsers, userDatabase.getRealm());
fireSuccessfulEvent(sessionInfo, CoreEventConstants.GROUP_CREATED, role, selectedUsers);
} catch (Exception expt) {
fireUnsuccessfulEvent(roleForm, sessionInfo, CoreEventConstants.GROUP_CREATED, expt);
throw expt;
}
}
@SuppressWarnings("unchecked")
void notifyAutoStartTunnels() {
try {
SessionInfo session = agent.getSession();
List<Tunnel> tunnels =
ResourceUtil.getGrantedResource(session, TunnelPlugin.SSL_TUNNEL_RESOURCE_TYPE);
List<BundleActionMessage> tunnelFailures = new ArrayList<BundleActionMessage>();
for (Tunnel tunnel : tunnels) {
if (tunnel.isAutoStart()) {
try {
Policy policy =
PolicyDatabaseFactory.getInstance()
.getGrantingPolicyForUser(session.getUser(), tunnel);
LaunchSession launchSession =
LaunchSessionFactory.getInstance().createLaunchSession(session, tunnel, policy);
startTunnel(launchSession);
} catch (TunnelException tne) {
log.error("failed to start tunnel: '" + tunnel + "'", tne);
tunnelFailures.add(tne.getBundleActionMessage());
}
}
}
if (!tunnelFailures.isEmpty()) {
tunnelFailures.add(
0,
new BundleActionMessage("tunnels", "error.tunnels.autostart", tunnelFailures.size()));
for (BundleActionMessage actionMessage : tunnelFailures) {
GlobalWarning globalWarning = new GlobalWarning(session.getHttpSession(), actionMessage);
GlobalWarningManager.getInstance().addToSession(globalWarning);
}
}
} catch (Exception e) {
log.error("Failed to start auto-start tunnels", e);
}
}
