Commit dfca21b0 authored by michael.simon's avatar michael.simon
Browse files

Again change session information

parent a481fa6b
...@@ -42,7 +42,7 @@ public class AccessChecker { ...@@ -42,7 +42,7 @@ public class AccessChecker {
logger.info("Initializing accessChecker"); logger.info("Initializing accessChecker");
root = new AccessNode(); root = new AccessNode();
RoleEntity rootRole = roleService.findByName("User"); RoleEntity rootRole = roleService.findByName("User");
root.addAllowRole(rootRole.getId()); root.addAllowRole(rootRole);
addAccessNode(root, "user", true); addAccessNode(root, "user", true);
addAccessNode(root, "service", true); addAccessNode(root, "service", true);
...@@ -82,7 +82,7 @@ public class AccessChecker { ...@@ -82,7 +82,7 @@ public class AccessChecker {
addAccessNode(imageNode, "icon", true, "User"); addAccessNode(imageNode, "icon", true, "User");
} }
public Boolean check(String path, Set<Long> roles) { public Boolean check(String path, Set<RoleEntity> roles) {
if (path.startsWith("/")) if (path.startsWith("/"))
path = path.substring(1); path = path.substring(1);
...@@ -95,7 +95,7 @@ public class AccessChecker { ...@@ -95,7 +95,7 @@ public class AccessChecker {
return evaluate(root, splitList, roles); return evaluate(root, splitList, roles);
} }
private Boolean evaluate(AccessNode an, List<String> splitList, Set<Long> roles) { private Boolean evaluate(AccessNode an, List<String> splitList, Set<RoleEntity> roles) {
if (splitList.size() == 0) { if (splitList.size() == 0) {
return evaluateNode(an, roles); return evaluateNode(an, roles);
} }
...@@ -106,7 +106,7 @@ public class AccessChecker { ...@@ -106,7 +106,7 @@ public class AccessChecker {
if (subAn == null) if (subAn == null)
return evaluateNode(an, roles); return evaluateNode(an, roles);
for (Long role : an.getDenyRoles()) { for (RoleEntity role : an.getDenyRoles()) {
if (roles.contains(role)) if (roles.contains(role))
return false; return false;
} }
...@@ -115,13 +115,13 @@ public class AccessChecker { ...@@ -115,13 +115,13 @@ public class AccessChecker {
} }
} }
private Boolean evaluateNode(AccessNode an, Set<Long> roles) { private Boolean evaluateNode(AccessNode an, Set<RoleEntity> roles) {
for (Long role : an.getDenyRoles()) { for (RoleEntity role : an.getDenyRoles()) {
if (roles.contains(role)) if (roles.contains(role))
return false; return false;
} }
for (Long role : an.getAllowRoles()) { for (RoleEntity role : an.getAllowRoles()) {
if (roles.contains(role)) if (roles.contains(role))
return true; return true;
} }
...@@ -134,7 +134,7 @@ public class AccessChecker { ...@@ -134,7 +134,7 @@ public class AccessChecker {
for (String roleName : roles) { for (String roleName : roles) {
RoleEntity role = roleService.findByName(roleName); RoleEntity role = roleService.findByName(roleName);
if (role != null) if (role != null)
an.addAllowRole(role.getId()); an.addAllowRole(role);
} }
return an; return an;
...@@ -145,7 +145,7 @@ public class AccessChecker { ...@@ -145,7 +145,7 @@ public class AccessChecker {
for (String roleName : roles) { for (String roleName : roles) {
RoleEntity role = roleService.findByName(roleName); RoleEntity role = roleService.findByName(roleName);
if (role != null) if (role != null)
an.addDenyRole(role.getId()); an.addDenyRole(role);
} }
return an; return an;
......
