Skip to content

Max Mecklin / Moya

Go to a project
Commit e42c0481 by Tuomas Riihimäki
Options

Permissiopuljausta. Otetaan kiinni PermissionDeniedException ( ja muutama muu ) … 

…BortalExceptionHandler luokalla ja näytetään järkevä virheilmoitus.
1 parent 36d97681
Inline Side-by-side
Showing with 118 additions and 102 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
...@@ -13,7 +13,7 @@ import fi.insomnia.bortal.beanutil.AuthorisationBeanLocal.RightType; ...@@ -13,7 +13,7 @@ import fi.insomnia.bortal.beanutil.AuthorisationBeanLocal.RightType;
import fi.insomnia.bortal.beanutil.PdfPrinter; import fi.insomnia.bortal.beanutil.PdfPrinter;
import fi.insomnia.bortal.enums.Permission; import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission; import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.BillFacade; import fi.insomnia.bortal.facade.BillFacade;
import fi.insomnia.bortal.facade.BillLineFacade; import fi.insomnia.bortal.facade.BillLineFacade;
import fi.insomnia.bortal.facade.EventFacade; import fi.insomnia.bortal.facade.EventFacade;
...@@ -102,11 +102,11 @@ public class BillBean implements BillBeanLocal { ...@@ -102,11 +102,11 @@ public class BillBean implements BillBeanLocal {
} }
@Override @Override
public Bill createEmptyBill(User shoppingUser) throws EjbPermissionDeniedException { public Bill createEmptyBill(User shoppingUser) {
if (shoppingUser != null && userBean.hasCurrentUserPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE)) { if (shoppingUser != null && userBean.hasCurrentUserPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE)) {
String msg = new StringBuilder("User tried to shop to ").append(shoppingUser.getId()).append(" another without sufficient rights").toString(); String msg = new StringBuilder("User tried to shop to ").append(shoppingUser.getId()).append(" another without sufficient rights").toString();
throw new EjbPermissionDeniedException(secubean, userBean.getCurrentUser(), msg); throw new PermissionDeniedException(secubean, userBean.getCurrentUser(), msg);
} }
if (shoppingUser == null) { if (shoppingUser == null) {
shoppingUser = userBean.getCurrentUser(); shoppingUser = userBean.getCurrentUser();
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceMapBean.java
...@@ -16,7 +16,7 @@ import org.slf4j.LoggerFactory; ...@@ -16,7 +16,7 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission; import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission; import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.EventMapFacade; import fi.insomnia.bortal.facade.EventMapFacade;
import fi.insomnia.bortal.facade.PlaceFacade; import fi.insomnia.bortal.facade.PlaceFacade;
import fi.insomnia.bortal.model.EventMap; import fi.insomnia.bortal.model.EventMap;
...@@ -51,11 +51,11 @@ public class PlaceMapBean implements PlaceMapBeanLocal { ...@@ -51,11 +51,11 @@ public class PlaceMapBean implements PlaceMapBeanLocal {
@EJB @EJB
private EventBeanLocal eventbean; private EventBeanLocal eventbean;
public void printPlaceMapToStream(OutputStream outputStream, String filetype, Integer mapId, List<Integer> placeIds) throws IOException, EjbPermissionDeniedException { public void printPlaceMapToStream(OutputStream outputStream, String filetype, Integer mapId, List<Integer> placeIds) throws IOException {
User user = userbean.getCurrentUser(); User user = userbean.getCurrentUser();
if (!userbean.hasPermission(Permission.TICKET_SALES, user, RolePermission.READ)) { if (!userbean.hasPermission(Permission.TICKET_SALES, user, RolePermission.READ)) {
throw new EjbPermissionDeniedException(secubean, user, "User has no right to view placemap ( TICKET_SALES, READ )"); throw new PermissionDeniedException(secubean, user, "User has no right to view placemap ( TICKET_SALES, READ )");
} }
long begin = new Date().getTime(); long begin = new Date().getTime();
...@@ -84,7 +84,7 @@ public class PlaceMapBean implements PlaceMapBeanLocal { ...@@ -84,7 +84,7 @@ public class PlaceMapBean implements PlaceMapBeanLocal {
} }
if (map == null) { if (map == null) {
throw new EjbPermissionDeniedException(secubean, user, "Map not found with id: " + mapId + " and event id: " + eventbean.getCurrentEvent()); throw new PermissionDeniedException(secubean, user, "Map not found with id: " + mapId + " and event id: " + eventbean.getCurrentEvent());
