@RequestMapping ( value = "/{userId}/view", method = RequestMethod.GET ) @HttpConstraint ( value = EmptyRoleSemantic.PERMIT ) public ModelAndView viewUser ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request ) { final boolean you = isYou ( userId, request ); if ( !you && !request.isUserInRole ( "ADMIN" ) ) { return CommonController.createAccessDenied (); } final DatabaseUserInformation user = this.storage.getUserDetails ( userId ); if ( user == null || user.getDetails ( DatabaseDetails.class ) == null ) { return CommonController.createNotFound ( "user", userId ); } final ModelAndView model = new ModelAndView ( "user/view" ); model.put ( "user", user ); model.put ( "you", you ); return model; }
@RequestMapping ( value = "/{userId}/view", method = RequestMethod.GET ) @HttpConstraint ( value = EmptyRoleSemantic.PERMIT ) public ModelAndView viewUser ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request) { final boolean you = isYou ( userId, request ); if ( !you && !request.isUserInRole ( "ADMIN" ) ) { return CommonController.createAccessDenied (); } final DatabaseUserInformation user = this.storage.getUserDetails ( userId ); if ( user == null || user.getDetails ( DatabaseDetails.class ) == null ) { return CommonController.createNotFound ( "user", userId ); } final ModelAndView model = new ModelAndView ( "user/view" ); model.put ( "user", user ); model.put ( "you", you ); return model; }
private static SecurityConstraint createConstraint( HttpConstraintElement element, String urlPattern, boolean alwaysCreate) { SecurityConstraint constraint = new SecurityConstraint(); SecurityCollection collection = new SecurityCollection(); boolean create = alwaysCreate; if (element.getTransportGuarantee() != ServletSecurity.TransportGuarantee.NONE) { constraint.setUserConstraint(element.getTransportGuarantee().name()); create = true; } if (element.getRolesAllowed().length > 0) { String[] roles = element.getRolesAllowed(); for (String role : roles) { constraint.addAuthRole(role); } create = true; } if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) { constraint.setAuthConstraint(true); create = true; } if (create) { collection.addPattern(urlPattern); constraint.addCollection(collection); return constraint; } return null; }
/** * Default constraint is permit with no transport guarantee. */ public HttpConstraintElement() { // Default constructor this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT; this.transportGuarantee = TransportGuarantee.NONE; this.rolesAllowed = new String[0]; }
/** * Convenience constructor to specify transport guarantee and/or roles. */ public HttpConstraintElement(TransportGuarantee transportGuarantee, String... rolesAllowed) { this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT; this.transportGuarantee = transportGuarantee; this.rolesAllowed = rolesAllowed; }
/** * * @param emptyRoleSemantic * @param transportGuarantee * @param rolesAllowed * @throws IllegalArgumentException if roles are specified when DENY is used */ public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) { if (rolesAllowed != null && rolesAllowed.length > 0 && EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) { throw new IllegalArgumentException(lStrings.getString( "httpConstraintElement.invalidRolesDeny")); } this.emptyRoleSemantic = emptyRoleSemantic; this.transportGuarantee = transportGuarantee; this.rolesAllowed = rolesAllowed; }
private static SecurityConstraint createConstraint(HttpConstraintElement element, String urlPattern, boolean alwaysCreate) { SecurityConstraint constraint = new SecurityConstraint(); SecurityCollection collection = new SecurityCollection(); boolean create = alwaysCreate; if (element.getTransportGuarantee() != ServletSecurity.TransportGuarantee.NONE) { constraint.setUserConstraint(element.getTransportGuarantee().name()); create = true; } if (element.getRolesAllowed().length > 0) { String[] roles = element.getRolesAllowed(); for (String role : roles) { constraint.addAuthRole(role); } create = true; } if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) { constraint.setAuthConstraint(true); create = true; } if (create) { collection.addPattern(urlPattern); constraint.addCollection(collection); return constraint; } return null; }
/** * * @param emptyRoleSemantic * @param transportGuarantee * @param rolesAllowed * @throws IllegalArgumentException * if roles are specified when DENY is used */ public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) { if (rolesAllowed != null && rolesAllowed.length > 0 && EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) { throw new IllegalArgumentException(lStrings.getString("httpConstraintElement.invalidRolesDeny")); } this.emptyRoleSemantic = emptyRoleSemantic; this.transportGuarantee = transportGuarantee; this.rolesAllowed = rolesAllowed; }
