@Override public void actionPerformed(FormEvent event) { ServletRequest request = getRequest(); try { // perform access check SecurityAccess access = acquireAccess(this); if (access == null) { getRequest().setAttribute("SOURCE", this.getClass().getName()); getRequest().setAttribute("MESSAGE", get("IGEO_STD_SEC_ERROR_UNAUTHORIZED_ACCESS")); setNextPage("error.jsp"); return; } checkForAdminRole(access); LinkedList<Service> services = access.getAllServices(); request.setAttribute("SERVICES", services); } catch (GeneralSecurityException e) { getRequest().setAttribute("SOURCE", this.getClass().getName()); getRequest() .setAttribute("MESSAGE", get("IGEO_STD_SEC_FAIL_INIT_SERVICES_EDITOR", e.getMessage())); setNextPage("error.jsp"); LOG.logError(e.getMessage(), e); } catch (Exception e) { LOG.logError(get("IGEO_STD_SEC_ERROR_UNKNOWN", stackTraceToString(e))); getRequest().setAttribute("SOURCE", this.getClass().getName()); getRequest() .setAttribute("MESSAGE", get("IGEO_STD_SEC_FAIL_INIT_SERVICES_EDITOR", e.getMessage())); setNextPage("error.jsp"); } }
@Override public void actionPerformed(FormEvent event) { // the Role for which the rights are to be set int roleId = -1; // array of ints, ids of Layers (SecuredObjects) for which // the Role has access rights int[] layers = null; // corresponding maps of key (PropertyName) / value-pairs that // constitute access constraints Map<String, Object>[] layerConstraints = null; SecurityAccessManager manager = null; SecurityTransaction transaction = null; try { RPCWebEvent ev = (RPCWebEvent) event; RPCMethodCall rpcCall = ev.getRPCMethodCall(); RPCParameter[] params = rpcCall.getParameters(); // validates the incomming method call and extracts the roleID roleId = validate(params); RPCParameter[] layerParams = (RPCParameter[]) params[1].getValue(); layers = new int[layerParams.length]; layerConstraints = new Map[layerParams.length]; extractLayerValues(layers, layerConstraints, layerParams); // extract FeatureType rights if (!(params[2].getValue() instanceof RPCParameter[])) { throw new RPCException(Messages.getMessage("IGEO_STD_STORERIGHTS_THIRD_PARAM")); } // array of ints, ids of FeatureTypes (SecuredObjects) for which // the Role has access rights FeatureTypeRight[] featureTypes = extractFeatureTypeValues(params); transaction = SecurityHelper.acquireTransaction(this); SecurityHelper.checkForAdminRole(transaction); manager = SecurityAccessManager.getInstance(); User user = transaction.getUser(); Role role = transaction.getRoleById(roleId); // perform access check if (!user.hasRight(transaction, "update", role)) { getRequest().setAttribute("SOURCE", this.getClass().getName()); String s = Messages.getMessage("IGEO_STD_STORERIGHTS_MISSING_RIGHTS", role.getName()); getRequest().setAttribute("MESSAGE", s); setNextPage("error.jsp"); return; } // set/delete access rights for Layers SecuredObject[] presentLayers = transaction.getAllSecuredObjects(ClientHelper.TYPE_LAYER); setAccessRightsForLayers(layers, layerConstraints, transaction, role, presentLayers); // set/delete access rights for FeatureTypes SecuredObject[] presentFeatureTypes = transaction.getAllSecuredObjects(ClientHelper.TYPE_FEATURETYPE); setAccessRightsForFeatureTypes(featureTypes, transaction, role, presentFeatureTypes); manager.commitTransaction(transaction); transaction = null; String s = Messages.getMessage("IGEO_STD_STORERIGHTS_SUCCESS", role.getID()); getRequest().setAttribute("MESSAGE", s); } catch (RPCException e) { getRequest().setAttribute("SOURCE", this.getClass().getName()); String s = Messages.getMessage("IGEO_STD_STORERIGHTS_INVALID_REQ", e.getMessage()); getRequest().setAttribute("MESSAGE", s); setNextPage("error.jsp"); LOG.logDebug(e.getMessage(), e); } catch (GeneralSecurityException e) { getRequest().setAttribute("SOURCE", this.getClass().getName()); String s = Messages.getMessage("IGEO_STD_STORERIGHTS_ERROR", e.getMessage()); getRequest().setAttribute("MESSAGE", s); setNextPage("error.jsp"); LOG.logDebug(e.getMessage(), e); } finally { if (manager != null && transaction != null) { try { manager.abortTransaction(transaction); } catch (GeneralSecurityException e) { LOG.logDebug(e.getMessage(), e); } } } }