...@@ -15,6 +15,8 @@ import java.util.HashSet; ...@@ -15,6 +15,8 @@ import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import edu.kit.scc.webreg.entity.RoleEntity;
public class AccessNode { public class AccessNode {
private String path; private String path;
...@@ -23,8 +25,8 @@ public class AccessNode { ...@@ -23,8 +25,8 @@ public class AccessNode {
private Map<String, AccessNode> children; private Map<String, AccessNode> children;
private Set<Long> allowRoles; private Set<RoleEntity> allowRoles;
private Set<Long> denyRoles; private Set<RoleEntity> denyRoles;
public AccessNode() { public AccessNode() {
this(null, "", false); this(null, "", false);
...@@ -34,8 +36,8 @@ public class AccessNode { ...@@ -34,8 +36,8 @@ public class AccessNode {
this.parent = parent; this.parent = parent;
this.path = path; this.path = path;
children = new HashMap<String, AccessNode>(); children = new HashMap<String, AccessNode>();
allowRoles = new HashSet<Long>(); allowRoles = new HashSet<RoleEntity>();
denyRoles = new HashSet<Long>(); denyRoles = new HashSet<RoleEntity>();
if (inherit) { if (inherit) {
allowRoles.addAll(parent.getAllowRoles()); allowRoles.addAll(parent.getAllowRoles());
...@@ -50,11 +52,11 @@ public class AccessNode { ...@@ -50,11 +52,11 @@ public class AccessNode {
return children.get(path); return children.get(path);
} }
public void addAllowRole(Long role) { public void addAllowRole(RoleEntity role) {
allowRoles.add(role); allowRoles.add(role);
} }
public void addDenyRole(Long role) { public void addDenyRole(RoleEntity role) {
denyRoles.add(role); denyRoles.add(role);
} }
...@@ -64,11 +66,11 @@ public class AccessNode { ...@@ -64,11 +66,11 @@ public class AccessNode {
children.put(an.getPath(), an); children.put(an.getPath(), an);
} }
public Set<Long> getAllowRoles() { public Set<RoleEntity> getAllowRoles() {
return allowRoles; return allowRoles;
} }
public Set<Long> getDenyRoles() { public Set<RoleEntity> getDenyRoles() {
return denyRoles; return denyRoles;
} }
......
...@@ -168,20 +168,20 @@ public class AuthorizationBean implements Serializable { ...@@ -168,20 +168,20 @@ public class AuthorizationBean implements Serializable {
roles.addAll(rolesForGroupList); roles.addAll(rolesForGroupList);
for (RoleEntity role : roles) { for (RoleEntity role : roles) {
sessionManager.addRole(role.getId()); sessionManager.addRole(role);
if (role instanceof AdminRoleEntity) { if (role instanceof AdminRoleEntity) {
for (ServiceEntity s : serviceService.findByAdminRole(role)) for (ServiceEntity s : serviceService.findByAdminRole(role))
sessionManager.getServiceAdminList().add(s.getId()); sessionManager.getServiceAdminList().add(s);
for (ServiceEntity s : serviceService.findByHotlineRole(role)) for (ServiceEntity s : serviceService.findByHotlineRole(role))
sessionManager.getServiceHotlineList().add(s.getId()); sessionManager.getServiceHotlineList().add(s);
} }
else if (role instanceof ApproverRoleEntity) { else if (role instanceof ApproverRoleEntity) {
for (ServiceEntity s : serviceService.findByApproverRole(role)) for (ServiceEntity s : serviceService.findByApproverRole(role))
sessionManager.getServiceApproverList().add(s.getId()); sessionManager.getServiceApproverList().add(s);
} }
else if (role instanceof GroupAdminRoleEntity) { else if (role instanceof GroupAdminRoleEntity) {
for (ServiceEntity s : serviceService.findByGroupAdminRole(role)) for (ServiceEntity s : serviceService.findByGroupAdminRole(role))
sessionManager.getServiceGroupAdminList().add(s.getId()); sessionManager.getServiceGroupAdminList().add(s);
} }
} }
end = System.currentTimeMillis(); end = System.currentTimeMillis();
...@@ -195,19 +195,19 @@ public class AuthorizationBean implements Serializable { ...@@ -195,19 +195,19 @@ public class AuthorizationBean implements Serializable {
if (roleName.startsWith("ROLE_")) if (roleName.startsWith("ROLE_"))
roleName = roleName.substring(5); roleName = roleName.substring(5);
Long roleId = roleCache.getIdFromRolename(roleName); RoleEntity role = roleCache.getIdFromRolename(roleName);
if (roleId == null) if (role == null)
return false; return false;
return sessionManager.isUserInRole(roleId); return sessionManager.isUserInRole(role);
