Skip to content

Antti Väyrynen / Moya

Go to a project
Commit e851e7b0 by Tuomas Riihimäki
Options

Testidataa, JAAS kikkailua, ja muuta jännää. :)

1 parent 0b441544
Inline Side-by-side
Showing with 405 additions and 210 deletions
code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalLoginModule.java
...@@ -44,7 +44,7 @@ import com.sun.appserv.security.AppservPasswordLoginModule; ...@@ -44,7 +44,7 @@ import com.sun.appserv.security.AppservPasswordLoginModule;
import com.sun.enterprise.security.auth.realm.InvalidOperationException; import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException; import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import fi.insomnia.bortal.beans.SessionHandlerBeanRemote; import fi.insomnia.bortal.beans.JaasBeanRemote;
/** /**
* *
...@@ -57,7 +57,8 @@ import fi.insomnia.bortal.beans.SessionHandlerBeanRemote; ...@@ -57,7 +57,8 @@ import fi.insomnia.bortal.beans.SessionHandlerBeanRemote;
public class BortalLoginModule extends AppservPasswordLoginModule { public class BortalLoginModule extends AppservPasswordLoginModule {
// private static final org.slf4j.Logger logger = LoggerFactory.getLogger(BortalLoginModule.class); // private static final org.slf4j.Logger logger =
// LoggerFactory.getLogger(BortalLoginModule.class);
/** /**
* Overrides the authenticateUser() method in AppservPasswordLoginModule * Overrides the authenticateUser() method in AppservPasswordLoginModule
...@@ -68,7 +69,7 @@ public class BortalLoginModule extends AppservPasswordLoginModule { ...@@ -68,7 +69,7 @@ public class BortalLoginModule extends AppservPasswordLoginModule {
protected void authenticateUser() throws LoginException { protected void authenticateUser() throws LoginException {
log((new StringBuilder()).append("CustomRealm Auth Info:_username:") log((new StringBuilder()).append("CustomRealm Auth Info:_username:")
.append(_username).append(";_password:").append(_password) .append(_username).append(";_password:").append(_passwd)
.append(";_currentrealm:").append(_currentRealm).toString()); .append(";_currentrealm:").append(_currentRealm).toString());
// Check if the given realm is SampleRealm // Check if the given realm is SampleRealm
...@@ -76,14 +77,14 @@ public class BortalLoginModule extends AppservPasswordLoginModule { ...@@ -76,14 +77,14 @@ public class BortalLoginModule extends AppservPasswordLoginModule {
throw new LoginException("Realm not SampleRealm"); throw new LoginException("Realm not SampleRealm");
} }
SessionHandlerBeanRemote authbean = BortalRealm.getAuthBean(); JaasBeanRemote authbean = BortalRealm.getAuthBean();
if (authbean == null) { if (authbean == null) {
throw new LoginException("Error. Could not get authentication bean!"); throw new LoginException("Error. Could not get authentication bean!");
} }
// Authenticate User // Authenticate User
BortalRealm samplerealm = (BortalRealm) _currentRealm; BortalRealm samplerealm = (BortalRealm) _currentRealm;
if (!authbean.authenticate(_username, _password)) { if (!authbean.authenticate(_username, new String(_passwd))) {
// Login fails // Login fails
throw new LoginException((new StringBuilder()) throw new LoginException((new StringBuilder())
.append("customrealm:Login Failed for user ") .append("customrealm:Login Failed for user ")
...@@ -118,9 +119,8 @@ public class BortalLoginModule extends AppservPasswordLoginModule { ...@@ -118,9 +119,8 @@ public class BortalLoginModule extends AppservPasswordLoginModule {
} }
private void log(String s) { private void log(String s) {
System.out.println((new StringBuilder()) System.out.println((new StringBuilder())
.append("SimpleCustomLoginModule::").append(s).toString()); .append("SimpleCustomLoginModule::").append(s).toString());
} }
} }
code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalRealm.java
...@@ -48,7 +48,7 @@ import com.sun.enterprise.security.auth.realm.InvalidOperationException; ...@@ -48,7 +48,7 @@ import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException; import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException; import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import fi.insomnia.bortal.beans.SessionHandlerBeanRemote; import fi.insomnia.bortal.beans.JaasBeanRemote;
/** /**
* *
...@@ -60,6 +60,8 @@ public class BortalRealm extends AppservRealm { ...@@ -60,6 +60,8 @@ public class BortalRealm extends AppservRealm {
