Project

General

Profile

« Previous | Next » 

Revision 45716169

Added by Andreas Kohlbecker over 9 years ago

RolesSourceProvider to enable activities by cdm roles and protecting bulkeditors and term editors - #4055 (action enablement adapts to the users granted authorities)

View differences:

.gitattributes
1268 1268 
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/preference/wizard/VocabularyTermWizardPage.java -text
1269 1269 
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java -text
1270 1270 
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RequiredPermissions.java -text
1271 
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java -text
1271 1272 
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java -text
1272 1273 
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStoreConnector.java -text
1273 1274 
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/ContextManager.java -text
eu.etaxonomy.taxeditor.cdmlib/META-INF/MANIFEST.MF
346 346 
 org.springframework.orm.hibernate4,
347 347 
 org.springframework.security.access,
348 348 
 org.springframework.security.authentication,
349 
 org.springframework.security.authentication.event,
349 350 
 org.springframework.security.core,
350 351 
 org.springframework.security.core.context,
351 352 
 org.springframework.security.core.userdetails,
eu.etaxonomy.taxeditor.store/META-INF/MANIFEST.MF
46 46 
 eu.etaxonomy.taxeditor.ui.section.supplemental,
47 47 
 eu.etaxonomy.taxeditor.ui.section.taxon,
48 48 
 eu.etaxonomy.taxeditor.ui.selection,
49 
 eu.etaxonomy.taxeditor.utility,
49 50 
 eu.etaxonomy.taxeditor.view,
50 51 
 eu.etaxonomy.taxeditor.view.datasource,
51 52 
 eu.etaxonomy.taxeditor.view.datasource.handler,
eu.etaxonomy.taxeditor.store/plugin.xml
963 963 
      </definition>
964 964 
      <definition
965 965 
            id="hasROLE_USER_MANAGER">
966 
            <test
967 
                  args="ROLE_USER_MANAGER"
968 
                  property="eu.etaxonomy.taxeditor.security.permissionTester.hasRole">
969 
            </test>
966 
            <with
967 
               variable="eu.etaxonomy.taxeditor.security.userRoles">
968 
            <iterate
969 
                  ifEmpty="false"
970 
                  operator="or">
971 
               <or>
972 
                  <equals
973 
                        value="ROLE_ADMIN">
974 
                  </equals>
975 
                  <equals
976 
                        value="ROLE_USER_MANAGER">
977 
                  </equals>
978 
               </or>
979 
            </iterate>
980 
         </with>
981 
      </definition>
982 
      <definition
983 
            id="hasROLE_PROJECT_MANAGER">
984 
         <with
985 
               variable="eu.etaxonomy.taxeditor.security.userRoles">
986 
            <iterate
987 
                  ifEmpty="false"
988 
                  operator="or">
989 
               <or>
990 
                  <equals
991 
                        value="ROLE_ADMIN">
992 
                  </equals>
993 
                  <equals
994 
                        value="ROLE_PROJECT_MANAGER">
995 
                  </equals>
996 
               </or>
997 
            </iterate>
998 
         </with>
970 999 
      </definition>
971 1000 
</extension>
972 1001 
<extension
......
1027 1056 
         activityId="eu.etaxonomy.taxeditor.store.activityUserManagement"
1028 1057 
         pattern="eu\.etaxonomy\.taxeditor\..*/.*.UserManagement">
1029 1058 
   </activityPatternBinding>
1059 
   <activityPatternBinding
1060 
         activityId="eu.etaxonomy.taxeditor.store.activityUserManagement"
1061 
         pattern="eu\.etaxonomy\.taxeditor\..*/bulkeditor\.input\.group">
1062 
   </activityPatternBinding>
1063 
   <activity
1064 
         description="ROLE_PROJECT_MANAGER dependent ui contributions"
1065 
         id="eu.etaxonomy.taxeditor.store.activityProjectManagement"
1066 
         name="ProjectManagement">
1067 
      <enabledWhen>
1068 
         <reference
1069 
               definitionId="hasROLE_PROJECT_MANAGER">
1070 
         </reference>
1071 
      </enabledWhen>
1072 
   </activity>
1073 
   <activityPatternBinding
1074 
         activityId="eu.etaxonomy.taxeditor.store.activityProjectManagement"
1075 
         pattern="eu\.etaxonomy\.taxeditor\..*/eu\.etaxonomy\.taxeditor\..*\.definedTerm.*">
1076 
   </activityPatternBinding>
1077 
   <activityPatternBinding
1078 
         activityId="eu.etaxonomy.taxeditor.store.activityProjectManagement"
1079 
         pattern="eu.etaxonomy.taxeditor.bulkeditor/bulkeditor.menus.openmenu"
1080 
         isEqualityPattern="true">
1081 
   </activityPatternBinding>
1082 
</extension>
1083 
<extension
1084 
      point="org.eclipse.ui.services">
1085 
   <sourceProvider
1086 
         provider="eu.etaxonomy.taxeditor.security.RolesSourceProvider">
1087 
      <variable
1088 
            name="eu.etaxonomy.taxeditor.security.userRoles"
1089 
            priorityLevel="workbench">
1090 
      </variable>
1091 
   </sourceProvider>
1030 1092 
</extension>
1031 1093
1032 1094 
</plugin>
eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/PermissionPropertyTester.java
1 1 
package eu.etaxonomy.taxeditor.security;
2 2 