} }
logger.debug("Got map object {}", map); logger.debug("Got map object {}", map);
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/ProductBean.java
...@@ -3,6 +3,7 @@ package fi.insomnia.bortal.beans; ...@@ -3,6 +3,7 @@ package fi.insomnia.bortal.beans;
import java.math.BigDecimal; import java.math.BigDecimal;
import java.util.List; import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.ejb.Stateless; import javax.ejb.Stateless;
...@@ -35,6 +36,7 @@ public class ProductBean implements ProductBeanLocal { ...@@ -35,6 +36,7 @@ public class ProductBean implements ProductBeanLocal {
} }
@Override @Override
@RolesAllowed("ADMIN_BASE")
public Product createProduct(String name, BigDecimal price) { public Product createProduct(String name, BigDecimal price) {
Product entity = new Product(eventBean.getCurrentEvent(), name, price); Product entity = new Product(eventBean.getCurrentEvent(), name, price);
productFacade.create(entity); productFacade.create(entity);
...@@ -47,6 +49,7 @@ public class ProductBean implements ProductBeanLocal { ...@@ -47,6 +49,7 @@ public class ProductBean implements ProductBeanLocal {
} }
@Override @Override
@RolesAllowed("ADMIN_BASE")
public void mergeChanges(Product product) { public void mergeChanges(Product product) {
productFacade.merge(product); productFacade.merge(product);
} }
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
...@@ -59,7 +59,6 @@ public class RoleBean implements RoleBeanLocal { ...@@ -59,7 +59,6 @@ public class RoleBean implements RoleBeanLocal {
public List<Role> getPossibleParents(Role role) { public List<Role> getPossibleParents(Role role) {
List<Role> roleList = listRoles(); List<Role> roleList = listRoles();
if (role == null) if (role == null)
return roleList; return roleList;
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
...@@ -17,7 +17,7 @@ import org.slf4j.LoggerFactory; ...@@ -17,7 +17,7 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission; import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission; import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.facade.RoleFacade; import fi.insomnia.bortal.facade.RoleFacade;
import fi.insomnia.bortal.facade.UserFacade; import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.AccessRight; import fi.insomnia.bortal.model.AccessRight;
...@@ -73,10 +73,10 @@ public class UserBean implements UserBeanLocal { ...@@ -73,10 +73,10 @@ public class UserBean implements UserBeanLocal {
return returnUser; return returnUser;
} }
public List<User> getUsers() throws EjbPermissionDeniedException { public List<User> getUsers() {
User curruser = getCurrentUser(); User curruser = getCurrentUser();
if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.READ)) { if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.READ)) {
throw new EjbPermissionDeniedException(secubean, curruser, "User tried to execute getUsers function with insufficient permissions"); throw new PermissionDeniedException(secubean, curruser, "User tried to execute getUsers function with insufficient permissions");
} }
List<User> ret = userFacade.findAll(); List<User> ret = userFacade.findAll();
...@@ -85,10 +85,10 @@ public class UserBean implements UserBeanLocal { ...@@ -85,10 +85,10 @@ public class UserBean implements UserBeanLocal {
} }
@Override @Override
public User mergeChanges(User user) throws EjbPermissionDeniedException { public User mergeChanges(User user) {
User curruser = getCurrentUser(); User curruser = getCurrentUser();
if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.WRITE) || !user.equals(curruser)) { if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.WRITE) || !user.equals(curruser)) {
throw new EjbPermissionDeniedException(secubean, curruser, "User tried to merge someone others data with insufficient permissions"); throw new PermissionDeniedException(secubean, curruser, "User tried to merge someone others data with insufficient permissions");
} }
return userFacade.merge(user); return userFacade.merge(user);
} }
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/BillBeanLocal.java
...@@ -5,7 +5,6 @@ import java.util.List; ...@@ -5,7 +5,6 @@ import java.util.List;