// private static final Logger logger = LoggerFactory.getLogger(BortalRealm.class); // private static final Logger logger = LoggerFactory.getLogger(BortalRealm.class);
private static final String JAAS_BEAN_JNDI = "java:global/LanBortal/LanBortalBeans/JaasBean!fi.insomnia.bortal.beans.JaasBeanRemote";
/** /**
* Initialization - set the jaas-context property, Set UserA to devGroup and * Initialization - set the jaas-context property, Set UserA to devGroup and
* user B to testGroup * user B to testGroup
...@@ -107,17 +109,17 @@ public class BortalRealm extends AppservRealm { ...@@ -107,17 +109,17 @@ public class BortalRealm extends AppservRealm {
append(s).toString()); append(s).toString());
} }
public static SessionHandlerBeanRemote getAuthBean() { public static JaasBeanRemote getAuthBean() {
Object beanObj = null; Object beanObj = null;
try { try {
beanObj = new InitialContext().lookup("java:global/LanBortal/LanBortalBeans/SessionHandlerBean!fi.insomnia.bortal.beans.SessionHandlerBeanRemote"); beanObj = new InitialContext().lookup(JAAS_BEAN_JNDI);
} catch (NamingException e) { } catch (NamingException e) {
log("Error fetching LoginHandlerRemote bean from initial context"); log("Error fetching LoginHandlerRemote bean from initial context");
e.printStackTrace(); e.printStackTrace();
return null; return null;
} }
if (beanObj instanceof SessionHandlerBeanRemote) { if (beanObj instanceof JaasBeanRemote) {
return (SessionHandlerBeanRemote) beanObj; return (JaasBeanRemote) beanObj;
} }
return null; return null;
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
package fi.insomnia.bortal.beans; package fi.insomnia.bortal.beans;
import java.io.ByteArrayOutputStream;
import javax.annotation.security.DeclareRoles; import javax.annotation.security.DeclareRoles;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import javax.servlet.ServletOutputStream;
import fi.insomnia.bortal.beanutil.AuthorisationBean; import fi.insomnia.bortal.beanutil.AuthorisationBean;
import fi.insomnia.bortal.beanutil.AuthorisationBean.Right; import fi.insomnia.bortal.beanutil.AuthorisationBean.Right;
import fi.insomnia.bortal.beanutil.AuthorisationBean.RightType; import fi.insomnia.bortal.beanutil.AuthorisationBean.RightType;
import fi.insomnia.bortal.beanutil.PdfPrinter;
import fi.insomnia.bortal.facade.BillFacade; import fi.insomnia.bortal.facade.BillFacade;
import fi.insomnia.bortal.model.Bill; import fi.insomnia.bortal.model.Bill;
...@@ -24,7 +28,7 @@ public class BillBean implements BillBeanLocal { ...@@ -24,7 +28,7 @@ public class BillBean implements BillBeanLocal {
private BillFacade billFacade; private BillFacade billFacade;
@EJB @EJB
private SessionHandlerBean sessionbean; private UserBeanLocal userBean;
@EJB @EJB
private SecurityBean secubean; private SecurityBean secubean;
...@@ -45,7 +49,7 @@ public class BillBean implements BillBeanLocal { ...@@ -45,7 +49,7 @@ public class BillBean implements BillBeanLocal {
} }
Bill bill = billFacade.find(eventId, id); Bill bill = billFacade.find(eventId, id);
Event event = bill.getEvent(); Event event = bill.getEvent();
User currentuser = sessionbean.getCurrentUser(event); User currentuser = userBean.getCurrentUser(event);
if (!currentuser.equals(bill.getUser())) if (!currentuser.equals(bill.getUser()))
if (!authbean.isAuthorised(currentuser, Right.ADMIN, RightType.READ)) { if (!authbean.isAuthorised(currentuser, Right.ADMIN, RightType.READ)) {
...@@ -59,4 +63,15 @@ public class BillBean implements BillBeanLocal { ...@@ -59,4 +63,15 @@ public class BillBean implements BillBeanLocal {
return bill; return bill;
} }
@Override
public ByteArrayOutputStream getPdfBillStream(Bill bill) {
if (bill == null) {
return null;
}
return new PdfPrinter(bill).output();
}
} }
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java 0 → 100644
package fi.insomnia.bortal.beans;
import java.util.Enumeration;
import java.util.Vector;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class SessionHandlerBean
*/
@Stateless
public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
public static final String JAAS_SUPERADMINGROUP = "superadmin";
public static final String JAAS_USERGROUP = "user";
private static final Logger logger = LoggerFactory.getLogger(JaasBean.class);
@EJB
private UserFacade userfacade;
@EJB
private UserBean userbean;
/**
* Default constructor.
