JaasBean.java
3.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package fi.insomnia.bortal.beans;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Vector;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.BortalApplication;
import fi.insomnia.bortal.enums.apps.IAppPermission;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.ApplicationPermission;
import fi.insomnia.bortal.model.LanEvent;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class SessionHandlerBean
*/
@Stateless
public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
private static final Logger logger = LoggerFactory.getLogger(JaasBean.class);
@EJB
private UserFacade userfacade;
@EJB
private LoggingBeanLocal secubean;
@EJB
private UserBean userbean;
@EJB
private PermissionBeanLocal permbean;
@EJB
private EventBeanLocal eventbean;
public User tryLogin(String username, String password) {
User user = userfacade.findByLogin(username.trim());
User ret = null;
if (user != null) {
if (user.isAnonymous()) {
logger.info("logging in as anonymous!!!");
ret = user;
} else if (user.checkPassword(password)) {
ret = user;
} else {
secubean.logMessage(SecurityLogType.permissionDenied, user, "Login failed: wrong password for username ", username);
}
} else {
secubean.logMessage(SecurityLogType.permissionDenied, null, "Login failed: Username not found: ", username);
}
return ret;
}
@Override
public boolean authenticate(String username, String password) {
logger.warn("Trying to login as {}", username);
boolean ret = (tryLogin(username, password) != null);
return ret;
}
@Override
public Enumeration<String> getGroupNames(String user) {
logger.info("Fetching groupNames for user {}", user);
User usr = userbean.getUser(user);
HashSet<String> roleset = new HashSet<String>();
roleset.add(UserPermission.ANYUSER.getFullName());
if (usr == null) {
usr = permbean.getAnonUser();
roleset.add(SpecialPermission.ANONYMOUS.name());
}
if (usr != null && !usr.isAnonymous()) {
roleset.add(SpecialPermission.USER.name());
}
// TODO: EI NÄIN!!!!! Superadmin ei saa kaikkia oikkia!!
if (usr != null && usr.isSuperadmin()) {
for (BortalApplication app : BortalApplication.values()) {
for (IAppPermission perm : app.getPermissions()) {
roleset.add(perm.getFullName());
}
}
roleset.add(SpecialPermission.SUPERADMIN.name());
} else {
List<Role> usrroles = userbean.localFindUsersRoles(usr);
for (Role role : usrroles) {
for (ApplicationPermission apperm : role.getPermissions()) {
roleset.add(apperm.getPermission().getFullName());
}
}
LanEvent event = eventbean.getCurrentEvent();
if (event != null && !usr.isAnonymous() && event.getDefaultRole() != null) {
for (ApplicationPermission apperm : event.getDefaultRole().getPermissions()) {
roleset.add(apperm.getPermission().getFullName());
}
}
}
Vector<String> retvect = new Vector<String>();
retvect.addAll(roleset);
logger.info("group names for user {}: {}", user, retvect);
return retvect.elements();
}
}