} }
public boolean isUserInRole(RoleEntity role) { public boolean isUserInRole(RoleEntity role) {
if (role == null) if (role == null)
return false; return false;
return sessionManager.isUserInRole(role.getId()); return sessionManager.isUserInRole(role);
} }
public boolean isUserInRoles(Set<RoleEntity> roles) { public boolean isUserInRoles(Set<RoleEntity> roles) {
...@@ -258,19 +258,19 @@ public class AuthorizationBean implements Serializable { ...@@ -258,19 +258,19 @@ public class AuthorizationBean implements Serializable {
return userRegistryList; return userRegistryList;
} }
public List<Long> getServiceApproverList() { public List<ServiceEntity> getServiceApproverList() {
return sessionManager.getServiceApproverList(); return sessionManager.getServiceApproverList();
} }
public List<Long> getServiceAdminList() { public List<ServiceEntity> getServiceAdminList() {
return sessionManager.getServiceAdminList(); return sessionManager.getServiceAdminList();
} }
public List<Long> getServiceHotlineList() { public List<ServiceEntity> getServiceHotlineList() {
return sessionManager.getServiceHotlineList(); return sessionManager.getServiceHotlineList();
} }
public List<Long> getServiceGroupAdminList() { public List<ServiceEntity> getServiceGroupAdminList() {
return sessionManager.getServiceGroupAdminList(); return sessionManager.getServiceGroupAdminList();
} }
......
...@@ -113,8 +113,6 @@ public class Saml2PostHandlerServlet { ...@@ -113,8 +113,6 @@ public class Saml2PostHandlerServlet {
session.setPersistentId(persistentId); session.setPersistentId(persistentId);
session.setAttributeMap(attributeMap); session.setAttributeMap(attributeMap);
// Role -1 is for new users
session.addRole(-1L);
response.sendRedirect("/register/register.xhtml"); response.sendRedirect("/register/register.xhtml");
return; return;
} }
......
...@@ -105,12 +105,12 @@ public class SecurityFilter implements Filter { ...@@ -105,12 +105,12 @@ public class SecurityFilter implements Filter {
&& (httpSession == null || (! session.isLoggedIn()))) { && (httpSession == null || (! session.isLoggedIn()))) {
processRestLogin(path, request, response, chain); processRestLogin(path, request, response, chain);
} }
else if (path.startsWith("/register/") && session != null && session.isUserInRole(-1L)) { else if (path.startsWith("/register/") && session != null && session.getUserId() == null) {
chain.doFilter(servletRequest, servletResponse); chain.doFilter(servletRequest, servletResponse);
} }
else if (session != null && session.isLoggedIn()) { else if (session != null && session.isLoggedIn()) {
Set<Long> roles = convertRoles(roleService.findByUserId(session.getUserId())); Set<RoleEntity> roles = new HashSet<RoleEntity>(roleService.findByUserId(session.getUserId()));
session.addRoles(roles); session.addRoles(roles);
if (accessChecker.check(path, roles)) { if (accessChecker.check(path, roles)) {
...@@ -142,14 +142,6 @@ public class SecurityFilter implements Filter { ...@@ -142,14 +142,6 @@ public class SecurityFilter implements Filter {
} }
} }
private Set<Long> convertRoles(List<RoleEntity> roleList) {
Set<Long> roles = new HashSet<Long>();
for (RoleEntity role : roleList)
roles.add(role.getId());
return roles;
}
private void processAdminLogin(String path, HttpServletRequest request, private void processAdminLogin(String path, HttpServletRequest request,
HttpServletResponse response, FilterChain chain) HttpServletResponse response, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
...@@ -182,7 +174,7 @@ public class SecurityFilter implements Filter { ...@@ -182,7 +174,7 @@ public class SecurityFilter implements Filter {
if (adminUser != null && passwordsMatch(adminUser.getPassword(), credentials[1])) { if (adminUser != null && passwordsMatch(adminUser.getPassword(), credentials[1])) {
List<RoleEntity> roleList = adminUserService.findRolesForUserById(adminUser.getId()); List<RoleEntity> roleList = adminUserService.findRolesForUserById(adminUser.getId());
Set<Long> roles = convertRoles(roleList); Set<RoleEntity> roles = new HashSet<RoleEntity>(roleList);
if (setRoles && session != null) if (setRoles && session != null)
session.addRoles(roles); session.addRoles(roles);
......