*/
public JaasBean() {
// TODO Auto-generated constructor stub
}
public User tryLogin(String username, String password) {
User user = userfacade.findByLogin(username.trim());
if (user != null && user.checkPassword(password)) {
return user;
}
return null;
}
@Override
public boolean authenticate(String username, String password) {
return (tryLogin(username, password) != null);
}
@Override
public Enumeration<String> getGroupNames(String user) {
User usr = userbean.getUser(user);
Vector<String> rights = new Vector<String>();
if (usr != null) {
rights.add(JAAS_USERGROUP);
if (usr.isSuperadmin()) {
rights.add(JAAS_SUPERADMINGROUP);
}
}
return rights.elements();
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java deleted 100644 → 0
package fi.insomnia.bortal.beans;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import java.util.Vector;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.facade.RoleFacade;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class SessionHandlerBean
*/
@Stateless
@DeclareRoles("admin")
public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandlerBeanRemote {
private static final Logger logger = LoggerFactory.getLogger(SessionHandlerBean.class);
@EJB
private UserFacade userfacade;
@EJB
private AccessRightBeanLocal accessRightBeanLocal;
@EJB
private RoleFacade roleFacade;
@Resource
private SessionContext context;
@EJB
private UserBean userbean;
/**
* Default constructor.
*/
public SessionHandlerBean() {
// TODO Auto-generated constructor stub
}
public boolean hasPermission(Permission target, User user, RolePermission permission) {
if (user == null) {
return false;
}
AccessRight expectedRight = accessRightBeanLocal.findOrCreate(target);
User dbusr = userfacade.find(user.getId());
if (dbusr != null) {
Set<Role> checkedRoles = new HashSet<Role>();
for (Role r : dbusr.getRoles()) {
if (getRights(r, expectedRight, permission, checkedRoles)) {
return true;
}
}
}
return false;
}
private static boolean getRights(Role role, AccessRight expectedRight, RolePermission permission, Set<Role> checkedRoles) {
if (checkedRoles.contains(role)) {
return false;
}
for (RoleRight rr : role.getRoleRights()) {
if (rr.getAccessRight().equals(expectedRight)) {
switch (permission) {
case READ:
if (rr.getRead()) {
return true;
}
break;
case WRITE:
if (rr.getWrite()) {
return true;
}
break;
case EXECUTE:
if (rr.isExecute()) {
return true;
}
}
}
}
checkedRoles.add(role);
for (Role r : role.getParents()) {
if (getRights(r, expectedRight, permission, checkedRoles)) {
return true;
}
}
return false;
}
public User tryLogin(String username, String password) {
User user = userfacade.findByLogin(username.trim());
if (user != null && user.checkPassword(password)) {
return user;
}
return null;
}
/**
* Makes sure default user and public role exist and the user is member of
* the role.
*/
public User getDefaultUser(Event event) {
Role publicRole = roleFacade.getOrCreatePublicRole(event);
User defaultUser = userfacade.getOrCreateDefaultUser();
if (!defaultUser.getRoles().contains(publicRole)) {
ArrayList<Role> userRoles = new ArrayList<Role>();
userRoles.add(publicRole);
defaultUser.setRoles(userRoles);
}
return defaultUser;
}
@Override
public boolean authenticate(String username, String password) {
return (tryLogin(username, password) != null);
}
@Override
public Enumeration<String> getGroupNames(String user) {
Vector<String> foo = new Vector<String>();
foo.add("admin");
return foo.elements();
}
@Override
public User getCurrentUser(Event event) {
Principal principal = context.getCallerPrincipal();
User ret = userbean.getUser(principal.getName());
if (ret == null) {
ret = getDefaultUser(event);
}
return ret;
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
...@@ -3,19 +3,27 @@ package fi.insomnia.bortal.beans; ...@@ -3,19 +3,27 @@ package fi.insomnia.bortal.beans;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.math.BigDecimal;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.util.Calendar;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.facade.BillFacade;
import fi.insomnia.bortal.facade.BillLineFacade;
import fi.insomnia.bortal.facade.EventMapFacade; import fi.insomnia.bortal.facade.EventMapFacade;
