Skip to content

Antti Väyrynen / Moya

Go to a project
Commit b1b30814 by Tuukka Kivilahti
Options

Merge branch 'master' of tkfftk@dev.intra.insomnia.fi:/data/bortal

2 parents 2642c252 48ab22b7
Inline Side-by-side
Showing with 117 additions and 31 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
package fi.insomnia.bortal.beans;
import java.util.Calendar;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.hibernate.validator.util.LoggerFactory;
import org.slf4j.Logger;
import fi.insomnia.bortal.facade.LogEntryFacade;
import fi.insomnia.bortal.facade.LogEntryTypeFacade;
import fi.insomnia.bortal.model.LogEntry;
import fi.insomnia.bortal.model.LogEntryType;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class SercurityBean
......@@ -9,17 +20,28 @@ import javax.ejb.Stateless;
@Stateless
public class SecurityBean implements SecurityBeanLocal {
private final Logger logger = org.slf4j.LoggerFactory.getLogger(SecurityBean.class);
@EJB
LogEntryTypeFacade typeFacade;
@EJB
LogEntryFacade entryFacade;
/**
* Default constructor.
* Default constructor.
*/
public SecurityBean() {
// TODO Auto-generated constructor stub
}
@Override
public void log(Exception permissionDeniedException) {
// TODO Auto-generated method stub
public void logPermissionDenied(User user, Exception exception) {
LogEntryType type = typeFacade.findOrCreate(SecurityLogType.permissionDenied);
LogEntry entry = new LogEntry();
entry.setType(type);
entry.setTime(Calendar.getInstance());
entry.setDescription(exception.getMessage());
entry.setUser(user);
logger.debug(entry.toString(), exception);
entryFacade.create(entry);
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
package fi.insomnia.bortal.beans;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ejb.EJB;
......@@ -10,7 +9,9 @@ import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.facade.AccessRightFacade;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User;
......@@ -21,9 +22,12 @@ import fi.insomnia.bortal.model.User;
@Stateless
public class SessionHandlerBean implements SessionHandlerBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class);
@EJB
private UserFacade userfacade;
private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class);
@EJB
private AccessRightFacade accessRightFacade;
/**
* Default constructor.
*/
......@@ -33,26 +37,29 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
@Override
public boolean hasPermission(String target, User user, RolePermission permission) {
AccessRight expectedRight = accessRightFacade.findOrCreateByName(target);
User dbusr = userfacade.find(user.getId());
Set<Role> checkedRoles = new HashSet<Role>();
for (Role r : dbusr.getRoles()) {
if (getRights(r, target, permission, checkedRoles)) {
if (getRights(r, expectedRight, permission, checkedRoles)) {
return true;
}
}
return false;
}
private static boolean getRights(Role role, String target, RolePermission permission, Set<Role> checkedRoles) {
private static boolean getRights(Role role, AccessRight expectedRight, RolePermission permission, Set<Role> checkedRoles) {
if (checkedRoles.contains(role)) {
return false;
}
for (RoleRight rr : role.getRoleRights()) {
if (rr.getAccessRight().getAccessRight().equals(target)) {
if (rr.getAccessRight().equals(expectedRight)) {
switch (permission) {
case READ:
if (rr.getRead()) {
......@@ -74,7 +81,7 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal {
checkedRoles.add(role);
for (Role r : role.getParents()) {
if (getRights(r, target, permission, checkedRoles)) {
if (getRights(r, expectedRight, permission, checkedRoles)) {
return true;
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
......@@ -31,30 +31,30 @@ public class UserBean implements UserBeanLocal {
* Default constructor.
*/
public UserBean() {
// TODO Auto-generated constructor stub
// TODO Auto-generated constructor stub
}
@Override
public User createNewUser(String nick, String password) {
User returnUser = new User();
returnUser.setNick(nick);
User returnUser = new User();
returnUser.setNick(nick);
// TODO: Hash function....
returnUser.setPassword(password);
// Tallennetaan olio kantaan...
userFacade.create(returnUser);
return returnUser;
// TODO: Hash function....
returnUser.setPassword(password);
// Tallennetaan olio kantaan...
userFacade.create(returnUser);
return returnUser;
}
public List<User> getUsers() {
List<User> ret = userFacade.findAll();
logger.info("Found {} users from database ", ret.size());
return ret;
List<User> ret = userFacade.findAll();
logger.info("Found {} users from database ", ret.size());
return ret;
}
@Override
public void mergeChanges(User user) {
userFacade.merge(user);
userFacade.merge(user);
}
public User getUser(String nick) {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/AccessRightFacade.java
......@@ -4,7 +4,11 @@ import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import fi.insomnia.bortal.beans.SecurityLogType;
import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.LogEntryType;
@Stateless
@LocalBean
......@@ -21,4 +25,19 @@ public class AccessRightFacade extends GenericFacade<AccessRight> {
return em;
}
public AccessRight findOrCreateByName(String target) {
// Fetch access right by name
TypedQuery<AccessRight> q = em.createNamedQuery("AccessRight.findByName", AccessRight.class);
q.setParameter("name", target);
AccessRight right = q.getSingleResult();
// Might not exist yet -> create
if (right == null) {
right = new AccessRight();
em.persist(right);
}
return right;
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryTypeFacade.java
......@@ -4,6 +4,9 @@ import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import fi.insomnia.bortal.beans.SecurityLogType;
import fi.insomnia.bortal.model.LogEntryType;
@Stateless
......@@ -21,4 +24,21 @@ public class LogEntryTypeFacade extends GenericFacade<LogEntryType> {
return em;
}
public LogEntryType findOrCreate(SecurityLogType type) {
// Fetch log entry type
TypedQuery<LogEntryType> q = em.createNamedQuery("LogEntryType.findByName", LogEntryType.class);
q.setParameter("login", type.name());
LogEntryType logEntryType = q.getSingleResult();
// Might not exist yet
if (logEntryType == null) {
logEntryType = new LogEntryType();
logEntryType.setName(type.name());
em.persist(logEntryType);
}
return logEntryType;
}
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SecurityBeanLocal.java
......@@ -2,9 +2,11 @@ package fi.insomnia.bortal.beans;
import javax.ejb.Local;
import fi.insomnia.bortal.model.User;
@Local
public interface SecurityBeanLocal {
void log(Exception permissionDeniedException);
void logPermissionDenied(User user, Exception permissionDeniedException);
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SecurityLogType.java 0 → 100644
package fi.insomnia.bortal.beans;
public enum SecurityLogType {
permissionDenied
}
code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntryType.java
......@@ -24,15 +24,18 @@ import javax.persistence.Version;
@Table(name = "event_log_types")
@NamedQueries( {
@NamedQuery(name = "LogEntryType.findAll", query = "SELECT l FROM LogEntryType l"),
@NamedQuery(name = "LogEntryType.findByName", query = "SELECT l FROM LogEntryType l WHERE l.name = :name"),
@NamedQuery(name = "LogEntryType.findByDescription", query = "SELECT l FROM LogEntryType l WHERE l.description = :description") })
public class LogEntryType implements EventChildInterface{
public class LogEntryType implements EventChildInterface {
private static final long serialVersionUID = 1L;
@EmbeddedId
private EventPk id;
@Column(name = "event_type_name", nullable = false)
private String name;
@Lob
@Column(name = "event_type_description", nullable = false)
private String description;
......@@ -132,4 +135,12 @@ public class LogEntryType implements EventChildInterface{
public void setJpaVersionField(int jpaVersionField) {
this.jpaVersionField = jpaVersionField;
}
public void setName(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/PermissionDeniedException.java
package fi.insomnia.bortal.exceptions;
import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.model.User;
public class PermissionDeniedException extends RuntimeException {
public PermissionDeniedException(String message, SecurityBeanLocal bean) {
public PermissionDeniedException(SecurityBeanLocal bean, User user, String message) {
super(message);
bean.log(this);
bean.logPermissionDenied(user, this);
}
/**
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
......@@ -23,7 +23,6 @@ public class UserView {
@ManagedProperty("#{sessionHandler}")
private SessionHandler sessionhandler;
@EJB
private UserBeanLocal userBean;
......@@ -47,7 +46,7 @@ public class UserView {
public String createUser() {
if (!sessionhandler.canWrite("userManagement")) {
// Give message to administration what happened here.
throw new PermissionDeniedException("User " + sessionhandler.getUser() + " does not have permission to create user!",securitybean);
throw new PermissionDeniedException(securitybean, sessionhandler.getUser(), "User " + sessionhandler.getUser() + " does not have permission to create user!");
}
logger.info("Saving user");
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!