Skip to content

Codecrew / Moya

Go to a project
Commit 49b8d99e by Tuomas Riihimäki
Options

Access permission rewrite on beans!

1 parent f4074e4d
Inline Side-by-side
Showing with 417 additions and 513 deletions
code/LanBortalBeans/.classpath
......@@ -13,5 +13,6 @@
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
<classpathentry kind="src" path="/LanBortalUtilities"/>
<classpathentry kind="src" path="/UtilClasses"/>
<classpathentry kind="output" path="build/classes"/>
</classpath>
code/LanBortalBeans/ejbModule/META-INF/sun-ejb-jar.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<sun-ejb-jar>
<security-role-mapping>
<role-name>ANONYMOUS</role-name>
<group-name>ANONYMOUS</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ORGANIZATION_ROOT</role-name>
<group-name>ORGANIZATION_ROOT</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>SUPERADMIN</role-name>
<group-name>SUPERADMIN</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ADMIN_BASE</role-name>
<group-name>ADMIN_BASE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER_BASE</role-name>
<group-name>USER_BASE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>LOGIN/READ</role-name>
<group-name>LOGIN/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>LOGIN/WRITE</role-name>
<group-name>LOGIN/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>LOGIN/EXECUTE</role-name>
<group-name>LOGIN/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER_MANAGEMENT/READ</role-name>
<group-name>USER_MANAGEMENT/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER_MANAGEMENT/WRITE</role-name>
<group-name>USER_MANAGEMENT/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER_MANAGEMENT/EXECUTE</role-name>
<group-name>USER_MANAGEMENT/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ACCOUNT_MANAGEMENT/READ</role-name>
<group-name>ACCOUNT_MANAGEMENT/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ACCOUNT_MANAGEMENT/WRITE</role-name>
<group-name>ACCOUNT_MANAGEMENT/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ACCOUNT_MANAGEMENT/EXECUTE</role-name>
<group-name>ACCOUNT_MANAGEMENT/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>BILL/READ</role-name>
<group-name>BILL/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>BILL/WRITE</role-name>
<group-name>BILL/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>BILL/EXECUTE</role-name>
<group-name>BILL/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>MAP/READ</role-name>
<group-name>MAP/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>MAP/WRITE</role-name>
<group-name>MAP/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>MAP/EXECUTE</role-name>
<group-name>MAP/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ROLE_MANAGEMENT/READ</role-name>
<group-name>ROLE_MANAGEMENT/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ROLE_MANAGEMENT/WRITE</role-name>
<group-name>ROLE_MANAGEMENT/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ROLE_MANAGEMENT/EXECUTE</role-name>
<group-name>ROLE_MANAGEMENT/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>PRODUCT/READ</role-name>
<group-name>PRODUCT/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>PRODUCT/WRITE</role-name>
<group-name>PRODUCT/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>PRODUCT/EXECUTE</role-name>
<group-name>PRODUCT/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>SHOP/READ</role-name>
<group-name>SHOP/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>SHOP/WRITE</role-name>
<group-name>SHOP/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>SHOP/EXECUTE</role-name>
<group-name>SHOP/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>GAME/READ</role-name>
<group-name>GAME/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>GAME/WRITE</role-name>
<group-name>GAME/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>GAME/EXECUTE</role-name>
<group-name>GAME/EXECUTE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>POLL/READ</role-name>
<group-name>POLL/READ</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>POLL/WRITE</role-name>
<group-name>POLL/WRITE</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>POLL/EXECUTE</role-name>
<group-name>POLL/EXECUTE</group-name>
</security-role-mapping>
<enterprise-beans/>
</sun-ejb-jar>
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/AccountEventBean.java
......@@ -7,19 +7,18 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.AccountEventFacade;
import fi.insomnia.bortal.model.AccountEvent;
import fi.insomnia.bortal.model.EventPk;
import fi.insomnia.bortal.model.LanEvent;
import fi.insomnia.bortal.model.Place;
import fi.insomnia.bortal.model.Product;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.User;
......@@ -28,6 +27,7 @@ import fi.insomnia.bortal.model.User;
* Session Bean implementation class AccountEventBean
*/
@Stateless
@DeclareRoles({ "ACCOUNT_MANAGEMENT/READ", "ACCOUNT_MANAGEMENT/WRITE", "SHOP/EXECUTE" })
public class AccountEventBean implements AccountEventBeanLocal {
@EJB
......@@ -36,13 +36,15 @@ public class AccountEventBean implements AccountEventBeanLocal {
@EJB
private UserBeanLocal userbean;
@EJB
private SecurityBeanLocal sessionbean;
private LoggingBeanLocal loggingbean;
@EJB
private EventBeanLocal eventBean;
@EJB
private ProductBeanLocal prodbean;
@EJB
private PlaceBeanLocal placebean;
@EJB
private PermissionBeanLocal permbean;
private static final Logger logger = LoggerFactory.getLogger(AccountEventBean.class);
......@@ -51,17 +53,17 @@ public class AccountEventBean implements AccountEventBeanLocal {
}
@Override
@RolesAllowed("ACCOUNT_MANAGEMENT/WRITE")
public AccountEvent merge(AccountEvent account) {
userbean.fatalPermission(Permission.ACCOUNT_MANAGEMENT, RolePermission.WRITE, "Error mergin account event", account);
return accountfacade.merge(account);
}
@Override
@RolesAllowed("ACCOUNT_MANAGEMENT/WRITE")
public void delete(AccountEvent account) {
userbean.fatalPermission(Permission.ACCOUNT_MANAGEMENT, RolePermission.WRITE, "Error deleting account event: ", account);
AccountEvent acco = accountfacade.find(account.getId());
sessionbean.logMessage(SecurityLogType.accountEvent, userbean.getCurrentUser(), "Deleting AccountEvent '", acco.getProduct().getName(), "' count: '", acco.getQuantity().toString(), "' unitprice: '", acco.getUnitPrice().toString(), "' accouser: '", acco.getUser().getLogin(), "'");
loggingbean.logMessage(SecurityLogType.accountEvent, permbean.getCurrentUser(), "Deleting AccountEvent '", acco.getProduct().getName(), "' count: '", acco.getQuantity().toString(), "' unitprice: '", acco.getUnitPrice().toString(), "' accouser: '", acco.getUser().getLogin(), "'");
acco.getProduct().getAccountEvents().remove(acco);
if (acco.getBill() != null) {
acco.getBill().setAccountEvent(null);
......@@ -83,12 +85,12 @@ public class AccountEventBean implements AccountEventBeanLocal {
}
@Override
public List<AccountEvent> shopCash(User shoppingUser, Map<Product, BigDecimal> shopMap, boolean buyInstant) {
@RolesAllowed("SHOP/EXECUTE")
public List<AccountEvent> shopCash(User shoppingUser, Map<Product, BigDecimal> shopMap, boolean buyInstant) throws PermissionDeniedException {
logger.debug("Shoping cash. buyinstant {}", buyInstant);
userbean.fatalPermission(Permission.SHOP, RolePermission.EXECUTE, "User tried to create accountEvents via shop without SHOP:EXECUTE");
ArrayList<AccountEvent> ret = new ArrayList<AccountEvent>();
LanEvent ev = eventBean.getCurrentEvent();
User seller = userbean.getCurrentUser();
User seller = permbean.getCurrentUser();
BigDecimal tot = BigDecimal.ZERO;
for (Entry<Product, BigDecimal> prodentry : shopMap.entrySet()) {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
......@@ -7,6 +7,8 @@ import java.util.Calendar;
import java.util.Collection;
import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
......@@ -19,7 +21,6 @@ import fi.insomnia.bortal.beanutil.PdfPrinter;
import fi.insomnia.bortal.bortal.views.BillSummary;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.BillFacade;
import fi.insomnia.bortal.facade.BillLineFacade;
import fi.insomnia.bortal.model.AccountEvent;
......@@ -34,20 +35,14 @@ import fi.insomnia.bortal.model.User;
* Session Bean implementation class BillBean
*/
@Stateless
@DeclareRoles({ "BILL/READ", "USER_MANAGEMENT/EXECUTE", "USER_MANAGEMENT/READ" })
public class BillBean implements BillBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(BillBean.class);
@EJB
private BillFacade billFacade;
@EJB
private UserBeanLocal userBean;
@EJB
private SecurityBeanLocal secubean;
@EJB
private EventBeanLocal eventbean;
@EJB
private BillLineFacade billLineFacade;
......@@ -55,11 +50,16 @@ public class BillBean implements BillBeanLocal {
private EntityManager em;
@EJB
private PermissionBeanLocal permbean;
@EJB
private ProductBeanLocal productBean;
@EJB
private PlaceBeanLocal placebean;
@EJB
private PermissionBeanLocal permissionbean;
/**
* Default constructor.
