Project

General

Profile

« Previous | Next » 

Revision 71706315

Added by Andreas Kohlbecker over 6 years ago

ref #6867 using runAsAuthentication ROLE_USERMANAGER to grant per entity authorities

View differences:

src/main/java/eu/etaxonomy/cdm/service/CdmUserHelper.java
14 14 
import org.springframework.beans.factory.annotation.Autowired;
15 15 
import org.springframework.beans.factory.annotation.Qualifier;
16 16 
import org.springframework.security.authentication.AnonymousAuthenticationToken;
17 
import org.springframework.security.authentication.AuthenticationProvider;
17 18 
import org.springframework.security.core.Authentication;
18 19 
import org.springframework.security.core.context.SecurityContext;
19 20 
import org.springframework.security.core.context.SecurityContextHolder;
......
24 25 
import com.vaadin.spring.annotation.UIScope;
25 26 

  		




  26
  27
  
    
import eu.etaxonomy.cdm.api.application.CdmRepository;


  		




  
  28
  
    
import eu.etaxonomy.cdm.api.application.RunAsAuthenticator;


  		




  27
  29
  
    
import eu.etaxonomy.cdm.database.PermissionDeniedException;


  		




  28
  30
  
    
import eu.etaxonomy.cdm.model.common.CdmBase;


  		




  29
  31
  
    
import eu.etaxonomy.cdm.model.common.User;


  		




  ......




  53
  55
  
    
    @Qualifier("cdmRepository")


  		




  54
  56
  
    
    private CdmRepository repo;


  		




  55
  57
  
    

  		




  
  58
  
    
    @Autowired


  		




  
  59
  
    
    @Qualifier("runAsAuthenticationProvider")


  		




  
  60
  
    
    AuthenticationProvider runAsAuthenticationProvider;


  		




  
  61
  
    

  		




  
  62
  
    
    RunAsAuthenticator runAsAutheticator = new RunAsAuthenticator();


  		




  
  63
  
    

  		




  56
  64
  
    
    public CdmUserHelper(){


  		




  57
  65
  
    
        super();


  		




  
  66
  
    
        runAsAutheticator.setRunAsAuthenticationProvider(runAsAuthenticationProvider);


  		




  
  67
  
    

  		




  58
  68
  
    
    }


  		




  59
  69
  
    

  		




  60
  70
  
    
    @Override


  		




  ......




  179
  189
  
    
    }


  		




  180
  190
  
    

  		




  181
  191
  
    
    /**


  		




  182
  
  
    
     * @param username


  		




  183
  
  
    
     * @param cdmType


  		




  184
  
  
    
     * @param entitiyId


  		




  185
  
  
    
     * @param crud


  		




  186
  
  
    
     * @return


  		




  
  192
  
    
     * {@inheritDoc}


  		




  187
  193
  
    
     */


  		




  188
  194
  
    
    @Override


  		




  189
  
  
    
    public void createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {


  		




  
  195
  
    
    public void createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {


  		




  190
  196
  
    
        UserDetails userDetails = repo.getUserService().loadUserByUsername(username);


  		




  191
  197
  
    
        if(userDetails != null){


  		




  
  198
  
    
            runAsAutheticator.runAsAuthentication(Role.ROLE_USER_MANAGER);


  		




  192
  199
  
    
            User user = (User)userDetails;


  		




  193
  
  
    
            CdmBase entity = repo.getCommonService().find(cdmType, entitiyId);


  		




  194
  
  
    
            CdmAuthority authority = new CdmAuthority(entity, property, crud);


  		




  
  200
  
    
            CdmAuthority authority = new CdmAuthority(cdmEntity, property, crud);


  		




  195
  201
  
    
            try {


  		




  196
  202
  
    
                user.getGrantedAuthorities().add(authority.asNewGrantedAuthority());


  		




  197
  203
  
    
            } catch (CdmAuthorityParsingException e) {


  		




  198
  204
  
    
                throw new RuntimeException(e);


  		




  199
  205
  
    
            }


  		




  200
  206
  
    
            repo.getSession().flush();