import fi.insomnia.bortal.facade.EventOrganiserFacade; import fi.insomnia.bortal.facade.EventOrganiserFacade;
import fi.insomnia.bortal.facade.PlaceFacade; import fi.insomnia.bortal.facade.PlaceFacade;
import fi.insomnia.bortal.facade.UserFacade; import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.BillLine;
import fi.insomnia.bortal.model.Event; import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.EventMap; import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.Place; import fi.insomnia.bortal.model.Place;
...@@ -25,6 +33,8 @@ import fi.insomnia.bortal.model.User; ...@@ -25,6 +33,8 @@ import fi.insomnia.bortal.model.User;
* Session Bean implementation class TestDataBean * Session Bean implementation class TestDataBean
*/ */
@Stateless @Stateless
@DeclareRoles(JaasBean.JAAS_SUPERADMINGROUP)
@RolesAllowed(JaasBean.JAAS_SUPERADMINGROUP)
public class TestDataBean implements TestDataBeanLocal { public class TestDataBean implements TestDataBeanLocal {
public static final String TEST_MAP_IMAGE_NAME = "testmap.png"; public static final String TEST_MAP_IMAGE_NAME = "testmap.png";
...@@ -42,6 +52,10 @@ public class TestDataBean implements TestDataBeanLocal { ...@@ -42,6 +52,10 @@ public class TestDataBean implements TestDataBeanLocal {
private UserFacade userFacade; private UserFacade userFacade;
@EJB @EJB
private PlaceFacade placeFacade; private PlaceFacade placeFacade;
@EJB
private BillFacade billFacade;
@EJB
private BillLineFacade billLineFacade;
/** /**
* Default constructor. * Default constructor.
...@@ -50,6 +64,78 @@ public class TestDataBean implements TestDataBeanLocal { ...@@ -50,6 +64,78 @@ public class TestDataBean implements TestDataBeanLocal {
// TODO Auto-generated constructor stub // TODO Auto-generated constructor stub
} }
public User createUser() {
User u = new User();
u.setActive(true);
u.setAddress("Pallokorvankatu 1");
u.setNick("kavija");
Calendar bday = Calendar.getInstance();
bday.set(Calendar.YEAR, 1990);
u.setBirthday(bday);
u.setCreated(Calendar.getInstance());
u.setEmail("kalle.kavija@example.com");
u.setFemale(false);
u.setFirstnames("Kalle Kauko");
u.setLastname("Kävija");
u.setLogin("kavija");
u.setNick("^Kkavija^]9a8/");
u.resetPassword("kavija");
u.setPhone("123-45679854");
u.setTown("Keikyän MLK");
u.setPostalTown("Keykyä");
u.setZip("393929");
userFacade.create(u);
return u;
}
public Bill createBill(Event e, User u) {
Bill b = new Bill(e);
b.setUser(u);
b.setAddr1("Kalle Kävijä");
b.setAddr2("co / Pelivieroitus Ry");
b.setAddr3("Pallokorvankatu 1");
b.setAddr4("696969 Keikyä");
b.setAddr5("FINLAND! \\o/");
b.setBillNumber(123123);
b.setDelayIntrest(11);
b.setDeliveryTerms("Toimitetaan, ehkä...");
Calendar duedate = Calendar.getInstance();
duedate.add(Calendar.DATE, 14);
b.setDueDate(duedate);
b.setNotes("Some notes...");
b.setNoticetime("14 vrk");
b.setOurReference("Meitin viite ( Insomnia XII )");
b.setPaymentTime(14);
b.setSentDate(Calendar.getInstance());
b.setTheirReference("Niitten viite ( tyhjä? )");
billFacade.create(b);
createBillLine(b, "Tuote1", 1239.3, "kpl", 11.0, 0.22);
createBillLine(b, "Tuote2", 0.3, "pss", 11.0, 0.22);
createBillLine(b, "Tuote3", 9.3, "l", 11.0, 0.22);
createBillLine(b, "Tuote4", 9, "kWh", 99931911.0, 0);
createBillLine(b, "Tuote5", 33, "mol", 11.0, 0.22);
createBillLine(b, "Tuote6", 39939.23123123, "rad", 122.0, 0.18);
return b;
}
private BillLine createBillLine(Bill b, String line, double d, String qname, double e, double f) {
return createBillLine(b, line, new BigDecimal(d), qname, new BigDecimal(e), new BigDecimal(f));
}
private BillLine createBillLine(Bill b, String line, BigDecimal q, String qname, BigDecimal price, BigDecimal vat) {
BillLine bl = new BillLine(b);
bl.setName(line);
bl.setQuantity(q);
bl.setUnitName(qname);
bl.setUnitPrice(price);
bl.setVat(vat);
billLineFacade.create(bl);
return bl;
}
public EventMap generateTestMap(Event event) { public EventMap generateTestMap(Event event) {
try { try {
logger.info("Generating Test Map for event: " + event); logger.info("Generating Test Map for event: " + event);