import javax.ejb.Local; import javax.ejb.Local;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException;
import fi.insomnia.bortal.model.Bill; import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.BillLine; import fi.insomnia.bortal.model.BillLine;
import fi.insomnia.bortal.model.Product; import fi.insomnia.bortal.model.Product;
...@@ -18,7 +17,7 @@ public interface BillBeanLocal { ...@@ -18,7 +17,7 @@ public interface BillBeanLocal {
ByteArrayOutputStream getPdfBillStream(Bill bill); ByteArrayOutputStream getPdfBillStream(Bill bill);
Bill createEmptyBill(User shoppingUser) throws EjbPermissionDeniedException; Bill createEmptyBill(User shoppingUser);
BillLine addProductToBill(Bill bill, Product product, BigDecimal count); BillLine addProductToBill(Bill bill, Product product, BigDecimal count);
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PlaceMapBeanLocal.java
...@@ -8,7 +8,6 @@ import javax.ejb.Local; ...@@ -8,7 +8,6 @@ import javax.ejb.Local;
import org.granite.messaging.service.annotations.RemoteDestination; import org.granite.messaging.service.annotations.RemoteDestination;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException;
import fi.insomnia.bortal.model.EventMap; import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.Place; import fi.insomnia.bortal.model.Place;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
...@@ -17,7 +16,7 @@ import fi.insomnia.bortal.model.User; ...@@ -17,7 +16,7 @@ import fi.insomnia.bortal.model.User;
@RemoteDestination @RemoteDestination
public interface PlaceMapBeanLocal { public interface PlaceMapBeanLocal {
void printPlaceMapToStream(OutputStream outputStream, String filetype, Integer mapId, List<Integer> placeIds) throws EjbPermissionDeniedException,IOException; void printPlaceMapToStream(OutputStream outputStream, String filetype, Integer mapId, List<Integer> placeIds) throws IOException;
public String getSelectPlaceMapUrl(EventMap activeMap, List<Place> selectedPlaces, User user); public String getSelectPlaceMapUrl(EventMap activeMap, List<Place> selectedPlaces, User user);
public long selectablePlaceCount(User user); public long selectablePlaceCount(User user);
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
...@@ -6,7 +6,6 @@ import javax.ejb.Local; ...@@ -6,7 +6,6 @@ import javax.ejb.Local;
import fi.insomnia.bortal.enums.Permission; import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission; import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
...@@ -15,11 +14,11 @@ public interface UserBeanLocal { ...@@ -15,11 +14,11 @@ public interface UserBeanLocal {
User createNewUser(String nick, String password); User createNewUser(String nick, String password);
List<User> getUsers() throws EjbPermissionDeniedException; List<User> getUsers();
User getUser(String nick); User getUser(String nick);
User mergeChanges(User currentUser) throws EjbPermissionDeniedException; User mergeChanges(User currentUser);
User getCurrentUser(); User getCurrentUser();
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/BeanRole.java
...@@ -5,6 +5,7 @@ import java.util.Set; ...@@ -5,6 +5,7 @@ import java.util.Set;
public enum BeanRole { public enum BeanRole {
// If modified update to sun-web.xml
// Bean level access // Bean level access
ANONYMOUS, // Unauthenticated web user ANONYMOUS, // Unauthenticated web user
USER_BASE, // JAAS access for logged in user USER_BASE, // JAAS access for logged in user
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/exceptions/EjbPermissionDeniedException.java code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/exceptions/PermissionDeniedException.java
...@@ -3,9 +3,9 @@ package fi.insomnia.bortal.exceptions; ...@@ -3,9 +3,9 @@ package fi.insomnia.bortal.exceptions;
import fi.insomnia.bortal.beans.SecurityBeanLocal; import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
public class EjbPermissionDeniedException extends Exception { public class PermissionDeniedException extends RuntimeException {
public EjbPermissionDeniedException(SecurityBeanLocal bean, User user, String message) { public PermissionDeniedException(SecurityBeanLocal bean, User user, String message) {
super(message); super(message);
bean.logPermissionDenied(user, this); bean.logPermissionDenied(user, this);
......
