From: Andreas Kohlbecker Date: Wed, 19 Feb 2014 14:52:32 +0000 (+0000) Subject: RolesSourceProvider to enable activities by cdm roles and protecting bulkeditors... X-Git-Tag: 3.6.0~769 X-Git-Url: https://dev.e-taxonomy.eu/gitweb/taxeditor.git/commitdiff_plain/45716169bad21784410c080c1e2e4f997e000636 RolesSourceProvider to enable activities by cdm roles and protecting bulkeditors and term editors - #4055 (action enablement adapts to the users granted authorities) --- diff --git a/.gitattributes b/.gitattributes index 73c2c268a..78ec84033 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1268,6 +1268,7 @@ eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/preference/wiz eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/preference/wizard/VocabularyTermWizardPage.java -text eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java -text eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RequiredPermissions.java -text +eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java -text eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java -text eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStoreConnector.java -text eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/ContextManager.java -text diff --git a/eu.etaxonomy.taxeditor.cdmlib/META-INF/MANIFEST.MF b/eu.etaxonomy.taxeditor.cdmlib/META-INF/MANIFEST.MF index 5f8e6447f..abacc9ae7 100644 --- a/eu.etaxonomy.taxeditor.cdmlib/META-INF/MANIFEST.MF +++ b/eu.etaxonomy.taxeditor.cdmlib/META-INF/MANIFEST.MF @@ -346,6 +346,7 @@ Export-Package: com.google.api, org.springframework.orm.hibernate4, org.springframework.security.access, org.springframework.security.authentication, + org.springframework.security.authentication.event, org.springframework.security.core, org.springframework.security.core.context, org.springframework.security.core.userdetails, diff --git a/eu.etaxonomy.taxeditor.store/META-INF/MANIFEST.MF b/eu.etaxonomy.taxeditor.store/META-INF/MANIFEST.MF index c3b5a4e33..812b72727 100644 --- a/eu.etaxonomy.taxeditor.store/META-INF/MANIFEST.MF +++ b/eu.etaxonomy.taxeditor.store/META-INF/MANIFEST.MF @@ -46,6 +46,7 @@ Export-Package: eu.etaxonomy.cdm, eu.etaxonomy.taxeditor.ui.section.supplemental, eu.etaxonomy.taxeditor.ui.section.taxon, eu.etaxonomy.taxeditor.ui.selection, + eu.etaxonomy.taxeditor.utility, eu.etaxonomy.taxeditor.view, eu.etaxonomy.taxeditor.view.datasource, eu.etaxonomy.taxeditor.view.datasource.handler, diff --git a/eu.etaxonomy.taxeditor.store/plugin.xml b/eu.etaxonomy.taxeditor.store/plugin.xml index 03fd6d030..3eeaba994 100644 --- a/eu.etaxonomy.taxeditor.store/plugin.xml +++ b/eu.etaxonomy.taxeditor.store/plugin.xml @@ -963,10 +963,39 @@ - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java index e9adcf307..ca9a014dc 100644 --- a/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java +++ b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java @@ -1,23 +1,24 @@ package eu.etaxonomy.taxeditor.security; -import java.util.ArrayList; import java.util.EnumSet; -import java.util.Iterator; import java.util.List; -import javax.management.relation.Role; - -import org.apache.commons.lang.StringUtils; import org.eclipse.core.expressions.PropertyTester; import org.eclipse.jface.viewers.IStructuredSelection; import eu.etaxonomy.cdm.model.common.CdmBase; import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD; +import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority; import eu.etaxonomy.taxeditor.store.CdmStore; +/** + * Checks if the currently authenticated user for {@link CdmAuthority} assignments. + * + * @author andreas + * + */ public class PermissionPropertyTester extends PropertyTester { - private static final String HAS_ROLES = "hasRoles"; private static final String HAS_PERMISSIONS = "hasPermissions"; private static final String CREATE = CRUD.CREATE.toString(); @@ -29,29 +30,13 @@ public class PermissionPropertyTester extends PropertyTester { public boolean test(Object receiver, String property, Object[] args, Object expectedValue) { - if(property.equals(HAS_PERMISSIONS)){ - return checkHasPermission(receiver, args); } - - if(property.equals(HAS_ROLES)){ - return checkHasRoles(property, args); - } return false; } - private boolean checkHasRoles(String property, Object[] args) { - List roles = new ArrayList(); - for(int i = 0; i < args.length; i++){ - roles.add((Role)args[i]); - } -// return CdmStore.currentAuthentiationHasOneOfRoles(roles.get(0)); // FIXME - return false; - - } - private boolean checkHasPermission(Object receiver, Object[] args) { EnumSet crudSet = crudSetFromArgs(args); diff --git a/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java new file mode 100644 index 000000000..abb44e7c6 --- /dev/null +++ b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java @@ -0,0 +1,111 @@ +package eu.etaxonomy.taxeditor.security; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Observable; +import java.util.Observer; + +import org.eclipse.ui.AbstractSourceProvider; +import