Project

General

Profile

Revision 45716169

ID45716169bad21784410c080c1e2e4f997e000636
Parent 3692b5bf
Child b7b99774

Added by Andreas Kohlbecker over 5 years ago

RolesSourceProvider to enable activities by cdm roles and protecting bulkeditors and term editors - #4055 (action enablement adapts to the users granted authorities)

View differences:

.gitattributes
1268 1268
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/preference/wizard/VocabularyTermWizardPage.java -text
1269 1269
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java -text
1270 1270
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RequiredPermissions.java -text
1271
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java -text
1271 1272
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java -text
1272 1273
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStoreConnector.java -text
1273 1274
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/ContextManager.java -text
eu.etaxonomy.taxeditor.cdmlib/META-INF/MANIFEST.MF
346 346
 org.springframework.orm.hibernate4,
347 347
 org.springframework.security.access,
348 348
 org.springframework.security.authentication,
349
 org.springframework.security.authentication.event,
349 350
 org.springframework.security.core,
350 351
 org.springframework.security.core.context,
351 352
 org.springframework.security.core.userdetails,
eu.etaxonomy.taxeditor.store/META-INF/MANIFEST.MF
46 46
 eu.etaxonomy.taxeditor.ui.section.supplemental,
47 47
 eu.etaxonomy.taxeditor.ui.section.taxon,
48 48
 eu.etaxonomy.taxeditor.ui.selection,
49
 eu.etaxonomy.taxeditor.utility,
49 50
 eu.etaxonomy.taxeditor.view,
50 51
 eu.etaxonomy.taxeditor.view.datasource,
51 52
 eu.etaxonomy.taxeditor.view.datasource.handler,
eu.etaxonomy.taxeditor.store/plugin.xml
963 963
      </definition>
964 964
      <definition
965 965
            id="hasROLE_USER_MANAGER">
966
            <test
967
                  args="ROLE_USER_MANAGER"
968
                  property="eu.etaxonomy.taxeditor.security.permissionTester.hasRole">
969
            </test>
966
            <with
967
               variable="eu.etaxonomy.taxeditor.security.userRoles">
968
            <iterate
969
                  ifEmpty="false"
970
                  operator="or">
971
               <or>
972
                  <equals
973
                        value="ROLE_ADMIN">
974
                  </equals>
975
                  <equals
976
                        value="ROLE_USER_MANAGER">
977
                  </equals>
978
               </or>
979
            </iterate>
980
         </with>
981
      </definition>
982
      <definition
983
            id="hasROLE_PROJECT_MANAGER">
984
         <with
985
               variable="eu.etaxonomy.taxeditor.security.userRoles">
986
            <iterate
987
                  ifEmpty="false"
988
                  operator="or">
989
               <or>
990
                  <equals
991
                        value="ROLE_ADMIN">
992
                  </equals>
993
                  <equals
994
                        value="ROLE_PROJECT_MANAGER">
995
                  </equals>
996
               </or>
997
            </iterate>
998
         </with>
970 999
      </definition>
971 1000
</extension>
972 1001
<extension
......
1027 1056
         activityId="eu.etaxonomy.taxeditor.store.activityUserManagement"
1028 1057
         pattern="eu\.etaxonomy\.taxeditor\..*/.*.UserManagement">
1029 1058
   </activityPatternBinding>
1059
   <activityPatternBinding
1060
         activityId="eu.etaxonomy.taxeditor.store.activityUserManagement"
1061
         pattern="eu\.etaxonomy\.taxeditor\..*/bulkeditor\.input\.group">
1062
   </activityPatternBinding>
1063
   <activity
1064
         description="ROLE_PROJECT_MANAGER dependent ui contributions"
1065
         id="eu.etaxonomy.taxeditor.store.activityProjectManagement"
1066
         name="ProjectManagement">
1067
      <enabledWhen>
1068
         <reference
1069
               definitionId="hasROLE_PROJECT_MANAGER">
1070
         </reference>
1071
      </enabledWhen>
1072
   </activity>
1073
   <activityPatternBinding
1074
         activityId="eu.etaxonomy.taxeditor.store.activityProjectManagement"
1075
         pattern="eu\.etaxonomy\.taxeditor\..*/eu\.etaxonomy\.taxeditor\..*\.definedTerm.*">
1076
   </activityPatternBinding>
1077
   <activityPatternBinding
1078
         activityId="eu.etaxonomy.taxeditor.store.activityProjectManagement"
1079
         pattern="eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.menus.openmenu"
1080
         isEqualityPattern="true">
1081
   </activityPatternBinding>
1082
</extension>
1083
<extension
1084
      point="org.eclipse.ui.services">
1085
   <sourceProvider
1086
         provider="eu.etaxonomy.taxeditor.security.RolesSourceProvider">
1087
      <variable
1088
            name="eu.etaxonomy.taxeditor.security.userRoles"
1089
            priorityLevel="workbench">
1090
      </variable>
1091
   </sourceProvider>
1030 1092
</extension>
1031 1093
	
