diff --git a/ccm-core/src/main/java/com/arsdigita/ui/UI.java b/ccm-core/src/main/java/com/arsdigita/ui/UI.java
index 97dd4bd20..4fbde7a1a 100644
--- a/ccm-core/src/main/java/com/arsdigita/ui/UI.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/UI.java
@@ -18,7 +18,9 @@
package com.arsdigita.ui;
+import com.arsdigita.ui.login.LoginConstants;
import com.arsdigita.ui.login.LoginServlet;
+
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
@@ -179,7 +181,7 @@ public abstract class UI {
* @deprecated use Login.getLoginPageURL()() instead
*/
public static String getLoginPageURL() {
- return LoginServlet.LOGIN_PAGE_URL;
+ return LoginConstants.LOGIN_PAGE_URL;
}
/**
diff --git a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java
new file mode 100644
index 000000000..c002bb270
--- /dev/null
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2015 LibreCCM Foundation.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301 USA
+ */
+package com.arsdigita.ui.admin;
+
+import org.libreccm.web.ApplicationCreator;
+import org.libreccm.web.ApplicationRepository;
+import org.libreccm.web.ApplicationType;
+import org.libreccm.web.CcmApplication;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+
+import static com.arsdigita.ui.admin.AdminConstants.*;
+
+/**
+ *
+ * @author Jens Pelzetter
+ */
+@RequestScoped
+public class AdminApplicationCreator
+ implements ApplicationCreator {
+
+ @Inject
+ private ApplicationRepository appRepository;
+
+ @Override
+ public CcmApplication createInstance(final String primaryUrl,
+ final ApplicationType type) {
+ if (!ADMIN_PAGE_URL.equals(primaryUrl)) {
+ throw new IllegalArgumentException(
+ "CCM Admin is a singleton application"
+ + "which is mounted at /admin");
+ }
+
+ return appRepository.retrieveApplicationForPath(primaryUrl);
+ }
+
+
+}
diff --git a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java
index 638e9bb6a..c0c1f550e 100644
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java
@@ -402,4 +402,9 @@ interface AdminConstants {
String SEARCH_QUERY = "query";
+ public final static String ADMIN_PAGE_URL = "/admin";
+
+ public final static String ADMIN_SERVLET = "/admin/*";
+
+
}
diff --git a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java
index 3cce0f158..0e4f57478 100644
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java
@@ -30,8 +30,10 @@ import com.arsdigita.web.BaseApplicationServlet;
import com.arsdigita.web.LoginSignal;
import com.arsdigita.xml.Document;
+import org.apache.shiro.subject.Subject;
import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil;
+import org.libreccm.security.PermissionChecker;
import org.libreccm.web.CcmApplication;
import java.io.IOException;
@@ -39,9 +41,12 @@ import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import static com.arsdigita.ui.login.LoginConstants.*;
+
/**
* Web Developer Support Application Servlet class, central entry point to
* create and process the applications UI.
@@ -57,6 +62,7 @@ import javax.servlet.http.HttpServletResponse;
* @author Jens Pelzetter
* @author pb
*/
+@WebServlet(urlPatterns = {LOGIN_SERVLET_PATH})
public class AdminServlet extends BaseApplicationServlet implements
AdminConstants {
@@ -100,42 +106,25 @@ public class AdminServlet extends BaseApplicationServlet implements
final CcmApplication app) throws
ServletException, IOException {
// /////// Some preparational steps ///////////////
- /* Determine access privilege: only logged in users may access DS */
+ /* Determine access privilege: only logged in users may access */
final CdiUtil cdiUtil = new CdiUtil();
-// final CcmSessionContext sessionContext;
-// try {
-// sessionContext = cdiUtil.findBean(
-// CcmSessionContext.class);
-// } catch (CdiLookupException ex) {
-// throw new UncheckedWrapperException(
-// "Failed to lookup session context", ex);
-// }
-// final Subject subject = sessionContext.getCurrentSubject();
