コード例 #1
0
  public void updateChangeLog(
      final Principal user,
      final Verb verb,
      final PropertyKey key,
      final Object previousValue,
      final Object newValue) {

    if (changeLogEnabled && changeLog != null && key != null) {

      final String name = key.jsonName();

      if (!hiddenPropertiesInAuditLog.contains(name)
          && !(key.isUnvalidated() || key.isReadOnly())) {

        final JsonObject obj = new JsonObject();

        obj.add("time", toElement(System.currentTimeMillis()));
        obj.add("userId", toElement(user.getUuid()));
        obj.add("userName", toElement(user.getName()));
        obj.add("verb", toElement(verb));
        obj.add("key", toElement(key.jsonName()));
        obj.add("prev", toElement(previousValue));
        obj.add("val", toElement(newValue));

        changeLog.append(obj.toString());
        changeLog.append("\n");
      }
    }
  }
コード例 #2
0
ファイル: Page.java プロジェクト: tolleiv/structr
  @Override
  public String getGroupName() {

    String name = "";

    try (Tx tx = StructrApp.getInstance().tx()) {

      Principal owner = getOwner();

      if (owner != null) {
        List<Principal> parents = owner.getParents();
        if (!parents.isEmpty()) {

          name = parents.get(0).getProperty(AbstractNode.name);
        }
      }

      tx.success();

    } catch (FrameworkException fex) {
      logger.log(Level.SEVERE, "Error while getting group name of " + this, fex);
    }

    return name;
  }
コード例 #3
0
  // ----- private methods -----
  private void invalidateSessionId(final String sessionId) {

    // find user with given session ID and remove ID from list of valid sessions
    final Principal userWithInvalidSession = AuthHelper.getPrincipalForSessionId(sessionId);
    if (userWithInvalidSession != null) {

      userWithInvalidSession.removeSessionId(sessionId);
    }
  }
コード例 #4
0
  public void updateChangeLog(final Principal user, final Verb verb, final String object) {

    if (changeLogEnabled && changeLog != null) {

      final JsonObject obj = new JsonObject();

      obj.add("time", toElement(System.currentTimeMillis()));
      obj.add("userId", toElement(user.getUuid()));
      obj.add("userName", toElement(user.getName()));
      obj.add("verb", toElement(verb));
      obj.add("target", toElement(object));

      changeLog.append(obj.toString());
      changeLog.append("\n");
    }
  }
コード例 #5
0
ファイル: Page.java プロジェクト: tolleiv/structr
  @Override
  public String getOwnerName() {

    String name = "";

    try (Tx tx = StructrApp.getInstance().tx()) {

      Principal owner = getOwner();
      if (owner != null) {

        name = owner.getProperty(AbstractUser.name);
      }
      tx.success();

    } catch (FrameworkException fex) {
      logger.log(Level.SEVERE, "Error while getting owner name of " + this, fex);
    }

    return name;
  }
コード例 #6
0
ファイル: SourcePattern.java プロジェクト: structr/structr
  private String getContent(final String urlString) throws FrameworkException {

    final SourceSite site = getSite();

    String proxyUrl = site.getProperty(SourceSite.proxyUrl);
    String proxyUsername = site.getProperty(SourceSite.proxyUsername);
    String proxyPassword = site.getProperty(SourceSite.proxyPassword);

    Principal user = securityContext.getCachedUser();

    if (user != null & StringUtils.isBlank(proxyUrl)) {
      proxyUrl = user.getProperty(Principal.proxyUrl);
      proxyUsername = user.getProperty(Principal.proxyUsername);
      proxyPassword = user.getProperty(Principal.proxyPassword);
    }

    final String cookie = site.getProperty(SourceSite.cookie);

    return HttpHelper.get(
            urlString, proxyUrl, proxyUsername, proxyPassword, cookie, Collections.EMPTY_MAP)
        .replace("<head>", "<head>\n  <base href=\"" + urlString + "\">");
  }
コード例 #7
0
  @Override
  public Principal doLogin(
      final HttpServletRequest request, final String emailOrUsername, final String password)
      throws AuthenticationException, FrameworkException {

    final Principal user =
        AuthHelper.getPrincipalForPassword(Person.eMail, emailOrUsername, password);
    if (user != null) {

      final String allowLoginBeforeConfirmation =
          Services.getInstance()
              .getConfigurationValue(RegistrationResource.ALLOW_LOGIN_BEFORE_CONFIRMATION);
      if (user.getProperty(User.confirmationKey) != null
          && Boolean.FALSE.equals(Boolean.parseBoolean(allowLoginBeforeConfirmation))) {
        logger.log(Level.WARNING, "Login as {0} not allowed before confirmation.", user);
        throw new AuthenticationException(AuthHelper.STANDARD_ERROR_MSG);
      }