  		




  
  207
  
    
            runAsAutheticator.restoreAuthentication();


  		




  201
  208
  
    
            logger.debug("new authority for " + username + ": " + authority.toString());


  		




  202
  209
  
    
            Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getPassword(), user.getAuthorities());


  		




  203
  210
  
    
            SecurityContextHolder.getContext().setAuthentication(authentication);


  		




  204
  211
  
    
            logger.debug("security context refreshed with user " + username);


  		




  205
  212
  
    
        }


  		




  
  213
  
    

  		




  206
  214
  
    
    }


  		




  207
  215
  
    

  		




  208
  216
  
    
    /**


  		




  
  217
  
    
     * @param username


  		




  209
  218
  
    
     * @param cdmType


  		




  210
  219
  
    
     * @param entitiyId


  		




  211
  220
  
    
     * @param crud


  		




  212
  221
  
    
     * @return


  		




  213
  222
  
    
     */


  		




  214
  223
  
    
    @Override


  		




  215
  
  
    
    public void createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {


  		




  216
  
  
    
        createAuthorityFor(userName(), cdmType, entitiyId, crud, property);


  		




  
  224
  
    
    public void createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {


  		




  
  225
  
    

  		




  
  226
  
    
        CdmBase cdmEntity = repo.getCommonService().find(cdmType, entitiyId);


  		




  
  227
  
    

  		




  
  228
  
    
        createAuthorityFor(username,cdmEntity, crud, property);


  		




  217
  229
  
    
    }


  		




  218
  230
  
    

  		




  219
  231
  
    
    /**


  		




  220
  232
  
    
     * {@inheritDoc}


  		




  221
  233
  
    
     */


  		




  222
  234
  
    
    @Override


  		




  223
  
  
    
    public void createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {


  		




  224
  
  
    
        UserDetails userDetails = repo.getUserService().loadUserByUsername(username);


  		




  225
  
  
    
        if(userDetails != null){


  		




  226
  
  
    
            User user = (User)userDetails;


  		




  227
  
  
    
            CdmAuthority authority = new CdmAuthority(cdmEntity, property, crud);


  		




  228
  
  
    
            try {


  		




  229
  
  
    
                user.getGrantedAuthorities().add(authority.asNewGrantedAuthority());


  		




  230
  
  
    
            } catch (CdmAuthorityParsingException e) {


  		




  231
  
  
    
                throw new RuntimeException(e);


  		




  232
  
  
    
            }


  		




  233
  
  
    
            repo.getSession().flush();


  		




  234
  
  
    
            logger.debug("new authority for " + username + ": " + authority.toString());


  		




  235
  
  
    
            Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getPassword(), user.getAuthorities());


  		




  236
  
  
    
            SecurityContextHolder.getContext().setAuthentication(authentication);


  		




  237
  
  
    
            logger.debug("security context refreshed with user " + username);


  		




  238
  
  
    
        }


  		




  
  235
  
    
    public void createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {


  		




  
  236
  
    
        createAuthorityFor(userName(), cdmEntity, crud, property);


  		




  239
  237
  
    

  		




  240
  238
  
    
    }


  		




  241
  239
  
    

  		




  242
  240
  
    
    /**


  		




  243
  
  
    
     * {@inheritDoc}


  		




  
  241
  
    
     * @param cdmType


  		




  
  242
  
    
     * @param entitiyId


  		




  
  243
  
    
     * @param crud


  		




  
  244
  
    
     * @return


  		




  244
  245
  
    
     */


  		




  245
  246
  
    
    @Override


  		




  246
  
  
    
    public void createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {


  		




  247
  
  
    
        createAuthorityFor(userName(), cdmEntity, crud, property);


  		




  248
  
  
    

  		




  
  247
  
    
    public void createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {


  		




  
  248
  
    
        createAuthorityFor(userName(), cdmType, entitiyId, crud, property);


  		




  249
  249
  
    
    }


  		




  250
  250
  
    

  		




  251
  251
  
    
}


  		












Also available in:  Unified diff