Skip to content

Antti Väyrynen / Moya

Go to a project
Commit b1b30814 by Tuukka Kivilahti
Options

Merge branch 'master' of tkfftk@dev.intra.insomnia.fi:/data/bortal

2 parents 2642c252 48ab22b7
Inline Side-by-side
Showing with 117 additions and 31 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
package fi.insomnia.bortal.beans; package fi.insomnia.bortal.beans;
import java.util.Calendar;
import javax.ejb.EJB;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import org.hibernate.validator.util.LoggerFactory;
import org.slf4j.Logger;
import fi.insomnia.bortal.facade.LogEntryFacade;
import fi.insomnia.bortal.facade.LogEntryTypeFacade;
import fi.insomnia.bortal.model.LogEntry;
import fi.insomnia.bortal.model.LogEntryType;
import fi.insomnia.bortal.model.User;
/** /**
* Session Bean implementation class SercurityBean * Session Bean implementation class SercurityBean
...@@ -9,17 +20,28 @@ import javax.ejb.Stateless; ...@@ -9,17 +20,28 @@ import javax.ejb.Stateless;
@Stateless @Stateless
public class SecurityBean implements SecurityBeanLocal { public class SecurityBean implements SecurityBeanLocal {
private final Logger logger = org.slf4j.LoggerFactory.getLogger(SecurityBean.class);
@EJB
LogEntryTypeFacade typeFacade;
@EJB
LogEntryFacade entryFacade;
/** /**
* Default constructor. * Default constructor.
*/ */
public SecurityBean() { public SecurityBean() {
// TODO Auto-generated constructor stub // TODO Auto-generated constructor stub
} }
@Override @Override
public void log(Exception permissionDeniedException) { public void logPermissionDenied(User user, Exception exception) {
// TODO Auto-generated method stub LogEntryType type = typeFacade.findOrCreate(SecurityLogType.permissionDenied);
LogEntry entry = new LogEntry();
entry.setType(type);
entry.setTime(Calendar.getInstance());
entry.setDescription(exception.getMessage());
entry.setUser(user);
logger.debug(entry.toString(), exception);
entryFacade.create(entry);
} }
} }
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
package fi.insomnia.bortal.beans; package fi.insomnia.bortal.beans;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Set; import java.util.Set;
import javax.ejb.EJB; import javax.ejb.EJB;
...@@ -10,7 +9,9 @@ import javax.ejb.Stateless; ...@@ -10,7 +9,9 @@ import javax.ejb.Stateless;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.facade.AccessRightFacade;
import fi.insomnia.bortal.facade.UserFacade; import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.Role; import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight; import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
...@@ -21,9 +22,12 @@ import fi.insomnia.bortal.model.User; ...@@ -21,9 +22,12 @@ import fi.insomnia.bortal.model.User;
@Stateless @Stateless
public class SessionHandlerBean implements SessionHandlerBeanLocal { public class SessionHandlerBean implements SessionHandlerBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class);
@EJB @EJB
private UserFacade userfacade; private UserFacade userfacade;
private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class); @EJB
private AccessRightFacade accessRightFacade;
/** /**
* Default constructor. * Default constructor.
*/ */
...@@ -33,26 +37,29 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal { ...@@ -33,26 +37,29 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
@Override @Override
public boolean hasPermission(String target, User user, RolePermission permission) { public boolean hasPermission(String target, User user, RolePermission permission) {
AccessRight expectedRight = accessRightFacade.findOrCreateByName(target);
User dbusr = userfacade.find(user.getId()); User dbusr = userfacade.find(user.getId());
Set<Role> checkedRoles = new HashSet<Role>(); Set<Role> checkedRoles = new HashSet<Role>();
for (Role r : dbusr.getRoles()) { for (Role r : dbusr.getRoles()) {
if (getRights(r, target, permission, checkedRoles)) { if (getRights(r, expectedRight, permission, checkedRoles)) {
return true; return true;
} }
} }
return false; return false;
} }
private static boolean getRights(Role role, String target, RolePermission permission, Set<Role> checkedRoles) { private static boolean getRights(Role role, AccessRight expectedRight, RolePermission permission, Set<Role> checkedRoles) {
if (checkedRoles.contains(role)) { if (checkedRoles.contains(role)) {
return false; return false;
} }
for (RoleRight rr : role.getRoleRights()) { for (RoleRight rr : role.getRoleRights()) {
if (rr.getAccessRight().getAccessRight().equals(target)) { if (rr.getAccessRight().equals(expectedRight)) {
switch (permission) { switch (permission) {
case READ: case READ:
if (rr.getRead()) { if (rr.getRead()) {
...@@ -74,7 +81,7 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal { ...@@ -74,7 +81,7 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
checkedRoles.add(role); checkedRoles.add(role);
for (Role r : role.getParents()) { for (Role r : role.getParents()) {
if (getRights(r, target, permission, checkedRoles)) { if (getRights(r, expectedRight, permission, checkedRoles)) {
return true; return true;
} }
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
...@@ -31,30 +31,30 @@ public class UserBean implements UserBeanLocal { ...@@ -31,30 +31,30 @@ public class UserBean implements UserBeanLocal {
* Default constructor. * Default constructor.
