Rooliviilausta.. Ei pushata näitä vielä..

Tuomas Riihimäki
Commit 38d217be authored Jun 07, 2010 by Tuomas Riihimäki
Showing with 52 additions and 31 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Role.java → code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/BeanRole.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Permission.java
code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
code/LanBortalWeb/WebContent/WEB-INF/web.xml
code/LanBortalWeb/WebContent/generateTestData.xhtml
code/LanBortalWeb/WebContent/resources/tools/canExecute.xhtml
code/LanBortalWeb/WebContent/resources/tools/canWrite.xhtml
code/LanBortalWeb/WebContent/resources/tools/user/list.xhtml
code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java
code/LanBortalWeb/src/fi/insomnia/bortal/view/TestDataView.java
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
@@ -7,21 +7,21 @@ import javax.ejb.EJB;
 import javax.ejb.Stateless;
 import javax.servlet.ServletOutputStream;
 import fi.insomnia.bortal.beanutil.AuthorisationBean;
 import fi.insomnia.bortal.beanutil.AuthorisationBean.Right;
 import fi.insomnia.bortal.beanutil.AuthorisationBean.RightType;
 import fi.insomnia.bortal.beanutil.PdfPrinter;
+import fi.insomnia.bortal.enums.BeanRole;
 import fi.insomnia.bortal.facade.BillFacade;
 import fi.insomnia.bortal.model.Bill;
 import fi.insomnia.bortal.model.Event;
 import fi.insomnia.bortal.model.User;
 /**
 * Session Bean implementation class BillBean
 */
 @Stateless
-@DeclareRoles({ "user", "moneyadmin" })
 public class BillBean implements BillBeanLocal {
    @EJB

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
@@ -9,7 +9,7 @@ import javax.ejb.Stateless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.enums.Role;
+import fi.insomnia.bortal.enums.BeanRole;
 import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.model.User;
@@ -19,8 +19,6 @@ import fi.insomnia.bortal.model.User;
 @Stateless
 public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
-    public static final String JAAS_SUPERADMINGROUP = "superadmin";
-    public static final String JAAS_USERGROUP = "user";
    private static final Logger logger = LoggerFactory.getLogger(JaasBean.class);
    @EJB
    private UserFacade userfacade;
@@ -61,9 +59,9 @@ public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
        Vector<String> rights = new Vector<String>();
        if (usr != null) {
-            rights.add(JAAS_USERGROUP);
+            rights.add(BeanRole.USER_BASE.name());
            if (usr.isSuperadmin()) {
-                rights.add(JAAS_SUPERADMINGROUP);
+                rights.add(BeanRole.SUPERADMIN.name());
            }
        }

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
@@ -4,6 +4,7 @@
 */
 package fi.insomnia.bortal.beans;
+import fi.insomnia.bortal.enums.BeanRole;
 import fi.insomnia.bortal.facade.RoleFacade;
 import fi.insomnia.bortal.model.Role;
 import java.util.ArrayList;
@@ -16,12 +17,14 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 /**
- *
+ * 
 * @author tuukka
 */
 @Stateless
 public class RoleBean implements RoleBeanLocal {
+    public static final String[] DECLARED_ROLES = { BeanRole.SUPERADMIN.name(), BeanRole.ADMIN_BASE.name(), BeanRole.USER_BASE.name() };
    @EJB
    private RoleFacade roleFacade;
    private static final Logger logger = LoggerFactory.getLogger(RoleBean.class);
@@ -37,7 +40,6 @@ public class RoleBean implements RoleBeanLocal {
    public Role create(Role role) {
        roleFacade.create(role);
        return role;
@@ -46,7 +48,7 @@ public class RoleBean implements RoleBeanLocal {
    public List<Role> getPossibleParents(Role role) {
        List<Role> roleList = listRoles();
-        if(role == null)
+        if (role == null)
            return roleList;
        List<Role> children = getAllChilds(role, new HashSet<Role>());
@@ -60,8 +62,6 @@ public class RoleBean implements RoleBeanLocal {
        return roleList;
    }
    private static List<Role> getAllChilds(Role role, Set<Role> checkedRoles) {
        List<Role> returnList = new ArrayList<Role>();
@@ -80,7 +80,9 @@ public class RoleBean implements RoleBeanLocal {
        return returnList;
    }
+    public static String[] getDeclaredRoles() {
+        return DECLARED_ROLES;
+    }
    // Add business logic below. (Right-click in editor and choose
    // "Insert Code > Add Business Method")