...@@ -118,8 +204,8 @@ public class TestDataBean implements TestDataBeanLocal { ...@@ -118,8 +204,8 @@ public class TestDataBean implements TestDataBeanLocal {
place.setMapY(y); place.setMapY(y);
place.setWidth(50); place.setWidth(50);
place.setHeight(50); place.setHeight(50);
// map.getPlaces().add(place); // map.getPlaces().add(place);
placeFacade.create(place); placeFacade.create(place);
} }
} }
} }
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
package fi.insomnia.bortal.beans; package fi.insomnia.bortal.beans;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.ejb.LocalBean; import javax.ejb.LocalBean;
import javax.ejb.SessionContext;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.RoleFacade;
import fi.insomnia.bortal.facade.UserFacade; import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
/** /**
...@@ -26,6 +39,12 @@ public class UserBean implements UserBeanLocal { ...@@ -26,6 +39,12 @@ public class UserBean implements UserBeanLocal {
*/ */
@EJB @EJB
private UserFacade userFacade; private UserFacade userFacade;
@Resource
private SessionContext context;
@EJB
private RoleFacade roleFacade;
@EJB
private AccessRightBeanLocal accessRightBeanLocal;
/** /**
* Default constructor. * Default constructor.
...@@ -58,4 +77,87 @@ public class UserBean implements UserBeanLocal { ...@@ -58,4 +77,87 @@ public class UserBean implements UserBeanLocal {
public User getUser(String nick) { public User getUser(String nick) {
return userFacade.findByLogin(nick); return userFacade.findByLogin(nick);
} }
@Override
public User getCurrentUser(Event event) {
Principal principal = context.getCallerPrincipal();
User ret = getUser(principal.getName());
if (ret == null) {
ret = getDefaultUser(event);
}
return ret;
}
/**
* Makes sure default user and public role exist and the user is member of
* the role.
*/
public User getDefaultUser(Event event) {
Role publicRole = roleFacade.getOrCreatePublicRole(event);
User defaultUser = userFacade.getOrCreateDefaultUser();
if (!defaultUser.getRoles().contains(publicRole)) {
ArrayList<Role> userRoles = new ArrayList<Role>();
userRoles.add(publicRole);
defaultUser.setRoles(userRoles);
}
return defaultUser;
}
public boolean hasPermission(Permission target, User user, RolePermission permission) {
if (user == null) {
return false;
}
AccessRight expectedRight = accessRightBeanLocal.findOrCreate(target);
User dbusr = userFacade.find(user.getId());
if (dbusr != null) {
Set<Role> checkedRoles = new HashSet<Role>();
for (Role r : dbusr.getRoles()) {
if (getRights(r, expectedRight, permission, checkedRoles)) {
return true;
}
}
}
return false;
}
private static boolean getRights(Role role, AccessRight expectedRight, RolePermission permission, Set<Role> checkedRoles) {
if (checkedRoles.contains(role)) {
return false;
}
for (RoleRight rr : role.getRoleRights()) {
if (rr.getAccessRight().equals(expectedRight)) {
switch (permission) {
case READ:
if (rr.getRead()) {
return true;
}
break;
case WRITE:
if (rr.getWrite()) {
return true;
}
break;
case EXECUTE:
if (rr.isExecute()) {
return true;
}
}
}
}
checkedRoles.add(role);
for (Role r : role.getParents()) {
if (getRights(r, expectedRight, permission, checkedRoles)) {
return true;
}
}
return false;
}
} }
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beanutil/PdfPrinter.java
package fi.insomnia.bortal.beanutil; package fi.insomnia.bortal.beanutil;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.math.BigDecimal; import java.math.BigDecimal;
import java.math.RoundingMode; import java.math.RoundingMode;
...@@ -46,7 +47,7 @@ public class PdfPrinter { ...@@ -46,7 +47,7 @@ public class PdfPrinter {
bill = printable; bill = printable;
} }
public boolean output(OutputStream ostream) { public ByteArrayOutputStream output() {
try { try {
pdf = new PDF(); pdf = new PDF();
...@@ -62,14 +63,13 @@ public class PdfPrinter { ...@@ -62,14 +63,13 @@ public class PdfPrinter {
// FileOutputStream fos = new FileOutputStream(fileName); // FileOutputStream fos = new FileOutputStream(fileName);
// pdf.getData().writeTo(fos); // pdf.getData().writeTo(fos);
// fos.close(); // fos.close();
pdf.getData().writeTo(ostream); return pdf.getData();