*/ */
public UserBean() { public UserBean() {
// TODO Auto-generated constructor stub // TODO Auto-generated constructor stub
} }
@Override @Override
public User createNewUser(String nick, String password) { public User createNewUser(String nick, String password) {
User returnUser = new User(); User returnUser = new User();
returnUser.setNick(nick); returnUser.setNick(nick);
// TODO: Hash function.... // TODO: Hash function....
returnUser.setPassword(password); returnUser.setPassword(password);
// Tallennetaan olio kantaan... // Tallennetaan olio kantaan...
userFacade.create(returnUser); userFacade.create(returnUser);
return returnUser; return returnUser;
} }
public List<User> getUsers() { public List<User> getUsers() {
List<User> ret = userFacade.findAll(); List<User> ret = userFacade.findAll();
logger.info("Found {} users from database ", ret.size()); logger.info("Found {} users from database ", ret.size());
return ret; return ret;
} }
@Override @Override
public void mergeChanges(User user) { public void mergeChanges(User user) {
userFacade.merge(user); userFacade.merge(user);
} }
public User getUser(String nick) { public User getUser(String nick) {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/AccessRightFacade.java
...@@ -4,7 +4,11 @@ import javax.ejb.LocalBean; ...@@ -4,7 +4,11 @@ import javax.ejb.LocalBean;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext; import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import fi.insomnia.bortal.beans.SecurityLogType;
import fi.insomnia.bortal.model.AccessRight; import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.LogEntryType;
@Stateless @Stateless
@LocalBean @LocalBean
...@@ -21,4 +25,19 @@ public class AccessRightFacade extends GenericFacade<AccessRight> { ...@@ -21,4 +25,19 @@ public class AccessRightFacade extends GenericFacade<AccessRight> {
return em; return em;
} }
public AccessRight findOrCreateByName(String target) {
// Fetch access right by name
TypedQuery<AccessRight> q = em.createNamedQuery("AccessRight.findByName", AccessRight.class);
q.setParameter("name", target);
AccessRight right = q.getSingleResult();
// Might not exist yet -> create
if (right == null) {
right = new AccessRight();
em.persist(right);
}
return right;
}
} }
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryTypeFacade.java
...@@ -4,6 +4,9 @@ import javax.ejb.LocalBean; ...@@ -4,6 +4,9 @@ import javax.ejb.LocalBean;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext; import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import fi.insomnia.bortal.beans.SecurityLogType;
import fi.insomnia.bortal.model.LogEntryType; import fi.insomnia.bortal.model.LogEntryType;
@Stateless @Stateless
...@@ -21,4 +24,21 @@ public class LogEntryTypeFacade extends GenericFacade<LogEntryType> { ...@@ -21,4 +24,21 @@ public class LogEntryTypeFacade extends GenericFacade<LogEntryType> {
return em; return em;
} }
public LogEntryType findOrCreate(SecurityLogType type) {
// Fetch log entry type
TypedQuery<LogEntryType> q = em.createNamedQuery("LogEntryType.findByName", LogEntryType.class);
q.setParameter("login", type.name());
LogEntryType logEntryType = q.getSingleResult();
// Might not exist yet
if (logEntryType == null) {
logEntryType = new LogEntryType();
logEntryType.setName(type.name());
em.persist(logEntryType);
}
return logEntryType;
}
} }
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SecurityBeanLocal.java
...@@ -2,9 +2,11 @@ package fi.insomnia.bortal.beans; ...@@ -2,9 +2,11 @@ package fi.insomnia.bortal.beans;
import javax.ejb.Local; import javax.ejb.Local;
import fi.insomnia.bortal.model.User;
@Local @Local
public interface SecurityBeanLocal { public interface SecurityBeanLocal {
void log(Exception permissionDeniedException); void logPermissionDenied(User user, Exception permissionDeniedException);