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
@@ -19,6 +19,7 @@ import fi.insomnia.bortal.model.User;
 @Stateless
 public class SecurityBean implements SecurityBeanLocal {
    private final Logger logger = org.slf4j.LoggerFactory.getLogger(SecurityBean.class);
    @EJB
    private LogEntryTypeFacade typeFacade;

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
@@ -38,7 +38,7 @@ import fi.insomnia.bortal.model.User;
 * Session Bean implementation class TestDataBean
 */
 @Stateless
-@DeclareRoles(JaasBean.JAAS_SUPERADMINGROUP)
+// @DeclareRoles(JaasBean.JAAS_SUPERADMINGROUP)
 //@RolesAllowed(JaasBean.JAAS_SUPERADMINGROUP)
 public class TestDataBean implements TestDataBeanLocal {

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
@@ -3,7 +3,9 @@ package fi.insomnia.bortal.beans;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map.Entry;
 import java.util.Set;
 import javax.annotation.Resource;
@@ -11,6 +13,7 @@ import javax.ejb.EJB;
 import javax.ejb.LocalBean;
 import javax.ejb.SessionContext;
 import javax.ejb.Stateless;
+import javax.xml.rpc.handler.MessageContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -78,6 +81,7 @@ public class UserBean implements UserBeanLocal {
        return userFacade.findByLogin(nick);
    }
    @Override
    public User getCurrentUser(Event event) {
        Principal principal = context.getCallerPrincipal();

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
@@ -27,4 +27,5 @@ public interface UserBeanLocal {
    boolean hasPermission(Permission target, User user, RolePermission permission);
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Role.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Role.java
 package fi.insomnia.bortal.enums;
-public enum Role {
+public enum BeanRole {
    USER_BASE(true), // Logged in user
    ADMIN_BASE(true),
    SUPERADMIN(false) // Admin for this event
@@ -8,11 +8,13 @@ public enum Role {
    private boolean inDatabase;
-    Role(boolean inDb) {
+    BeanRole(boolean inDb) {
        inDatabase = inDb;
    }
    public boolean isInDatabase() {
        return inDatabase;
    }
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Permission.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Permission.java
@@ -15,7 +15,7 @@ public enum Permission {
    PERMISSION("Description"),
    LOGIN("User can see loginbutton. (only defaultuser should have permission to that one)"),
-    userManagement;
+    USER_MANAGEMENT("User has right to manage users.... ");
    private static final Logger logger = LoggerFactory.getLogger(Permission.class);
    private String description;

--- a/code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
+++ b/code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
@@ -3,12 +3,16 @@
 <sun-web-app error-url="">
 	<context-root>/LanBortalWeb</context-root>
 	<security-role-mapping>
-		<role-name>admin</role-name>
+		<role-name>SUPERADMIN</role-name>
-		<group-name>admin</group-name>
+		<group-name>SUPERADMIN</group-name>
 	</security-role-mapping>
 	<security-role-mapping>
-		<role-name>user</role-name>
+		<role-name>ADMIN_BASE</role-name>
-		<group-name>user</group-name>
+		<group-name>ADMIN_BASE</group-name>
+	</security-role-mapping>
+	<security-role-mapping>
+		<role-name>USER_BASE</role-name>
+		<group-name>USER_BASE</group-name>
 	</security-role-mapping>
 	<class-loader delegate="true" />
 	<jsp-config>