*/
......@@ -67,16 +67,19 @@ public class BillBean implements BillBeanLocal {
// TODO Auto-generated constructor stub
}
public Bill findById(int id) {
@Override
public Bill findById(int id) throws PermissionDeniedException {
LanEvent event = eventbean.getCurrentEvent();
if (id <= 0) {
return null;
}
Bill bill = billFacade.find(event.getId(), id);
User currentuser = userBean.getCurrentUser();
User currentuser = permbean.getCurrentUser();
logger.debug("bill {} user {}", bill, currentuser);
if (!currentuser.equals(bill.getUser())) {
userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ, "User tried to print the bill with insufficient rights. Bill id: ", bill);
if (bill == null || !currentuser.equals(bill.getUser())) {
bill = null;
permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ, "No right to read bill: ", bill);
}
return bill;
......@@ -109,14 +112,10 @@ public class BillBean implements BillBeanLocal {
}
@Override
public Bill createEmptyBill(User shoppingUser) {
if (shoppingUser != null && !userBean.isCurrentUser(shoppingUser)) {
userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE, "User tried to shop to ", shoppingUser, " another without sufficient rights");
}
if (shoppingUser == null) {
shoppingUser = userBean.getCurrentUser();
public Bill createEmptyBill(User shoppingUser) throws PermissionDeniedException {
if (permbean.isCurrentUser(shoppingUser)) {
permbean.fatalPermission(Permission.SHOP, RolePermission.EXECUTE, "No permission to create empty bill for self");
} else if (!permbean.hasPermission(Permission.ACCOUNT_MANAGEMENT, RolePermission.EXECUTE)) {
}
LanEvent event = eventbean.getCurrentEvent();
Bill ret = new Bill(event, shoppingUser);
......@@ -128,15 +127,15 @@ public class BillBean implements BillBeanLocal {
}
@Override
public BillLine addProductToBill(Bill bill, Product product, BigDecimal count) {
userBean.fatalPermission(Permission.BILL, RolePermission.EXECUTE, "User tried to add a product to bill");
@RolesAllowed("SHOP/EXECUTE")
public BillLine addProductToBill(Bill bill, Product product, BigDecimal count) throws PermissionDeniedException {
// If bill number > 0 bill has been sent and extra privileges are needed
// to modify.
boolean iscurrent = userBean.isCurrentUser(bill.getUser());
boolean iscurrent = permissionbean.isCurrentUser(bill.getUser());
Integer billnr = bill.getBillNumber();
if (!iscurrent || billnr != null) {
userBean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE, "User tried to modify bill ", bill, "without sufficient permissions");
permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE, "User tried to modify bill ", bill, "without sufficient permissions");
}
BillLine line = new BillLine(bill, product.getName(), product.getUnitName(), count, product.getPrice(), product.getVat());
line.setLineProduct(product);
......@@ -158,27 +157,23 @@ public class BillBean implements BillBeanLocal {
}
@Override
@RolesAllowed("BILL/WRITE")
public List<Bill> findAll() {
if (!userBean.hasPermission(Permission.BILL, RolePermission.WRITE)) {
throw new PermissionDeniedException(secubean, userBean.getCurrentUser(), "User tried to list all bills without sufficient permissions");
}
return billFacade.findAll(eventbean.getCurrentEvent());
}
@Override
@RolesAllowed("BILL/READ")
public Collection<BillSummary> getBillLineSummary() {
userBean.fatalPermission(Permission.BILL, RolePermission.READ, "User tried to view the bill summary");
Collection<BillSummary> ret = billLineFacade.getLineSummary(eventbean.getCurrentEvent());
for (BillSummary foo : ret) {
logger.debug("linesum {}", foo);
}
return ret;
}
@Override
@RolesAllowed("BILL/WRITE")
public void markPaid(Bill bill, Calendar when) {
userBean.fatalPermission(Permission.BILL, RolePermission.WRITE, "User tried to mark the bill paid");
Product creditproduct = productBean.findCreditProduct();
......@@ -186,7 +181,7 @@ public class BillBean implements BillBeanLocal {
ac.setDelivered(when);
ac.setEventTime(when);
ac.setBill(bill);
ac.setSeller(userBean.getCurrentUser());
ac.setSeller(permbean.getCurrentUser());
bill.setAccountEvent(ac);
bill.setPaidDate(when);
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/CardTemplateBean.java
......@@ -2,14 +2,14 @@ package fi.insomnia.bortal.beans;
import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.CardTemplateFacade;
import fi.insomnia.bortal.facade.PrintedCardFacade;
import fi.insomnia.bortal.model.CardTemplate;
......@@ -23,6 +23,7 @@ import fi.insomnia.bortal.util.MailMessage;
* Session Bean implementation class CardTemplateBean
*/
@Stateless
@DeclareRoles({ "USER_MANAGEMENT/WRITE", "USER_MANAGEMENT/READ" })
public class CardTemplateBean implements CardTemplateBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(CardTemplateBean.class);
......@@ -45,28 +46,28 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
private PrintedCardFacade printedcardfacade;
@EJB
private UtilBeanLocal mailbean;
@EJB
private PlaceGroupBeanLocal pgbean;
@Override
@RolesAllowed("USER_MANAGEMENT/WRITE")
public List<CardTemplate> findAll() {
userbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
return cdFacade.findAll(eventBean.getCurrentEvent());
}
@Override
@RolesAllowed("USER_MANAGEMENT/WRITE")
public void create(CardTemplate card) {
userbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
cdFacade.create(card);
}
@Override
@RolesAllowed("USER_MANAGEMENT/READ")
public CardTemplate findById(Integer id) {
userbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ);
LanEvent ev = eventBean.getCurrentEvent();
return cdFacade.find(ev.getId(), id);
}
public void checkAllUsersCardRights() {
@Override
public void checkAllUsersCardRights() throws PermissionDeniedException {
for (User u : userbean.getUsers()) {
checkPrintedCard(u);
}
......@@ -74,8 +75,11 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
/**
* Checks users printed card roles and return the biggestCard
*
* @throws PermissionDeniedException
*/
public PrintedCard checkPrintedCard(User user) {
@Override
public PrintedCard checkPrintedCard(User user) throws PermissionDeniedException {
LanEvent currEvent = eventBean.getCurrentEvent();
List<PrintedCard> myCards = printedcardfacade.findForUser(currEvent, user);
......@@ -137,7 +141,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
}
public CardTemplate getUsersCardtype(User user) {
public CardTemplate getUsersCardtype(User user) throws PermissionDeniedException {
List<Role> roles = userbean.findUsersRoles(user);
CardTemplate greatestTemplate = null;
......@@ -153,7 +157,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
}
@Override
public PrintedCard setRfidUid(String tag, User user) {
public PrintedCard setRfidUid(String tag, User user) throws PermissionDeniedException {
PrintedCard ct = checkPrintedCard(user);
return setRfidUid(tag, ct);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventBean.java
......@@ -8,9 +8,7 @@ import javax.persistence.PersistenceContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.clientutils.BortalLocalContextHolder;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.EventFacade;
import fi.insomnia.bortal.facade.EventOrganiserFacade;
import fi.insomnia.bortal.model.EventOrganiser;
......@@ -33,14 +31,13 @@ public class EventBean implements EventBeanLocal {
private EventOrganiserFacade eventOrganiserFacade;
@EJB
private UserBeanLocal userBean;
@EJB
private EventStatusBeanLocal eventStatusBean;
@PersistenceContext
private EntityManager em;
@EJB
private SecurityBeanLocal secubean;
private LoggingBeanLocal loggingbean;
@EJB
private PermissionBeanLocal permbean;
@Override
public LanEvent getEventByHostname(String hostname) {
......@@ -74,7 +71,7 @@ public class EventBean implements EventBeanLocal {
settings = new EventOrganiser();
settings.setOrganisation(DEFAULT_ORGANISATION_NAME);
User defaultUser = userBean.getAnonUser();
User defaultUser = permbean.getAnonUser();
settings.setAdmin(defaultUser);
eventOrganiserFacade.create(settings);
}
......@@ -91,19 +88,19 @@ public class EventBean implements EventBeanLocal {
}
@Override
public LanEvent mergeChanges(LanEvent event) {
public LanEvent mergeChanges(LanEvent event) throws PermissionDeniedException {
// TODO: Hmm..
if (!userBean.isCurrentUser(event.getOrganiser().getAdmin()) && !userBean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(secubean, userBean.getCurrentUser(), "User tried to merge event: " + event + " without being admin of that group");
if (!permbean.isCurrentUser(event.getOrganiser().getAdmin()) && !permbean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "User tried to merge event: " + event + " without being admin of that group");
}
return eventFacade.merge(event);
}
@Override
public void create(LanEvent event) {
public void create(LanEvent event) throws PermissionDeniedException {
// TODO: Hmm..
if (!userBean.isCurrentUser(event.getOrganiser().getAdmin()) && !userBean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(secubean, userBean.getCurrentUser(), "User tried to create a new event for organiser " + event.getOrganiser() + " without being admin of that group");
if (!permbean.isCurrentUser(event.getOrganiser().getAdmin()) && !permbean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "User tried to create a new event for organiser " + event.getOrganiser() + " without being admin of that group");
}
eventFacade.create(event);
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventMapBean.java
package fi.insomnia.bortal.beans;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.EventMapFacade;
import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.LanEvent;
......@@ -13,6 +13,7 @@ import fi.insomnia.bortal.model.LanEvent;
* Session Bean implementation class EventMapBean
*/
@Stateless
@DeclareRoles({ "MAP/WRITE" })
public class EventMapBean implements EventMapBeanLocal {
@EJB
......@@ -20,21 +21,17 @@ public class EventMapBean implements EventMapBeanLocal {
@EJB
private EventBeanLocal eventbean;
@EJB
private UserBeanLocal userbean;
@Override
@RolesAllowed("MAP/WRITE")
public EventMap saveMap(EventMap eventmap) {
userbean.fatalPermission(Permission.MAP, RolePermission.WRITE);
return eventmapfacade.merge(eventmap);
}
@Override
public EventMap create(String mapname) {
userbean.fatalPermission(Permission.MAP, RolePermission.WRITE);
@RolesAllowed("MAP/WRITE")
public EventMap create(String mapname) throws PermissionDeniedException {
EventMap ret = new EventMap(eventbean.getCurrentEvent());
ret.setName(mapname);
LanEvent event = eventbean.getCurrentEvent();
......@@ -45,8 +42,8 @@ public class EventMapBean implements EventMapBeanLocal {
}
@Override
@RolesAllowed("MAP/WRITE")
public void sendImage(int destId, byte[] imagedata) {
userbean.fatalPermission(Permission.MAP, RolePermission.WRITE);
LanEvent event = eventbean.getCurrentEvent();
EventMap map = eventmapfacade.find(event.getId(), destId);
if (map != null) {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventOrganiserBean.java
......@@ -5,7 +5,6 @@ import java.util.List;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.EventOrganiserFacade;
import fi.insomnia.bortal.model.EventOrganiser;
......@@ -19,9 +18,9 @@ public class EventOrganiserBean implements EventOrganiserBeanLocal {
private EventOrganiserFacade eventorgfacade;
@EJB
private UserBeanLocal userbean;
private LoggingBeanLocal loggingbean;
@EJB
private SecurityBeanLocal securitybean;
private PermissionBeanLocal permbean;
/**
* Default constructor.
