JaasBean.java
3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package fi.insomnia.bortal.beans;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Vector;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.BeanRole;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class SessionHandlerBean
*/
@Stateless
public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
private static final Logger logger = LoggerFactory.getLogger(JaasBean.class);
@EJB
private UserFacade userfacade;
@EJB
private LoggingBeanLocal secubean;
@EJB
private UserBean userbean;
@EJB
private PermissionBeanLocal permbean;
public User tryLogin(String username, String password) {
User user = userfacade.findByLogin(username.trim());
logger.debug("Trying to login as {}", username);
User ret = null;
if (user != null) {
if (user.checkPassword(password)) {
ret = user;
} else {
secubean.logMessage(SecurityLogType.permissionDenied, user, "Login failed: wrong password for username ", username);
}
} else {
secubean.logMessage(SecurityLogType.permissionDenied, null, "Login failed: Username not found: ", username);
}
return ret;
}
@Override
public boolean authenticate(String username, String password) {
boolean ret = (tryLogin(username, password) != null);
return ret;
}
@Override
public Enumeration<String> getGroupNames(String user) {
User usr = userbean.getUser(user);
HashSet<String> roleset = new HashSet<String>();
if (usr != null) {
HashSet<RoleRight> mappedRoles = new HashSet<RoleRight>();
List<Role> usrroles = userbean.localFindUsersRoles(usr);
for (Role r : usrroles) {
for (RoleRight rr : r.getRoleRights()) {
if (!mappedRoles.contains(rr)) {
mappedRoles.add(rr);
if (rr.isExecute()) {
roleset.add(rr.getPermission().getName());
roleset.add(rr.getPermission().append(RolePermission.EXECUTE));
}
if (rr.isRead()) {
roleset.add(rr.getPermission().getName());
roleset.add(rr.getPermission().append(RolePermission.READ));
}
if (rr.isWrite()) {
roleset.add(rr.getPermission().getName());
roleset.add(rr.getPermission().append(RolePermission.WRITE));
}
}
}
}
if (permbean.isLoggedIn()) {
roleset.add("USER");
}
if (usr.isSuperadmin()) {
for (Permission p : Permission.values()) {
roleset.add(p.getName());
roleset.add(p.append(RolePermission.EXECUTE));
roleset.add(p.append(RolePermission.READ));
roleset.add(p.append(RolePermission.WRITE));
}
roleset.add(BeanRole.SUPERADMIN.name());
}
}
Vector<String> retvect = new Vector<String>();
retvect.addAll(roleset);
logger.debug("group names for user {}: {}", user, retvect);
return retvect.elements();
}
}