code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
...@@ -3,6 +3,15 @@ ...@@ -3,6 +3,15 @@
<sun-web-app error-url="/auth/login.jsf"> <sun-web-app error-url="/auth/login.jsf">
<context-root>/LanBortalWeb</context-root> <context-root>/LanBortalWeb</context-root>
<security-role-mapping> <security-role-mapping>
<role-name>ANONYMOUS</role-name>
<group-name>ANONYMOUS</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ORGANIZATION_ROOT</role-name>
<group-name>ORGANIZATION_ROOT</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>SUPERADMIN</role-name> <role-name>SUPERADMIN</role-name>
<group-name>SUPERADMIN</group-name> <group-name>SUPERADMIN</group-name>
</security-role-mapping> </security-role-mapping>
......
code/LanBortalWeb/WebContent/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>LanBortalWeb</display-name> <display-name>LanBortalWeb</display-name>
<session-config> <session-config>
...@@ -56,15 +59,38 @@ ...@@ -56,15 +59,38 @@
<security-role> <security-role>
<role-name>ADMIN_BASE</role-name> <role-name>ADMIN_BASE</role-name>
</security-role> </security-role>
<security-role>
<role-name>ANONYMOUS</role-name>
</security-role>
<security-role>
<role-name>ORGANIZATION_ROOT</role-name>
</security-role>
<security-constraint> <security-constraint>
<web-resource-collection> <web-resource-collection>
<web-resource-name>forbidden</web-resource-name> <web-resource-name>forbidden</web-resource-name>
<url-pattern>*.xhtml</url-pattern> <url-pattern>*.xhtml</url-pattern>
<url-pattern>/layout/*</url-pattern>
<url-pattern>/resources/tools/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Thou shall not read the sources or use utils directly</description>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Forbidden resource</display-name>
<web-resource-collection>
<web-resource-name>Forbidden</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
<url-pattern>/layout/*</url-pattern>
<url-pattern>/resources/tools/*</url-pattern>
</web-resource-collection> </web-resource-collection>
<auth-constraint> <auth-constraint>
<description>Thou shall not read the sources..</description> <description>Thou shall not read the sources or use utils directly</description>
</auth-constraint> </auth-constraint>
</security-constraint> </security-constraint>
<servlet> <servlet>
<description></description> <description></description>
<display-name>PrintBill</display-name> <display-name>PrintBill</display-name>
......
code/LanBortalWeb/WebContent/permissionDenied.xhtml
...@@ -7,13 +7,11 @@ ...@@ -7,13 +7,11 @@
<title></title> <title></title>
</h:head> </h:head>
<h:body> <h:body>
<ui:composition template="/layout/default-template.xhtml"> <ui:composition template="/layout/insomnia1/template.xhtml">
<ui:define name="title">HelloWorld</ui:define> <ui:param name="thispage" value="page.permissionDenied" />
<ui:define name="header">Header</ui:define>
<ui:define name="content"> <ui:define name="content">
<h1>Permission Denied!</h1> <h1>Permission Denied!</h1>
</ui:define> </ui:define>
<ui:define name="footer">footer</ui:define>
</ui:composition> </ui:composition>
</h:body> </h:body>
</html> </html>
\ No newline at end of file
code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java
...@@ -66,7 +66,7 @@ public class HostnameFilter implements Filter { ...@@ -66,7 +66,7 @@ public class HostnameFilter implements Filter {
String hostname = url.substring(beginindex, lastindex); String hostname = url.substring(beginindex, lastindex);
logger.debug("Setting hostname to {} ", hostname); logger.debug("Setting hostname to {} ", hostname);
httpRequest.getSession().setAttribute(EventBeanLocal.HTTP_URL_HOSTNAME, hostname); httpRequest.getSession().setAttribute(EventBeanLocal.HTTP_URL_HOSTNAME, hostname);
ThreadLocalContextHolder.put(EventBeanLocal.HTTP_URL_HOSTNAME, hostname); ThreadLocalContextHolder.put(EventBeanLocal.HTTP_URL_HOSTNAME, hostname);
} }
// pass the request along the filter chain // pass the request along the filter chain
......