......@@ -31,22 +30,22 @@ public class EventOrganiserBean implements EventOrganiserBeanLocal {
}
@Override
public void save(EventOrganiser eventorg) {
public void save(EventOrganiser eventorg) throws PermissionDeniedException {
fatalPermission(eventorg);
eventorgfacade.merge(eventorg);
}
public void fatalPermission(EventOrganiser eventorg) {
if (!userbean.isCurrentUser(eventorg.getAdmin()) && !userbean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(securitybean, userbean.getCurrentUser(), "Someone other than admin tried to access EventOrganiser: " + eventorg.toString());
@Override
public void fatalPermission(EventOrganiser eventorg) throws PermissionDeniedException {
if (!permbean.isCurrentUser(eventorg.getAdmin()) && !permbean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "Someone other than admin tried to access EventOrganiser: " + eventorg.toString());
}
}
@Override
public List<EventOrganiser> getEventOrganisers() {
if(!userbean.getCurrentUser().isSuperadmin())
{
throw new PermissionDeniedException(securitybean, userbean.getCurrentUser(), "Non-superadmin tried to list all EventOrganisers");
public List<EventOrganiser> getEventOrganisers() throws PermissionDeniedException {
if (!permbean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "Non-superadmin tried to list all EventOrganisers");
}
return eventorgfacade.findAll();
}
......@@ -54,7 +53,7 @@ public class EventOrganiserBean implements EventOrganiserBeanLocal {
@Override
public EventOrganiser create(String name) {
EventOrganiser ret = new EventOrganiser();
ret.setAdmin(userbean.getCurrentUser());
ret.setAdmin(permbean.getCurrentUser());
ret.setOrganisation(name);
eventorgfacade.create(ret);
return ret;
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/FoodWaveBean.java
package fi.insomnia.bortal.beans;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.FoodWaveTemplateFacade;
import fi.insomnia.bortal.model.FoodWaveTemplate;
......@@ -12,12 +12,10 @@ import fi.insomnia.bortal.model.FoodWaveTemplate;
* Session Bean implementation class FoodWaveBean
*/
@Stateless
@DeclareRoles("SHOP/WRITE")
public class FoodWaveBean implements FoodWaveBeanLocal {
@EJB
private UserBeanLocal userbean;
@EJB
private FoodWaveTemplateFacade fwtFacade;
/**
......@@ -28,14 +26,14 @@ public class FoodWaveBean implements FoodWaveBeanLocal {
}
@Override
@RolesAllowed("SHOP/WRITE")
public void createTemplate(FoodWaveTemplate waveTemplate) {
userbean.fatalPermission(Permission.SHOP, RolePermission.WRITE, "Need SHOP:WRITE to create foodwave templates");
fwtFacade.create(waveTemplate);
}
@Override
@RolesAllowed("SHOP/WRITE")
public FoodWaveTemplate saveTemplate(FoodWaveTemplate waveTemplate) {
userbean.fatalPermission(Permission.SHOP, RolePermission.WRITE, "Need SHOP:WRITE to create foodwave templates");
return fwtFacade.merge(waveTemplate);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/GameBean.java
......@@ -7,10 +7,7 @@ import java.util.List;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.NewsGroupFacade;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.News;
import fi.insomnia.bortal.model.NewsGroup;
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
package fi.insomnia.bortal.beans;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Vector;
import javax.ejb.EJB;
......@@ -10,8 +12,11 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.BeanRole;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User;
/**
......@@ -25,21 +30,15 @@ public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
private UserFacade userfacade;
@EJB
private SecurityBeanLocal secubean;
private LoggingBeanLocal secubean;
@EJB
private UserBean userbean;
/**
* Default constructor.
*/
public JaasBean() {
// TODO Auto-generated constructor stub
}
@EJB
private PermissionBeanLocal permbean;
public User tryLogin(String username, String password) {
User user = userfacade.findByLogin(username.trim());
logger.debug("Trying to login as {}", username);
User ret = null;
......@@ -67,19 +66,49 @@ public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
@Override
public Enumeration<String> getGroupNames(String user) {
User usr = userbean.getUser(user);
Vector<String> roles = new Vector<String>();
HashSet<String> roleset = new HashSet<String>();
if (usr != null) {
for (Role r : usr.getRoles()) {
roles.add(r.getName());
HashSet<RoleRight> mappedRoles = new HashSet<RoleRight>();
List<Role> usrroles = userbean.localFindUsersRoles(usr);
for (Role r : usrroles) {
for (RoleRight rr : r.getRoleRights()) {
if (!mappedRoles.contains(rr)) {
mappedRoles.add(rr);
if (rr.isExecute()) {
roleset.add(rr.getPermission().getName());
roleset.add(rr.getPermission().append(RolePermission.EXECUTE));
}
if (usr.isSuperadmin()) {
roles.add(BeanRole.SUPERADMIN.name());
if (rr.isRead()) {
roleset.add(rr.getPermission().getName());
roleset.add(rr.getPermission().append(RolePermission.READ));
}
if (rr.isWrite()) {
roleset.add(rr.getPermission().getName());
roleset.add(rr.getPermission().append(RolePermission.WRITE));
}
}
}
}
if (permbean.isLoggedIn()) {
roleset.add("USER");
}
if (usr.isSuperadmin()) {
for (Permission p : Permission.values()) {
roleset.add(p.getName());
logger.debug("group names for user {}: {}", user, roles);
return roles.elements();
roleset.add(p.append(RolePermission.EXECUTE));
roleset.add(p.append(RolePermission.READ));
roleset.add(p.append(RolePermission.WRITE));
}
roleset.add(BeanRole.SUPERADMIN.name());
}
}
Vector<String> retvect = new Vector<String>();
retvect.addAll(roleset);
logger.debug("group names for user {}: {}", user, retvect);
return retvect.elements();
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceBean.java
......@@ -15,10 +15,19 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.Timeout;
import javax.ejb.Timer;
import javax.ejb.TimerService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.exceptions.BortalCatchableException;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.GroupMembershipFacade;
import fi.insomnia.bortal.facade.PlaceFacade;
import fi.insomnia.bortal.facade.PlaceGroupFacade;
......@@ -31,22 +40,12 @@ import fi.insomnia.bortal.model.PlaceGroup;
import fi.insomnia.bortal.model.Product;
import fi.insomnia.bortal.model.User;
import javax.annotation.Resource;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.Timeout;
import javax.ejb.Timer;
import javax.ejb.TimerService;
import javax.persistence.RollbackException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
*
* @author tuukka
*/
@Stateless
@DeclareRoles({ "MAP/READ", "MAP/WRITE", "MAP/EXECUTE", "SHOP/EXECUTE" })
public class PlaceBean implements PlaceBeanLocal {
private static final String PLACE_RESERVE_TIMEOUTER = "Map reserve timeouter";
private static final Logger logger = LoggerFactory.getLogger(PlaceBean.class);
......@@ -70,16 +69,13 @@ public class PlaceBean implements PlaceBeanLocal {
private EventBeanLocal eventBean;
@EJB
private PlaceGroupBeanLocal pgbean;
@EJB
private SecurityBeanLocal secubean;
private LoggingBeanLocal secubean;
@EJB
private EventMapBeanLocal mapfacade;
private PermissionBeanLocal permbean;
@Override