--- a/code/LanBortalWeb/WebContent/WEB-INF/web.xml
+++ b/code/LanBortalWeb/WebContent/WEB-INF/web.xml
@@ -44,10 +44,13 @@
 		</form-login-config>
 	</login-config>
 	<security-role>
-		<role-name>admin</role-name>
+		<role-name>SUPERADMIN</role-name>
 	</security-role>
 	<security-role>
-		<role-name>user</role-name>
+		<role-name>USER_BASE</role-name>
+	</security-role>
+	<security-role>
+		<role-name>ADMIN_BASE</role-name>
 	</security-role>
 	<security-constraint>
 		<web-resource-collection>

--- a/code/LanBortalWeb/WebContent/generateTestData.xhtml
+++ b/code/LanBortalWeb/WebContent/generateTestData.xhtml
@@ -14,7 +14,8 @@
            <br />
            <br />
            <h:commandButton value="print places debug info" action="#{TestDataView.printPlacesInfo}" />
-        </h:form>
+             <br />
+             </h:form>
    </h:body>
 </html>
--- a/code/LanBortalWeb/WebContent/resources/tools/canExecute.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/canExecute.xhtml
@@ -17,7 +17,7 @@
 <composite:implementation>
 	<c:choose>
-		<c:when test='#{sessionHandler.canExecute(target) }'>
+		<c:when test='#{sessionHandler.canExecute(cc.attrs.target) }'>
 			<composite:insertChildren />
 		</c:when>
 		<c:otherwise>

--- a/code/LanBortalWeb/WebContent/resources/tools/canWrite.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/canWrite.xhtml
@@ -17,7 +17,7 @@
 <composite:implementation>
 	<c:choose>
-		<c:when test='#{sessionHandler.canWrite(target) }'>
+		<c:when test='#{sessionHandler.canWrite(cc.attrs.target) }'>
 			<composite:insertChildren />
 		</c:when>
 		<c:otherwise>

--- a/code/LanBortalWeb/WebContent/resources/tools/user/list.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/user/list.xhtml
@@ -16,7 +16,7 @@
    <composite:implementation>
-        <tools:canRead target="userManagement" >
+        <tools:canRead target="USER_MANAGEMENT" >
            <h:form>
                <h:dataTable
                    border="1"
@@ -66,7 +66,7 @@
                        <h:outputText value="#{user.female}" />
                    </h:column>
-                    <tools:canWrite target="userManagement" >
+                    <tools:canWrite target="USER_MANAGEMENT" >
                        <h:column>
                            <f:facet name="header">
                                <h:outputText value="Edit" />

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java
 package fi.insomnia.bortal;
 import java.io.IOException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -82,6 +83,5 @@ public class HostnameFilter implements Filter {
        }
        return ret;
    }
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/TestDataView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/TestDataView.java
@@ -10,6 +10,7 @@ import javax.faces.bean.ManagedProperty;
 import javax.faces.bean.RequestScoped;
 import fi.insomnia.bortal.beans.TestDataBeanLocal;
+import fi.insomnia.bortal.beans.UserBeanLocal;
 import fi.insomnia.bortal.handler.SessionHandler;
 import fi.insomnia.bortal.model.Event;
 import fi.insomnia.bortal.model.EventMap;
@@ -25,6 +26,8 @@ public class TestDataView {
    @EJB
    private TestDataBeanLocal testdatabean;
+    @EJB
+    private UserBeanLocal userbean;
    @ManagedProperty("#{sessionHandler}")
    private SessionHandler sessionhandler;
@@ -57,5 +60,6 @@ public class TestDataView {
        return null;
    }
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
@@ -14,6 +14,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.SecurityBeanLocal;
 import fi.insomnia.bortal.beans.JaasBeanLocal;
 import fi.insomnia.bortal.beans.UserBeanLocal;
+import fi.insomnia.bortal.enums.Permission;
 import fi.insomnia.bortal.exceptions.PermissionDeniedException;
 import fi.insomnia.bortal.handler.SessionHandler;
 import fi.insomnia.bortal.model.User;
@@ -48,7 +49,7 @@ public class UserView {
    }
    public String createUser() {
-        if (!getSessionhandler().canWrite("userManagement")) {
+        if (!getSessionhandler().canWrite(Permission.USER_MANAGEMENT.name())) {
            // Give message to administration what happened here.
            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create user!");
        }