From 76f810ab11c39955ab8906ec538691a81e09b8cb Mon Sep 17 00:00:00 2001 From: jensp Date: Wed, 2 Dec 2015 10:06:57 +0000 Subject: [PATCH] CCM NG: Admin App now uses new API from the org.libreccm.security package for authentication and authorisation git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@3755 8810af33-2d31-482b-a856-94f89814c4df --- .../src/main/java/com/arsdigita/ui/UI.java | 4 +- .../ui/admin/AdminApplicationCreator.java | 55 +++++++++++++++++ .../arsdigita/ui/admin/AdminConstants.java | 5 ++ .../com/arsdigita/ui/admin/AdminServlet.java | 59 ++++++++----------- .../main/java/org/libreccm/core/CcmCore.java | 24 +++++--- 5 files changed, 104 insertions(+), 43 deletions(-) create mode 100644 ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java diff --git a/ccm-core/src/main/java/com/arsdigita/ui/UI.java b/ccm-core/src/main/java/com/arsdigita/ui/UI.java index 97dd4bd20..4fbde7a1a 100644 --- a/ccm-core/src/main/java/com/arsdigita/ui/UI.java +++ b/ccm-core/src/main/java/com/arsdigita/ui/UI.java @@ -18,7 +18,9 @@ package com.arsdigita.ui; +import com.arsdigita.ui.login.LoginConstants; import com.arsdigita.ui.login.LoginServlet; + import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; @@ -179,7 +181,7 @@ public abstract class UI { * @deprecated use Login.getLoginPageURL()() instead */ public static String getLoginPageURL() { - return LoginServlet.LOGIN_PAGE_URL; + return LoginConstants.LOGIN_PAGE_URL; } /** diff --git a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java new file mode 100644 index 000000000..c002bb270 --- /dev/null +++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminApplicationCreator.java @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2015 LibreCCM Foundation. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ +package com.arsdigita.ui.admin; + +import org.libreccm.web.ApplicationCreator; +import org.libreccm.web.ApplicationRepository; +import org.libreccm.web.ApplicationType; +import org.libreccm.web.CcmApplication; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; + +import static com.arsdigita.ui.admin.AdminConstants.*; + +/** + * + * @author Jens Pelzetter + */ +@RequestScoped +public class AdminApplicationCreator + implements ApplicationCreator { + + @Inject + private ApplicationRepository appRepository; + + @Override + public CcmApplication createInstance(final String primaryUrl, + final ApplicationType type) { + if (!ADMIN_PAGE_URL.equals(primaryUrl)) { + throw new IllegalArgumentException( + "CCM Admin is a singleton application" + + "which is mounted at /admin"); + } + + return appRepository.retrieveApplicationForPath(primaryUrl); + } + + +} diff --git a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java index 638e9bb6a..c0c1f550e 100644 --- a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java +++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminConstants.java @@ -402,4 +402,9 @@ interface AdminConstants { String SEARCH_QUERY = "query"; + public final static String ADMIN_PAGE_URL = "/admin"; + + public final static String ADMIN_SERVLET = "/admin/*"; + + } diff --git a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java index 3cce0f158..0e4f57478 100644 --- a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java +++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java @@ -30,8 +30,10 @@ import com.arsdigita.web.BaseApplicationServlet; import com.arsdigita.web.LoginSignal; import com.arsdigita.xml.Document; +import org.apache.shiro.subject.Subject; import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiUtil; +import org.libreccm.security.PermissionChecker; import org.libreccm.web.CcmApplication; import java.io.IOException; @@ -39,9 +41,12 @@ import java.util.HashMap; import java.util.Map; import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import static com.arsdigita.ui.login.LoginConstants.