} }
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SecurityLogType.java 0 → 100644
package fi.insomnia.bortal.beans;
public enum SecurityLogType {
permissionDenied
}
code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntryType.java
...@@ -24,15 +24,18 @@ import javax.persistence.Version; ...@@ -24,15 +24,18 @@ import javax.persistence.Version;
@Table(name = "event_log_types") @Table(name = "event_log_types")
@NamedQueries( { @NamedQueries( {
@NamedQuery(name = "LogEntryType.findAll", query = "SELECT l FROM LogEntryType l"), @NamedQuery(name = "LogEntryType.findAll", query = "SELECT l FROM LogEntryType l"),
@NamedQuery(name = "LogEntryType.findByName", query = "SELECT l FROM LogEntryType l WHERE l.name = :name"),
@NamedQuery(name = "LogEntryType.findByDescription", query = "SELECT l FROM LogEntryType l WHERE l.description = :description") }) @NamedQuery(name = "LogEntryType.findByDescription", query = "SELECT l FROM LogEntryType l WHERE l.description = :description") })
public class LogEntryType implements EventChildInterface{ public class LogEntryType implements EventChildInterface {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
@EmbeddedId @EmbeddedId
private EventPk id; private EventPk id;
@Column(name = "event_type_name", nullable = false)
private String name;
@Lob @Lob
@Column(name = "event_type_description", nullable = false) @Column(name = "event_type_description", nullable = false)
private String description; private String description;
...@@ -132,4 +135,12 @@ public class LogEntryType implements EventChildInterface{ ...@@ -132,4 +135,12 @@ public class LogEntryType implements EventChildInterface{
public void setJpaVersionField(int jpaVersionField) { public void setJpaVersionField(int jpaVersionField) {
this.jpaVersionField = jpaVersionField; this.jpaVersionField = jpaVersionField;
} }
public void setName(String name) {
this.name = name;
}
public String getName() {
return name;
}
} }
code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/PermissionDeniedException.java
package fi.insomnia.bortal.exceptions; package fi.insomnia.bortal.exceptions;
import fi.insomnia.bortal.beans.SecurityBeanLocal; import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.model.User;
public class PermissionDeniedException extends RuntimeException { public class PermissionDeniedException extends RuntimeException {
public PermissionDeniedException(String message, SecurityBeanLocal bean) { public PermissionDeniedException(SecurityBeanLocal bean, User user, String message) {
super(message); super(message);
bean.log(this); bean.logPermissionDenied(user, this);
} }
/** /**
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
...@@ -23,7 +23,6 @@ public class UserView { ...@@ -23,7 +23,6 @@ public class UserView {
@ManagedProperty("#{sessionHandler}") @ManagedProperty("#{sessionHandler}")
private SessionHandler sessionhandler; private SessionHandler sessionhandler;
@EJB @EJB
private UserBeanLocal userBean; private UserBeanLocal userBean;
...@@ -47,7 +46,7 @@ public class UserView { ...@@ -47,7 +46,7 @@ public class UserView {
public String createUser() { public String createUser() {
if (!sessionhandler.canWrite("userManagement")) { if (!sessionhandler.canWrite("userManagement")) {
// Give message to administration what happened here. // Give message to administration what happened here.
throw new PermissionDeniedException("User " + sessionhandler.getUser() + " does not have permission to create user!",securitybean); throw new PermissionDeniedException(securitybean, sessionhandler.getUser(), "User " + sessionhandler.getUser() + " does not have permission to create user!");
} }
logger.info("Saving user"); logger.info("Saving user");
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!