Access control fixing to work with JAAS

Tuomas Riihimäki
Commit b80955bc authored Apr 18, 2010 by Tuomas Riihimäki
Showing with 47 additions and 35 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/AccessRightFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/IntegerPkGenericFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
@@ -29,7 +29,7 @@ import fi.insomnia.bortal.model.User;
 */
 @Stateless
 @DeclareRoles("admin")
-public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandlerBeanRemote{
+public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandlerBeanRemote {
    private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class);
    @EJB
@@ -38,10 +38,12 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandl
    private AccessRightFacade accessRightFacade;
    @EJB
    private RoleFacade roleFacade;
-    @Resource 
+    @Resource
-    SessionContext context;
+    private SessionContext context;
+    @EJB
+    private UserBean userbean;
    /**
     * Default constructor.
     */
@@ -52,17 +54,20 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandl
    @Override
    public boolean hasPermission(String target, User user, RolePermission permission) {
+        if (user == null) {
+            return false;
+        }
        AccessRight expectedRight = accessRightFacade.findOrCreateByName(target);
        User dbusr = userfacade.find(user.getId());
-        Set<Role> checkedRoles = new HashSet<Role>();
+        if (dbusr != null) {
-        for (Role r : dbusr.getRoles()) {
+            Set<Role> checkedRoles = new HashSet<Role>();
-            if (getRights(r, expectedRight, permission, checkedRoles)) {
+            for (Role r : dbusr.getRoles()) {
-                return true;
+                if (getRights(r, expectedRight, permission, checkedRoles)) {
+                    return true;
+                }
            }
        }
        return false;
    }
@@ -129,17 +134,9 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandl
        return defaultUser;
    }
-    public void testing()
-    {
-        Principal principal = context.getCallerPrincipal();
-        logger.warn("principal {}",principal.getName());
-        logger.warn("Principal in admin: {}",context.isCallerInRole("admin"));
-    }
    @Override
    public boolean authenticate(String username, String password) {
-        return (tryLogin(username,password) != null);
+        return (tryLogin(username, password) != null);
    }
    @Override
@@ -151,7 +148,12 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandl
    @Override
    public User getCurrentUser() {
-        // TODO Auto-generated method stub
+        Principal principal = context.getCallerPrincipal();
-        return null;
+        User ret = userbean.getUser(principal.getName());
+        if (ret == null)
+        {
+            ret = getDefaultUser();
+        }
+        return ret;
    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/AccessRightFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/AccessRightFacade.java
@@ -26,9 +26,10 @@ public class AccessRightFacade extends IntegerPkGenericFacade<AccessRight> {
    public AccessRight findOrCreateByName(String target) {
        // Fetch access right by name
-        TypedQuery<AccessRight> q = em.createNamedQuery("AccessRight.findByName", AccessRight.class);
+        TypedQuery<AccessRight> q = em.createQuery("SELECT a FROM AccessRight a WHERE a.name = :name", AccessRight.class);
        q.setParameter("name", target);
-        AccessRight right = q.getSingleResult();
+        AccessRight right = null;
+        right = this.getSingleNullableResult(q);
        // Might not exist yet -> create
        if (right == null) {

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
@@ -3,6 +3,7 @@ package fi.insomnia.bortal.facade;
 import java.util.List;
 import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
 import javax.persistence.TypedQuery;
 import javax.persistence.criteria.CriteriaQuery;
 import javax.persistence.criteria.Root;
@@ -66,5 +67,15 @@ public abstract class GenericFacade<PK,T extends ModelInterface<PK>> implements 
        TypedQuery<Long> q = getEm().createQuery(cq);
        return q.getSingleResult();
    }
+    protected T getSingleNullableResult(TypedQuery<T> q) {
+        T ret = null;
+        try {
+            ret = q.getSingleResult();
+        } catch (NoResultException e) {
+            ret = null;
+        }
+        return ret;
+    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/IntegerPkGenericFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/IntegerPkGenericFacade.java
@@ -5,13 +5,13 @@ import fi.insomnia.bortal.model.ModelInterface;
 /**
 * Session Bean implementation class GenericFacade
 */
-public abstract class IntegerPkGenericFacade<T extends ModelInterface<Integer>> extends GenericFacade<Integer,T> {
+public abstract class IntegerPkGenericFacade<T extends ModelInterface<Integer>> extends GenericFacade<Integer, T> {
    public IntegerPkGenericFacade(Class<T> entityClass) {
        super(entityClass);
-    }
+    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
@@ -25,9 +25,9 @@ public class RoleFacade extends EventChildGenericFacade<Role> {
    }
    public Role findByName(String name) {
-        TypedQuery<Role> q = em.createNamedQuery("User.findByName", Role.class);
+        TypedQuery<Role> q = em.createNamedQuery("Role.findByRoleName", Role.class);
        q.setParameter("name", name);
-        return q.getSingleResult();
+        return this.getSingleNullableResult(q);
    }
    public Role getOrCreatePublicRole() {

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
@@ -12,7 +12,7 @@ import fi.insomnia.bortal.model.User;
 @LocalBean
 public class UserFacade extends IntegerPkGenericFacade<User> {
-    public static final String DEFAULT_USER_LOGIN = "default";
+    public static final String DEFAULT_USER_LOGIN = "ANONYMOUS";
    @PersistenceContext
    private EntityManager em;
@@ -32,9 +32,10 @@ public class UserFacade extends IntegerPkGenericFacade<User> {
 //        return q.getSingleResult();
        TypedQuery<User> q = em.createQuery("SELECT u FROM User u WHERE u.login = :login", User.class);
        q.setParameter("login", login);
-        return (User) q.getSingleResult();
+        return getSingleNullableResult(q);
    }
    public User getOrCreateDefaultUser() {
        User defaultUser = findByLogin(DEFAULT_USER_LOGIN);

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
@@ -9,10 +9,7 @@ public interface SessionHandlerBeanLocal {
    boolean hasPermission(String target, User user, RolePermission permission);
    User getDefaultUser();
-    void testing();
    User getCurrentUser();
 }