code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/BortalExceptionHandler.java
...@@ -3,6 +3,7 @@ package fi.insomnia.bortal.exceptions; ...@@ -3,6 +3,7 @@ package fi.insomnia.bortal.exceptions;
import java.util.Iterator; import java.util.Iterator;
import java.util.Map; import java.util.Map;
import javax.ejb.EJBAccessException;
import javax.faces.FacesException; import javax.faces.FacesException;
import javax.faces.application.NavigationHandler; import javax.faces.application.NavigationHandler;
import javax.faces.application.ViewExpiredException; import javax.faces.application.ViewExpiredException;
...@@ -32,21 +33,31 @@ public class BortalExceptionHandler extends ExceptionHandlerWrapper { ...@@ -32,21 +33,31 @@ public class BortalExceptionHandler extends ExceptionHandlerWrapper {
@Override @Override
public void handle() throws FacesException { public void handle() throws FacesException {
logger.debug("Handling exceptions");
for (Iterator<ExceptionQueuedEvent> i = getUnhandledExceptionQueuedEvents().iterator(); i.hasNext();) { for (Iterator<ExceptionQueuedEvent> i = getUnhandledExceptionQueuedEvents().iterator(); i.hasNext();) {
ExceptionQueuedEvent event = i.next(); ExceptionQueuedEvent event = i.next();
ExceptionQueuedEventContext context = (ExceptionQueuedEventContext) event.getSource(); ExceptionQueuedEventContext context = (ExceptionQueuedEventContext) event.getSource();
Throwable t = context.getException(); Throwable t = context.getException();
logger.debug("Found exception! handing it: {}", t.getClass().toString());
if (t instanceof ViewExpiredException) { if (t instanceof ViewExpiredException) {
errorpage(i, t, "viewExpired"); errorpage(i, t, "viewExpired");
} else if (t instanceof PermissionDeniedException) {
errorpage(i, t, "permissionDenied");
} }
Throwable cause = t;
while (cause != null) {
logger.debug("Cause not null, but {}, checking" + t.getClass().toString());
if (cause instanceof PermissionDeniedException ||
cause instanceof EJBAccessException ||
cause instanceof PermissionDeniedException ) {
logger.debug("Found Permission Denied cause: {}", cause);
errorpage(i, t, "permissionDenied");
break;
}
cause = cause.getCause();
}
} }
// At this point, the queue will not contain any ViewExpiredEvents. // At this point, the queue will not contain any ViewExpiredEvents.
...@@ -58,14 +69,21 @@ public class BortalExceptionHandler extends ExceptionHandlerWrapper { ...@@ -58,14 +69,21 @@ public class BortalExceptionHandler extends ExceptionHandlerWrapper {
} }
private void errorpage(Iterator<ExceptionQueuedEvent> i, Throwable t, String navigateTo) { private void errorpage(Iterator<ExceptionQueuedEvent> i, Throwable t, String navigateTo) {
ViewExpiredException vee = (ViewExpiredException) t; logger.info("navigating to {} because root exception: {}", navigateTo, t.getClass());
ViewExpiredException vee = null;
if (t instanceof ViewExpiredException) {
vee = (ViewExpiredException) t;
}
FacesContext fc = FacesContext.getCurrentInstance(); FacesContext fc = FacesContext.getCurrentInstance();
Map<String, Object> requestMap = fc.getExternalContext().getRequestMap(); Map<String, Object> requestMap = fc.getExternalContext().getRequestMap();
NavigationHandler nav = fc.getApplication().getNavigationHandler(); NavigationHandler nav = fc.getApplication().getNavigationHandler();
try { try {
// Push some useful stuff to the request scope for // Push some useful stuff to the request scope for
// use in the page // use in the page
requestMap.put("currentViewId", vee.getViewId()); if (vee != null) {
requestMap.put("currentViewId", vee.getViewId());
}
nav.handleNavigation(fc, null, navigateTo); nav.handleNavigation(fc, null, navigateTo);
fc.renderResponse(); fc.renderResponse();
} finally { } finally {
......
code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/PermissionDeniedException.java deleted 100644 → 0
package fi.insomnia.bortal.exceptions;
import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.model.User;
public class PermissionDeniedException extends RuntimeException {
public PermissionDeniedException(SecurityBeanLocal bean, User user, String message) {
super(message);
bean.logPermissionDenied(user, this);
}
public PermissionDeniedException(EjbPermissionDeniedException e)
{
super(e.getMessage());
// Let's not log. EJB already logged...
