CCM NG: Admin App now uses new API from the org.libreccm.security package for authentication and authorisation

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@3755 8810af33-2d31-482b-a856-94f89814c4df

ccm-core/src/main/java/com/arsdigita/ui/UI.java

@@ -18,7 +18,9 @@
 
 package com.arsdigita.ui;
 
+import com.arsdigita.ui.login.LoginConstants;
 import com.arsdigita.ui.login.LoginServlet;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
@@ -179,7 +181,7 @@ public abstract class UI {
      * @deprecated use Login.getLoginPageURL()() instead
      */
     public static String getLoginPageURL() {
-        return LoginServlet.LOGIN_PAGE_URL;
+        return LoginConstants.LOGIN_PAGE_URL;
     }
 
     /**

ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2015 LibreCCM Foundation.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301  USA
+ */
+package com.arsdigita.ui.admin;
+
+import org.libreccm.web.ApplicationCreator;
+import org.libreccm.web.ApplicationRepository;
+import org.libreccm.web.ApplicationType;
+import org.libreccm.web.CcmApplication;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+
+import static com.arsdigita.ui.admin.AdminConstants.*;
+
+/**
+ *
+ * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
+ */
+@RequestScoped
+public class AdminApplicationCreator
+    implements ApplicationCreator<CcmApplication> {
+    
+    @Inject
+    private ApplicationRepository appRepository;
+    
+    @Override
+    public CcmApplication createInstance(final String primaryUrl,
+                                         final ApplicationType type) {
+        if (!ADMIN_PAGE_URL.equals(primaryUrl)) {
+             throw new IllegalArgumentException(
+                    "CCM Admin is a singleton application"
+                            + "which is mounted at /admin");
+        }
+        
+        return appRepository.retrieveApplicationForPath(primaryUrl);
+    }
+    
+
+}

ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java

@@ -402,4 +402,9 @@ interface AdminConstants {
 
     String SEARCH_QUERY = "query";
 
+    public final static String ADMIN_PAGE_URL = "/admin";
+    
+    public final static String ADMIN_SERVLET = "/admin/*";
+    
+    
 }

ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java

@@ -30,8 +30,10 @@ import com.arsdigita.web.BaseApplicationServlet;
 import com.arsdigita.web.LoginSignal;
 import com.arsdigita.xml.Document;
 
+import org.apache.shiro.subject.Subject;
 import org.libreccm.cdi.utils.CdiLookupException;
 import org.libreccm.cdi.utils.CdiUtil;
+import org.libreccm.security.PermissionChecker;
 import org.libreccm.web.CcmApplication;
 
 import java.io.IOException;
@@ -39,9 +41,12 @@ import java.util.HashMap;
 import java.util.Map;
 
 import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import static com.arsdigita.ui.login.LoginConstants.*;
+
 /**
  * Web Developer Support Application Servlet class, central entry point to
  * create and process the applications UI.
@@ -57,6 +62,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author Jens Pelzetter
  * @author pb
  */
+@WebServlet(urlPatterns = {LOGIN_SERVLET_PATH})
 public class AdminServlet extends BaseApplicationServlet implements
     AdminConstants {
 
@@ -100,42 +106,25 @@ public class AdminServlet extends BaseApplicationServlet implements
                                 final CcmApplication app) throws
         ServletException, IOException {
         // ///////    Some preparational steps                   ///////////////
-        /* Determine access privilege: only logged in users may access DS   */
+        /* Determine access privilege: only logged in users may access   */
         final CdiUtil cdiUtil = new CdiUtil();
-//        final CcmSessionContext sessionContext;
-//        try {
-//            sessionContext = cdiUtil.findBean(
-//                CcmSessionContext.class);
-//        } catch (CdiLookupException ex) {
-//            throw new UncheckedWrapperException(
-//                "Failed to lookup session context", ex);
-//        }
-//        final Subject subject = sessionContext.getCurrentSubject();
-//        if (subject == null) {
-//            throw new LoginSignal(sreq);
-//        }
-//
-//        final PrivilegeRepository privilegeRepository;
-//        try {
-//            privilegeRepository = cdiUtil.findBean(PrivilegeRepository.class);
-//        } catch (CdiLookupException ex) {
-//            throw new UncheckedWrapperException(
-//                "Failed to lookup PrivilegeRepository", ex);
-//        }
-//        final Privilege adminPrivilege = privilegeRepository.retrievePrivilege(
-//            "admin");
-//
-//        final PermissionManager permissionManager;
-//        try {
-//            permissionManager = cdiUtil.findBean(PermissionManager.class);
-//        } catch (CdiLookupException ex) {
-//            throw new UncheckedWrapperException(
-//                "Failed to look up PermissionManager", ex);
-//        }
+        final Subject subject;
+        final PermissionChecker permissionChecker;
+        try {
+            subject = cdiUtil.findBean(Subject.class);
+            permissionChecker = cdiUtil.findBean(PermissionChecker.class);
+        } catch (CdiLookupException ex) {
+            throw new UncheckedWrapperException(ex);
+        }
         