@RolesAllowed("MAP/WRITE")
public Place mergeChanges(Place place) {
userbean.fatalPermission(Permission.MAP, RolePermission.WRITE, "User tried to modify place ", place);
return placeFacade.merge(place);
}
......@@ -87,7 +83,7 @@ public class PlaceBean implements PlaceBeanLocal {
public BigDecimal totalReservationPrice(EventMap e, Place newPlace) {
Set<Place> places = new HashSet<Place>();
places.addAll(placeFacade.findUsersReservations(e, userbean.getCurrentUser()));
places.addAll(placeFacade.findUsersReservations(e, permbean.getCurrentUser()));
if (newPlace != null) {
places.add(newPlace);
......@@ -137,8 +133,8 @@ public class PlaceBean implements PlaceBeanLocal {
}
@Override
@RolesAllowed("MAP/EXECUTE")
public boolean reservePlace(Place p, User user) {
userbean.fatalPermission(Permission.MAP, RolePermission.EXECUTE, "User does not have rights to reserve ( and buy) a place");
boolean ret = placeFacade.reservePlace(p, user);
boolean foundTimeout = false;
......@@ -163,7 +159,7 @@ public class PlaceBean implements PlaceBeanLocal {
@Override
public void releaseUsersPlaces() {
logger.debug("timeouting places");
placeFacade.releasePlaces(userbean.getCurrentUser());
placeFacade.releasePlaces(permbean.getCurrentUser());
}
@Override
......@@ -173,10 +169,10 @@ public class PlaceBean implements PlaceBeanLocal {
}
@Override
@RolesAllowed("MAP/EXECUTE")
public boolean buySelectedPlaces(EventMap e) throws BortalCatchableException {
userbean.fatalPermission(Permission.MAP, RolePermission.EXECUTE, "User does not have rights to reserve ( and buy) a place");
LanEvent event = eventBean.getCurrentEvent();
User user = userbean.getCurrentUser();
User user = permbean.getCurrentUser();
List<Place> places = placeFacade.findUsersReservations(e, user);
if (places.size() <= 0) {
......@@ -188,7 +184,7 @@ public class PlaceBean implements PlaceBeanLocal {
// PlaceGroup pg = pgbean.createPlaceGroup(user);
BigDecimal totalprice = totalReservationPrice(e, null);
BigDecimal balance = userbean.getCurrentUser().getAccountBalance();
BigDecimal balance = permbean.getCurrentUser().getAccountBalance();
if (balance.compareTo(totalprice) < 0) {
logger.debug("User {} Could not buy things because account balance is too low!", user);
return false;
......@@ -253,15 +249,15 @@ public class PlaceBean implements PlaceBeanLocal {
}
@Override
@RolesAllowed("MAP/WRITE")
public int setBuyable(EventMap map, String like, boolean b) {
userbean.fatalPermission(Permission.MAP, RolePermission.WRITE, "User tried to change place buyable: " + like + " to " + b);
return placeFacade.setBuyable(map, like, b);
}
@Override
@RolesAllowed("MAP/READ")
public Place find(EventPk id) {
userbean.fatalPermission(Permission.MAP, RolePermission.READ, "error reading place ", id);
return placeFacade.find(id);
}
......@@ -284,13 +280,13 @@ public class PlaceBean implements PlaceBeanLocal {
}
@Override
public Place lockPlaces(User user, Place place) {
@RolesAllowed("SHOP/EXECUTE")
public Place lockPlaces(User user, Place place) throws PermissionDeniedException {
if (place.isTaken()) {
logger.warn("Place {} is already taken", place);
throw new PermissionDeniedException(secubean, userbean.getCurrentUser(), "NO RIGHT");
throw new PermissionDeniedException(secubean, permbean.getCurrentUser(), "Place already taken!");
}
userbean.fatalPermission(Permission.SHOP, RolePermission.EXECUTE, "User tried to lock place without SHOP:EXECUTE");
LanEvent ev = eventBean.getCurrentEvent();
PlaceGroup pg = new PlaceGroup(ev, Calendar.getInstance(), Calendar.getInstance(), true);
pg.setCreator(user);
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceGroupBean.java
......@@ -3,6 +3,8 @@ package fi.insomnia.bortal.beans;
import java.io.OutputStream;
import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
......@@ -20,9 +22,7 @@ import com.pdfjet.TextLine;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.GroupMembershipFacade;
import fi.insomnia.bortal.facade.PlaceGroupFacade;
import fi.insomnia.bortal.model.GroupMembership;
import fi.insomnia.bortal.model.User;
......@@ -30,6 +30,7 @@ import fi.insomnia.bortal.model.User;
* Session Bean implementation class PlaceGroupBean
*/
@Stateless
@DeclareRoles("USER")
public class PlaceGroupBean implements PlaceGroupBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(PlaceGroupBean.class);
......@@ -38,13 +39,12 @@ public class PlaceGroupBean implements PlaceGroupBeanLocal {
private EventBeanLocal eventbean;
@EJB
private PlaceGroupFacade pgfacade;
@EJB
private GroupMembershipFacade gmemfacade;
@EJB
private UserBeanLocal userbean;
private LoggingBeanLocal loggingbean;
@EJB
private SecurityBeanLocal secubean;
private PermissionBeanLocal permbean;
/**
* Default constructor.
......@@ -68,23 +68,23 @@ public class PlaceGroupBean implements PlaceGroupBeanLocal {
// }
@Override
@RolesAllowed("USER")
public List<GroupMembership> getMembershipsAndCreations(User user) {
userbean.fatalNotLoggedIn();
List<GroupMembership> ret = gmemfacade.findMemberOrCreator(eventbean.getCurrentEvent(), user);
return ret;
}
@Override
@RolesAllowed("USER")
public List<GroupMembership> getMemberships(User user) {
userbean.fatalNotLoggedIn();
List<GroupMembership> ret = gmemfacade.findMemberships(eventbean.getCurrentEvent(), user);
return ret;
}
@Override
@RolesAllowed("USER")
public boolean associateToToken(User user, String token) {
token = token.trim();
userbean.fatalNotLoggedIn();
GroupMembership mem = gmemfacade.findByToken(token);
boolean ret = false;
......@@ -156,10 +156,10 @@ public class PlaceGroupBean implements PlaceGroupBeanLocal {
}
@Override
public void releaseAndGenerateToken(GroupMembership gmem) {
if (!userbean.getCurrentUser().getId().equals(gmem.getPlaceGroup().getCreator().getId()) ||
!userbean.hasPermission(Permission.MAP, RolePermission.WRITE)) {
throw new PermissionDeniedException(secubean, userbean.getCurrentUser(), "User tried to release and generate group membership: " + gmem);
public void releaseAndGenerateToken(GroupMembership gmem) throws PermissionDeniedException {
if (!permbean.getCurrentUser().getId().equals(gmem.getPlaceGroup().getCreator().getId()) ||
!permbean.hasPermission(Permission.MAP, RolePermission.WRITE)) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "User tried to release and generate group membership: " + gmem);
}
gmem.setUser(null);
gmem.setInviteToken(gmemfacade.createInviteToken(eventbean.getCurrentEvent()));
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceMapBean.java
package fi.insomnia.bortal.beans;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.imageio.ImageIO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.EventMapFacade;
import fi.insomnia.bortal.facade.PlaceFacade;
import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.Place;
import fi.insomnia.bortal.model.PlaceGroup;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class PlaceMapBean
......@@ -30,8 +13,6 @@ import fi.insomnia.bortal.model.User;
@Stateless
public class PlaceMapBean implements PlaceMapBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(PlaceMapBean.class);
/**
* Default constructor.