} catch (Exception e) { } catch (Exception e) {
logger.warn("Error printing bill " + bill + " to stream", e); logger.warn("Error printing bill " + bill + " to stream", e);
return false;
} }
return true; return null;
} }
private void drawProducts(List<BillLine> prods) throws Exception { private void drawProducts(List<BillLine> prods) throws Exception {
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/BillBeanLocal.java
package fi.insomnia.bortal.beans; package fi.insomnia.bortal.beans;
import java.io.ByteArrayOutputStream;
import javax.ejb.Local; import javax.ejb.Local;
import javax.servlet.ServletOutputStream;
import fi.insomnia.bortal.model.Bill; import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.Event;
@Local @Local
public interface BillBeanLocal { public interface BillBeanLocal {
Bill findById(int eventId, int id); Bill findById(int eventId, int id);
ByteArrayOutputStream getPdfBillStream(Bill bill);
} }
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/JaasBeanLocal.java
...@@ -8,11 +8,7 @@ import fi.insomnia.bortal.model.Event; ...@@ -8,11 +8,7 @@ import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
@Local @Local
public interface SessionHandlerBeanLocal { public interface JaasBeanLocal {
boolean hasPermission(Permission target, User user, RolePermission permission);
User getDefaultUser(Event event);
User getCurrentUser(Event event);
} }
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanRemote.java code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/JaasBeanRemote.java
...@@ -4,7 +4,7 @@ import java.util.Enumeration; ...@@ -4,7 +4,7 @@ import java.util.Enumeration;
import javax.ejb.Remote; import javax.ejb.Remote;
@Remote @Remote
public interface SessionHandlerBeanRemote { public interface JaasBeanRemote {
boolean authenticate(String username, String password); boolean authenticate(String username, String password);
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/TestDataBeanLocal.java
package fi.insomnia.bortal.beans; package fi.insomnia.bortal.beans;
import javax.ejb.Local; import javax.ejb.Local;
import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.Event; import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.EventMap; import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.User;
@Local @Local
public interface TestDataBeanLocal { public interface TestDataBeanLocal {
...@@ -12,4 +14,10 @@ public interface TestDataBeanLocal { ...@@ -12,4 +14,10 @@ public interface TestDataBeanLocal {
void generateTestPlaces(EventMap map); void generateTestPlaces(EventMap map);
Bill createBill(Event e, User u);
User createUser();
} }
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
...@@ -4,6 +4,9 @@ import java.util.List; ...@@ -4,6 +4,9 @@ import java.util.List;
import javax.ejb.Local; import javax.ejb.Local;
import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.User; import fi.insomnia.bortal.model.User;
...@@ -18,4 +21,10 @@ public interface UserBeanLocal { ...@@ -18,4 +21,10 @@ public interface UserBeanLocal {
void mergeChanges(User currentUser); void mergeChanges(User currentUser);
User getCurrentUser(Event event);
User getDefaultUser(Event event);
boolean hasPermission(Permission target, User user, RolePermission permission);
} }
code/LanBortalDatabase/src/fi/insomnia/bortal/model/BillLine.java
...@@ -107,14 +107,15 @@ public class BillLine implements EventChildInterface { ...@@ -107,14 +107,15 @@ public class BillLine implements EventChildInterface {
public BillLine() { public BillLine() {
} }
public BillLine(Event event, Bill bill) { public BillLine(Bill bill) {
this.id = new EventPk(event);
this.id = new EventPk(bill.getId().getEventId());
this.bill = bill; this.bill = bill;
} }
public BillLine(Event event, Bill bill, String product, String unitName, BigDecimal units, public BillLine( Bill bill, String product, String unitName, BigDecimal units,
BigDecimal unitPrice, BigDecimal vat) { BigDecimal unitPrice, BigDecimal vat) {
this(event, bill); this( bill);
this.unitName = unitName; this.unitName = unitName;
this.name = product; this.name = product;
this.setQuantity(units); this.setQuantity(units);
......
