Esempio n. 1
0
  private String getContent(final String urlString) throws FrameworkException {

    final SourceSite site = getSite();

    String proxyUrl = site.getProperty(SourceSite.proxyUrl);
    String proxyUsername = site.getProperty(SourceSite.proxyUsername);
    String proxyPassword = site.getProperty(SourceSite.proxyPassword);

    Principal user = securityContext.getCachedUser();

    if (user != null & StringUtils.isBlank(proxyUrl)) {
      proxyUrl = user.getProperty(Principal.proxyUrl);
      proxyUsername = user.getProperty(Principal.proxyUsername);
      proxyPassword = user.getProperty(Principal.proxyPassword);
    }

    final String cookie = site.getProperty(SourceSite.cookie);

    return HttpHelper.get(
            urlString, proxyUrl, proxyUsername, proxyPassword, cookie, Collections.EMPTY_MAP)
        .replace("<head>", "<head>\n  <base href=\"" + urlString + "\">");
  }
Esempio n. 2
0
  @Override
  public String getOwnerName() {

    String name = "";

    try (Tx tx = StructrApp.getInstance().tx()) {

      Principal owner = getOwner();
      if (owner != null) {

        name = owner.getProperty(AbstractUser.name);
      }
      tx.success();

    } catch (FrameworkException fex) {
      logger.log(Level.SEVERE, "Error while getting owner name of " + this, fex);
    }

    return name;
  }
Esempio n. 3
0
  @Override
  public Principal doLogin(
      final HttpServletRequest request, final String emailOrUsername, final String password)
      throws AuthenticationException, FrameworkException {

    final Principal user =
        AuthHelper.getPrincipalForPassword(Person.eMail, emailOrUsername, password);
    if (user != null) {

      final String allowLoginBeforeConfirmation =
          Services.getInstance()
              .getConfigurationValue(RegistrationResource.ALLOW_LOGIN_BEFORE_CONFIRMATION);
      if (user.getProperty(User.confirmationKey) != null
          && Boolean.FALSE.equals(Boolean.parseBoolean(allowLoginBeforeConfirmation))) {
        logger.log(Level.WARNING, "Login as {0} not allowed before confirmation.", user);
        throw new AuthenticationException(AuthHelper.STANDARD_ERROR_MSG);
      }

      AuthHelper.doLogin(request, user);
    }

    return user;
  }
Esempio n. 4
0
  public boolean isAuthenticated() {

    final Principal user = getCurrentUser();
    return (user != null
        && (user.getProperty(Principal.isAdmin) || user.getProperty(User.backendUser)));
  }
Esempio n. 5
0
  @Override
  public void checkResourceAccess(
      final SecurityContext securityContext,
      final HttpServletRequest request,
      final String rawResourceSignature,
      final String propertyView)
      throws FrameworkException {

    final ResourceAccess resourceAccess =
        ResourceAccess.findGrant(securityContext, rawResourceSignature);
    final Method method = methods.get(request.getMethod());
    final Principal user = getUser(request, true);
    final boolean validUser = (user != null);

    // super user is always authenticated
    if (validUser && (user instanceof SuperUser || user.getProperty(Principal.isAdmin))) {
      return;
    }

    // no grants => no access rights
    if (resourceAccess == null) {

      logger.log(
          Level.INFO, "No resource access grant found for signature {0}.", rawResourceSignature);

      throw new UnauthorizedException("Forbidden");

    } else {

      switch (method) {
        case GET:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {

            return;
          }

          break;

        case PUT:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {

            return;
          }

          break;

        case POST:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {

            return;
          }

          break;

        case DELETE:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {

            return;
          }

          break;

        case OPTIONS:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {

            return;
          }

          break;

        case HEAD:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {

            return;
          }

          break;
      }
    }

    logger.log(
        Level.INFO,
        "Resource access grant found for signature {0}, but method {1} not allowed for {2}.",
        new Object[] {
          rawResourceSignature, method, validUser ? "authenticated users" : "public users"
        });

    throw new UnauthorizedException("Forbidden");
  }