*/
......@@ -45,12 +26,9 @@ public class PlaceMapBean implements PlaceMapBeanLocal {
// private EventMapBean eventmapBean;
private EventMapFacade eventMapFacade;
@EJB
private SecurityBeanLocal secubean;
@EJB
private UserBeanLocal userbean;
@EJB
private EventBeanLocal eventbean;
@Override
public Long selectablePlaceCount(EventMap map) {
return placeFacade.countSelectable(map);
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PollBean.java
......@@ -4,13 +4,14 @@ import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.facade.EventChildGenericFacade;
import fi.insomnia.bortal.facade.PollAnswerFacade;
import fi.insomnia.bortal.facade.PollFacade;
import fi.insomnia.bortal.facade.PollQuestionFacade;
......@@ -25,6 +26,7 @@ import fi.insomnia.bortal.model.PossibleAnswer;
*/
@Stateless
@DeclareRoles("USER")
public class PollBean implements PollBeanLocal {
@EJB
......@@ -37,7 +39,7 @@ public class PollBean implements PollBeanLocal {
private EventBeanLocal eventBean;
@EJB
private UserBeanLocal userBean;
private PermissionBeanLocal permbean;
@EJB
private PossibleAnswerFacade possibleAnswerFacade;
......@@ -55,11 +57,10 @@ public class PollBean implements PollBeanLocal {
}
@Override
@RolesAllowed("USER")
public List<Poll> findPolls() {
List<Poll> list = new ArrayList<Poll>();
userBean.fatalNotLoggedIn();
for (Poll p : pollFacade.findAll(eventBean.getCurrentEvent())) {
if (pollIsUsable(p)) {
list.add(p);
......@@ -101,14 +102,15 @@ public class PollBean implements PollBeanLocal {
}
@Override
@RolesAllowed("USER")
public boolean createAnswers(List<PollAnswer> answers) {
userBean.fatalNotLoggedIn();
for (PollAnswer answer : answers) {
answer.setUser(userBean.getCurrentUser());
if (answer.getId().getId() == null)
answer.setUser(permbean.getCurrentUser());
if (answer.getId().getId() == null) {
pollAnswerFacade.create(answer);
}
}
return false;
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/ProductBean.java
......@@ -6,11 +6,11 @@ import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.AccountEventFacade;
import fi.insomnia.bortal.facade.DiscountInstanceFacade;
import fi.insomnia.bortal.facade.ProductFacade;
......@@ -26,6 +26,7 @@ import fi.insomnia.bortal.model.User;
* Session Bean implementation class ProductBean
*/
@Stateless
@DeclareRoles({ "PRODUCT/WRITE", "PRODUCT/READ", "SHOP/EXECUTE" })
public class ProductBean implements ProductBeanLocal {
private static final String DEFAULT_CREDIT_PRODCT = "Automagic Credit product";
......@@ -35,8 +36,6 @@ public class ProductBean implements ProductBeanLocal {
@EJB
private EventBeanLocal eventBean;
@EJB
private UserBeanLocal userbean;
@EJB
private AccountEventFacade accounteventfacade;
......@@ -45,6 +44,9 @@ public class ProductBean implements ProductBeanLocal {
@EJB
private UserFacade userFacade;
@EJB
private PermissionBeanLocal permbean;
/**
* Default constructor.
*/
......@@ -53,13 +55,14 @@ public class ProductBean implements ProductBeanLocal {
}
@Override
@RolesAllowed("SHOP/EXECUTE")
public List<Product> listUserShoppableProducts() {
return productFacade.findPrepaidProducts(eventBean.getCurrentEvent());
}
@Override
@RolesAllowed("PRODUCT/WRITE")
public Product createProduct(String name, BigDecimal price) {
userbean.fatalPermission(Permission.PRODUCT, RolePermission.WRITE, "User tried to create product: ", name);
Product entity = new Product(eventBean.getCurrentEvent(), name, price);
productFacade.create(entity);
......@@ -67,14 +70,14 @@ public class ProductBean implements ProductBeanLocal {
}
@Override
@RolesAllowed("PRODUCT/READ")
public List<Product> getProducts() {
userbean.fatalPermission(Permission.PRODUCT, RolePermission.READ, "User tried to fetch all products");
return productFacade.findAll(eventBean.getCurrentEvent());
}
@Override
@RolesAllowed("PRODUCT/WRITE")
public Product mergeChanges(Product product) {
userbean.fatalPermission(Permission.PRODUCT, RolePermission.WRITE, "User tried to save changes for product: ", product);
return productFacade.merge(product);
}
......@@ -123,7 +126,7 @@ public class ProductBean implements ProductBeanLocal {
AccountEvent ret = new AccountEvent(eventBean.getCurrentEvent(), user, product, unitPrice, quantity, Calendar.getInstance());
ret.setDelivered(Calendar.getInstance());
ret.setSeller(userbean.getCurrentUser());
ret.setSeller(permbean.getCurrentUser());
// user.getAccountEvents().add(ret);
accounteventfacade.create(ret);
LanEvent event = eventBean.getCurrentEvent();
......@@ -150,8 +153,8 @@ public class ProductBean implements ProductBeanLocal {
}
@Override
@RolesAllowed("SHOP/EXECUTE")
public List<Product> findForStaffshop() {
userbean.fatalPermission(Permission.SHOP, RolePermission.EXECUTE, "user tried to get adminshoppable products from productbean without SHOP:EXECUTE");
return productFacade.findAll(eventBean.getCurrentEvent());
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/ReaderBean.java
......@@ -2,14 +2,14 @@ package fi.insomnia.bortal.beans;
import java.util.Calendar;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.BortalCatchableException;
import fi.insomnia.bortal.facade.GroupMembershipFacade;
import fi.insomnia.bortal.facade.PrintedCardFacade;
......@@ -25,6 +25,7 @@ import fi.insomnia.bortal.model.ReaderEvent;
* Session Bean implementation class ReaderBean
*/
@Stateless
@DeclareRoles("GAME/EXECUTE")
public class ReaderBean implements ReaderBeanLocal {
@EJB
......@@ -39,8 +40,6 @@ public class ReaderBean implements ReaderBeanLocal {
private GroupMembershipFacade gmfacade;
@EJB
private CardTemplateBeanLocal cardtemplatebean;
@EJB
private UserBeanLocal userbean;
private static final Logger logger = LoggerFactory.getLogger(ReaderBean.class);
@Override
......@@ -60,7 +59,7 @@ public class ReaderBean implements ReaderBeanLocal {
}
@Override
public ReaderEvent assocTagToPlacecode(String tag, String readerIdent, String placecode) throws BortalCatchableException {
public ReaderEvent assocTagToPlacecode(String tag, String readerIdent, String placecode) throws BortalCatchableException, PermissionDeniedException {
GroupMembership gm = gmfacade.findByToken(placecode);
if (gm == null) {
......@@ -116,8 +115,8 @@ public class ReaderBean implements ReaderBeanLocal {
}
@Override
@RolesAllowed("GAME/EXECUTE")
public ReaderEvent merge(ReaderEvent e) {
userbean.fatalPermission(Permission.GAME, RolePermission.EXECUTE, "Tried to change readerevent");
return readerEventFacade.merge(e);
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
......@@ -9,14 +9,17 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.RoleFacade;
import fi.insomnia.bortal.facade.RoleRightFacade;
import fi.insomnia.bortal.model.LanEvent;
......@@ -28,10 +31,14 @@ import fi.insomnia.bortal.model.RoleRight;
* @author tuukka
*/
@Stateless
@DeclareRoles({ "ROLE_MANAGEMENT/READ", "ROLE_MANAGEMENT/WRITE" })
public class RoleBean implements RoleBeanLocal {
// private static final String PUBLIC_ROLE_NAME = BeanRole.ANONYMOUS.toString();
// private static final String PUBLIC_ROLE_NAME =
// BeanRole.ANONYMOUS.toString();
private static final Logger logger = LoggerFactory.getLogger(RoleBean.class);
@Resource
private SessionContext sc;
@EJB
private EventBeanLocal eventBean;
@EJB
......@@ -39,38 +46,39 @@ public class RoleBean implements RoleBeanLocal {
@EJB
private RoleRightFacade rrfacade;
@EJB
private UserBeanLocal userbean;
private static final Logger logger = LoggerFactory.getLogger(RoleBean.class);
@Override
@RolesAllowed("ROLE_MANAGEMENT/READ")
public List<Role> listRoles() {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ, "User tried to listRoles");
return listRoles(eventBean.getCurrentEvent());
}
@Override
@RolesAllowed("ROLE_MANAGEMENT/READ")
public List<Role> listRoles(LanEvent event) {
return roleFacade.findAll(event);
}
@Override
@RolesAllowed("ROLE_MANAGEMENT/WRITE")