1032 1094
</plugin>
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java
1 1
package eu.etaxonomy.taxeditor.security;
2 2

  
3
import java.util.ArrayList;
4 3
import java.util.EnumSet;
5
import java.util.Iterator;
6 4
import java.util.List;
7 5

  
8
import javax.management.relation.Role;
9

  
10
import org.apache.commons.lang.StringUtils;
11 6
import org.eclipse.core.expressions.PropertyTester;
12 7
import org.eclipse.jface.viewers.IStructuredSelection;
13 8

  
14 9
import eu.etaxonomy.cdm.model.common.CdmBase;
15 10
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
11
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;
16 12
import eu.etaxonomy.taxeditor.store.CdmStore;
17 13

  
14
/**
15
 * Checks if the currently authenticated user for {@link CdmAuthority} assignments.
16
 * 
17
 * @author andreas
18
 *
19
 */
18 20
public class PermissionPropertyTester extends PropertyTester {
19 21
	
20
	private static final String HAS_ROLES = "hasRoles";
21 22
	private static final String HAS_PERMISSIONS = "hasPermissions";
22 23
	
23 24
	private static final String CREATE = CRUD.CREATE.toString();
......
29 30
	public boolean test(Object receiver, String property, Object[] args,
30 31
			Object expectedValue) {
31 32
		
32
		
33 33
		if(property.equals(HAS_PERMISSIONS)){
34
			
35 34
			return checkHasPermission(receiver, args);
36 35
		}
37
		
38
		if(property.equals(HAS_ROLES)){
39
			return checkHasRoles(property, args);
40
		}
41 36
			
42 37
		return false;
43 38
	}
44 39

  
45
	private boolean checkHasRoles(String property, Object[] args) {
46
			List<Role> roles = new ArrayList<Role>();
47
			for(int i = 0; i < args.length; i++){
48
				roles.add((Role)args[i]);
49
			}
50
//			return CdmStore.currentAuthentiationHasOneOfRoles(roles.get(0)); // FIXME
51
			return false;
52
			
53
	}
54

  
55 40
	private boolean checkHasPermission(Object receiver, Object[] args) {
56 41
		EnumSet<CRUD> crudSet = crudSetFromArgs(args);
57 42

  
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java
1
package eu.etaxonomy.taxeditor.security;
2

  
3
import java.util.ArrayList;
4
import java.util.Collection;
5
import java.util.HashMap;
6
import java.util.List;
7
import java.util.Map;
8
import java.util.Observable;
9
import java.util.Observer;
10

  
11
import org.eclipse.ui.AbstractSourceProvider;
12
import org.eclipse.ui.ISources;
13
import org.springframework.security.core.Authentication;
14
import org.springframework.security.core.GrantedAuthority;
15

  
16
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;
17
import eu.etaxonomy.taxeditor.store.CdmStore;
18
import eu.etaxonomy.taxeditor.store.LoginManager;
19

  
20
/**
21
 * Provides the Roles assigned to the currently authenticated principal as the
22
 * variable {@code eu.etaxonomy.taxeditor.security.userRoles}
23
 * 
24
 * @author a.kohlbecker
25
 * 
26
 */
27
public class RolesSourceProvider extends AbstractSourceProvider implements Observer {
28

  
29
	public final static String RIGHTS_VARIABLE = "eu.etaxonomy.taxeditor.security.userRoles";
30
	private final static String[] PROVIDED_SOURCE_NAMES = new String[] { RIGHTS_VARIABLE };
31

  
32
	private final static Map<String, List<String>> stateMap = new HashMap<String, List<String>>();
33

  
34
	public RolesSourceProvider() {
35
		super();
36
		initialize();
37
	}
38

  
39
	private void initialize() {
40
		CdmStore.getLoginManager().addObserver(this);
41
	}
42

  
43
	@Override
44
	public void dispose() {
45
		CdmStore.getLoginManager().deleteObserver(this);
46
	}
47