...@@ -22,6 +22,8 @@ import javax.enterprise.context.SessionScoped; ...@@ -22,6 +22,8 @@ import javax.enterprise.context.SessionScoped;
import javax.inject.Named; import javax.inject.Named;
import edu.kit.scc.webreg.entity.GroupEntity; import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
import edu.kit.scc.webreg.entity.ServiceEntity;
@Named("sessionManager") @Named("sessionManager")
@SessionScoped @SessionScoped
...@@ -42,13 +44,13 @@ public class SessionManager implements Serializable { ...@@ -42,13 +44,13 @@ public class SessionManager implements Serializable {
private String originalRequestPath; private String originalRequestPath;
private String originalIdpEntityId; private String originalIdpEntityId;
private Set<Long> roles; private Set<RoleEntity> roles;
private Long roleSetCreated; private Long roleSetCreated;
private List<Long> serviceApproverList; private List<ServiceEntity> serviceApproverList;
private List<Long> serviceAdminList; private List<ServiceEntity> serviceAdminList;
private List<Long> serviceHotlineList; private List<ServiceEntity> serviceHotlineList;
private List<Long> serviceGroupAdminList; private List<ServiceEntity> serviceGroupAdminList;
private Set<GroupEntity> groups; private Set<GroupEntity> groups;
private Set<String> groupNames; private Set<String> groupNames;
...@@ -60,12 +62,13 @@ public class SessionManager implements Serializable { ...@@ -60,12 +62,13 @@ public class SessionManager implements Serializable {
@PostConstruct @PostConstruct
public void init() { public void init() {
serviceApproverList = new ArrayList<Long>(); serviceApproverList = new ArrayList<ServiceEntity>();
serviceAdminList = new ArrayList<Long>(); serviceAdminList = new ArrayList<ServiceEntity>();
serviceHotlineList = new ArrayList<Long>(); serviceHotlineList = new ArrayList<ServiceEntity>();
serviceGroupAdminList = new ArrayList<Long>(); serviceGroupAdminList = new ArrayList<ServiceEntity>();
groups = new HashSet<GroupEntity>(); groups = new HashSet<GroupEntity>();
groupNames = new HashSet<String>(); groupNames = new HashSet<String>();
roles = new HashSet<RoleEntity>();
} }
public void clearRoleList() { public void clearRoleList() {
...@@ -91,17 +94,15 @@ public class SessionManager implements Serializable { ...@@ -91,17 +94,15 @@ public class SessionManager implements Serializable {
} }
public void addRole(Long role) { public void addRole(RoleEntity role) {
if (roles == null) roles = new HashSet<Long>();
roles.add(role); roles.add(role);
} }
public void addRoles(Set<Long> rolesToAdd) { public void addRoles(Set<RoleEntity> rolesToAdd) {
if (roles == null) roles = new HashSet<Long>();
roles.addAll(rolesToAdd); roles.addAll(rolesToAdd);
} }
public boolean isUserInRole(Long role) { public boolean isUserInRole(RoleEntity role) {
return roles.contains(role); return roles.contains(role);
} }
...@@ -183,38 +184,6 @@ public class SessionManager implements Serializable { ...@@ -183,38 +184,6 @@ public class SessionManager implements Serializable {
this.roleSetCreated = roleSetCreated; this.roleSetCreated = roleSetCreated;
} }