}
/**
*
*/
private static final long serialVersionUID = 7909254489997475124L;
}
code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
...@@ -151,7 +151,6 @@ public class SessionHandler { ...@@ -151,7 +151,6 @@ public class SessionHandler {
{ {
boolean ret = userbean.isLoggedIn(); boolean ret = userbean.isLoggedIn();
logger.info("Is logged in: {}", ret);
return ret; return ret;
} }
} }
code/LanBortalWeb/src/fi/insomnia/bortal/servlet/PlaceMap.java
...@@ -20,7 +20,7 @@ import org.slf4j.LoggerFactory; ...@@ -20,7 +20,7 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.EventBeanLocal; import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.PlaceMapBeanLocal; import fi.insomnia.bortal.beans.PlaceMapBeanLocal;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
/** /**
* *
...@@ -84,7 +84,7 @@ public class PlaceMap extends HttpServlet { ...@@ -84,7 +84,7 @@ public class PlaceMap extends HttpServlet {
* out.println("<h1>Servlet PlaceMap at " + request.getContextPath * out.println("<h1>Servlet PlaceMap at " + request.getContextPath
* () + "</h1>"); out.println("</body>"); out.println("</html>"); * () + "</h1>"); out.println("</body>"); out.println("</html>");
*/ */
} catch (EjbPermissionDeniedException e) { } catch (PermissionDeniedException e) {
logger.debug("Permission deniedn. Returning SC_NOT_FOUND!"); logger.debug("Permission deniedn. Returning SC_NOT_FOUND!");
response.setContentType("text/html;charset=UTF-8"); response.setContentType("text/html;charset=UTF-8");
response.setStatus(HttpServletResponse.SC_NOT_FOUND); response.setStatus(HttpServletResponse.SC_NOT_FOUND);
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/ProductShopView.java
...@@ -23,7 +23,6 @@ import fi.insomnia.bortal.beans.BillBeanLocal; ...@@ -23,7 +23,6 @@ import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.EventBeanLocal; import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.ProductBeanLocal; import fi.insomnia.bortal.beans.ProductBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal; import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException;
import fi.insomnia.bortal.exceptions.PermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.model.Bill; import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.Product; import fi.insomnia.bortal.model.Product;
...@@ -54,24 +53,21 @@ public class ProductShopView { ...@@ -54,24 +53,21 @@ public class ProductShopView {
return items; return items;
} }
public ActionListener getBillCommitAL() public ActionListener getBillCommitAL() {
{
logger.info("Fetching billCommitAl()"); logger.info("Fetching billCommitAl()");
return new ActionListener(){ return new ActionListener() {
@Override @Override
public void processAction(ActionEvent event) throws AbortProcessingException { public void processAction(ActionEvent event) throws AbortProcessingException {
logger.info("Executing BillCommit AL"); logger.info("Executing BillCommit AL");
}}; }
};
} }
public void commitBillCart() { public void commitBillCart() {
logger.debug("Committing billCart"); logger.debug("Committing billCart");
Iterator<ProductShopItem> cartIter = billCart.iterator(); Iterator<ProductShopItem> cartIter = billCart.iterator();
Bill bill = null; Bill bill = null;
try { bill = billBean.createEmptyBill(getShoppingUser());
bill = billBean.createEmptyBill(getShoppingUser());
} catch (EjbPermissionDeniedException e) {
throw new PermissionDeniedException(e);
}
bill.setOurReference(eventBean.getCurrentEvent().getName()); bill.setOurReference(eventBean.getCurrentEvent().getName());
while (cartIter.hasNext()) { while (cartIter.hasNext()) {
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
...@@ -13,13 +13,11 @@ import javax.faces.model.ListDataModel; ...@@ -13,13 +13,11 @@ import javax.faces.model.ListDataModel;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.I18n; import fi.insomnia.bortal.I18n;
import fi.insomnia.bortal.beans.SecurityBeanLocal; import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.beans.JaasBeanLocal; import fi.insomnia.bortal.beans.JaasBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal; import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.Permission; import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException;
import fi.insomnia.bortal.exceptions.PermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.handler.SessionHandler; import fi.insomnia.bortal.handler.SessionHandler;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
...@@ -46,25 +44,22 @@ public class UserView { ...@@ -46,25 +44,22 @@ public class UserView {
public String edit() { public String edit() {
setUser(items.getRowData()); setUser(items.getRowData());
logger.info("Editing: Firstname: {} ",getUser().getFirstnames()); logger.info("Editing: Firstname: {} ", getUser().getFirstnames());
return "userEdit"; return "userEdit";
} }
public void initSelfedit() public void initSelfedit() {
{
user = userBean.getCurrentUser(); user = userBean.getCurrentUser();
} }
public String createUser() { public String createUser() {
if (!getSessionhandler().canWrite(Permission.USER_MANAGEMENT)) { if (!getSessionhandler().canWrite(Permission.USER_MANAGEMENT)) {
// Give message to administration what happened here. // Give message to administration what happened here.
throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create user!"); throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create user!");
} }
if(null != userBean.getUser(login)) if (null != userBean.getUser(login)) {
{
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(I18n.get("userview.userExists"))); FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(I18n.get("userview.userExists")));
return "create"; return "create";
} }
...@@ -85,22 +80,16 @@ public class UserView { ...@@ -85,22 +80,16 @@ public class UserView {
} }
public String saveUser() { public String saveUser() {
try { setUser(userBean.mergeChanges(getUser()));
setUser(userBean.mergeChanges(getUser())); logger.info("Firstname: {} ", getUser().getFirstnames());
logger.info("Firstname: {} ",getUser().getFirstnames());
} catch (EjbPermissionDeniedException e) {
throw new PermissionDeniedException(e);
}
return "userSave"; return "userSave";
} }
public ListDataModel<User> getUsers() { public ListDataModel<User> getUsers() {
List<User> users; List<User> users;
try { users = userBean.getUsers();
users = userBean.getUsers();
} catch (EjbPermissionDeniedException e) {
throw new PermissionDeniedException(e);
}
items = new ListDataModel<User>(users); items = new ListDataModel<User>(users);
logger.info("Fetching users. Found {}", items.getRowCount()); logger.info("Fetching users. Found {}", items.getRowCount());
......
code/LanBortalWeb/src/resources/i18n.properties
...@@ -21,6 +21,8 @@ page.auth.notauthorized.pagegroup=frontpage ...@@ -21,6 +21,8 @@ page.auth.notauthorized.pagegroup=frontpage
page.bill.list.pagegroup=user page.bill.list.pagegroup=user
page.viewexpired.pagegroup=frontpage
page.product.create.pagegroup=admin page.product.create.pagegroup=admin
page.product.createBill.pagegroup=shop page.product.createBill.pagegroup=shop
page.product.edit.pagegroup=admin page.product.edit.pagegroup=admin
...@@ -37,7 +39,8 @@ page.user.edit.pagegroup=user ...@@ -37,7 +39,8 @@ page.user.edit.pagegroup=user
page.user.list.pagegroup=user page.user.list.pagegroup=user
page.user.editself.pagegroup=user page.user.editself.pagegroup=user
page.auth.login.loginerror=frontpage page.auth.login.loginerror.pagegroup=frontpage
page.auth.login.logout=frontpage page.auth.login.logout.pagegroup=frontpage
page.viewexpired=frontpage page.viewexpired.pagegroup=frontpage
\ No newline at end of file page.permissionDenied.pagegroup=frontpage
\ No newline at end of file
code/LanBortalWeb/src/resources/i18n_en.properties
...@@ -50,6 +50,8 @@ product.save=Save ...@@ -50,6 +50,8 @@ product.save=Save
product.sort=Sort product.sort=Sort
product.unitName=Product unit product.unitName=Product unit
product.vat=VAT product.vat=VAT
product.cart.count=Count
role.create=Create role role.create=Create role
role.edit=Edit role.edit=Edit
role.name=Name role.name=Name
...@@ -96,4 +98,5 @@ sidebar.product.list=List products ...@@ -96,4 +98,5 @@ sidebar.product.list=List products
sidebar.product.createBill=Create bill sidebar.product.createBill=Create bill
sidebar.role.create=Create role sidebar.role.create=Create role
sidebar.role.list=List roles sidebar.role.list=List roles
sidebar.map.placemap=Select places sidebar.map.placemap=Select places
\ No newline at end of file
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!