Skip to content

Antti Väyrynen / Moya

Go to a project
Commit 66ef9bc6 by Tuomas Riihimäki
Options

Created hostname filter

1 parent b22ca1de
Inline Side-by-side
Showing with 144 additions and 18 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
...@@ -4,8 +4,11 @@ import java.util.HashSet; ...@@ -4,8 +4,11 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import javax.annotation.Resource;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -24,6 +27,11 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal { ...@@ -24,6 +27,11 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
@EJB @EJB
private UserFacade userfacade; private UserFacade userfacade;
private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class); private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class);
@Resource
private SessionContext sctx;
/** /**
* Default constructor. * Default constructor.
*/ */
...@@ -31,6 +39,7 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal { ...@@ -31,6 +39,7 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
// TODO Auto-generated constructor stub // TODO Auto-generated constructor stub
} }
@Override @Override
public boolean hasPermission(String target, User user, RolePermission permission) { public boolean hasPermission(String target, User user, RolePermission permission) {
User dbusr = userfacade.find(user.getId()); User dbusr = userfacade.find(user.getId());
...@@ -41,7 +50,7 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal { ...@@ -41,7 +50,7 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
} }
} }
return false; return false;
} }
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
...@@ -9,4 +9,5 @@ public interface SessionHandlerBeanLocal { ...@@ -9,4 +9,5 @@ public interface SessionHandlerBeanLocal {
boolean hasPermission(String target, User user, RolePermission permission); boolean hasPermission(String target, User user, RolePermission permission);
} }
code/LanBortalWeb/WebContent/WEB-INF/faces-config.xml
...@@ -59,6 +59,7 @@ ...@@ -59,6 +59,7 @@
<to-view-id>/modulePossibleReturnValues.xhtml</to-view-id> <to-view-id>/modulePossibleReturnValues.xhtml</to-view-id>
</navigation-case> </navigation-case>
</navigation-rule> </navigation-rule>
</faces-config> </faces-config>
......
code/LanBortalWeb/WebContent/WEB-INF/web.xml
...@@ -17,13 +17,14 @@ ...@@ -17,13 +17,14 @@
<servlet-name>Faces Servlet</servlet-name> <servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern> <url-pattern>*.jsf</url-pattern>
</servlet-mapping> </servlet-mapping>
<filter> <filter>
<display-name>EventI18nFilter</display-name> <display-name>HostnameFilter</display-name>
<filter-name>EventI18nFilter</filter-name> <filter-name>HostnameFilter</filter-name>
<filter-class>fi.insomnia.bortal.i18n.EventI18nFilter</filter-class> <filter-class>fi.insomnia.bortal.HostnameFilter</filter-class>
</filter> </filter>
<filter-mapping> <filter-mapping>
<filter-name>EventI18nFilter</filter-name> <filter-name>HostnameFilter</filter-name>
<url-pattern>/EventI18nFilter</url-pattern> <servlet-name>Faces Servlet</servlet-name>
</filter-mapping> </filter-mapping>
</web-app> </web-app>
\ No newline at end of file
code/LanBortalWeb/WebContent/user/list.xhtml
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
<ui:define name="header">Edit user</ui:define> <ui:define name="header">Edit user</ui:define>
<ui:define name="content"> <ui:define name="content">
<users:list /> <users:list />
</ui:define> </ui:define>
<ui:define name="footer">footer</ui:define> <ui:define name="footer">footer</ui:define>
</ui:composition> </ui:composition>
......
code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java 0 → 100644
package fi.insomnia.bortal;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Servlet Filter implementation class HostnameFilter
*/
public class HostnameFilter implements Filter {
private static final String HTTP_URL_HOSTNAME = "HTTP_URL_HOSTNAME";
private static final Logger logger = LoggerFactory.getLogger(HostnameFilter.class);
/**
* Default constructor.
*/
public HostnameFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// Nothing...
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (request != null && request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = ((HttpServletRequest) request);
StringBuffer url = httpRequest.getRequestURL();
logger.warn("request URL: {}", url);
int beginindex = 7; // Let's skip http://
int slashindex = url.indexOf("/", beginindex); // Find the first
// / from URL
// after http://
int colonindex = url.indexOf(":", beginindex);
int lastindex = slashindex;
if (slashindex > colonindex) {
lastindex = colonindex;
}
if (lastindex < 0) {
lastindex = url.length() - 1;
}
logger.warn("begin: {}, last {}", beginindex, lastindex);
String hostname = url.substring(beginindex, lastindex);
logger.info("Setting hostname to {} ", hostname);
httpRequest.getSession().setAttribute(HTTP_URL_HOSTNAME, hostname);
}
// pass the request along the filter chain
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// Nothing...
}
public static String getHostname(HttpSession sess) {