public List<Long> getServiceApproverList() {
return serviceApproverList;
}
public void setServiceApproverList(List<Long> serviceApproverList) {
this.serviceApproverList = serviceApproverList;
}
public List<Long> getServiceAdminList() {
return serviceAdminList;
}
public void setServiceAdminList(List<Long> serviceAdminList) {
this.serviceAdminList = serviceAdminList;
}
public List<Long> getServiceHotlineList() {
return serviceHotlineList;
}
public void setServiceHotlineList(List<Long> serviceHotlineList) {
this.serviceHotlineList = serviceHotlineList;
}
public List<Long> getServiceGroupAdminList() {
return serviceGroupAdminList;
}
public void setServiceGroupAdminList(List<Long> serviceGroupAdminList) {
this.serviceGroupAdminList = serviceGroupAdminList;
}
public Set<GroupEntity> getGroups() { public Set<GroupEntity> getGroups() {
return groups; return groups;
} }
...@@ -230,4 +199,20 @@ public class SessionManager implements Serializable { ...@@ -230,4 +199,20 @@ public class SessionManager implements Serializable {
public Set<String> getGroupNames() { public Set<String> getGroupNames() {
return groupNames; return groupNames;
} }
public List<ServiceEntity> getServiceApproverList() {
return serviceApproverList;
}
public List<ServiceEntity> getServiceAdminList() {
return serviceAdminList;
}
public List<ServiceEntity> getServiceHotlineList() {
return serviceHotlineList;
}
public List<ServiceEntity> getServiceGroupAdminList() {
return serviceGroupAdminList;
}
} }
...@@ -27,7 +27,7 @@ public class RoleCache { ...@@ -27,7 +27,7 @@ public class RoleCache {
@Inject @Inject
private RoleService roleService; private RoleService roleService;
private LoadingCache<String, Long> cache; private LoadingCache<String, RoleEntity> cache;
@PostConstruct @PostConstruct
public void init() { public void init() {
...@@ -41,7 +41,7 @@ public class RoleCache { ...@@ -41,7 +41,7 @@ public class RoleCache {
.build(cacheLoader); .build(cacheLoader);
} }
public Long getIdFromRolename(String roleName) { public RoleEntity getIdFromRolename(String roleName) {
try { try {
return cache.get(roleName); return cache.get(roleName);
} catch (ExecutionException e) { } catch (ExecutionException e) {
...@@ -50,17 +50,17 @@ public class RoleCache { ...@@ -50,17 +50,17 @@ public class RoleCache {
} }
} }
private CacheLoader<String, Long> cacheLoader = new CacheLoader<String, Long>() { private CacheLoader<String, RoleEntity> cacheLoader = new CacheLoader<String, RoleEntity>() {
public Long load(String key) { public RoleEntity load(String key) {
RoleEntity role = roleService.findByName(key); RoleEntity role = roleService.findByName(key);
if (role != null) if (role != null)
return role.getId(); return role;
return null; return null;
} }
}; };
private RemovalListener<String, Long> removalListener = new RemovalListener<String, Long>() { private RemovalListener<String, RoleEntity> removalListener = new RemovalListener<String, RoleEntity>() {
public void onRemoval(RemovalNotification<String, Long> removal) { public void onRemoval(RemovalNotification<String, RoleEntity> removal) {