  		




  3
  
  
    
import java.util.ArrayList;


  		




  4
  3
  
    
import java.util.EnumSet;


  		




  5
  
  
    
import java.util.Iterator;


  		




  6
  4
  
    
import java.util.List;


  		




  7
  5
  
    

  		




  8
  
  
    
import javax.management.relation.Role;


  		




  9
  
  
    

  		




  10
  
  
    
import org.apache.commons.lang.StringUtils;


  		




  11
  6
  
    
import org.eclipse.core.expressions.PropertyTester;


  		




  12
  7
  
    
import org.eclipse.jface.viewers.IStructuredSelection;


  		




  13
  8
  
    

  		




  14
  9
  
    
import eu.etaxonomy.cdm.model.common.CdmBase;


  		




  15
  10
  
    
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;


  		




  
  11
  
    
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;


  		




  16
  12
  
    
import eu.etaxonomy.taxeditor.store.CdmStore;


  		




  17
  13
  
    

  		




  
  14
  
    
/**


  		




  
  15
  
    
 * Checks if the currently authenticated user for {@link CdmAuthority} assignments.


  		




  
  16
  
    
 * 


  		




  
  17
  
    
 * @author andreas


  		




  
  18
  
    
 *


  		




  
  19
  
    
 */


  		




  18
  20
  
    
public class PermissionPropertyTester extends PropertyTester {


  		




  19
  21
  
    
	


  		




  20
  
  
    
	private static final String HAS_ROLES = "hasRoles";


  		




  21
  22
  
    
	private static final String HAS_PERMISSIONS = "hasPermissions";


  		




  22
  23
  
    
	


  		




  23
  24
  
    
	private static final String CREATE = CRUD.CREATE.toString();


  		




  ......




  29
  30
  
    
	public boolean test(Object receiver, String property, Object[] args,


  		




  30
  31
  
    
			Object expectedValue) {


  		




  31
  32
  
    
		


  		




  32
  
  
    
		


  		




  33
  33
  
    
		if(property.equals(HAS_PERMISSIONS)){


  		




  34
  
  
    
			


  		




  35
  34
  
    
			return checkHasPermission(receiver, args);


  		




  36
  35
  
    
		}


  		




  37
  
  
    
		


  		




  38
  
  
    
		if(property.equals(HAS_ROLES)){


  		




  39
  
  
    
			return checkHasRoles(property, args);


  		




  40
  
  
    
		}


  		




  41
  36
  
    
			


  		




  42
  37
  
    
		return false;


  		




  43
  38
  
    
	}


  		




  44
  39
  
    

  		




  45
  
  
    
	private boolean checkHasRoles(String property, Object[] args) {


  		




  46
  
  
    
			List<Role> roles = new ArrayList<Role>();


  		




  47
  
  
    
			for(int i = 0; i < args.length; i++){


  		




  48
  
  
    
				roles.add((Role)args[i]);


  		




  49
  
  
    
			}


  		




  50
  
  
    
//			return CdmStore.currentAuthentiationHasOneOfRoles(roles.get(0)); // FIXME


  		




  51
  
  
    
			return false;


  		




  52
  
  
    
			


  		




  53
  
  
    
	}


  		




  54
  
  
    

  		




  55
  40
  
    
	private boolean checkHasPermission(Object receiver, Object[] args) {


  		




  56
  41
  
    
		EnumSet<CRUD> crudSet = crudSetFromArgs(args);


  		




  57
  42
  
    

  		












  

    
      eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/security/RolesSourceProvider.java
    
  





  
  1
  
    
package eu.etaxonomy.taxeditor.security;


  		




  
  2
  
    

  		




  
  3
  
    
import java.util.ArrayList;


  		




  
  4
  
    
import java.util.Collection;


  		




  
  5
  
    
import java.util.HashMap;


  		




  
  6
  
    
import java.util.List;


  		




  
  7
  
    
import java.util.Map;


  		




  
  8
  
    
import java.util.Observable;


  		




  
  9
  
    
import java.util.Observer;


  		




  
  10
  
    

  		




  
  11
  
    
import org.eclipse.ui.AbstractSourceProvider;


  		




  
  12
  
    
import org.eclipse.ui.ISources;


  		




  
  13
  
    
import org.springframework.security.core.Authentication;


  		




  
  14
  
    
import org.springframework.security.core.GrantedAuthority;


  		




  
  15
  
    

  		




  
  16
  
    
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;


  		




  
  17
  
    
import eu.etaxonomy.taxeditor.store.CdmStore;


  		




  
  18
  
    
import eu.etaxonomy.taxeditor.store.LoginManager;


  		




  
  19
  
    

  		




  
  20
  
    
/**


  		




  
  21
  
    
 * Provides the Roles assigned to the currently authenticated principal as the


  		




  
  22
  
    
 * variable {@code eu.etaxonomy.taxeditor.security.userRoles}


  		




  
  23
  
    
 * 


  		




  
  24
  
    
 * @author a.kohlbecker


  		




  
  25
  
    
 * 


  		




  
  26
  
    
 */


  		




  
  27
  
    
public class RolesSourceProvider extends AbstractSourceProvider implements Observer {


  		




  
  28
  
    

  		




  
  29
  
    
	public final static String RIGHTS_VARIABLE = "eu.etaxonomy.taxeditor.security.userRoles";


  		




  
  30
  
    
	private final static String[] PROVIDED_SOURCE_NAMES = new String[] { RIGHTS_VARIABLE };


  		




  
  31
  
    

  		




  
  32
  
    
	private final static Map<String, List<String>> stateMap = new HashMap<String, List<String>>();


  		




  
  33
  
    

  		




  
  34
  
    
	public RolesSourceProvider() {


  		




  
  35
  
    
		super();


  		




  
  36
  
    
		initialize();


  		




  
  37
  
    
	}


  		




  
  38
  
    

  		




  
  39
  
    
	private void initialize() {


  		




  
  40
  
    
		CdmStore.getLoginManager().addObserver(this);


  		




  
  41
  
    
	}


  		




  
  42
  
    

  		




  
  43
  
    
	@Override


  		




  
  44
  
    
	public void dispose() {


  		




  
  45
  
    
		CdmStore.getLoginManager().deleteObserver(this);


  		




  
  46
  
    
	}


  		




  
  47
  
    

  		




  
  48
  
    
	@Override


  		




  
  49
  
    
	public Map getCurrentState() {


  		




  
  50
  
    

  		




  
  51
  
    
		// SecurityContextHolder.getContext().


  		




  
  52
  
    
		List<Role> roles = getCurrentAuthenticationsRoles();


  		




  
  53
  
    
		List<String> rolesStr = new ArrayList<String>(roles.size());


  		




  
  54
  
    
		for(Role r : roles){


  		




  
  55
  
    
			rolesStr.add(r.getAuthority());


  		




  
  56
  
    
		}


  		




  
  57
  
    

  		




  
  58
  
    
		stateMap.put(RIGHTS_VARIABLE, rolesStr);


  		




  
  59
  
    
		return stateMap;


  		




  
  60
  
    
	}


  		




  
  61
  
    

  		




  
  62
  
    
	/*


  		




  
  63
  
    
	 * TODO refactor into User once Role is a model class


  		




  
  64
  
    
	 */


  		




  
  65
  
    
	private List<Role> getCurrentAuthenticationsRoles() {


  		




  
  66
  
    

  		




  
  67
  
    
		List<Role> roles = new ArrayList<Role>();


  		




  
  68
  
    
		Authentication authentication = CdmStore.getCurrentAuthentiation();


  		




  
  69
  
    
		if (authentication == null) {


  		




  
  70
  
    
			return roles;


  		




  
  71
  
    
		}


  		




  
  72
  
    

  		




  
  73
  
    
		Collection<? extends GrantedAuthority> authorities = authentication


  		




  
  74
  
    
				.getAuthorities();


  		




  
  75
  
    
		if (authorities == null) {


  		




  
  76
  
    
			return roles;


  		




  
  77
  
    
		}


  		




  
  78
  
    

  		




  
  79
  
    
		Role role = null;


  		




  
  80
  
    
		for (GrantedAuthority ga : authorities) {


  		




  
  81
  
    
			try {


  		




  
  82
  
    
				// check if it is a valid role


  		




  
  83
  
    
				role = Role.fromString(ga.getAuthority());


  		




  
  84
  
    
				if (role != null) {


  		




  
  85
  
    
					roles.add(role);


  		




  
  86
  
    
				}


  		




  
  87
  
    
			} catch (Exception e) {


  		




  
  88
  
    
				/* IGNORE */


  		




  
  89
  
    
			}


  		




  
  90
  
    
		}


  		




  
  91
  
    
		return roles;


  		




  
  92
  
    

  		




  
  93
  
    
	}


  		




  
  94
  
    

  		




  
  95
  
    
	public String[] getProvidedSourceNames() {


  		




  
  96
  
    
		return PROVIDED_SOURCE_NAMES;


  		




  
  97
  
    
	}


  		




  
  98
  
    

  		




  
  99
  
    
	@Override


  		




  
  100
  
    
	public void update(Observable o, Object arg) {


  		




  
  101
  
    
		if(o instanceof LoginManager){


  		




  
  102
  
    
			/*


  		




  
  103
  
    
			 * This triggers an update of the variable state, and will update also


  		




  
  104
  
    
			 * all listeners to the evaluation service. So that every menu point,


  		




  
  105
  
    
			 * which is also expression controlled, gets updated too.


  		




  
  106
  
    
			 */


  		




  
  107
  
    
			fireSourceChanged(ISources.WORKBENCH, getCurrentState());


  		




  
  108
  
    
		}


  		




  
  109
  
    
	}


  		




  
  110
  
    

  		




  
  111
  
    
}


  		












  

    
      eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/CdmStore.java
    
  





  21
  21
  
    
import org.springframework.core.io.Resource;


  		




  22
  22
  
    
import org.springframework.security.access.PermissionEvaluator;


  		




  23
  23
  
    
import org.springframework.security.authentication.ProviderManager;


  		




  
  24
  
    
import org.springframework.security.core.Authentication;


  		




  24
  25
  
    
import org.springframework.security.core.context.SecurityContext;


  		




  25
  26
  
    
import org.springframework.security.core.context.SecurityContextHolder;


  		




  26
  27
  
    

  		




  ......




  348
  349
  
    
	 * @return


  		




  349
  350
  
    
	 */


  		




  350
  351
  
    
	public static boolean currentAuthentiationHasPermission(Class<? extends CdmBase> targetType, EnumSet<CRUD> permission){


  		




  351
  
  
    
		SecurityContext context = SecurityContextHolder.getContext();


  		




  352
  
  
    
		return getPermissionEvaluator().hasPermission(context.getAuthentication(), null, targetType.getName(), permission);


  		




  
  352
  
    
		return getPermissionEvaluator().hasPermission(getCurrentAuthentiation(), null, targetType.getName(), permission);


  		




  353
  353
  
    
	}


  		




  354
  354
  
    
	


  		




  355
  355
  
    
	public static boolean currentAuthentiationHasOneOfRoles(Role ... roles){


  		




  
  356
  
    
		return getPermissionEvaluator().hasOneOfRoles(getCurrentAuthentiation(), roles);


  		




  
  357
  
    
	}


  		




  
  358
  
    
	


  		




  
  359
  
    
	public static Authentication getCurrentAuthentiation() {


  		




  356
  360
  
    
		SecurityContext context = SecurityContextHolder.getContext();


  		




  357
  
  
    
		return getPermissionEvaluator().hasOneOfRoles(context.getAuthentication(), roles);


  		




  
  361
  
    
		return context.getAuthentication();


  		




  358
  362
  
    
	}


  		




  359
  363
  
    
	


  		




  360
  364
  
    
	/*


  		












  

    
      eu.etaxonomy.taxeditor.store/src/main/java/eu/etaxonomy/taxeditor/store/LoginManager.java
    
  





  52
  52
  
    
	 * <p>authenticate</p>


  		




  53
  53
  
    
	 *


  		




  54
  54
  
    
	 * @param token a {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken} object.


  		




  
  55
  
    
	 * @return true if the login attempt was successful even if the authentication has changed or not


  		




  55
  56
  
    
	 */


  		




  56
  57
  
    
	public boolean authenticate(String username, String password){


  		




  57
  58
  
    

  		




  ......




  67
  68
  
    
			


  		




  68
  69
  
    
			SecurityContextHolder.clearContext();


  		




  69
  70
  
    
			


  		




  
  71
  
    
			Authentication lastAuthentication = CdmStore.getCurrentAuthentiation();


  		




  
  72
  
    
			


  		




  70
  73
  
    
			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); 			


  		




  71
  74
  
    
			Authentication authentication = CdmStore.getAuthenticationManager().authenticate(token);


  		




  72
  75
  
    
			


  		




  ......




  89
  92
  
    
		


  		




  90
  93
  
    
			SecurityContextHolder.getContext().setAuthentication(authentication);			


  		




  91
  94
  
    

  		




  92
  
  
    
			this.setChanged();


  		




  93
  
  
    
			this.notifyObservers();


  		




  
  95
  
    
			if(!authentication.equals(lastAuthentication)){


  		




  
  96
  
    
				this.setChanged();


  		




  
  97
  
    
				this.notifyObservers();


  		




  
  98
  
    
			}


  		




  94
  99
  
    
			return true;


  		




  95
  100
  
    
		}


  		




  96
  101
  
    
		catch(BadCredentialsException e){


  		












Also available in:  Unified diff