-// if (subject == null) {
-// throw new LoginSignal(sreq);
-// }
-//
-// final PrivilegeRepository privilegeRepository;
-// try {
-// privilegeRepository = cdiUtil.findBean(PrivilegeRepository.class);
-// } catch (CdiLookupException ex) {
-// throw new UncheckedWrapperException(
-// "Failed to lookup PrivilegeRepository", ex);
-// }
-// final Privilege adminPrivilege = privilegeRepository.retrievePrivilege(
-// "admin");
-//
-// final PermissionManager permissionManager;
-// try {
-// permissionManager = cdiUtil.findBean(PermissionManager.class);
-// } catch (CdiLookupException ex) {
-// throw new UncheckedWrapperException(
-// "Failed to look up PermissionManager", ex);
-// }
+ final Subject subject;
+ final PermissionChecker permissionChecker;
+ try {
+ subject = cdiUtil.findBean(Subject.class);
+ permissionChecker = cdiUtil.findBean(PermissionChecker.class);
+ } catch (CdiLookupException ex) {
+ throw new UncheckedWrapperException(ex);
+ }
-// if (!permissionManager.isPermitted(adminPrivilege, null, subject)) {
-// throw new AccessDeniedException("User is not an administrator");
-// }
+ if (!subject.isAuthenticated()) {
+ throw new LoginSignal(sreq);
+ }
+
+ /* Determine access privilege: Admin privileges must be granted */
+ if (!permissionChecker.isPermitted("admin")) {
+ throw new AccessDeniedException("User is not an administrator");
+ }
/* Want admin to always show the latest stuff... */
DispatcherHelper.cacheDisable(sresp);
@@ -220,7 +209,7 @@ public class AdminServlet extends BaseApplicationServlet implements
* Create application administration panel
*/
tabbedPane.addTab(APPLICATIONS_TAB_TITLE,
- new ApplicationsAdministrationTab());
+ new ApplicationsAdministrationTab());
// browsePane.setTabbedPane(tabbedPane);
// browsePane.setGroupAdministrationTab(groupAdminTab);
diff --git a/ccm-core/src/main/java/org/libreccm/core/CcmCore.java b/ccm-core/src/main/java/org/libreccm/core/CcmCore.java
index 86cd13ad8..cd2ade090 100644
--- a/ccm-core/src/main/java/org/libreccm/core/CcmCore.java
+++ b/ccm-core/src/main/java/org/libreccm/core/CcmCore.java
@@ -18,8 +18,11 @@
*/
package org.libreccm.core;
+import com.arsdigita.ui.admin.AdminApplicationCreator;
+import com.arsdigita.ui.admin.AdminServlet;
import com.arsdigita.ui.login.LoginApplicationCreator;
import com.arsdigita.ui.login.LoginServlet;
+
import org.libreccm.modules.CcmModule;
import org.libreccm.modules.InitEvent;
import org.libreccm.modules.InstallEvent;
@@ -27,20 +30,26 @@ import org.libreccm.modules.Module;
import org.libreccm.modules.ShutdownEvent;
import org.libreccm.modules.UnInstallEvent;
import org.libreccm.security.SystemUsersSetup;
-import org.libreccm.security.User;
import javax.persistence.EntityManager;
+
import org.libreccm.web.ApplicationType;
/**
*
* @author Jens Pelzetter
*/
-@Module(applicationTypes = {@ApplicationType(name = "Login",
- description = "Login Application",
- singleton = true,
- creator = LoginApplicationCreator.class,
- servlet = LoginServlet.class)},
+@Module(applicationTypes = {
+ @ApplicationType(name = "Login",
+ description = "Login Application",
+ singleton = true,
+ creator = LoginApplicationCreator.class,
+ servlet = LoginServlet.class),
+ @ApplicationType(name = "CCM Admin",
+ description = "Site-wide admin application",
+ singleton = true,
+ creator = AdminApplicationCreator.class,
+ servlet = AdminServlet.class)},
entities = {org.libreccm.auditing.CcmRevision.class,
org.libreccm.categorization.Categorization.class,
org.libreccm.categorization.Category.class,
@@ -89,7 +98,8 @@ public class CcmCore implements CcmModule {
public void install(final InstallEvent event) {
final EntityManager entityManager = event.getEntityManager();
- final SystemUsersSetup systemUsersSetup = new SystemUsersSetup(entityManager);
+ final SystemUsersSetup systemUsersSetup = new SystemUsersSetup(
+ entityManager);
systemUsersSetup.setupSystemUsers();
}