  
48
	@Override
49
	public Map getCurrentState() {
50

  
51
		// SecurityContextHolder.getContext().
52
		List<Role> roles = getCurrentAuthenticationsRoles();
53
		List<String> rolesStr = new ArrayList<String>(roles.size());
54
		for(Role r : roles){
55
			rolesStr.add(r.getAuthority());
56
		}
57

  
58
		stateMap.put(RIGHTS_VARIABLE, rolesStr);
59
		return stateMap;
60
	}
61

  
62
	/*
63
	 * TODO refactor into User once Role is a model class
64
	 */
65
	private List<Role> getCurrentAuthenticationsRoles() {
66

  
67
		List<Role> roles = new ArrayList<Role>();
68
		Authentication authentication = CdmStore.getCurrentAuthentiation();
69
		if (authentication == null) {
70
			return roles;
71
		}
72

  
73
		Collection<? extends GrantedAuthority> authorities = authentication
74
				.getAuthorities();
75
		if (authorities == null) {
76
			return roles;
77
		}
78

  
79
		Role role = null;
80
		for (GrantedAuthority ga : authorities) {
81
			try {
82
				// check if it is a valid role
83
				role = Role.fromString(ga.getAuthority());
84
				if (role != null) {
85
					roles.add(role);
86
				}
87
			} catch (Exception e) {
88
				/* IGNORE */
89
			}
90
		}
91
		return roles;
92

  
93
	}
94

  
95
	public String[] getProvidedSourceNames() {
96
		return PROVIDED_SOURCE_NAMES;
97
	}
98

  
99
	@Override
100
	public void update(Observable o, Object arg) {
101
		if(o instanceof LoginManager){
102
			/*
103
			 * This triggers an update of the variable state, and will update also
104
			 * all listeners to the evaluation service. So that every menu point,
105
			 * which is also expression controlled, gets updated too.
106
			 */
107
			fireSourceChanged(ISources.WORKBENCH, getCurrentState());
108
		}
109
	}
110

  
111
}
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java
21 21
import org.springframework.core.io.Resource;
22 22
import org.springframework.security.access.PermissionEvaluator;
23 23
import org.springframework.security.authentication.ProviderManager;
24
import org.springframework.security.core.Authentication;
24 25
import org.springframework.security.core.context.SecurityContext;
25 26
import org.springframework.security.core.context.SecurityContextHolder;
26 27

  
......
348 349
	 * @return
349 350
	 */
350 351
	public static boolean currentAuthentiationHasPermission(Class<? extends CdmBase> targetType, EnumSet<CRUD> permission){
351
		SecurityContext context = SecurityContextHolder.getContext();
352
		return getPermissionEvaluator().hasPermission(context.getAuthentication(), null, targetType.getName(), permission);
352
		return getPermissionEvaluator().hasPermission(getCurrentAuthentiation(), null, targetType.getName(), permission);
353 353
	}
354 354
	
355 355
	public static boolean currentAuthentiationHasOneOfRoles(Role ... roles){
356
		return getPermissionEvaluator().hasOneOfRoles(getCurrentAuthentiation(), roles);
357
	}
358
	
359
	public static Authentication getCurrentAuthentiation() {
356 360
		SecurityContext context = SecurityContextHolder.getContext();
357
		return getPermissionEvaluator().hasOneOfRoles(context.getAuthentication(), roles);
361
		return context.getAuthentication();
358 362
	}
359 363
	
360 364
	/*
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/LoginManager.java
52 52
	 * <p>authenticate</p>
53 53
	 *
54 54
	 * @param token a {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken} object.
55
	 * @return true if the login attempt was successful even if the authentication has changed or not
55 56
	 */
56 57
	public boolean authenticate(String username, String password){
57 58

  
......
67 68
			
68 69
			SecurityContextHolder.clearContext();
69 70
			
71
			Authentication lastAuthentication = CdmStore.getCurrentAuthentiation();
72
			
70 73
			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); 			
71 74
			Authentication authentication = CdmStore.getAuthenticationManager().authenticate(token);
72 75
			
......
89 92
		
90 93
			SecurityContextHolder.getContext().setAuthentication(authentication);			
91 94

  
92
			this.setChanged();
93
			this.notifyObservers();
95
			if(!authentication.equals(lastAuthentication)){
96
				this.setChanged();
97
				this.notifyObservers();
98
			}
94 99
			return true;
95 100
		}
96 101
		catch(BadCredentialsException e){

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)