Merge branch 'master' of https://git.bukova.info/repos/git/isspst
This commit is contained in:
@@ -12,8 +12,6 @@ import javax.servlet.ServletContextListener;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
@@ -34,23 +32,16 @@ public class DbInitListener implements ServletContextListener {
|
||||
Logger logger = LoggerFactory.getLogger(DbInitListener.class);
|
||||
logger.info("Initializing database");
|
||||
|
||||
User tmpAdmin = new User();
|
||||
Role tmpRole = new Role();
|
||||
tmpRole.setAuthority(Constants.ROLE_ADMIN);
|
||||
tmpAdmin.setUsername(Constants.DEF_ADMIN);
|
||||
tmpAdmin.addAuthority(tmpRole);
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(tmpAdmin, null, tmpAdmin.getAuthorities()));
|
||||
|
||||
WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(evt.getServletContext());
|
||||
roleService = ctx.getBean(RoleService.class);
|
||||
userService = ctx.getBean(UserService.class);
|
||||
permService = ctx.getBean(PermissionService.class);
|
||||
|
||||
userService.grantAdmin();
|
||||
checkRoles();
|
||||
checkUsers();
|
||||
checkPermissions();
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
userService.removeAccess();
|
||||
}
|
||||
|
||||
private void checkRoles() {
|
||||
|
||||
@@ -49,12 +49,15 @@ public class User extends BaseSimpleData implements UserDetails, DataModel {
|
||||
@Override
|
||||
public List<Role> getAuthorities() {
|
||||
List<Role> roles = new ArrayList<Role>();
|
||||
int i = 10000000;
|
||||
for (Role r : authorities) {
|
||||
roles.add(r);
|
||||
for (Permission p : r.getPermissions()) {
|
||||
Role role = new Role();
|
||||
boolean addRole = true;
|
||||
role.setAuthority(p.getAuthority() + "_" + p.getModule());
|
||||
role.setId(i);
|
||||
++i;
|
||||
|
||||
for (Role chRole : roles) {
|
||||
if (chRole.getAuthority().equals(role.getAuthority())) {
|
||||
|
||||
@@ -0,0 +1,76 @@
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.data.User;
|
||||
import info.bukova.isspst.services.users.RoleService;
|
||||
import info.bukova.isspst.services.users.UserService;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.naming.NamingException;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
|
||||
|
||||
public class AuthPopulator implements LdapAuthoritiesPopulator {
|
||||
|
||||
private UserService userService;
|
||||
private RoleService roleService;
|
||||
|
||||
public AuthPopulator(UserService userService, RoleService roleService) {
|
||||
this.userService = userService;
|
||||
this.roleService = roleService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
|
||||
DirContextOperations userData, String login) {
|
||||
|
||||
User user = null;
|
||||
try {
|
||||
user = (User) userService.loadUserByUsername(login);
|
||||
} catch (UsernameNotFoundException e) {
|
||||
Logger logger = LoggerFactory.getLogger(AuthPopulator.class);
|
||||
logger.info("Importing user from LDAP");
|
||||
|
||||
user = new User();
|
||||
user.setUsername(login);
|
||||
Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
|
||||
user.addAuthority(role);
|
||||
|
||||
if (userData.attributeExists("givenName")) {
|
||||
try {
|
||||
user.setFirstName(userData.getAttributes().get("givenName").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'givenName' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("sn")) {
|
||||
try {
|
||||
user.setLastName(userData.getAttributes().get("sn").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'sn' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("mail")) {
|
||||
try {
|
||||
user.setEmail(userData.getAttributes().get("mail").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'mail' attribute");
|
||||
}
|
||||
}
|
||||
|
||||
userService.grantAdmin();
|
||||
userService.add(user);
|
||||
userService.removeAccess();
|
||||
}
|
||||
|
||||
return user != null ? user.getAuthorities() : null;
|
||||
}
|
||||
|
||||
}
|
||||
+3
-1
@@ -1,5 +1,7 @@
|
||||
package info.bukova.isspst;
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.Module;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.services.Service;
|
||||
|
||||
+1
-1
@@ -1,4 +1,4 @@
|
||||
package info.bukova.isspst;
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -6,6 +6,7 @@ import org.hibernate.NonUniqueResultException;
|
||||
import org.hibernate.Query;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import info.bukova.isspst.data.OwnedDataModel;
|
||||
@@ -36,7 +37,7 @@ public class AbstractOwnedService<T extends OwnedDataModel> extends AbstractServ
|
||||
@Transactional
|
||||
protected User getLoggedInUser() {
|
||||
try {
|
||||
String query = "from User where ID = " + ((User)SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId();
|
||||
String query = "from User where USERNAME = '" + ((UserDetails)SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername() + "'";
