Commit 60db0d9f authored by michael.simon's avatar michael.simon
Browse files

Merge remote-tracking branch 'origin/branch-2.5' into bwcloud

parents f192e489 9d103177
......@@ -22,26 +22,26 @@
<parent>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
</parent>
<dependencies>
<dependency>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg-jpa</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
<type>ejb</type>
</dependency>
<dependency>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg-service</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
<type>ejb</type>
</dependency>
<dependency>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg-webapp</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
<type>war</type>
</dependency>
......
......@@ -17,7 +17,7 @@
<parent>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
</parent>
<dependencyManagement>
......
......@@ -17,7 +17,7 @@
<parent>
<artifactId>bwreg</artifactId>
<groupId>edu.kit.scc</groupId>
<version>2.5.2</version>
<version>2.5.3</version>
</parent>
<properties>
......@@ -30,7 +30,7 @@
<dependency>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg-jpa</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
<type>ejb</type>
<scope>provided</scope>
</dependency>
......
......@@ -145,7 +145,7 @@ public abstract class AbstractLdapRegisterWorkflow
String homeUid = user.getAttributeStore().get("urn:oid:0.9.2342.19200300.100.1.1");
homeId = homeId.toLowerCase();
if (prop.hasProp("tpl_home_uid")) {
homeId = evalTemplate(prop.readPropOrNull("tpl_home_uid"), user, reconMap, homeId, homeUid);
homeUid = evalTemplate(prop.readPropOrNull("tpl_home_uid"), user, reconMap, homeId, homeUid);
}
if (prop.hasProp("tpl_cn")) {
......
......@@ -15,7 +15,7 @@
<parent>
<artifactId>bwreg</artifactId>
<groupId>edu.kit.scc</groupId>
<version>2.5.2</version>
<version>2.5.3</version>
</parent>
<packaging>war</packaging>
......@@ -29,14 +29,14 @@
<dependency>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg-jpa</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
<type>ejb</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg-service</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
<type>ejb</type>
<scope>provided</scope>
</dependency>
......
......@@ -47,7 +47,6 @@ public class AuthorizationBean implements Serializable {
private List<ServiceEntity> unregisteredServiceList;
private List<RegistryEntity> userRegistryList;
private List<RegistryEntity> pendingRegistryList;
private List<ServiceEntity> serviceApproverList;
private List<ServiceEntity> serviceAdminList;
private List<ServiceEntity> serviceHotlineList;
......
......@@ -30,6 +30,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
......@@ -82,6 +83,11 @@ public class SecurityFilter implements Filter {
String path = request.getRequestURI().substring(
context.length());
HttpSession httpSession = request.getSession(false);
if (logger.isTraceEnabled())
logger.trace("Prechain Session is: {}", httpSession);
if (path.startsWith("/resources/") ||
path.startsWith("/javax.faces.resource/") ||
path.startsWith("/welcome/") ||
......@@ -91,13 +97,17 @@ public class SecurityFilter implements Filter {
) {
chain.doFilter(servletRequest, servletResponse);
}
else if (path.startsWith("/admin")
&& (httpSession == null || (! session.isLoggedIn()))) {
processAdminLogin(path, request, response, chain);
}
else if (path.startsWith("/rest")
&& (httpSession == null || (! session.isLoggedIn()))) {
processRestLogin(path, request, response, chain);
}
else if (path.startsWith("/register/") && session != null && session.isUserInRole("ROLE_New")) {
chain.doFilter(servletRequest, servletResponse);
}
else if ((path.startsWith("/admin") || path.startsWith("/rest"))
&& (session == null || (! session.isLoggedIn()))) {
processAdminLogin(path, request, response, chain);
}
else if (session != null && session.isLoggedIn()) {
Set<String> roles = convertRoles(roleService.findByUserId(session.getUserId()));
......@@ -118,6 +128,10 @@ public class SecurityFilter implements Filter {
request.getServletContext().getRequestDispatcher("/welcome/").forward(servletRequest, servletResponse);