public static boolean isAllowed ( final HttpConstraint constraint, final HttpServletRequest request ) { final EmptyRoleSemantic empty = constraint.value (); final String[] allowedRoles = constraint.rolesAllowed (); if ( allowedRoles == null || allowedRoles.length <= 0 ) { // no roles if ( EmptyRoleSemantic.PERMIT.equals ( empty ) ) { return true; } else { return false; } } else { // check all roles .. one is ok for ( final String role : allowedRoles ) { if ( request.isUserInRole ( role ) ) { return true; } } // we ran out of options return false; } }
@RequestMapping ( "/{userId}/newPassword" ) @HttpConstraint ( value = EmptyRoleSemantic.PERMIT ) public ModelAndView changePassword ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request ) { final Map<String, Object> model = new HashMap<> (); final boolean you = isYou ( userId, request ); if ( !you && !request.isUserInRole ( "ADMIN" ) ) { return CommonController.createAccessDenied (); } final DatabaseUserInformation user = this.storage.getUserDetails ( userId ); if ( user == null ) { return CommonController.createNotFound ( "user", userId ); } final DatabaseDetails details = user.getDetails ( DatabaseDetails.class ); if ( details == null ) { return CommonController.createNotFound ( "details", userId ); } final NewPassword data = new NewPassword (); data.setEmail ( details.getEmail () ); model.put ( "you", you ); model.put ( "command", data ); return new ModelAndView ( "user/newPassword", model ); }
@RequestMapping ( value = "/{userId}/newPassword", method = RequestMethod.POST ) @HttpConstraint ( value = EmptyRoleSemantic.PERMIT ) public ModelAndView changePasswordPost ( @PathVariable ( "userId" ) final String userId, @Valid @FormData ( "command" ) final NewPassword data, final BindingResult result, final HttpServletRequest request ) { final boolean you = isYou ( userId, request ); if ( !you && !request.isUserInRole ( "ADMIN" ) ) { return CommonController.createAccessDenied (); } final Map<String, Object> model = new HashMap<> (); model.put ( "you", you ); if ( result.hasErrors () ) { model.put ( "command", data ); return new ModelAndView ( "user/newPassword", model ); } try { if ( !you /* but we are ADMIN */ ) { this.storage.updatePassword ( userId, null, data.getPassword () ); } else { this.storage.updatePassword ( userId, data.getCurrentPassword (), data.getPassword () ); } return new ModelAndView ( "redirect:/user/" + userId + "/view" ); } catch ( final Exception e ) { return CommonController.createError ( "Error", "Failed to change password", e ); } }
@RequestMapping ( "/{userId}/newPassword" ) @HttpConstraint ( value = EmptyRoleSemantic.PERMIT ) public ModelAndView changePassword ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request) { final Map<String, Object> model = new HashMap<> (); final boolean you = isYou ( userId, request ); if ( !you && !request.isUserInRole ( "ADMIN" ) ) { return CommonController.createAccessDenied (); } final DatabaseUserInformation user = this.storage.getUserDetails ( userId ); if ( user == null ) { return CommonController.createNotFound ( "user", userId ); } final DatabaseDetails details = user.getDetails ( DatabaseDetails.class ); if ( details == null ) { return CommonController.createNotFound ( "details", userId ); } final NewPassword data = new NewPassword (); data.setEmail ( details.getEmail () ); model.put ( "you", you ); model.put ( "command", data ); return new ModelAndView ( "user/newPassword", model ); }
@RequestMapping ( value = "/{userId}/newPassword", method = RequestMethod.POST ) @HttpConstraint ( value = EmptyRoleSemantic.PERMIT ) public ModelAndView changePasswordPost ( @PathVariable ( "userId" ) final String userId, @Valid @FormData ( "command" ) final NewPassword data, final BindingResult result, final HttpServletRequest request) { final boolean you = isYou ( userId, request ); if ( !you && !request.isUserInRole ( "ADMIN" ) ) { return CommonController.createAccessDenied (); } final Map<String, Object> model = new HashMap<> (); model.put ( "you", you ); if ( result.hasErrors () ) { model.put ( "command", data ); return new ModelAndView ( "user/newPassword", model ); } try { if ( !you /* but we are ADMIN */ ) { this.storage.updatePassword ( userId, null, data.getPassword () ); } else { this.storage.updatePassword ( userId, data.getCurrentPassword (), data.getPassword () ); } return new ModelAndView ( "redirect:/user/" + userId + "/view" ); } catch ( final Exception e ) { return CommonController.createError ( "Error", "Failed to change password", e ); } }
/** * Convenience constructor for {@link EmptyRoleSemantic#DENY}. * */ public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) { this.emptyRoleSemantic = emptyRoleSemantic; this.transportGuarantee = TransportGuarantee.NONE; this.rolesAllowed = new String[0]; }
public EmptyRoleSemantic getEmptyRoleSemantic() { return emptyRoleSemantic; }
/** * Constructs a default HTTP constraint element */ public HttpConstraintElement() { this(EmptyRoleSemantic.PERMIT); }
