Revision 71706315
Added by Andreas Kohlbecker over 6 years ago
src/main/java/eu/etaxonomy/cdm/service/CdmUserHelper.java | ||
---|---|---|
14 | 14 |
import org.springframework.beans.factory.annotation.Autowired; |
15 | 15 |
import org.springframework.beans.factory.annotation.Qualifier; |
16 | 16 |
import org.springframework.security.authentication.AnonymousAuthenticationToken; |
17 |
import org.springframework.security.authentication.AuthenticationProvider; |
|
17 | 18 |
import org.springframework.security.core.Authentication; |
18 | 19 |
import org.springframework.security.core.context.SecurityContext; |
19 | 20 |
import org.springframework.security.core.context.SecurityContextHolder; |
... | ... | |
24 | 25 |
import com.vaadin.spring.annotation.UIScope; |
25 | 26 |
|
26 | 27 |
import eu.etaxonomy.cdm.api.application.CdmRepository; |
28 |
import eu.etaxonomy.cdm.api.application.RunAsAuthenticator; |
|
27 | 29 |
import eu.etaxonomy.cdm.database.PermissionDeniedException; |
28 | 30 |
import eu.etaxonomy.cdm.model.common.CdmBase; |
29 | 31 |
import eu.etaxonomy.cdm.model.common.User; |
... | ... | |
53 | 55 |
@Qualifier("cdmRepository") |
54 | 56 |
private CdmRepository repo; |
55 | 57 |
|
58 |
@Autowired |
|
59 |
@Qualifier("runAsAuthenticationProvider") |
|
60 |
AuthenticationProvider runAsAuthenticationProvider; |
|
61 |
|
|
62 |
RunAsAuthenticator runAsAutheticator = new RunAsAuthenticator(); |
|
63 |
|
|
56 | 64 |
public CdmUserHelper(){ |
57 | 65 |
super(); |
66 |
runAsAutheticator.setRunAsAuthenticationProvider(runAsAuthenticationProvider); |
|
67 |
|
|
58 | 68 |
} |
59 | 69 |
|
60 | 70 |
@Override |
... | ... | |
179 | 189 |
} |
180 | 190 |
|
181 | 191 |
/** |
182 |
* @param username |
|
183 |
* @param cdmType |
|
184 |
* @param entitiyId |
|
185 |
* @param crud |
|
186 |
* @return |
|
192 |
* {@inheritDoc} |
|
187 | 193 |
*/ |
188 | 194 |
@Override |
189 |
public void createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {
|
|
195 |
public void createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {
|
|
190 | 196 |
UserDetails userDetails = repo.getUserService().loadUserByUsername(username); |
191 | 197 |
if(userDetails != null){ |
198 |
runAsAutheticator.runAsAuthentication(Role.ROLE_USER_MANAGER); |
|
192 | 199 |
User user = (User)userDetails; |
193 |
CdmBase entity = repo.getCommonService().find(cdmType, entitiyId); |
|
194 |
CdmAuthority authority = new CdmAuthority(entity, property, crud); |
|
200 |
CdmAuthority authority = new CdmAuthority(cdmEntity, property, crud); |
|
195 | 201 |
try { |
196 | 202 |
user.getGrantedAuthorities().add(authority.asNewGrantedAuthority()); |
197 | 203 |
} catch (CdmAuthorityParsingException e) { |
198 | 204 |
throw new RuntimeException(e); |
199 | 205 |
} |
200 | 206 |
repo.getSession().flush(); |
207 |
runAsAutheticator.restoreAuthentication(); |
|
201 | 208 |
logger.debug("new authority for " + username + ": " + authority.toString()); |
202 | 209 |
Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getPassword(), user.getAuthorities()); |
203 | 210 |
SecurityContextHolder.getContext().setAuthentication(authentication); |
204 | 211 |
logger.debug("security context refreshed with user " + username); |
205 | 212 |
} |
213 |
|
|
206 | 214 |
} |
207 | 215 |
|
208 | 216 |
/** |
217 |
* @param username |
|
209 | 218 |
* @param cdmType |
210 | 219 |
* @param entitiyId |
211 | 220 |
* @param crud |
212 | 221 |
* @return |
213 | 222 |
*/ |
214 | 223 |
@Override |
215 |
public void createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) { |
|
216 |
createAuthorityFor(userName(), cdmType, entitiyId, crud, property); |
|
224 |
public void createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) { |
|
225 |
|
|
226 |
CdmBase cdmEntity = repo.getCommonService().find(cdmType, entitiyId); |
|
227 |
|
|
228 |
createAuthorityFor(username,cdmEntity, crud, property); |
|
217 | 229 |
} |
218 | 230 |
|
219 | 231 |
/** |
220 | 232 |
* {@inheritDoc} |
221 | 233 |
*/ |
222 | 234 |
@Override |
223 |
public void createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property) { |
|
224 |
UserDetails userDetails = repo.getUserService().loadUserByUsername(username); |
|
225 |
if(userDetails != null){ |
|
226 |
User user = (User)userDetails; |
|
227 |
CdmAuthority authority = new CdmAuthority(cdmEntity, property, crud); |
|
228 |
try { |
|
229 |
user.getGrantedAuthorities().add(authority.asNewGrantedAuthority()); |
|
230 |
} catch (CdmAuthorityParsingException e) { |
|
231 |
throw new RuntimeException(e); |
|
232 |
} |
|
233 |
repo.getSession().flush(); |
|
234 |
logger.debug("new authority for " + username + ": " + authority.toString()); |
|
235 |
Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getPassword(), user.getAuthorities()); |
|
236 |
SecurityContextHolder.getContext().setAuthentication(authentication); |
|
237 |
logger.debug("security context refreshed with user " + username); |
|
238 |
} |
|
235 |
public void createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property) { |
|
236 |
createAuthorityFor(userName(), cdmEntity, crud, property); |
|
239 | 237 |
|
240 | 238 |
} |
241 | 239 |
|
242 | 240 |
/** |
243 |
* {@inheritDoc} |
|
241 |
* @param cdmType |
|
242 |
* @param entitiyId |
|
243 |
* @param crud |
|
244 |
* @return |
|
244 | 245 |
*/ |
245 | 246 |
@Override |
246 |
public void createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property) { |
|
247 |
createAuthorityFor(userName(), cdmEntity, crud, property); |
|
248 |
|
|
247 |
public void createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) { |
|
248 |
createAuthorityFor(userName(), cdmType, entitiyId, crud, property); |
|
249 | 249 |
} |
250 | 250 |
|
251 | 251 |
} |
Also available in: Unified diff
ref #6867 using runAsAuthentication ROLE_USERMANAGER to grant per entity authorities