public Role mergeChanges(Role role) {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE, "User tried merge role changes for ", role);
return roleFacade.merge(role);
}
@Override
@RolesAllowed("ROLE_MANAGEMENT/WRITE")
public Role create(Role role) {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE, "User tried to create role", role.getName());
roleFacade.create(role);
return role;
}
@Override
@RolesAllowed("ROLE_MANAGEMENT/READ")
public List<Role> getPossibleParents(Role role) {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ, "User tried to get possible parents for role ", role);
List<Role> roleList = listRoles();
if (role == null)
if (role == null) {
return roleList;
}
List<Role> children = getAllChilds(role, new HashSet<Role>());
......@@ -101,6 +109,8 @@ public class RoleBean implements RoleBeanLocal {
return returnList;
}
@Override
@RolesAllowed("ROLE_MANAGEMENT/READ")
public List<RoleRight> getRoleRights(Role r) {
List<RoleRight> ret = new ArrayList<RoleRight>();
......@@ -111,28 +121,13 @@ public class RoleBean implements RoleBeanLocal {
}
@Override
@RolesAllowed("ROLE_MANAGEMENT/WRITE")
public RoleRight mergeChanges(RoleRight row) {
userbean.fatalPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE, "User tried merge changes for RoleRight", row);
return rrfacade.merge(row);
}
// public Role getOrCreatePublicRole() {
//
// Role ret = roleFacade.findByName(PUBLIC_ROLE_NAME);
// if (ret == null) {
//
// ret = roleFacade.createRole(eventBean.getCurrentEvent(), PUBLIC_ROLE_NAME);
// AccessRight perm = accessRightFacade.findByPermission(Permission.LOGIN);
// RoleRight rr = rrfacade.createRoleRight(ret, perm);
// rr.setRead(true);
// }
// return ret;
//
// }
@RolesAllowed("ROLE_MANAGEMENT/READ")
public RoleRight findRoleRight(Role role, Permission perm) {
RoleRight rr = rrfacade.find(perm, role);
if (rr == null) {
......@@ -141,11 +136,11 @@ public class RoleBean implements RoleBeanLocal {
}
return rr;
}
@Override
@RolesAllowed("ROLE_MANAGEMENT/READ")
public Role find(int id, LanEvent event) {
return roleFacade.find(event.getId(), id);
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java deleted 100644 → 0
package fi.insomnia.bortal.beans;
import java.util.Calendar;
import javax.annotation.Resource;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionManagement;
import javax.ejb.TransactionManagementType;
import javax.transaction.UserTransaction;
import org.slf4j.Logger;
import fi.insomnia.bortal.facade.LogEntryFacade;
import fi.insomnia.bortal.facade.LogEntryTypeFacade;
import fi.insomnia.bortal.model.LogEntry;
import fi.insomnia.bortal.model.LogEntryType;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class SercurityBean
*/
@Stateless
@TransactionManagement(TransactionManagementType.BEAN)
public class SecurityBean implements SecurityBeanLocal {
private static final boolean DEBUG = true;
private final Logger logger = org.slf4j.LoggerFactory.getLogger(SecurityBean.class);
@EJB
private LogEntryTypeFacade typeFacade;
@EJB
private LogEntryFacade entryFacade;
@Resource
UserTransaction utx;
// @Override
// public LogEntry logPermissionDenied(User user, Exception exception) {
// LogEntry entry = null;
//
// entry = logMessage(SecurityLogType.permissionDenied, user,
// exception.getMessage());
// logger.debug(entry.toString(), exception);
//
// return entry;
//
// }
//
// public LogEntry logException(User user, Exception exception) {
//
// LogEntry entry = logMessage(SecurityLogType.unknownException, user,
// exception.getMessage());
// logger.debug(entry.toString(), exception);
// return entry;
// }
//
// public LogEntry logMessage(User user, String... description) {
//
// LogEntry entry = logMessage(SecurityLogType.genericMessage, user,
// toString(description));
//
// return entry;
// }
//
// private static final String toString(String... desc) {
// StringBuilder msg = new StringBuilder();
// for (String msgpart : desc) {
// msg.append(msgpart);
// }
// return msg.toString();
// }
//
// public LogEntry logMessage(String... description) {
// LogEntry entry = logMessage(SecurityLogType.genericMessage,
// toString(description));
// return entry;
//
// }
// public LogEntry logPermissionDenied(User currentuser, String... message)
// {
// return logMessage(SecurityLogType.permissionDenied, currentuser,
// toString(message));
// }
public LogEntry logMessage(SecurityLogType paramType, User user, String... description) {
LogEntry entry = null;
try {
String desc = toString(description);
utx.begin();
LogEntryType type = typeFacade.findOrCreate(paramType);
entry = new LogEntry(Calendar.getInstance());
entry.setType(type);
entry.setDescription(desc);
entry.setUser(user);
entryFacade.create(entry);
if (DEBUG) {
logger.debug("SECURITY DEBUG: Type: \"{}\" user \"{}\", description \"{}\"", new String[] { paramType.name(), (user == null) ? "null" : user.getLogin(), desc });
}
utx.commit();
} catch (Exception e) {
logger.warn("Exception at SecurityBean", e);
}
return entry;
}
private static final String toString(String... desc) {
StringBuilder msg = new StringBuilder();
for (String msgpart : desc) {
msg.append(msgpart);
}
return msg.toString();
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
package fi.insomnia.bortal.beans;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
......@@ -19,17 +16,14 @@ import javax.persistence.PersistenceContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.clientutils.BortalLocalContextHolder;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.GroupMembershipFacade;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.facade.UserImageFacade;
import fi.insomnia.bortal.model.GroupMembership;
import fi.insomnia.bortal.model.LanEvent;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User;
import fi.insomnia.bortal.model.UserImage;
import fi.insomnia.bortal.util.MailMessage;
......@@ -43,7 +37,6 @@ import fi.insomnia.bortal.utilities.I18n;
public class UserBean implements UserBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(UserBean.class);
public static final String DEFAULT_USER_LOGIN = "ANONYMOUS";
/**
* Java EE container injektoi tämän luokkamuuttujan luokan luonnin
......@@ -53,11 +46,6 @@ public class UserBean implements UserBeanLocal {
private UserFacade userFacade;
@PersistenceContext
private EntityManager em;
@Resource
private SessionContext context;
@EJB
private SecurityBeanLocal secubean;
@EJB
private EventBeanLocal eventBean;
......@@ -71,24 +59,26 @@ public class UserBean implements UserBeanLocal {
@EJB
private CardTemplateBeanLocal ctbean;
@EJB
private PlaceGroupBeanLocal pgbean;
@EJB
private AccountEventBeanLocal acbean;
@EJB
private GroupMembershipFacade groupMembershipFacade;
@EJB
private PermissionBeanLocal permbean;
@Override
@RolesAllowed("USER_MANAGEMENT/READ")
public List<User> getUsers() {
fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ);
List<User> ret = userFacade.findAll();
return ret;
}
@Override
public User mergeChanges(User user) {
if (!isCurrentUser(user)) {
fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
public User mergeChanges(User user) throws PermissionDeniedException {
if (!permbean.isCurrentUser(user)) {
permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
}
ctbean.checkPrintedCard(user);
......@@ -104,104 +94,27 @@ public class UserBean implements UserBeanLocal {
}
@Override
public boolean isCurrentUser(User user) {
return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
}
@Override
public boolean isLoggedIn() {
return !getAnonUser().equals(getCurrentUser()) || getCurrentUser().isSuperadmin();
}
@Override
public User getCurrentUser() {
Principal principal = context.getCallerPrincipal();
User ret = userFacade.findByLogin(principal.getName());
if (ret == null) {
ret = getAnonUser();
}
return ret;
}
/**
* Makes sure default user and public role exist and the user is member of
* the role.