code/LanBortalDatabase/src/fi/insomnia/bortal/model/User.java
...@@ -92,8 +92,8 @@ public class User implements ModelInterface<Integer> { ...@@ -92,8 +92,8 @@ public class User implements ModelInterface<Integer> {
@Column(name = "zip") @Column(name = "zip")
private String zip; private String zip;
@Column(name = "postal_code") @Column(name = "postal_town")
private String postalCode; private String postalTown;
@Column(name = "town") @Column(name = "town")
private String town; private String town;
...@@ -278,14 +278,6 @@ public class User implements ModelInterface<Integer> { ...@@ -278,14 +278,6 @@ public class User implements ModelInterface<Integer> {
this.zip = zip; this.zip = zip;
} }
public String getPostalCode() {
return postalCode;
}
public void setPostalCode(String postalCode) {
this.postalCode = postalCode;
}
public String getTown() { public String getTown() {
return town; return town;
} }
...@@ -549,4 +541,12 @@ public class User implements ModelInterface<Integer> { ...@@ -549,4 +541,12 @@ public class User implements ModelInterface<Integer> {
public boolean isSuperadmin() { public boolean isSuperadmin() {
return superadmin; return superadmin;
} }
public void setPostalTown(String postalTown) {
this.postalTown = postalTown;
}
public String getPostalTown() {
return postalTown;
}
} }
code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
...@@ -14,7 +14,8 @@ import javax.servlet.http.HttpSession; ...@@ -14,7 +14,8 @@ import javax.servlet.http.HttpSession;
import fi.insomnia.bortal.HostnameFilter; import fi.insomnia.bortal.HostnameFilter;
import fi.insomnia.bortal.beans.EventBeanLocal; import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.SecurityBeanLocal; import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.beans.SessionHandlerBeanLocal; import fi.insomnia.bortal.beans.JaasBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.Permission; import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission; import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.model.Event; import fi.insomnia.bortal.model.Event;
...@@ -29,12 +30,14 @@ import fi.insomnia.bortal.model.User; ...@@ -29,12 +30,14 @@ import fi.insomnia.bortal.model.User;
public class SessionHandler { public class SessionHandler {
@EJB @EJB
private SessionHandlerBeanLocal handlerbean; private JaasBeanLocal handlerbean;
private User user = null; private User user = null;
@EJB @EJB
private SecurityBeanLocal secubean; private SecurityBeanLocal secubean;
@EJB @EJB
private EventBeanLocal eventbean; private EventBeanLocal eventbean;
@EJB
private UserBeanLocal userbean;
/** Creates a new instance of SessionHandler */ /** Creates a new instance of SessionHandler */
public SessionHandler() { public SessionHandler() {
...@@ -79,7 +82,7 @@ public class SessionHandler { ...@@ -79,7 +82,7 @@ public class SessionHandler {
} }
return handlerbean.hasPermission(Permission.getPermission(target), getUser(), permission); return userbean.hasPermission(Permission.getPermission(target), getUser(), permission);
} }
...@@ -100,17 +103,17 @@ public class SessionHandler { ...@@ -100,17 +103,17 @@ public class SessionHandler {
this.user = getUser(); this.user = getUser();
} else if (canExecute("user")) { } else if (canExecute("user")) {
secubean.logMessage(handlerbean.getCurrentUser(getCurrentEvent()), "Successfully impersonating user id: " + user.getId() + " and login: " + user.getLogin()); secubean.logMessage(userbean.getCurrentUser(getCurrentEvent()), "Successfully impersonating user id: " + user.getId() + " and login: " + user.getLogin());
this.user = user; this.user = user;
} else { } else {
secubean.logMessage(handlerbean.getCurrentUser(getCurrentEvent()), "User tried to impersonate as id: " + user.getId() + " login: " + user.getLogin() + " but did not have enough rights"); secubean.logMessage(userbean.getCurrentUser(getCurrentEvent()), "User tried to impersonate as id: " + user.getId() + " login: " + user.getLogin() + " but did not have enough rights");
} }
} }
public User getUser() { public User getUser() {
if (user == null) { if (user == null) {
user = handlerbean.getCurrentUser(getCurrentEvent()); user = userbean.getCurrentUser(getCurrentEvent());
} }
return user; return user;
......