org.eclipse.ui.ISources; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; + +import eu.etaxonomy.cdm.persistence.hibernate.permission.Role; +import eu.etaxonomy.taxeditor.store.CdmStore; +import eu.etaxonomy.taxeditor.store.LoginManager; + +/** + * Provides the Roles assigned to the currently authenticated principal as the + * variable {@code eu.etaxonomy.taxeditor.security.userRoles} + * + * @author a.kohlbecker + * + */ +public class RolesSourceProvider extends AbstractSourceProvider implements Observer { + + public final static String RIGHTS_VARIABLE = "eu.etaxonomy.taxeditor.security.userRoles"; + private final static String[] PROVIDED_SOURCE_NAMES = new String[] { RIGHTS_VARIABLE }; + + private final static Map> stateMap = new HashMap>(); + + public RolesSourceProvider() { + super(); + initialize(); + } + + private void initialize() { + CdmStore.getLoginManager().addObserver(this); + } + + @Override + public void dispose() { + CdmStore.getLoginManager().deleteObserver(this); + } + + @Override + public Map getCurrentState() { + + // SecurityContextHolder.getContext(). + List roles = getCurrentAuthenticationsRoles(); + List rolesStr = new ArrayList(roles.size()); + for(Role r : roles){ + rolesStr.add(r.getAuthority()); + } + + stateMap.put(RIGHTS_VARIABLE, rolesStr); + return stateMap; + } + + /* + * TODO refactor into User once Role is a model class + */ + private List getCurrentAuthenticationsRoles() { + + List roles = new ArrayList(); + Authentication authentication = CdmStore.getCurrentAuthentiation(); + if (authentication == null) { + return roles; + } + + Collection authorities = authentication + .getAuthorities(); + if (authorities == null) { + return roles; + } + + Role role = null; + for (GrantedAuthority ga : authorities) { + try { + // check if it is a valid role + role = Role.fromString(ga.getAuthority()); + if (role != null) { + roles.add(role); + } + } catch (Exception e) { + /* IGNORE */ + } + } + return roles; + + } + + public String[] getProvidedSourceNames() { + return PROVIDED_SOURCE_NAMES; + } + + @Override + public void update(Observable o, Object arg) { + if(o instanceof LoginManager){ + /* + * This triggers an update of the variable state, and will update also + * all listeners to the evaluation service. So that every menu point, + * which is also expression controlled, gets updated too. + */ + fireSourceChanged(ISources.WORKBENCH, getCurrentState()); + } + } + +} diff --git a/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java index 42f14e5ce..83c558e1a 100644 --- a/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java +++ b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java @@ -21,6 +21,7 @@ import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; @@ -348,13 +349,16 @@ public class CdmStore { * @return */ public static boolean currentAuthentiationHasPermission(Class targetType, EnumSet permission){ - SecurityContext context = SecurityContextHolder.getContext(); - return getPermissionEvaluator().hasPermission(context.getAuthentication(), null, targetType.getName(), permission); + return getPermissionEvaluator().hasPermission(getCurrentAuthentiation(), null, targetType.getName(), permission); } public static boolean currentAuthentiationHasOneOfRoles(Role ... roles){ + return getPermissionEvaluator().hasOneOfRoles(getCurrentAuthentiation(), roles); + } + + public static Authentication getCurrentAuthentiation() { SecurityContext context = SecurityContextHolder.getContext(); - return getPermissionEvaluator().hasOneOfRoles(context.getAuthentication(), roles); + return context.getAuthentication(); } /* diff --git a/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/LoginManager.java b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/LoginManager.java index beb18fbc3..35642d413 100644 --- a/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/LoginManager.java +++ b/eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/LoginManager.java @@ -52,6 +52,7 @@ public class LoginManager extends Observable implements IConversationEnabled, IC *

authenticate

* * @param token a {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken} object. + * @return true if the login attempt was successful even if the authentication has changed or not */ public boolean authenticate(String username, String password){ @@ -67,6 +68,8 @@ public class LoginManager extends Observable implements IConversationEnabled, IC SecurityContextHolder.clearContext(); + Authentication lastAuthentication = CdmStore.getCurrentAuthentiation(); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); Authentication authentication = CdmStore.getAuthenticationManager().authenticate(token); @@ -89,8 +92,10 @@ public class LoginManager extends Observable implements IConversationEnabled, IC SecurityContextHolder.getContext().setAuthentication(authentication); - this.setChanged(); - this.notifyObservers(); + if(!authentication.equals(lastAuthentication)){ + this.setChanged(); + this.notifyObservers(); + } return true; } catch(BadCredentialsException e){