Added security messages

Tuomas Riihimäki
Commit fbb74bd0 authored Apr 18, 2010 by Tuomas Riihimäki
Showing with 81 additions and 110 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
code/LanBortalWeb/WebContent/WEB-INF/web.xml
code/LanBortalWeb/WebContent/auth/login.xhtml
code/LanBortalWeb/WebContent/login.xhtml
code/LanBortalWeb/WebContent/resources/tools/login/logout.xhtml
code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
@@ -27,13 +27,13 @@ public class UserFacade extends GenericFacade<Integer, User>{

    public User findByLogin(String login) {
        // TODO: Bug in glassfish.... change when fixed...
-        // TypedQuery<User> q = em.createNamedQuery("User.findByLogin",
-        // User.class);
-        // q.setParameter("login", login);
-        // return q.getSingleResult();
-        TypedQuery<User> q = em.createQuery("SELECT u FROM User u WHERE u.login = :login", User.class);
-        q.setParameter("login", login);
-        return getSingleNullableResult(q);
+         TypedQuery<User> q = em.createNamedQuery("User.findByLogin",
+         User.class);
+         q.setParameter("login", login);
+         return getSingleNullableResult(q);
+//        TypedQuery<User> q = em.createQuery("SELECT u FROM User u WHERE u.login = :login", User.class);
+//        q.setParameter("login", login);
+      //  return getSingleNullableResult(q);
    }

   

--- a/code/LanBortalWeb/WebContent/WEB-INF/web.xml
+++ b/code/LanBortalWeb/WebContent/WEB-INF/web.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app id="WebApp_ID" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-    <display-name>LanBortalWeb</display-name>
-    <context-param>
-        <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
-        <param-value>true</param-value>
-    </context-param>
-    <servlet-mapping>
-        <servlet-name>PlaceMap</servlet-name>
-        <url-pattern>/PlaceMap</url-pattern>
-    </servlet-mapping>
+	<display-name>LanBortalWeb</display-name>
+	<context-param>
+		<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
+		<param-value>true</param-value>
+	</context-param>
+	<servlet-mapping>
+		<servlet-name>PlaceMap</servlet-name>
+		<url-pattern>/PlaceMap</url-pattern>
+	</servlet-mapping>

-    <welcome-file-list>
-        <welcome-file>index.html</welcome-file>
-        <welcome-file>index.jsf</welcome-file>
-        <welcome-file>index.jsp</welcome-file>
-    </welcome-file-list>
-    <servlet>
-        <servlet-name>Faces Servlet</servlet-name>
-        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
-    </servlet>
-    <servlet>
-        <servlet-name>PlaceMap</servlet-name>
-        <servlet-class>fi.insomnia.bortal.servlet.PlaceMap</servlet-class>
-    </servlet>
-    <servlet-mapping>
-        <servlet-name>Faces Servlet</servlet-name>
-        <url-pattern>*.jsf</url-pattern>
-    </servlet-mapping>
+	<welcome-file-list>
+		<welcome-file>index.html</welcome-file>
+		<welcome-file>index.jsf</welcome-file>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
+	<servlet>
+		<servlet-name>Faces Servlet</servlet-name>
+		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
+	</servlet>
+	<servlet>
+		<servlet-name>PlaceMap</servlet-name>
+		<servlet-class>fi.insomnia.bortal.servlet.PlaceMap</servlet-class>
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>Faces Servlet</servlet-name>
+		<url-pattern>*.jsf</url-pattern>
+	</servlet-mapping>

-    <filter>
-        <display-name>HostnameFilter</display-name>
-        <filter-name>HostnameFilter</filter-name>
-        <filter-class>fi.insomnia.bortal.HostnameFilter</filter-class>
-    </filter>
-    <filter-mapping>
-        <filter-name>HostnameFilter</filter-name>
-        <servlet-name>Faces Servlet</servlet-name>
-    </filter-mapping>
+	<filter>
+		<display-name>HostnameFilter</display-name>
+		<filter-name>HostnameFilter</filter-name>
+		<filter-class>fi.insomnia.bortal.HostnameFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>HostnameFilter</filter-name>
+		<servlet-name>Faces Servlet</servlet-name>
+	</filter-mapping>

-    <login-config>
-        <auth-method>FORM</auth-method>
-        <realm-name>omniarealm</realm-name>
-        <form-login-config>
-            <form-login-page>/auth/login.jsf</form-login-page>
-            <form-error-page>/auth/loginError.jsf</form-error-page>
-        </form-login-config>
-    </login-config>
-    <security-role>
-        <role-name>admin</role-name>
-    </security-role>
-    <security-role>
-        <role-name>user</role-name>
-    </security-role>
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<realm-name>omniarealm</realm-name>
+		<form-login-config>
+			<form-login-page>/auth/login.jsf</form-login-page>
+			<form-error-page>/auth/loginError.jsf</form-error-page>
+		</form-login-config>
+	</login-config>
+	<security-role>
+		<role-name>admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>user</role-name>
+	</security-role>