String ret = null;
if (sess != null) {
Object retObj = sess.getAttribute(HTTP_URL_HOSTNAME);
if (retObj != null)
ret = retObj.toString();
}
return ret;
}
}
code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java code/LanBortalWeb/src/fi/insomnia/bortal/handler/BortalSessionHandler.java
...@@ -7,9 +7,12 @@ ...@@ -7,9 +7,12 @@
package fi.insomnia.bortal.handler; package fi.insomnia.bortal.handler;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.enterprise.context.SessionScoped;
import javax.faces.bean.ManagedBean; import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpSession;
import fi.insomnia.bortal.HostnameFilter;
import fi.insomnia.bortal.beans.RolePermission; import fi.insomnia.bortal.beans.RolePermission;
import fi.insomnia.bortal.beans.SessionHandlerBeanLocal; import fi.insomnia.bortal.beans.SessionHandlerBeanLocal;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
...@@ -18,16 +21,16 @@ import fi.insomnia.bortal.model.User; ...@@ -18,16 +21,16 @@ import fi.insomnia.bortal.model.User;
* *
* @author tuukka * @author tuukka
*/ */
@ManagedBean(name = "sessionHandler") @ManagedBean(name = "bortalSessionHandler")
@SessionScoped @SessionScoped
public class SessionHandler { public class BortalSessionHandler {
@EJB @EJB
private SessionHandlerBeanLocal handlerbean; private SessionHandlerBeanLocal handlerbean;
private User user; private User user;
/** Creates a new instance of SessionHandler */ /** Creates a new instance of SessionHandler */
public SessionHandler() { public BortalSessionHandler() {
} }
public boolean hasPermission(String target, String permission) { public boolean hasPermission(String target, String permission) {
...@@ -41,6 +44,13 @@ public class SessionHandler { ...@@ -41,6 +44,13 @@ public class SessionHandler {
return hasPermission(target, perm); return hasPermission(target, perm);
} }
public String getHostname()
{
FacesContext ctx = FacesContext.getCurrentInstance();
HttpSession sess =(HttpSession) ctx.getExternalContext().getSession(false);
return HostnameFilter.getHostname(sess);
}
public boolean hasPermission(String target, RolePermission permission) { public boolean hasPermission(String target, RolePermission permission) {
return true; return true;
...@@ -68,4 +78,6 @@ public class SessionHandler { ...@@ -68,4 +78,6 @@ public class SessionHandler {
return user; return user;
} }
} }
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
...@@ -6,24 +6,30 @@ import javax.ejb.EJB; ...@@ -6,24 +6,30 @@ import javax.ejb.EJB;
import javax.faces.bean.ManagedBean; import javax.faces.bean.ManagedBean;
import javax.faces.bean.ManagedProperty; import javax.faces.bean.ManagedProperty;
import javax.faces.bean.SessionScoped; import javax.faces.bean.SessionScoped;
import javax.faces.context.FacesContext;
import javax.faces.model.ListDataModel; import javax.faces.model.ListDataModel;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.HostnameFilter;
import fi.insomnia.bortal.beans.SecurityBeanLocal; import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.beans.SessionHandlerBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal; import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.exceptions.PermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.handler.SessionHandler; import fi.insomnia.bortal.handler.BortalSessionHandler;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
@ManagedBean(name = "userView") @ManagedBean(name = "userView")
@SessionScoped @SessionScoped
public class UserView { public class UserView {
@ManagedProperty("#{sessionHandler}")
private SessionHandler sessionhandler;
@ManagedProperty("#{bortalSessionHandler}")
private BortalSessionHandler sessionhandler;
@EJB
private SessionHandlerBeanLocal sessionbean;
@EJB @EJB
private UserBeanLocal userBean; private UserBeanLocal userBean;
...@@ -40,14 +46,16 @@ public class UserView { ...@@ -40,14 +46,16 @@ public class UserView {
return "userEdit"; return "userEdit";
} }
public String getLocale() { public String getLocale() {
return "en_IN_XII"; return "en_IN_XII";
} }
public String createUser() { public String createUser() {
if (!sessionhandler.canWrite("userManagement")) { if (!getSessionhandler().canWrite("userManagement")) {
// Give message to administration what happened here. // Give message to administration what happened here.
throw new PermissionDeniedException("User " + sessionhandler.getUser() + " does not have permission to create user!",securitybean); throw new PermissionDeniedException("User " + getSessionhandler().getUser() + " does not have permission to create user!",securitybean);
} }
logger.info("Saving user"); logger.info("Saving user");
...@@ -103,4 +111,11 @@ public class UserView { ...@@ -103,4 +111,11 @@ public class UserView {
public User getUser() { public User getUser() {
return user; return user;
} }
public void setSessionhandler(BortalSessionHandler sessionhandler) {
this.sessionhandler = sessionhandler;
}
public BortalSessionHandler getSessionhandler() {
return sessionhandler;
}
} }
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!