      AuthHelper.doLogin(request, user);
    }

    return user;
  }
コード例 #8
0
  // ----- private methods -----
  private void updateAccessInformation(
      final SecurityContext securityContext, final PropertyContainer propertyContainer)
      throws FrameworkException {

    try {

      final Principal user = securityContext.getUser(false);
      String modifiedById = null;

      if (user != null) {

        if (user instanceof SuperUser) {

          // "virtual" UUID of superuser
          modifiedById = Principal.SUPERUSER_ID;

        } else {

          modifiedById = user.getUuid();
        }

        propertyContainer.setProperty(AbstractNode.lastModifiedBy.dbName(), modifiedById);
      }

      if (!securityContext.dontModifyAccessTime()) {

        propertyContainer.setProperty(
            AbstractNode.lastModifiedDate.dbName(), System.currentTimeMillis());
      }

    } catch (Throwable t) {

      // fail without throwing an exception here
      logger.warn("", t);
    }
  }
コード例 #9
0
ファイル: StructrWebSocket.java プロジェクト: hwloh/structr
  public boolean isAuthenticated() {

    final Principal user = getCurrentUser();
    return (user != null
        && (user.getProperty(Principal.isAdmin) || user.getProperty(User.backendUser)));
  }
コード例 #10
0
  /**
   * This method checks if the current request is a user registration confirmation, usually
   * triggered by a user clicking on a confirmation link in an e-mail.
   *
   * @param request
   * @param response
   * @param path
   * @return true if the registration was successful
   * @throws FrameworkException
   * @throws IOException
   */
  private boolean checkRegistration(
      final Authenticator auth,
      final HttpServletRequest request,
      final HttpServletResponse response,
      final String path)
      throws FrameworkException, IOException {

    logger.log(Level.FINE, "Checking registration ...");

    String key = request.getParameter(CONFIRM_KEY_KEY);

    if (StringUtils.isEmpty(key)) {
      return false;
    }

    String targetPage = request.getParameter(TARGET_PAGE_KEY);
    String errorPage = request.getParameter(ERROR_PAGE_KEY);

    if (CONFIRM_REGISTRATION_PAGE.equals(path)) {

      final App app = StructrApp.getInstance();

      Result<Principal> results;
      try (final Tx tx = app.tx()) {

        results = app.nodeQuery(Principal.class).and(User.confirmationKey, key).getResult();
      }

      if (!results.isEmpty()) {

        final Principal user = results.get(0);

        try (final Tx tx = app.tx()) {

          // Clear confirmation key and set session id
          user.setProperty(User.confirmationKey, null);

          if (auth.getUserAutoLogin()) {

            AuthHelper.doLogin(request, user);
          }

          tx.success();
        }

        // Redirect to target page
        if (StringUtils.isNotBlank(targetPage)) {
          response.sendRedirect("/" + targetPage);
        }

        return true;

      } else {
        // Redirect to error page
        if (StringUtils.isNotBlank(errorPage)) {
          response.sendRedirect("/" + errorPage);
        }

        return true;
      }
    }

    return false;
  }
コード例 #11
0
  @Override
  public void checkResourceAccess(
      final SecurityContext securityContext,
      final HttpServletRequest request,
      final String rawResourceSignature,
      final String propertyView)
      throws FrameworkException {

    final ResourceAccess resourceAccess =
        ResourceAccess.findGrant(securityContext, rawResourceSignature);
    final Method method = methods.get(request.getMethod());
    final Principal user = getUser(request, true);
    final boolean validUser = (user != null);

    // super user is always authenticated
    if (validUser && (user instanceof SuperUser || user.getProperty(Principal.isAdmin))) {
      return;
    }

    // no grants => no access rights
    if (resourceAccess == null) {

      logger.log(
          Level.INFO, "No resource access grant found for signature {0}.", rawResourceSignature);

      throw new UnauthorizedException("Forbidden");

    } else {

      switch (method) {
        case GET:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {

            return;
          }

          break;

        case PUT:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {

            return;
          }

          break;

        case POST:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {

            return;
          }

          break;

        case DELETE:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {

            return;
          }

          break;

        case OPTIONS:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {

            return;
          }

          break;

        case HEAD:
          if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {

            return;
          }

          if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {

            return;
          }

          break;
      }
    }

    logger.log(
        Level.INFO,
        "Resource access grant found for signature {0}, but method {1} not allowed for {2}.",
        new Object[] {
          rawResourceSignature, method, validUser ? "authenticated users" : "public users"
        });

    throw new UnauthorizedException("Forbidden");
  }