-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>forbidden</web-resource-name>
-            <url-pattern>*.xhtml</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <description>Thou shall not read the sources..</description>
-        </auth-constraint>
-    </security-constraint>
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>forbidden</web-resource-name>
+			<url-pattern>*.xhtml</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<description>Thou shall not read the sources..</description>
+		</auth-constraint>
+	</security-constraint>

 </web-app>
--- a/code/LanBortalWeb/WebContent/auth/login.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/login.xhtml
 <!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:users="http://java.sun.com/jsf/composite/tools/user" xmlns:c="http://java.sun.com/jsp/jstl/core">
+<html xmlns="http://www.w3.org/1999/xhtml" 
+xmlns:ui="http://java.sun.com/jsf/facelets" 
+xmlns:h="http://java.sun.com/jsf/html"
+xmlns:f="http://java.sun.com/jsf/core" 
+xmlns:tools="http://java.sun.com/jsf/composite/tools" 
+xmlns:c="http://java.sun.com/jsp/jstl/core">
 <h:head>
 	<title></title>
 </h:head>
@@ -11,19 +16,7 @@
 		<ui:define name="header">Add new user</ui:define>
 		<ui:define name="content">

-			<form method="post" action="j_security_check">
-			<h:panelGrid columns="2">
-				<h:outputText value="#{i18n['login.username']}" />
-				<input type="text" name="j_username" />
-
-				<h:outputText value="#{i18n['login.password']}" />
-				<input type="password" name="j_password" />
-			</h:panelGrid>
-			<h:outputText>
-				<input type="submit" value="#{i18n['login.submit']}" />
-			</h:outputText>
-			</form>
-
+		<tools:login />
 		</ui:define>
 		<ui:define name="footer">footer</ui:define>
 	</ui:composition>

--- a/code/LanBortalWeb/WebContent/login.xhtml
+++ b/code/LanBortalWeb/WebContent/login.xhtml
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-
-<head>
-<title>Insomnia - Login</title>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-</head>
-<body>
-
-
-<form method="post" action="j_security_check">
-	<table>
-		<tr>
-			<td>Username:</td>
-			<td><input type="text" name="j_username" /></td>
-		</tr>
-		<tr>
-			<td>Password:</td>
-			<td><input type="password" name="j_password" /></td>
-		</tr>
-		<tr>
-			<td colspan="2"><input type="submit" name="submit" value="submit" /></td>
-		</tr>
-	</table>
-</form>
-
-</body>
-</html>
\ No newline at end of file
--- a/code/LanBortalWeb/WebContent/resources/tools/login/logout.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/login/logout.xhtml
@@ -14,7 +14,7 @@

    <composite:implementation>
        <h:form>
-            <h:commandButton action="#{sessionHandler.logout}" value="#{i18n['logout']}" />
+            <h:commandLink action="#{sessionHandler.logout}" value="#{i18n['logout']}" />
        </h:form>
    </composite:implementation>


--- a/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
@@ -13,6 +13,7 @@ import javax.servlet.http.HttpSession;

 import fi.insomnia.bortal.HostnameFilter;
 import fi.insomnia.bortal.beans.RolePermission;
+import fi.insomnia.bortal.beans.SecurityBeanLocal;
 import fi.insomnia.bortal.beans.SessionHandlerBeanLocal;
 import fi.insomnia.bortal.model.User;

@@ -28,6 +29,9 @@ public class SessionHandler {
    private SessionHandlerBeanLocal handlerbean;
    private User user = null;

+    @EJB
+    private SecurityBeanLocal secubean;
+
    /** Creates a new instance of SessionHandler */
    public SessionHandler() {
    }
@@ -81,8 +85,11 @@ public class SessionHandler {
        if (user == null) {
            this.user = getUser();

-        } else if (canExecute("impersonateUser")) {
+        } else if (canExecute("user")) {
+            secubean.logMessage(handlerbean.getCurrentUser(), "Successfully impersonating user id: " + user.getId() + " and login: " + user.getLogin());
            this.user = user;
+        } else {
+            secubean.logMessage(handlerbean.getCurrentUser(), "User tried to impersonate as id: "+user.getId()+" login: "+user.getLogin()+" but did not have enough rights");
        }
    }