code/LanBortalWeb/src/fi/insomnia/bortal/servlet/PrintBill.java
package fi.insomnia.bortal.servlet; package fi.insomnia.bortal.servlet;
import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.jboss.weld.bean.builtin.EventBean;
import fi.insomnia.bortal.HostnameFilter;
import fi.insomnia.bortal.beans.BillBeanLocal; import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.handler.SessionHandler;
import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.Event;
/** /**
* Servlet implementation class PrintBill * Servlet implementation class PrintBill
...@@ -16,8 +25,13 @@ import fi.insomnia.bortal.beans.BillBeanLocal; ...@@ -16,8 +25,13 @@ import fi.insomnia.bortal.beans.BillBeanLocal;
public class PrintBill extends HttpServlet { public class PrintBill extends HttpServlet {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
private static final String BILL_ID = "billid";
@EJB @EJB
private BillBeanLocal billentity; private BillBeanLocal billentity;
@EJB
private EventBeanLocal eventbean;
/** /**
* @see HttpServlet#HttpServlet() * @see HttpServlet#HttpServlet()
*/ */
...@@ -34,8 +48,26 @@ public class PrintBill extends HttpServlet { ...@@ -34,8 +48,26 @@ public class PrintBill extends HttpServlet {
ouput(request, response); ouput(request, response);
} }
private void ouput(HttpServletRequest request, HttpServletResponse response) { private void ouput(HttpServletRequest request, HttpServletResponse response) throws IOException {
Event event = eventbean.getEventByHostname(HostnameFilter.getHostname(request.getSession()));
Integer billid = getIntegerParameter(request, BILL_ID);
Bill bill = billentity.findById(event.getId(), billid);
if (bill == null) {
return;
}
ByteArrayOutputStream billstream = billentity.getPdfBillStream(bill);
if (billstream == null) {
return;
}
response.setContentLength(billstream.size());
response.setContentType("application/pdf");
response.setHeader("Content-Disposition", "filename=Bill-" + bill.getBillNumber() + ".pdf");
ServletOutputStream ostream = response.getOutputStream();
billstream.writeTo(ostream);
ostream.close();
} }
/** /**
...@@ -46,4 +78,20 @@ public class PrintBill extends HttpServlet { ...@@ -46,4 +78,20 @@ public class PrintBill extends HttpServlet {
ouput(request, response); ouput(request, response);
} }
/***
* Convert request parameter into integer
*
* @param request
* @param parameter
* @return
*/
private static Integer getIntegerParameter(HttpServletRequest request, String parameter) {
try {
String valueString = request.getParameter(parameter);
Integer value = Integer.parseInt(valueString);
return value;
} catch (NumberFormatException nfe) {
}
return null;
}
} }
code/LanBortalWeb/src/fi/insomnia/bortal/view/TestDataView.java
...@@ -13,6 +13,7 @@ import fi.insomnia.bortal.beans.TestDataBeanLocal; ...@@ -13,6 +13,7 @@ import fi.insomnia.bortal.beans.TestDataBeanLocal;
import fi.insomnia.bortal.handler.SessionHandler; import fi.insomnia.bortal.handler.SessionHandler;
import fi.insomnia.bortal.model.Event; import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.EventMap; import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.User;
/** /**
* *
...@@ -31,7 +32,10 @@ public class TestDataView { ...@@ -31,7 +32,10 @@ public class TestDataView {
public void generateData() { public void generateData() {
Event event = getSessionhandler().getCurrentEvent(); Event event = getSessionhandler().getCurrentEvent();
User user = testdatabean.createUser();
testdatabean.createBill(event, user);
EventMap map = testdatabean.generateTestMap(event); EventMap map = testdatabean.generateTestMap(event);
testdatabean.generateTestPlaces(map); testdatabean.generateTestPlaces(map);
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
...@@ -12,7 +12,7 @@ import org.slf4j.Logger; ...@@ -12,7 +12,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.SecurityBeanLocal; import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.beans.SessionHandlerBeanLocal; import fi.insomnia.bortal.beans.JaasBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal; import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.exceptions.PermissionDeniedException; import fi.insomnia.bortal.exceptions.PermissionDeniedException;
import fi.insomnia.bortal.handler.SessionHandler; import fi.insomnia.bortal.handler.SessionHandler;
...@@ -26,7 +26,7 @@ public class UserView { ...@@ -26,7 +26,7 @@ public class UserView {
private SessionHandler sessionhandler; private SessionHandler sessionhandler;
@EJB @EJB
private SessionHandlerBeanLocal sessionbean; private JaasBeanLocal sessionbean;
@EJB @EJB
private UserBeanLocal userBean; private UserBeanLocal userBean;
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!