*; + /** * Web Developer Support Application Servlet class, central entry point to * create and process the applications UI. @@ -57,6 +62,7 @@ import javax.servlet.http.HttpServletResponse; * @author Jens Pelzetter * @author pb */ +@WebServlet(urlPatterns = {LOGIN_SERVLET_PATH}) public class AdminServlet extends BaseApplicationServlet implements AdminConstants { @@ -100,42 +106,25 @@ public class AdminServlet extends BaseApplicationServlet implements final CcmApplication app) throws ServletException, IOException { // /////// Some preparational steps /////////////// - /* Determine access privilege: only logged in users may access DS */ + /* Determine access privilege: only logged in users may access */ final CdiUtil cdiUtil = new CdiUtil(); -// final CcmSessionContext sessionContext; -// try { -// sessionContext = cdiUtil.findBean( -// CcmSessionContext.class); -// } catch (CdiLookupException ex) { -// throw new UncheckedWrapperException( -// "Failed to lookup session context", ex); -// } -// final Subject subject = sessionContext.getCurrentSubject(); -// if (subject == null) { -// throw new LoginSignal(sreq); -// } -// -// final PrivilegeRepository privilegeRepository; -// try { -// privilegeRepository = cdiUtil.findBean(PrivilegeRepository.class); -// } catch (CdiLookupException ex) { -// throw new UncheckedWrapperException( -// "Failed to lookup PrivilegeRepository", ex); -// } -// final Privilege adminPrivilege = privilegeRepository.retrievePrivilege( -// "admin"); -// -// final PermissionManager permissionManager; -// try { -// permissionManager = cdiUtil.findBean(PermissionManager.class); -// } catch (CdiLookupException ex) { -// throw new UncheckedWrapperException( -// "Failed to look up PermissionManager", ex); -// } + final Subject subject; + final PermissionChecker permissionChecker; + try { + subject = cdiUtil.findBean(Subject.class); + permissionChecker = cdiUtil.findBean(PermissionChecker.class); + } catch (CdiLookupException ex) { + throw new UncheckedWrapperException(ex); + } -// if (!permissionManager.isPermitted(adminPrivilege, null, subject)) { -// throw new AccessDeniedException("User is not an administrator"); -// } + if (!subject.isAuthenticated()) { + throw new LoginSignal(sreq); + } + + /* Determine access privilege: Admin privileges must be granted */ + if (!permissionChecker.isPermitted("admin")) { + throw new AccessDeniedException("User is not an administrator"); + } /* Want admin to always show the latest stuff... */ DispatcherHelper.cacheDisable(sresp); @@ -220,7 +209,7 @@ public class AdminServlet extends BaseApplicationServlet implements * Create application administration panel */ tabbedPane.addTab(APPLICATIONS_TAB_TITLE, - new ApplicationsAdministrationTab()); + new ApplicationsAdministrationTab()); // browsePane.setTabbedPane(tabbedPane); // browsePane.setGroupAdministrationTab(groupAdminTab); diff --git a/ccm-core/src/main/java/org/libreccm/core/CcmCore.java b/ccm-core/src/main/java/org/libreccm/core/CcmCore.java index 86cd13ad8..cd2ade090 100644 --- a/ccm-core/src/main/java/org/libreccm/core/CcmCore.java +++ b/ccm-core/src/main/java/org/libreccm/core/CcmCore.java @@ -18,8 +18,11 @@ */ package org.libreccm.core; +import com.arsdigita.ui.admin.AdminApplicationCreator; +import com.arsdigita.ui.admin.AdminServlet; import com.arsdigita.ui.login.LoginApplicationCreator; import com.arsdigita.ui.login.LoginServlet; + import org.libreccm.modules.CcmModule; import org.libreccm.modules.InitEvent; import org.libreccm.modules.InstallEvent; @@ -27,20 +30,26 @@ import org.libreccm.modules.Module; import org.libreccm.modules.ShutdownEvent; import org.libreccm.modules.UnInstallEvent; import org.libreccm.security.SystemUsersSetup; -import org.libreccm.security.User; import javax.persistence.EntityManager; + import org.libreccm.web.ApplicationType; /** * * @author Jens Pelzetter */ -@Module(applicationTypes = {@ApplicationType(name = "Login", - description = "Login Application", - singleton = true, - creator = LoginApplicationCreator.class, - servlet = LoginServlet.class)}, +@Module(applicationTypes = { + @ApplicationType(name = "Login", + description = "Login Application", + singleton = true, + creator = LoginApplicationCreator.class, + servlet = LoginServlet.class), + @ApplicationType(name = "CCM Admin", + description = "Site-wide admin application", + singleton = true, + creator = AdminApplicationCreator.class, + servlet = AdminServlet.class)}, entities = {org.libreccm.auditing.CcmRevision.class, org.libreccm.categorization.Categorization.class, org.libreccm.categorization.Category.class, @@ -89,7 +98,8 @@ public class CcmCore implements CcmModule { public void install(final InstallEvent event) { final EntityManager entityManager = event.getEntityManager(); - final SystemUsersSetup systemUsersSetup = new SystemUsersSetup(entityManager); + final SystemUsersSetup systemUsersSetup = new SystemUsersSetup( + entityManager); systemUsersSetup.setupSystemUsers(); }