private String getContent(final String urlString) throws FrameworkException {
final SourceSite site = getSite();
String proxyUrl = site.getProperty(SourceSite.proxyUrl);
String proxyUsername = site.getProperty(SourceSite.proxyUsername);
String proxyPassword = site.getProperty(SourceSite.proxyPassword);
Principal user = securityContext.getCachedUser();
if (user != null & StringUtils.isBlank(proxyUrl)) {
proxyUrl = user.getProperty(Principal.proxyUrl);
proxyUsername = user.getProperty(Principal.proxyUsername);
proxyPassword = user.getProperty(Principal.proxyPassword);
}
final String cookie = site.getProperty(SourceSite.cookie);
return HttpHelper.get(
urlString, proxyUrl, proxyUsername, proxyPassword, cookie, Collections.EMPTY_MAP)
.replace("<head>", "<head>\n <base href=\"" + urlString + "\">");
}
@Override
public String getOwnerName() {
String name = "";
try (Tx tx = StructrApp.getInstance().tx()) {
Principal owner = getOwner();
if (owner != null) {
name = owner.getProperty(AbstractUser.name);
}
tx.success();
} catch (FrameworkException fex) {
logger.log(Level.SEVERE, "Error while getting owner name of " + this, fex);
}
return name;
}
@Override
public Principal doLogin(
final HttpServletRequest request, final String emailOrUsername, final String password)
throws AuthenticationException, FrameworkException {
final Principal user =
AuthHelper.getPrincipalForPassword(Person.eMail, emailOrUsername, password);
if (user != null) {
final String allowLoginBeforeConfirmation =
Services.getInstance()
.getConfigurationValue(RegistrationResource.ALLOW_LOGIN_BEFORE_CONFIRMATION);
if (user.getProperty(User.confirmationKey) != null
&& Boolean.FALSE.equals(Boolean.parseBoolean(allowLoginBeforeConfirmation))) {
logger.log(Level.WARNING, "Login as {0} not allowed before confirmation.", user);
throw new AuthenticationException(AuthHelper.STANDARD_ERROR_MSG);
}
AuthHelper.doLogin(request, user);
}
return user;
}
public boolean isAuthenticated() {
final Principal user = getCurrentUser();
return (user != null
&& (user.getProperty(Principal.isAdmin) || user.getProperty(User.backendUser)));
}
@Override
public void checkResourceAccess(
final SecurityContext securityContext,
final HttpServletRequest request,
final String rawResourceSignature,
final String propertyView)
throws FrameworkException {
final ResourceAccess resourceAccess =
ResourceAccess.findGrant(securityContext, rawResourceSignature);
final Method method = methods.get(request.getMethod());
final Principal user = getUser(request, true);
final boolean validUser = (user != null);
// super user is always authenticated
if (validUser && (user instanceof SuperUser || user.getProperty(Principal.isAdmin))) {
return;
}
// no grants => no access rights
if (resourceAccess == null) {
logger.log(
Level.INFO, "No resource access grant found for signature {0}.", rawResourceSignature);
throw new UnauthorizedException("Forbidden");
} else {
switch (method) {
case GET:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {
return;
}
break;
case PUT:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {
return;
}
break;
case POST:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {
return;
}
break;
case DELETE:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {
return;
}
break;
case OPTIONS:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {
return;
}
break;
case HEAD:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {
return;
}
break;
}
}
logger.log(
Level.INFO,
"Resource access grant found for signature {0}, but method {1} not allowed for {2}.",
new Object[] {
rawResourceSignature, method, validUser ? "authenticated users" : "public users"
});
throw new UnauthorizedException("Forbidden");
}