-//        if (!permissionManager.isPermitted(adminPrivilege, null, subject)) {
-//            throw new AccessDeniedException("User is not an administrator");
-//        }
+        if (!subject.isAuthenticated()) {
+            throw new LoginSignal(sreq);
+        }
+        
+        /* Determine access privilege: Admin privileges must be granted     */
+        if (!permissionChecker.isPermitted("admin")) {
+            throw new AccessDeniedException("User is not an administrator");
+        }
 
         /* Want admin to always show the latest stuff...                     */
         DispatcherHelper.cacheDisable(sresp);
@@ -220,7 +209,7 @@ public class AdminServlet extends BaseApplicationServlet implements
          * Create application administration panel
          */
         tabbedPane.addTab(APPLICATIONS_TAB_TITLE,
-                           new ApplicationsAdministrationTab());
+                          new ApplicationsAdministrationTab());
 
 //        browsePane.setTabbedPane(tabbedPane);
 //        browsePane.setGroupAdministrationTab(groupAdminTab);      

ccm-core/src/main/java/org/libreccm/core/CcmCore.java

@@ -18,8 +18,11 @@
  */
 package org.libreccm.core;
 
+import com.arsdigita.ui.admin.AdminApplicationCreator;
+import com.arsdigita.ui.admin.AdminServlet;
 import com.arsdigita.ui.login.LoginApplicationCreator;
 import com.arsdigita.ui.login.LoginServlet;
+
 import org.libreccm.modules.CcmModule;
 import org.libreccm.modules.InitEvent;
 import org.libreccm.modules.InstallEvent;
@@ -27,20 +30,26 @@ import org.libreccm.modules.Module;
 import org.libreccm.modules.ShutdownEvent;
 import org.libreccm.modules.UnInstallEvent;
 import org.libreccm.security.SystemUsersSetup;
-import org.libreccm.security.User;
 
 import javax.persistence.EntityManager;
+
 import org.libreccm.web.ApplicationType;
 
 /**
  *
  * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
  */
-@Module(applicationTypes = {@ApplicationType(name = "Login", 
-                                             description = "Login Application",
-                                             singleton = true,
-                                             creator = LoginApplicationCreator.class,
-                                             servlet = LoginServlet.class)},
+@Module(applicationTypes = {
+    @ApplicationType(name = "Login",
+                     description = "Login Application",
+                     singleton = true,
+                     creator = LoginApplicationCreator.class,
+                     servlet = LoginServlet.class),
+    @ApplicationType(name = "CCM Admin",
+                     description = "Site-wide admin application",
+                     singleton = true,
+                     creator = AdminApplicationCreator.class,
+                     servlet = AdminServlet.class)},
         entities = {org.libreccm.auditing.CcmRevision.class,
                     org.libreccm.categorization.Categorization.class,
                     org.libreccm.categorization.Category.class,
@@ -89,7 +98,8 @@ public class CcmCore implements CcmModule {
     public void install(final InstallEvent event) {
         final EntityManager entityManager = event.getEntityManager();
 
-        final SystemUsersSetup systemUsersSetup = new SystemUsersSetup(entityManager);
+        final SystemUsersSetup systemUsersSetup = new SystemUsersSetup(
+            entityManager);
         systemUsersSetup.setupSystemUsers();
     }