Skip to content

GitLab

Commit dfca21b0 authored by michael.simon's avatar michael.simon
Browse files

Again change session information

parent a481fa6b
Hide whitespace changes
Inline Side-by-side
bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/AccessChecker.java
View file @ dfca21b0
......@@ -42,7 +42,7 @@ public class AccessChecker {
logger.info("Initializing accessChecker");
root = new AccessNode();
RoleEntity rootRole = roleService.findByName("User");
root.addAllowRole(rootRole.getId());
root.addAllowRole(rootRole);
addAccessNode(root, "user", true);
addAccessNode(root, "service", true);
......@@ -82,7 +82,7 @@ public class AccessChecker {
addAccessNode(imageNode, "icon", true, "User");
}
public Boolean check(String path, Set<Long> roles) {
public Boolean check(String path, Set<RoleEntity> roles) {
if (path.startsWith("/"))
path = path.substring(1);
......@@ -95,7 +95,7 @@ public class AccessChecker {
return evaluate(root, splitList, roles);
}
private Boolean evaluate(AccessNode an, List<String> splitList, Set<Long> roles) {
private Boolean evaluate(AccessNode an, List<String> splitList, Set<RoleEntity> roles) {
if (splitList.size() == 0) {
return evaluateNode(an, roles);
}
......@@ -106,7 +106,7 @@ public class AccessChecker {
if (subAn == null)
return evaluateNode(an, roles);
for (Long role : an.getDenyRoles()) {
for (RoleEntity role : an.getDenyRoles()) {
if (roles.contains(role))
return false;
}
......@@ -115,13 +115,13 @@ public class AccessChecker {
}
}
private Boolean evaluateNode(AccessNode an, Set<Long> roles) {
for (Long role : an.getDenyRoles()) {
private Boolean evaluateNode(AccessNode an, Set<RoleEntity> roles) {
for (RoleEntity role : an.getDenyRoles()) {
if (roles.contains(role))
return false;
}
for (Long role : an.getAllowRoles()) {
for (RoleEntity role : an.getAllowRoles()) {
if (roles.contains(role))
return true;
}
......@@ -134,7 +134,7 @@ public class AccessChecker {
for (String roleName : roles) {
RoleEntity role = roleService.findByName(roleName);
if (role != null)
an.addAllowRole(role.getId());
an.addAllowRole(role);
}
return an;
......@@ -145,7 +145,7 @@ public class AccessChecker {
for (String roleName : roles) {
RoleEntity role = roleService.findByName(roleName);
if (role != null)
an.addDenyRole(role.getId());
an.addDenyRole(role);
}
return an;
......
bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/AccessNode.java
View file @ dfca21b0
......@@ -15,6 +15,8 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import edu.kit.scc.webreg.entity.RoleEntity;
public class AccessNode {
private String path;
......@@ -23,8 +25,8 @@ public class AccessNode {
private Map<String, AccessNode> children;
private Set<Long> allowRoles;
private Set<Long> denyRoles;
private Set<RoleEntity> allowRoles;
private Set<RoleEntity> denyRoles;
public AccessNode() {
this(null, "", false);
......@@ -34,8 +36,8 @@ public class AccessNode {
this.parent = parent;
this.path = path;
children = new HashMap<String, AccessNode>();
allowRoles = new HashSet<Long>();
denyRoles = new HashSet<Long>();
allowRoles = new HashSet<RoleEntity>();
denyRoles = new HashSet<RoleEntity>();
if (inherit) {
allowRoles.addAll(parent.getAllowRoles());
......@@ -50,11 +52,11 @@ public class AccessNode {
return children.get(path);
}
public void addAllowRole(Long role) {
public void addAllowRole(RoleEntity role) {
allowRoles.add(role);
}
public void addDenyRole(Long role) {
public void addDenyRole(RoleEntity role) {
denyRoles.add(role);
}
......@@ -64,11 +66,11 @@ public class AccessNode {
children.put(an.getPath(), an);
}
public Set<Long> getAllowRoles() {
public Set<RoleEntity> getAllowRoles() {
return allowRoles;
}
public Set<Long> getDenyRoles() {
public Set<RoleEntity> getDenyRoles() {
return denyRoles;
}
......
bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/AuthorizationBean.java
View file @ dfca21b0
......@@ -168,20 +168,20 @@ public class AuthorizationBean implements Serializable {
roles.addAll(rolesForGroupList);
for (RoleEntity role : roles) {
sessionManager.addRole(role.getId());
sessionManager.addRole(role);
if (role instanceof AdminRoleEntity) {
for (ServiceEntity s : serviceService.findByAdminRole(role))
sessionManager.getServiceAdminList().add(s.getId());
sessionManager.getServiceAdminList().add(s);
for (ServiceEntity s : serviceService.findByHotlineRole(role))
sessionManager.getServiceHotlineList().add(s.getId());
sessionManager.getServiceHotlineList().add(s);
}
else if (role instanceof ApproverRoleEntity) {
for (ServiceEntity s : serviceService.findByApproverRole(role))
sessionManager.getServiceApproverList().add(s.getId());
sessionManager.getServiceApproverList().add(s);
}
else if (role instanceof GroupAdminRoleEntity) {
for (ServiceEntity s : serviceService.findByGroupAdminRole(role))
sessionManager.getServiceGroupAdminList().add(s.getId());
sessionManager.getServiceGroupAdminList().add(s);
}
}
end = System.currentTimeMillis();
......@@ -195,19 +195,19 @@ public class AuthorizationBean implements Serializable {
if (roleName.startsWith("ROLE_"))
roleName = roleName.substring(5);
Long roleId = roleCache.getIdFromRolename(roleName);
RoleEntity role = roleCache.getIdFromRolename(roleName);
if (roleId == null)
if (role == null)
return false;
return sessionManager.isUserInRole(roleId);
return sessionManager.isUserInRole(role);
}
public boolean isUserInRole(RoleEntity role) {
if (role == null)
return false;
return sessionManager.isUserInRole(role.getId());
return sessionManager.isUserInRole(role);
}
public boolean isUserInRoles(Set<RoleEntity> roles) {
......@@ -258,19 +258,19 @@ public class AuthorizationBean implements Serializable {
return userRegistryList;
}
public List<Long> getServiceApproverList() {
public List<ServiceEntity> getServiceApproverList() {
return sessionManager.getServiceApproverList();
}
public List<Long> getServiceAdminList() {
public List<ServiceEntity> getServiceAdminList() {
return sessionManager.getServiceAdminList();
}
public List<Long> getServiceHotlineList() {
public List<ServiceEntity> getServiceHotlineList() {
return sessionManager.getServiceHotlineList();
}
public List<Long> getServiceGroupAdminList() {
public List<ServiceEntity> getServiceGroupAdminList() {
return sessionManager.getServiceGroupAdminList();
}
......
bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/Saml2PostHandlerServlet.java
View file @ dfca21b0
......@@ -113,8 +113,6 @@ public class Saml2PostHandlerServlet {
session.setPersistentId(persistentId);
session.setAttributeMap(attributeMap);
// Role -1 is for new users
session.addRole(-1L);
response.sendRedirect("/register/register.xhtml");
return;
}
......
bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/SecurityFilter.java
View file @ dfca21b0
......@@ -105,12 +105,12 @@ public class SecurityFilter implements Filter {
&& (httpSession == null || (! session.isLoggedIn()))) {
processRestLogin(path, request, response, chain);
}
else if (path.startsWith("/register/") && session != null && session.isUserInRole(-1L)) {
else if (path.startsWith("/register/") && session != null && session.getUserId() == null) {
chain.doFilter(servletRequest, servletResponse);
}
else if (session != null && session.isLoggedIn()) {
Set<Long> roles = convertRoles(roleService.findByUserId(session.getUserId()));
Set<RoleEntity> roles = new HashSet<RoleEntity>(roleService.findByUserId(session.getUserId()));
session.addRoles(roles);
if (accessChecker.check(path, roles)) {
......@@ -142,14 +142,6 @@ public class SecurityFilter implements Filter {
}
}
private Set<Long> convertRoles(List<RoleEntity> roleList) {
Set<Long> roles = new HashSet<Long>();
for (RoleEntity role : roleList)
roles.add(role.getId());
return roles;
}
private void processAdminLogin(String path, HttpServletRequest request,
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
......@@ -182,7 +174,7 @@ public class SecurityFilter implements Filter {
if (adminUser != null && passwordsMatch(adminUser.getPassword(), credentials[1])) {
List<RoleEntity> roleList = adminUserService.findRolesForUserById(adminUser.getId());
Set<Long> roles = convertRoles(roleList);
Set<RoleEntity> roles = new HashSet<RoleEntity>(roleList);
if (setRoles && session != null)
session.addRoles(roles);
......
bwreg-webapp/src/main/java/edu/kit/scc/webreg/session/SessionManager.java
View file @ dfca21b0
......@@ -22,6 +22,8 @@ import javax.enterprise.context.SessionScoped;
import javax.inject.Named;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
import edu.kit.scc.webreg.entity.ServiceEntity;
@Named("sessionManager")
@SessionScoped
......@@ -42,13 +44,13 @@ public class SessionManager implements Serializable {
private String originalRequestPath;
private String originalIdpEntityId;
private Set<Long> roles;
private Set<RoleEntity> roles;
private Long roleSetCreated;
private List<Long> serviceApproverList;
private List<Long> serviceAdminList;
private List<Long> serviceHotlineList;
private List<Long> serviceGroupAdminList;
private List<ServiceEntity> serviceApproverList;
private List<ServiceEntity> serviceAdminList;
private List<ServiceEntity> serviceHotlineList;
private List<ServiceEntity> serviceGroupAdminList;
private Set<GroupEntity> groups;
private Set<String> groupNames;
......@@ -60,12 +62,13 @@ public class SessionManager implements Serializable {
@PostConstruct
public void init() {
serviceApproverList = new ArrayList<Long>();
serviceAdminList = new ArrayList<Long>();
serviceHotlineList = new ArrayList<Long>();
serviceGroupAdminList = new ArrayList<Long>();
serviceApproverList = new ArrayList<ServiceEntity>();
serviceAdminList = new ArrayList<ServiceEntity>();
serviceHotlineList = new ArrayList<ServiceEntity>();
serviceGroupAdminList = new ArrayList<ServiceEntity>();
groups = new HashSet<GroupEntity>();
groupNames = new HashSet<String>();
roles = new HashSet<RoleEntity>();
}
public void clearRoleList() {
......@@ -91,17 +94,15 @@ public class SessionManager implements Serializable {
}
public void addRole(Long role) {
if (roles == null) roles = new HashSet<Long>();
public void addRole(RoleEntity role) {
roles.add(role);
}
public void addRoles(Set<Long> rolesToAdd) {
if (roles == null) roles = new HashSet<Long>();
public void addRoles(Set<RoleEntity> rolesToAdd) {
roles.addAll(rolesToAdd);
}
public boolean isUserInRole(Long role) {
public boolean isUserInRole(RoleEntity role) {
return roles.contains(role);
}
......@@ -183,38 +184,6 @@ public class SessionManager implements Serializable {
this.roleSetCreated = roleSetCreated;
}
public List<Long> getServiceApproverList() {
return serviceApproverList;
}
public void setServiceApproverList(List<Long> serviceApproverList) {
this.serviceApproverList = serviceApproverList;
}
public List<Long> getServiceAdminList() {
return serviceAdminList;
}
public void setServiceAdminList(List<Long> serviceAdminList) {
this.serviceAdminList = serviceAdminList;
}
public List<Long> getServiceHotlineList() {
return serviceHotlineList;
}
public void setServiceHotlineList(List<Long> serviceHotlineList) {
this.serviceHotlineList = serviceHotlineList;
}
public List<Long> getServiceGroupAdminList() {
return serviceGroupAdminList;
}
public void setServiceGroupAdminList(List<Long> serviceGroupAdminList) {
this.serviceGroupAdminList = serviceGroupAdminList;
}
public Set<GroupEntity> getGroups() {
return groups;
}
......@@ -230,4 +199,20 @@ public class SessionManager implements Serializable {
public Set<String> getGroupNames() {
return groupNames;
}
public List<ServiceEntity> getServiceApproverList() {
return serviceApproverList;
}
public List<ServiceEntity> getServiceAdminList() {
return serviceAdminList;
}
public List<ServiceEntity> getServiceHotlineList() {
return serviceHotlineList;
}
public List<ServiceEntity> getServiceGroupAdminList() {
return serviceGroupAdminList;
}
}
bwreg-webapp/src/main/java/edu/kit/scc/webreg/util/RoleCache.java
View file @ dfca21b0
......@@ -27,7 +27,7 @@ public class RoleCache {
@Inject
private RoleService roleService;
private LoadingCache<String, Long> cache;
private LoadingCache<String, RoleEntity> cache;
@PostConstruct
public void init() {
......@@ -41,7 +41,7 @@ public class RoleCache {
.build(cacheLoader);
}
public Long getIdFromRolename(String roleName) {
public RoleEntity getIdFromRolename(String roleName) {
try {
return cache.get(roleName);
} catch (ExecutionException e) {
......@@ -50,17 +50,17 @@ public class RoleCache {
}
}
private CacheLoader<String, Long> cacheLoader = new CacheLoader<String, Long>() {
public Long load(String key) {
private CacheLoader<String, RoleEntity> cacheLoader = new CacheLoader<String, RoleEntity>() {
public RoleEntity load(String key) {
RoleEntity role = roleService.findByName(key);
if (role != null)
return role.getId();
return role;
return null;
}
};
private RemovalListener<String, Long> removalListener = new RemovalListener<String, Long>() {
public void onRemoval(RemovalNotification<String, Long> removal) {
private RemovalListener<String, RoleEntity> removalListener = new RemovalListener<String, RoleEntity>() {
public void onRemoval(RemovalNotification<String, RoleEntity> removal) {
if (logger.isTraceEnabled())
logger.trace("Removing entry {} -> {} from roleCache ({})",
removal.getKey(), removal.getValue(), removal.getCause());
......
bwreg-webapp/src/main/webapp/template/left-side-bar-kit.xhtml
View file @ dfca21b0
......@@ -82,30 +82,30 @@
</div>
</ui:repeat>
<ui:repeat var="serviceId" value="#{authorizationBean.serviceAdminList}">
<ui:repeat var="service" value="#{authorizationBean.serviceAdminList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} Admin</div>
<div class="submenu-title">#{service.name} Admin</div>
<div class="submenu-content">
<div>
<ul>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/index.xhtml" value="#{messages.service_props}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/list-service-users.xhtml" value="#{messages.service_users}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/list-service-users-for-depro.xhtml" value="#{messages.service_users_depro}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
<li><span class="ui-icon ui-icon-signal" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/service-stats.xhtml" value="#{messages.statistics}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
</ul>
......@@ -114,15 +114,15 @@
</div>
</ui:repeat>
<ui:repeat var="serviceId" value="#{authorizationBean.serviceHotlineList}">
<ui:repeat var="service" value="#{authorizationBean.serviceHotlineList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} Hotline</div>
<div class="submenu-title">#{service.name} Hotline</div>
<div class="submenu-content">
<div>
<ul>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/list-service-users.xhtml" value="#{messages.service_users}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
</ul>
......@@ -131,15 +131,15 @@
</div>
</ui:repeat>
<ui:repeat var="serviceId" value="#{authorizationBean.serviceApproverList}">
<ui:repeat var="service" value="#{authorizationBean.serviceApproverList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} Approver</div>
<div class="submenu-title">#{service.name} Approver</div>
<div class="submenu-content">
<div>
<ul>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-approver/index.xhtml" value="#{messages.new_approvals}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
</ul>
......@@ -148,15 +148,15 @@
</div>
</ui:repeat>
<ui:repeat var="serviceId" value="#{authorizationBean.serviceGroupAdminList}">
<ui:repeat var="service" value="#{authorizationBean.serviceGroupAdminList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} GroupAdmin</div>
<div class="submenu-title">#{service.name} GroupAdmin</div>
<div class="submenu-content">
<div>
<ul>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-group-admin/index.xhtml" value="#{messages.groups}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
</ul>
......
bwreg-webapp/src/main/webapp/template/left-side-bar.xhtml
View file @ dfca21b0
......@@ -82,30 +82,30 @@
</div>
</ui:repeat>
<ui:repeat var="serviceId" value="#{authorizationBean.serviceAdminList}">
<ui:repeat var="service" value="#{authorizationBean.serviceAdminList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} Admin</div>
<div class="submenu-title">#{service.name} Admin</div>
<div class="submenu-content">
<div>
<ul>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/index.xhtml" value="#{messages.service_props}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/list-service-users.xhtml" value="#{messages.service_users}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/list-service-users-for-depro.xhtml" value="#{messages.service_users_depro}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
<li><span class="ui-icon ui-icon-signal" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/service-stats.xhtml" value="#{messages.statistics}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
</ul>
......@@ -114,15 +114,15 @@
</div>
</ui:repeat>
<ui:repeat var="serviceId" value="#{authorizationBean.serviceHotlineList}">
<ui:repeat var="service" value="#{authorizationBean.serviceHotlineList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} Hotline</div>
<div class="submenu-title">#{service.name} Hotline</div>
<div class="submenu-content">
<div>
<ul>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-admin/list-service-users.xhtml" value="#{messages.service_users}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
</ul>
......@@ -133,13 +133,13 @@
<ui:repeat var="serviceId" value="#{authorizationBean.serviceApproverList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} Approver</div>
<div class="submenu-title">#{service.name} Approver</div>
<div class="submenu-content">
<div>
<ul>
<li><span class="ui-icon ui-icon-carat-1-e" style="display:inline-block; vertical-align: bottom;" />
<h:link outcome="/service-approver/index.xhtml" value="#{messages.new_approvals}">
<f:param name="serviceId" value="#{serviceId}" />
<f:param name="serviceId" value="#{service.id}" />
</h:link>
</li>
</ul>
......@@ -150,13 +150,13 @@
<ui:repeat var="serviceId" value="#{authorizationBean.serviceGroupAdminList}">
<div class="submenu">
<div class="submenu-title">#{serviceCache.getServiceFromId(serviceId).name} GroupAdmin</div>
<div class="submenu-title">#{service.name} GroupAdmin</div>