eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/preference/wizard/VocabularyTermWizardPage.java -text
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java -text
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RequiredPermissions.java -text
+eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java -text
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java -text
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStoreConnector.java -text
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/ContextManager.java -text
org.springframework.orm.hibernate4,
org.springframework.security.access,
org.springframework.security.authentication,
+ org.springframework.security.authentication.event,
org.springframework.security.core,
org.springframework.security.core.context,
org.springframework.security.core.userdetails,
eu.etaxonomy.taxeditor.ui.section.supplemental,
eu.etaxonomy.taxeditor.ui.section.taxon,
eu.etaxonomy.taxeditor.ui.selection,
+ eu.etaxonomy.taxeditor.utility,
eu.etaxonomy.taxeditor.view,
eu.etaxonomy.taxeditor.view.datasource,
eu.etaxonomy.taxeditor.view.datasource.handler,
</definition>
<definition
id="hasROLE_USER_MANAGER">
- <test
- args="ROLE_USER_MANAGER"
- property="eu.etaxonomy.taxeditor.security.permissionTester.hasRole">
- </test>
+ <with
+ variable="eu.etaxonomy.taxeditor.security.userRoles">
+ <iterate
+ ifEmpty="false"
+ operator="or">
+ <or>
+ <equals
+ value="ROLE_ADMIN">
+ </equals>
+ <equals
+ value="ROLE_USER_MANAGER">
+ </equals>
+ </or>
+ </iterate>
+ </with>
+ </definition>
+ <definition
+ id="hasROLE_PROJECT_MANAGER">
+ <with
+ variable="eu.etaxonomy.taxeditor.security.userRoles">
+ <iterate
+ ifEmpty="false"
+ operator="or">
+ <or>
+ <equals
+ value="ROLE_ADMIN">
+ </equals>
+ <equals
+ value="ROLE_PROJECT_MANAGER">
+ </equals>
+ </or>
+ </iterate>
+ </with>
</definition>
</extension>
<extension
activityId="eu.etaxonomy.taxeditor.store.activityUserManagement"
pattern="eu\.etaxonomy\.taxeditor\..*/.*.UserManagement">
</activityPatternBinding>
+ <activityPatternBinding
+ activityId="eu.etaxonomy.taxeditor.store.activityUserManagement"
+ pattern="eu\.etaxonomy\.taxeditor\..*/bulkeditor\.input\.group">
+ </activityPatternBinding>
+ <activity
+ description="ROLE_PROJECT_MANAGER dependent ui contributions"
+ id="eu.etaxonomy.taxeditor.store.activityProjectManagement"
+ name="ProjectManagement">
+ <enabledWhen>
+ <reference
+ definitionId="hasROLE_PROJECT_MANAGER">
+ </reference>
+ </enabledWhen>
+ </activity>
+ <activityPatternBinding
+ activityId="eu.etaxonomy.taxeditor.store.activityProjectManagement"
+ pattern="eu\.etaxonomy\.taxeditor\..*/eu\.etaxonomy\.taxeditor\..*\.definedTerm.*">
+ </activityPatternBinding>
+ <activityPatternBinding
+ activityId="eu.etaxonomy.taxeditor.store.activityProjectManagement"
+ pattern="eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.menus.openmenu"
+ isEqualityPattern="true">
+ </activityPatternBinding>
+</extension>
+<extension
+ point="org.eclipse.ui.services">
+ <sourceProvider
+ provider="eu.etaxonomy.taxeditor.security.RolesSourceProvider">
+ <variable
+ name="eu.etaxonomy.taxeditor.security.userRoles"
+ priorityLevel="workbench">
+ </variable>
+ </sourceProvider>
</extension>
</plugin>
package eu.etaxonomy.taxeditor.security;
-import java.util.ArrayList;
import java.util.EnumSet;
-import java.util.Iterator;
import java.util.List;
-import javax.management.relation.Role;
-
-import org.apache.commons.lang.StringUtils;
import org.eclipse.core.expressions.PropertyTester;
import org.eclipse.jface.viewers.IStructuredSelection;
import eu.etaxonomy.cdm.model.common.CdmBase;
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
+import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;
import eu.etaxonomy.taxeditor.store.CdmStore;
+/**
+ * Checks if the currently authenticated user for {@link CdmAuthority} assignments.
+ *
+ * @author andreas
+ *
+ */
public class PermissionPropertyTester extends PropertyTester {
- private static final String HAS_ROLES = "hasRoles";
private static final String HAS_PERMISSIONS = "hasPermissions";
private static final String CREATE = CRUD.CREATE.toString();
public boolean test(Object receiver, String property, Object[] args,
Object expectedValue) {
-
if(property.equals(HAS_PERMISSIONS)){
-
return checkHasPermission(receiver, args);
}
-
- if(property.equals(HAS_ROLES)){
- return checkHasRoles(property, args);
- }
return false;
}
- private boolean checkHasRoles(String property, Object[] args) {
- List<Role> roles = new ArrayList<Role>();
- for(int i = 0; i < args.length; i++){
- roles.add((Role)args[i]);
- }
-// return CdmStore.currentAuthentiationHasOneOfRoles(roles.get(0)); // FIXME
- return false;
-
- }
-
private boolean checkHasPermission(Object receiver, Object[] args) {
EnumSet<CRUD> crudSet = crudSetFromArgs(args);
--- /dev/null
+package eu.etaxonomy.taxeditor.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Observable;
+import java.util.Observer;
+
+import org.eclipse.ui.AbstractSourceProvider;
+import org.eclipse.ui.ISources;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;
+import eu.etaxonomy.taxeditor.store.CdmStore;
+import eu.etaxonomy.taxeditor.store.LoginManager;
+
+/**
+ * Provides the Roles assigned to the currently authenticated principal as the
+ * variable {@code eu.etaxonomy.taxeditor.security.userRoles}
+ *
+ * @author a.kohlbecker
+ *
+ */
+public class RolesSourceProvider extends AbstractSourceProvider implements Observer {
+
+ public final static String RIGHTS_VARIABLE = "eu.etaxonomy.taxeditor.security.userRoles";
+ private final static String[] PROVIDED_SOURCE_NAMES = new String[] { RIGHTS_VARIABLE };
+
+ private final static Map<String, List<String>> stateMap = new HashMap<String, List<String>>();
+
+ public RolesSourceProvider() {
+ super();
+ initialize();
+ }
+
+ private void initialize() {
+ CdmStore.getLoginManager().addObserver(this);
+ }
+
+ @Override
+ public void dispose() {
+ CdmStore.getLoginManager().deleteObserver(this);
+ }
+
+ @Override
+ public Map getCurrentState() {
+
+ // SecurityContextHolder.getContext().
+ List<Role> roles = getCurrentAuthenticationsRoles();
+ List<String> rolesStr = new ArrayList<String>(roles.size());
+ for(Role r : roles){
+ rolesStr.add(r.getAuthority());
+ }
+
+ stateMap.put(RIGHTS_VARIABLE, rolesStr);
+ return stateMap;
+ }
+
+ /*
+ * TODO refactor into User once Role is a model class
+ */
+ private List<Role> getCurrentAuthenticationsRoles() {
+
+ List<Role> roles = new ArrayList<Role>();
+ Authentication authentication = CdmStore.getCurrentAuthentiation();
+ if (authentication == null) {
+ return roles;
+ }
+
+ Collection<? extends GrantedAuthority> authorities = authentication
+ .getAuthorities();
+ if (authorities == null) {
+ return roles;
+ }
+
+ Role role = null;
+ for (GrantedAuthority ga : authorities) {
+ try {
+ // check if it is a valid role
+ role = Role.fromString(ga.getAuthority());
+ if (role != null) {
+ roles.add(role);
+ }
+ } catch (Exception e) {
+ /* IGNORE */
+ }
+ }
+ return roles;
+
+ }
+
+ public String[] getProvidedSourceNames() {
+ return PROVIDED_SOURCE_NAMES;
+ }
+
+ @Override
+ public void update(Observable o, Object arg) {
+ if(o instanceof LoginManager){
+ /*
+ * This triggers an update of the variable state, and will update also
+ * all listeners to the evaluation service. So that every menu point,
+ * which is also expression controlled, gets updated too.
+ */
+ fireSourceChanged(ISources.WORKBENCH, getCurrentState());
+ }
+ }
+
+}
import org.springframework.core.io.Resource;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
* @return
*/
public static boolean currentAuthentiationHasPermission(Class<? extends CdmBase> targetType, EnumSet<CRUD> permission){
- SecurityContext context = SecurityContextHolder.getContext();
- return getPermissionEvaluator().hasPermission(context.getAuthentication(), null, targetType.getName(), permission);
+ return getPermissionEvaluator().hasPermission(getCurrentAuthentiation(), null, targetType.getName(), permission);
}
public static boolean currentAuthentiationHasOneOfRoles(Role ... roles){
+ return getPermissionEvaluator().hasOneOfRoles(getCurrentAuthentiation(), roles);
+ }
+
+ public static Authentication getCurrentAuthentiation() {
SecurityContext context = SecurityContextHolder.getContext();
- return getPermissionEvaluator().hasOneOfRoles(context.getAuthentication(), roles);
+ return context.getAuthentication();
}
/*
* <p>authenticate</p>
*
* @param token a {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken} object.
+ * @return true if the login attempt was successful even if the authentication has changed or not
*/
public boolean authenticate(String username, String password){
SecurityContextHolder.clearContext();
+ Authentication lastAuthentication = CdmStore.getCurrentAuthentiation();
+
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
Authentication authentication = CdmStore.getAuthenticationManager().authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
- this.setChanged();
- this.notifyObservers();
+ if(!authentication.equals(lastAuthentication)){
+ this.setChanged();
+ this.notifyObservers();
+ }
return true;
}
catch(BadCredentialsException e){