*/
@Override
public User getAnonUser() {
User defaultUser = userFacade.findByLogin(DEFAULT_USER_LOGIN);
if (defaultUser == null) {
defaultUser = new User();
defaultUser.setLogin(DEFAULT_USER_LOGIN);
defaultUser.setNick(DEFAULT_USER_LOGIN);
userFacade.create(defaultUser);
defaultUser.setSuperadmin(true);
}
return defaultUser;
}
@Override
public boolean hasPermission(Permission target, RolePermission permission) {
User user = getCurrentUser();
Calendar start = Calendar.getInstance();
Boolean ret = BortalLocalContextHolder.hasPermission(target, permission);
// Boolean ret = BortalLocalContextHolder.hasPermission(target,
// permission);
if (ret == null) {
for (Role role : this.findUsersRoles(user)) {
if (role == null) {
continue;
}
for (RoleRight rr : role.getRoleRights()) {
BortalLocalContextHolder.setPermission(rr);
ret = BortalLocalContextHolder.hasPermission(target, permission);
if (ret != null) {
break;
}
}
if (ret != null) {
break;
}
}
}
// TODO: FIX THIS!! really bad idea....
if (user.isSuperadmin()) {
return true;
}
if (ret == null) {
ret = false;
BortalLocalContextHolder.setPermission(target, permission, ret);
public List<Role> findUsersRoles(User u) throws PermissionDeniedException {
User currusr = permbean.getCurrentUser();
if (!currusr.equals(u)) {
permbean.fatalNotLoggedIn();
}
return ret;
}
return localFindUsersRoles(u);
@Override
public List<Role> findUsersRoles(User u) {
User currusr = getCurrentUser();
if (!currusr.equals(u)) {
fatalNotLoggedIn();
}
public List<Role> localFindUsersRoles(User u) {
Set<Role> checkedRoles = new HashSet<Role>();
addRecursive(checkedRoles, u.getRoles());
if (isLoggedIn()) {
LanEvent event = eventBean.getCurrentEvent();
if (permbean.isLoggedIn()) {
LanEvent event = eventBean.getCurrentEvent();
// add roles from events default role.
addRecursive(checkedRoles, event.getDefaultRole());
// add roles from accountEvents of the user
addRecursive(checkedRoles, acbean.getRolesFromAccountEvents(u));
for (GroupMembership member : groupMembershipFacade.findMemberships(event, u)) {
......@@ -210,7 +123,6 @@ public class UserBean implements UserBeanLocal {
}
}
return new ArrayList<Role>(checkedRoles);
}
private void addRecursive(Set<Role> checkedRoles, Collection<Role> roles) {
......@@ -231,44 +143,16 @@ public class UserBean implements UserBeanLocal {
}
@Override
public void fatalPermission(Permission target, RolePermission permission, Object... failmessage) {
boolean ret = hasPermission(target, permission);
if (!ret) {
StringBuilder message = new StringBuilder("Target: ").append(target).append(" permission: ").append(permission);
if (failmessage == null || failmessage.length == 0) {
message.append(" MSG: SessionHandler mbean permission exception: Target: ")
.append(target)
.append(", Permission: ")
.append(permission);
} else {
for (Object part : failmessage) {
message.append(part == null ? "NULL" : part.toString());
}
}
// throw new SecurityException("Foobar");
throw new PermissionDeniedException(secubean, getCurrentUser(), message.toString());
}
}
@Override
public void fatalNotLoggedIn() {
if (!isLoggedIn()) {
throw new PermissionDeniedException(secubean, getCurrentUser(), "User is not logged in!");
}
}
@Override
public UserImage uploadImage(Integer userid, String contentType, byte[] image, String filename, String description) {
fatalNotLoggedIn();
User user = getCurrentUser();
@RolesAllowed("USER")
public UserImage uploadImage(Integer userid, String contentType, byte[] image, String filename, String description) throws PermissionDeniedException {
User user = permbean.getCurrentUser();
logger.debug("uploading image to userid {}", userid);
if (userid == null || userid.equals(0)) {
userid = user.getId();
}
if (!getCurrentUser().getId().equals(userid)) {
fatalPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE, "usert tried to save picture to userid " + userid + " without sufficient permissions!");
if (!permbean.getCurrentUser().getId().equals(userid)) {
permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE, "usert tried to save picture to userid " + userid + " without sufficient permissions!");
user = userFacade.find(userid);
}
UserImage userimage = new UserImage(user);
......@@ -288,15 +172,15 @@ public class UserBean implements UserBeanLocal {
}
@Override
public UserImage findUserImage(int id) {
public UserImage findUserImage(int id) throws PermissionDeniedException {
UserImage ret = null;
if (id == 0 && isLoggedIn()) {
ret = getCurrentUser().getCurrentImage();
if (id == 0 && permbean.isLoggedIn()) {
ret = permbean.getCurrentUser().getCurrentImage();
} else {
ret = userimagefacade.find(id);
if (ret != null && !this.isCurrentUser(ret.getUser())) {
fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ, "Not enough rights to access image id: " + id + " for user " + ret.getUser());
if (ret != null && !permbean.isCurrentUser(ret.getUser())) {
permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ, "Not enough rights to access image id: " + id + " for user " + ret.getUser());
}
}
return ret;
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UtilBean.java
......@@ -2,7 +2,6 @@ package fi.insomnia.bortal.beans;
import java.awt.Graphics2D;
import java.awt.RenderingHints;
import java.awt.geom.AffineTransform;
import java.awt.image.BufferedImage;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
......@@ -22,10 +21,6 @@ import javax.jms.Queue;
import javax.jms.QueueConnection;
import javax.jms.QueueConnectionFactory;
import javax.jms.Session;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.PersistenceContext;
import javax.persistence.PersistenceUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -45,12 +40,6 @@ public class UtilBean implements UtilBeanLocal {
private static final int SCALEWIDTH = 640;
@PersistenceContext
private EntityManager em;
@PersistenceUnit
private EntityManagerFactory emf;
@EJB
private UserBean userbean;
......@@ -83,7 +72,8 @@ public class UtilBean implements UtilBeanLocal {
return true;
}
public void checkAllUsersImages() {
@Override
public void checkAllUsersImages() throws PermissionDeniedException {
for (User usr : userbean.getUsers()) {
convertImage(usr);
......@@ -91,7 +81,8 @@ public class UtilBean implements UtilBeanLocal {
}
public boolean convertImage(User user) {
@Override
public boolean convertImage(User user) throws PermissionDeniedException {
UserImage oldpic = user.getCurrentImage();
if (oldpic == null || oldpic.getMimeType() == null || oldpic.getMimeType().isEmpty()) {
return false;
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!