}
if (logger.isTraceEnabled()) {
httpSession = request.getSession(false);
logger.trace("Postchain Session is: {}", httpSession);
}
}
@Override
......@@ -137,8 +151,22 @@ public class SecurityFilter implements Filter {
}
private void processAdminLogin(String path, HttpServletRequest request,
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
processHttpLogin(path, request, response, chain, true);
}
private void processRestLogin(String path, HttpServletRequest request,
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
processHttpLogin(path, request, response, chain, false);
}
private void processHttpLogin(String path, HttpServletRequest request,
HttpServletResponse response, FilterChain chain, boolean setRoles)
throws IOException, ServletException {
String auth = request.getHeader("Authorization");
if (auth != null) {
......@@ -146,18 +174,19 @@ public class SecurityFilter implements Filter {
if (index > 0) {
String[] credentials = StringUtils.split(
new String(Base64.decodeBase64(auth.substring(index).getBytes())), ":", 2);
if (credentials.length == 2) {
AdminUserEntity adminUser = adminUserService.findByUsername(
credentials[0]);
if (adminUser != null && passwordsMatch(adminUser.getPassword(), credentials[1])) {
List<RoleEntity> roleList = adminUserService.findRolesForUserById(adminUser.getId());
List<RoleEntity> roleList = adminUserService.findRolesForUserById(adminUser.getId());
Set<String> roles = convertRoles(roleList);
session.setRoles(roles);
if (setRoles && session != null)
session.setRoles(roles);
if (accessChecker.check(path, roles)) {
request.setAttribute(ADMIN_USER_ID, adminUser.getId());
chain.doFilter(request, response);
......@@ -174,7 +203,7 @@ public class SecurityFilter implements Filter {
response.setHeader( "WWW-Authenticate", "Basic realm=\"Admin Realm\"" );
response.sendError( HttpServletResponse.SC_UNAUTHORIZED );
}
private boolean passwordsMatch(String password, String comparePassword) {
if (password == null || comparePassword == null)
return false;
......
......@@ -57,6 +57,7 @@ div#wrapper {
margin: 0 auto;
min-height: 100%;
background: url("#{resource['img/bg_wrapper.png']}") 0 0 repeat-y;
left: -12px;
}
div#container {
......@@ -82,9 +83,11 @@ div#container {
}
#header {
background-color: #ffffff;
width: 1015px;
height: 108px;
margin: 0 auto;
padding-top: 8px;
}
div#header-logo {
......@@ -120,6 +123,39 @@ div#header-text {
-webkit-border-radius: 0px 12px 0px 0px;
}
div#header-text a:link,
div#header-text a:active,
div#header-text a:hover,
div#header-text a:visited {
border: 0 none;
text-decoration: none;
color: #000000;
}
div#metanavigation {
color:#B3B3B3;
padding-right:19px;
position:absolute;
z-index:2;
font-size: 10px;
height:2.5455em;
line-height:2.5455em;
text-align:right;
width:980px;
}
div#metanavigation a:link,
div#metanavigation a:active,
div#metanavigation a:visited {
color:#4D4D4D;
text-decoration:none;
text-transform:uppercase;
}
div#metanavigation a:hover {
text-decoration:underline;
}
#sidebar {
float: left;
width: 183px;
......
......@@ -11,14 +11,29 @@
</head>
<body>
<ui:composition>
<div id="header-logo">
<h:graphicImage value="#{resource['img/kit_logo_V2_de.png']}" alt="KIT Logo" />
<div id="metanavigation" class="ui-widget">
<a href="/">Home</a>
&nbsp;|&nbsp;
<a href="https://www.scc.kit.edu/impressum.php">Impressum</a>
&nbsp;|&nbsp;
<a href="https://www.kit.edu">KIT</a>
</div>
<div id="header-image">
<div id="header-right">
<h:graphicImage value="#{resource['img/header-r.jpg']}" alt="SCC Logo" />
<div id="header">
<div id="header-logo">
<a href="https://www.kit.edu">
<h:graphicImage value="#{resource['img/kit_logo_V2_de.png']}" alt="KIT Logo" />
</a>
</div>
<div id="header-image">
<div id="header-right">
<a href="https://www.scc.kit.edu">
<h:graphicImage value="#{resource['img/header-r.jpg']}" alt="SCC Logo" />
</a>
</div>
<div id="header-text" class="ui-widget">
<a href="https://bwidm.scc.kit.edu">Landesdienste am KIT</a>
</div>
</div>
<div id="header-text" class="ui-widget">Landesdienste am KIT</div>
</div>
</ui:composition>
</body>
......