|
||||
Query q = dao.getQuery(query);
|
||||
return (User) q.uniqueResult();
|
||||
} catch (NonUniqueResultException e) {
|
||||
|
||||
@@ -12,5 +12,7 @@ public interface UserService extends UserDetailsService, Service<User> {
|
||||
public void saveWithPwd(User user, String password);
|
||||
public User getCurrent();
|
||||
public String encodePassword(User user, String plain);
|
||||
public void grantAdmin();
|
||||
public void removeAccess();
|
||||
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package info.bukova.isspst.services.users;
|
||||
|
||||
import org.hibernate.Query;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.encoding.PasswordEncoder;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@@ -8,6 +9,7 @@ import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.data.User;
|
||||
import info.bukova.isspst.services.AbstractService;
|
||||
@@ -58,11 +60,16 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public User getCurrent() {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (auth != null && auth.getPrincipal() != null) {
|
||||
return (User)auth.getPrincipal();
|
||||
try {
|
||||
return (User)loadUserByUsername(((UserDetails)auth.getPrincipal()).getUsername());
|
||||
} catch(UsernameNotFoundException e) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
@@ -73,5 +80,20 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
|
||||
return encoder.encodePassword(plain, user.getUsername());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void grantAdmin() {
|
||||
User tmpAdmin = new User();
|
||||
Role tmpRole = new Role();
|
||||
tmpRole.setAuthority(Constants.ROLE_ADMIN);
|
||||
tmpAdmin.setUsername(Constants.DEF_ADMIN);
|
||||
tmpAdmin.addAuthority(tmpRole);
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(tmpAdmin, null, tmpAdmin.getAuthorities()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeAccess() {
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -21,11 +21,15 @@ public class FormViewModel<T extends DataModel> {
|
||||
private Map<String, String> errMessages;
|
||||
private Service<T> service;
|
||||
private boolean newRec;
|
||||
private ServiceConstraint<T> constraint;
|
||||
|
||||
@Init
|
||||
public void init(@ExecutionArgParam("selected") T selected, @ExecutionArgParam("service") Service<T> service) {
|
||||
this.dataBean = selected;
|
||||
this.service = service;
|
||||
constraint = new ServiceConstraint<T>();
|
||||
constraint.setDataBean(selected);
|
||||
constraint.setService(service);
|
||||
if (selected.getId() == 0 && selected.getCreated() == null) {
|
||||
newRec = true;
|
||||
} else {
|
||||
@@ -33,6 +37,10 @@ public class FormViewModel<T extends DataModel> {
|
||||
}
|
||||
}
|
||||
|
||||
public ServiceConstraint<T> getConstriant() {
|
||||
return constraint;
|
||||
}
|
||||
|
||||
public T getDataBean() {
|
||||
return dataBean;
|
||||
}
|
||||
|
||||
@@ -131,7 +131,7 @@ public class ListViewModel<T extends DataModel> {
|
||||
try {
|
||||
newRecMode();
|
||||
editBean = service.create();
|
||||
if (dataBean == null) {
|
||||
if (editBean == null) {
|
||||
editBean = dataClass.newInstance();
|
||||
}
|
||||
showForm();
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
package info.bukova.isspst.ui;
|
||||
|
||||
import info.bukova.isspst.data.DataModel;
|
||||
import info.bukova.isspst.services.Service;
|
||||
import info.bukova.isspst.services.ValidationException;
|
||||
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.zkoss.zk.ui.Component;
|
||||
import org.zkoss.zk.ui.WrongValueException;
|
||||
import org.zkoss.zul.Constraint;
|
||||
|
||||
public class ServiceConstraint<T extends DataModel> implements Constraint {
|
||||
|
||||
private Service<T> service;
|
||||
private T dataBean;
|
||||
|
||||
@Override
|
||||
public void validate(Component component, Object value)
|
||||
throws WrongValueException {
|
||||
|
||||
String id = component.getId();
|
||||
if (id == null || id.isEmpty()) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
BeanUtils.setProperty(dataBean, id, value);
|
||||
service.validate(dataBean);
|
||||
} catch (ValidationException e) {
|
||||
Map<String, String> errMessages = e.getMessages();
|
||||
|
||||
if (errMessages != null && errMessages.get(id) != null && !errMessages.get(id).isEmpty()) {
|
||||
WrongValueException ex = new WrongValueException(component, errMessages.get(id));
|
||||
throw ex;
|
||||
}
|
||||
} catch (IllegalAccessException e) {
|
||||
|
||||
} catch (InvocationTargetException e) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
public void setService(Service<T> service) {
|
||||
this.service = service;
|
||||
}
|
||||
|
||||
public void setDataBean(T dataBean) {
|
||||
this.dataBean = dataBean;
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user