......@@ -23,9 +23,8 @@
</h:head>
<h:body>
<div id="wrapper">
<div id="header">
<ui:insert name="header">Default header</ui:insert>
</div>
<ui:insert name="header">Default header</ui:insert>
<div class="spacer"></div>
......
......@@ -13,7 +13,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>edu.kit.scc</groupId>
<artifactId>bwreg</artifactId>
<version>2.5.2</version>
<version>2.5.3</version>
<packaging>pom</packaging>
<name>bw Services Registration Webapp</name>
......
package edu.kit.scc.webreg.dools.unicluster
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.drools.UnauthorizedUser;
global org.slf4j.Logger logger;
/*
rule "Downtime rule"
when
$user : UserEntity()
not ( $registry : RegistryEntity( ) )
then
logger.info( "syncshare-downtime denied registration to {}", $user.getEppn() );
insert( new UnauthorizedUser($user, "syncshare-downtime") );
end
*/
rule "Email is set"
when
......
......@@ -3,9 +3,37 @@ package edu.kit.scc.webreg.dools.unicluster
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.drools.UnauthorizedUser;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.entity.as.ASUserAttrEntity;
import edu.kit.scc.webreg.entity.as.ASUserAttrValueStringEntity;
import java.util.Date;
global org.slf4j.Logger logger;
rule "AA Attribute test"
when
$user : UserEntity( $userAttrs : userAttrs )
$userAttr : ASUserAttrEntity( attributeSource.name == "UC1-StatsAccess", $values : values ) from $userAttrs
ASUserAttrValueStringEntity( key == "result" && valueString == "1" ) from $values
then
logger.info( "Insert positive result String for user {}", $user.getEppn() );
insert( new String ("umfrage-is-set") );
end
rule "AA String test"
when
not ( String( this == "umfrage-is-set" ) )
$date : Date()
$registry : RegistryEntity( ($date.getTime() - agreedTime.getTime()) > 14*24*60*60*1000 )
then
logger.info( "Umfrage is not set or too old" );
insert( new UnauthorizedUser(null, "no-umfrage") );
end
rule "is bwIdm Member"
when
......
......@@ -2,9 +2,36 @@ package edu.kit.scc.webreg.dools.unicluster
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.drools.UnauthorizedUser;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.entity.as.ASUserAttrEntity;
import edu.kit.scc.webreg.entity.as.ASUserAttrValueStringEntity;
import java.util.Date;
global org.slf4j.Logger logger;
rule "AA Attribute test"
when
$user : UserEntity( $userAttrs : userAttrs )
$userAttr : ASUserAttrEntity( attributeSource.name == "UC-StatsAccess", $values : values ) from $userAttrs
ASUserAttrValueStringEntity( key == "result" && valueString == "1" ) from $values
then
logger.info( "Insert positive result String for user {}", $user.getEppn() );
insert( new String ("umfrage-is-set") );
end
rule "AA String test"
when
not ( String( this == "umfrage-is-set" ) )
$date : Date()
$registry : RegistryEntity( ($date.getTime() - agreedTime.getTime()) > 14*24*60*60*1000 )
then
logger.info( "Umfrage is not set or too old" );
insert( new UnauthorizedUser(null, "no-umfrage") );
end
rule "Email is set"
when
......@@ -76,4 +103,4 @@ rule "Home UID is set"
logger.info( "Home UID for user {} is missing", $user.getEppn() );
insert( new UnauthorizedUser($user, "home-uid-missing") );
end
end
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment