| /** |
| * |
| * Copyright (c) 2011, 2016 - Loetz GmbH&Co.KG (69115 Heidelberg, Germany) |
| * |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License 2.0 |
| * which accompanies this distribution, and is available at |
| * https://www.eclipse.org/legal/epl-2.0/ |
| * |
| * SPDX-License-Identifier: EPL-2.0 |
| * |
| * Contributors: |
| * Christophe Loetz (Loetz GmbH&Co.KG) - initial implementation |
| */ |
| package org.eclipse.osbp.authentication.providerimpl; |
| |
| import java.io.ByteArrayInputStream; |
| import java.io.ByteArrayOutputStream; |
| import java.io.IOException; |
| import java.io.ObjectInputStream; |
| import java.io.ObjectOutputStream; |
| import java.util.ArrayList; |
| import java.util.Collection; |
| import java.util.Collections; |
| import java.util.HashMap; |
| import java.util.HashSet; |
| import java.util.List; |
| import java.util.Map; |
| import java.util.Map.Entry; |
| import java.util.Set; |
| |
| import org.apache.shiro.SecurityUtils; |
| import org.apache.shiro.authc.AuthenticationException; |
| import org.apache.shiro.authc.credential.DefaultPasswordService; |
| import org.apache.shiro.authz.AuthorizationInfo; |
| import org.apache.shiro.config.Ini; |
| import org.apache.shiro.mgt.SecurityManager; |
| import org.apache.shiro.realm.AuthenticatingRealm; |
| import org.apache.shiro.subject.Subject; |
| import org.apache.shiro.util.ThreadContext; |
| import org.apache.shiro.web.config.WebIniSecurityManagerFactory; |
| import org.apache.shiro.web.mgt.DefaultWebSecurityManager; |
| import org.eclipse.osbp.authentication.account.dtos.UserAccountDto; |
| import org.eclipse.osbp.authentication.account.dtos.UserAccountFilterDto; |
| import org.eclipse.osbp.authentication.shiro.extensions.StaticRealm; |
| import org.eclipse.osbp.authentication.shiro.extensionsimpl.PortalUsernamePasswordToken; |
| import org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm; |
| import org.eclipse.osbp.authentication.vaadin.SubjectProvider; |
| import org.eclipse.osbp.authentication.vaadin.VaadinSessionManager; |
| import org.eclipse.osbp.authentication.vaadin.VaadinSessionProvider; |
| import org.eclipse.osbp.core.api.persistence.IPersistenceService; |
| import org.eclipse.osbp.dsl.dto.lib.impl.DtoServiceAccess; |
| import org.eclipse.osbp.jpa.services.Query; |
| import org.eclipse.osbp.jpa.services.filters.LCompare; |
| import org.eclipse.osbp.preferences.ProductConfiguration; |
| import org.eclipse.osbp.runtime.common.filter.IDTOServiceWithMutablePersistence; |
| import org.eclipse.osbp.ui.api.complexdatacontainer.IComplexDataContainerChangedListener; |
| import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization; |
| import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization.Action; |
| import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization.Group; |
| import org.eclipse.osbp.ui.api.useraccess.AbstractPosition; |
| import org.eclipse.osbp.ui.api.useraccess.IOrganizationService; |
| import org.eclipse.osbp.ui.api.useraccess.IPosition; |
| import org.eclipse.osbp.ui.api.useraccess.ISubOrganization; |
| import org.eclipse.osbp.ui.api.useraccess.IUserAccessService; |
| import org.eclipse.osbp.ui.api.userfilter.UserFilterMap; |
| import org.osgi.service.component.annotations.Component; |
| import org.osgi.service.component.annotations.Reference; |
| import org.osgi.service.component.annotations.ReferenceCardinality; |
| import org.osgi.service.component.annotations.ReferencePolicy; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| import com.vaadin.server.Page; |
| |
| /** |
| * The Class UserAccessService. |
| */ |
| @Component(service = IUserAccessService.class) |
| public class UserAccessService extends UserProtocol implements IUserAccessService { |
| |
| /** The Constant LOGGER. */ |
| private static final Logger LOGGER = LoggerFactory.getLogger(UserAccessService.class); |
| |
| /** The subject provider. */ |
| private SubjectProvider subjectProvider; |
| |
| /** The Constant USER_KEY. */ |
| private static final String USER_KEY = "user"; |
| |
| /** The Constant USER_FILTER_MAP_KEY. */ |
| private static final String USER_FILTER_MAP_KEY = "userFilterMap"; |
| |
| /** The Constant POSITION_KEY. */ |
| private static final String POSITION_KEY = "position"; |
| |
| /** The Constant ROLES_KEY. */ |
| private static final String ROLES_KEY = "roles"; |
| |
| /** The Constant PERMISSIONS_KEY. */ |
| private static final String AUTHORIZATION_KEY = "authorization"; |
| |
| /** The Constant AUTHENTICATED_BY_REALM. */ |
| private static final String AUTHENTICATED_BY_REALM = "realm"; |
| |
| /** The Constant USER_DEFAULT_PERSPECTIVE. */ |
| private static final String USER_DEFAULT_PERSPECTIVE = "defaultPerspective"; |
| |
| |
| /** The Constant sOrganizationServices. */ |
| protected static final Map<String, IOrganizationService> sOrganizationServices = new HashMap<>(); |
| |
| /** The listeners which are listening for changed complex data changes. */ |
| protected static final Set<IComplexDataContainerChangedListener> complexDataContainerChangedListeners = new HashSet<>(); |
| |
| /** |
| * Gets the organization services. |
| * |
| * @return the organization services |
| */ |
| public static Set<IOrganizationService> getOrganizationServices() { |
| return new HashSet<>(sOrganizationServices.values()); |
| } |
| |
| |
| /** |
| * Instantiates a new user access service. |
| */ |
| public UserAccessService() { |
| super(); |
| } |
| |
| protected void activate() { |
| // We use a factory that can injects a .ini file and |
| // returns a SecurityManager instance |
| Ini ini = new Ini(); |
| ini.load(ProductConfiguration.getShiroConfiguration(StaticRealm.class.getCanonicalName())); |
| WebIniSecurityManagerFactory sFactory = new WebIniSecurityManagerFactory(ini); |
| // the following line works with reflection and looks for shiro in the |
| // current bundle. no osgi possible in this version. |
| SecurityManager sSecurityManager = sFactory.getInstance(); |
| VaadinSessionProvider vaadinSessionProvider = new VaadinSessionProvider(); |
| VaadinSessionManager vaadinSessionManager = new VaadinSessionManager(vaadinSessionProvider); |
| // the vaadin session embeds the shiro subject |
| ((DefaultWebSecurityManager) sSecurityManager).setSessionManager(vaadinSessionManager); |
| subjectProvider = new SubjectProvider(vaadinSessionProvider); |
| SecurityUtils.setSecurityManager(sSecurityManager); |
| LOGGER.debug("security manager is set"); |
| UserProtocol.persistenceService.registerPersistenceUnit(persistenceId, UserProtocol.class); |
| if (UserProtocol.dtoUserAccountDtoService == null) { |
| UserProtocol.dtoUserAccountDtoService = (IDTOServiceWithMutablePersistence<UserAccountDto>) DtoServiceAccess |
| .getService(UserAccountDto.class); |
| } |
| // for password encryption |
| if (UserProtocol.passwordService == null) { |
| UserProtocol.passwordService = new DefaultPasswordService(); |
| } |
| |
| } |
| |
| protected void deactivate() { |
| LOGGER.debug("useraccessservice deactivated"); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getAuthorizations() |
| */ |
| @Override |
| public AuthorizationInfo getAuthorizations() { |
| AuthorizationInfo info = null; |
| AuthenticatingRealm realm = null; |
| if (isAuthenticated()) { |
| try { |
| info = (AuthorizationInfo) ThreadContext.get(AUTHORIZATION_KEY); |
| } catch (Exception e) { |
| LOGGER.info(""); |
| } |
| try { |
| realm = (AuthenticatingRealm) ThreadContext.get(AUTHENTICATED_BY_REALM); |
| } catch (Exception e) { |
| LOGGER.info(""); |
| } |
| if (info == null) { |
| info = new AuthorizationInformation( |
| (realm instanceof UserAccessAuthorizationRealm) |
| ? ((UserAccessAuthorizationRealm) realm).getPortalId() : "", |
| subjectProvider.get().getPrincipals(), getPosition(), getAuthorization()); |
| ThreadContext.put(AUTHORIZATION_KEY, info); |
| } |
| } |
| return info; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#isAuthenticated() |
| */ |
| @Override |
| public boolean isAuthenticated() { |
| return subjectProvider.get().isAuthenticated(); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#authenticate(java |
| * .lang.String, java.lang.String, java.lang.String) |
| */ |
| @Override |
| public boolean authenticate(String portal, String username, String password) { |
| PortalUsernamePasswordToken token = new PortalUsernamePasswordToken( |
| Page.getCurrent().getWebBrowser().getAddress(), portal, username, password); |
| token.setRememberMe(false); |
| token.setUserProtocol(this); |
| AuthenticatingRealm realm = null; |
| try { |
| Subject subject = subjectProvider.get(); |
| subject.login(token); |
| realm = token.getAuthenticatedByRealm(); |
| UserAccountDto user = null; |
| UserFilterMap userFilterMap = null; |
| AbstractPosition position = null; |
| String defaultPerspective = null; |
| Collection<String> roles = null; |
| AbstractAuthorization authorization = null; |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| user = ((UserAccessAuthorizationRealm) realm).findUserAccount(username); |
| userFilterMap = createFilterMap(user); |
| position = ((UserAccessAuthorizationRealm) realm).findPositionForUser(username); |
| defaultPerspective = user.getDefaultPerspective(); |
| authorization = ((UserAccessAuthorizationRealm) realm).findPermissionsForUser(username); |
| } |
| if (position != null) { |
| roles = position.getRoles(); |
| } |
| setSessionAttribute(AUTHENTICATED_BY_REALM, token.getAuthenticatedByRealm()); |
| setSessionAttribute(USER_KEY, user); |
| setSessionAttribute(USER_FILTER_MAP_KEY, userFilterMap); |
| setSessionAttribute(POSITION_KEY, position); |
| setSessionAttribute(ROLES_KEY, roles); |
| setSessionAttribute(AUTHORIZATION_KEY, authorization); |
| setSessionAttribute(USER_DEFAULT_PERSPECTIVE, defaultPerspective); |
| |
| if (LOGGER.isDebugEnabled()) { |
| LOGGER.debug(subjectProvider.get().getSession().getAttributeKeys().toString()); |
| } |
| trackSuccessfulLoginAttempt(username); |
| if (LOGGER.isDebugEnabled()) { |
| if (isGranted(Group.ENTITY, Action.CREATABLE, |
| "org.eclipse.osbp.authentication.account.entities.UserAccount")) { |
| LOGGER.debug("UserAccount is creatable"); |
| } else { |
| LOGGER.debug("UserAccount is not creatable"); |
| } |
| if (isVetoed(Group.ENTITY, Action.DISABLED, |
| "org.eclipse.osbp.authentication.account.entities.UserAccount", "superuser")) { |
| LOGGER.debug("superuser from UserAccount is disabled"); |
| } else { |
| LOGGER.debug("superuser from UserAccount is not disabled"); |
| } |
| } |
| return true; |
| } catch (AuthenticationException ae) { // NOSONAR |
| // captcha |
| int cnt = trackFailedLoginAttempt(username); |
| if (cnt > ProductConfiguration.getMaxLoginAttempts()) { |
| lockAccount(username, true); |
| } |
| try { |
| // NOSONAR |
| // wait exponentially along failed logins up to a maximum of |
| // 18,2 hours to prevent "Rapid-Fire Login Attempts" |
| // http://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication |
| |
| Long sleepLong = (long) (1000.0 * Math.max(5, Math.pow(2, Math.min(cnt, 16)))); |
| Long sleepLongSecs = sleepLong / 1000; |
| LOGGER.info("User '{}' is locked for {} seconds now ... pls. wait", username, sleepLongSecs.toString()); |
| Thread.sleep(sleepLong); |
| } catch (InterruptedException e) { // NOSONAR |
| // Empty by design |
| } |
| LOGGER.error("Authentication: " + ae.getLocalizedMessage()); |
| } |
| return false; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#authenticate(int, |
| * java.lang.String, java.lang.String) |
| */ |
| @Override |
| public boolean authenticate(int portalId, String username, String password) { |
| return authenticate(Integer.toString(portalId), username, password); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#authenticate(java |
| * .lang.String, java.lang.String) |
| */ |
| @Override |
| public boolean authenticate(String username, String password) { |
| return authenticate("", username, password); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#setSessionAttribute |
| * (java.lang.String, java.lang.Object) |
| */ |
| @Override |
| public void setSessionAttribute(String key, Object value) { |
| subjectProvider.get().getSession().setAttribute(key, value); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getSessionAttribute |
| * (java.lang.String) |
| */ |
| @Override |
| public Object getSessionAttribute(String key) { |
| return subjectProvider.get().getSession().getAttribute(key); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#logout() |
| */ |
| @Override |
| public void logout() { |
| Subject subject = subjectProvider.get(); |
| try { |
| setSessionAttribute(AUTHENTICATED_BY_REALM, null); |
| setSessionAttribute(USER_KEY, null); |
| setSessionAttribute(POSITION_KEY, null); |
| setSessionAttribute(ROLES_KEY, null); |
| setSessionAttribute(AUTHORIZATION_KEY, null); |
| } catch (Exception e) { |
| LOGGER.info(""); |
| } |
| try { |
| subject.logout(); |
| } catch (Exception e) { |
| LOGGER.info(""); |
| } |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getUser() |
| */ |
| @Override |
| public UserAccountDto getUser() { |
| UserAccountDto user = (UserAccountDto) getSessionAttribute(USER_KEY); |
| if (user == null) { |
| LOGGER.error("Authentication getUser returned null"); |
| } |
| return user; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getUserName() |
| */ |
| @Override |
| public String getUserName() { |
| UserAccountDto user = (UserAccountDto) getSessionAttribute(USER_KEY); |
| if (user != null) { |
| return user.getUserName(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getProfileimageId() |
| */ |
| @Override |
| public String getProfileimageId() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getProfileimage(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getPositionName() |
| */ |
| @Override |
| public String getPositionName() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getPosition(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getId() |
| */ |
| @Override |
| public String getId() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getId(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getEmail() |
| */ |
| @Override |
| public String getEmail() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getEmail(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getLocaleTag() |
| */ |
| @Override |
| public String getLocaleTag() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getLocaleTag(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * getLayoutingStrategy () |
| */ |
| @Override |
| public String getLayoutingStrategy() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getLayoutingStrategy(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getFocusingStrategy |
| * () |
| */ |
| @Override |
| public String getFocusingStrategy() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getFocusingStrategy(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getTheme() |
| */ |
| @Override |
| public String getTheme() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getTheme(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getPrintService() |
| */ |
| @Override |
| public String getPrintService() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getPrintService(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#isSuperuser() |
| */ |
| @Override |
| public boolean isSuperuser() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getSuperuser(); |
| } |
| return false; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getPosition() |
| */ |
| @Override |
| public AbstractPosition getPosition() { |
| return (AbstractPosition) getSessionAttribute(POSITION_KEY); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getPerspective() |
| */ |
| @Override |
| public String getPerspective() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getDefaultPerspective(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getExtraPassword() |
| */ |
| @Override |
| public String getExtraPassword() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getExtraPassword(); |
| } |
| return ""; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getExtraPassword() |
| */ |
| @Override |
| public boolean isPasswordReset() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| return user.getPasswordReset(); |
| } |
| return false; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getRoles() |
| */ |
| @SuppressWarnings("unchecked") |
| @Override |
| public Collection<String> getRoles() { |
| return (Collection<String>) getSessionAttribute(ROLES_KEY); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getPermissions() |
| */ |
| @Override |
| public AbstractAuthorization getAuthorization() { |
| return (AbstractAuthorization) getSessionAttribute(AUTHORIZATION_KEY); |
| } |
| |
| @Override |
| public boolean isGranted(Group group, Action action, String objectDescriptor) { |
| if (getAuthorization() == null) { // administrator |
| return true; |
| } |
| return getAuthorization().isApplicableGrant(group, action, objectDescriptor); |
| } |
| |
| @Override |
| public boolean isVetoed(Group group, Action action, String objectDescriptor, String propertyDescriptor) { |
| if (getAuthorization() == null) { // administrator |
| return false; |
| } |
| return getAuthorization().isApplicableVeto(group, action, objectDescriptor, propertyDescriptor); |
| } |
| |
| /** |
| * Gets the authentication realm. |
| * |
| * @return the authentication realm |
| */ |
| private AuthenticatingRealm getAuthenticationRealm() { |
| return (AuthenticatingRealm) getSessionAttribute(AUTHENTICATED_BY_REALM); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getAllUsers() |
| */ |
| @Override |
| public Set<String> getAllUsers() { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).getAllUsers(); |
| } |
| return Collections.emptySet(); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * getAllUsersPositions () |
| */ |
| @Override |
| public Map<String, String> getAllUsersPositions() { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).getAllUsersPositions(); |
| } |
| return Collections.emptyMap(); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getAllEmails() |
| */ |
| @Override |
| public Set<String> getAllEmails() { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).getAllEmails(); |
| } |
| return Collections.emptySet(); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * findUsersForPosition (java.lang.String) |
| */ |
| @Override |
| public Set<String> findUsersForPosition(String position) { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).findUsersForPosition(position); |
| } |
| return Collections.emptySet(); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getAllPositions() |
| */ |
| @Override |
| public Set<AbstractPosition> getAllPositions() { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| Set<AbstractPosition> retcode = new HashSet<>(); |
| for (Entry<String, IOrganizationService> entrySet : UserAccessService.sOrganizationServices.entrySet()) { |
| String organizationID = ProductConfiguration.getAuthenticationOrganizationId(); |
| ISubOrganization organization = entrySet.getValue().getOrganization(organizationID); |
| if (organization != null) { |
| for (IPosition position : organization.getPositions()) { |
| retcode.add((AbstractPosition) position); |
| } |
| } |
| } |
| if (retcode.isEmpty()) { |
| retcode = null; |
| } |
| return retcode; |
| } |
| return Collections.emptySet(); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#findPositionForUser |
| * (java.lang.String) |
| */ |
| @Override |
| public AbstractPosition findPositionForUser(String username) { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).findPositionForUser(username); |
| } |
| return null; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * findPositionForPositionName(java.lang.String) |
| */ |
| @Override |
| public AbstractPosition findPositionForPositionName(String positionName) { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).findPositionForPositionName(positionName); |
| } |
| return null; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#findRolesForUser |
| * (java.lang.String) |
| */ |
| @Override |
| public Collection<String> findRolesForUser(String username) { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).findRolesForUser(username); |
| } |
| return Collections.emptyList(); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * findPermissionsForUser (java.lang.String) |
| */ |
| @Override |
| public AbstractAuthorization findPermissionsForUser(String username) { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).findPermissionsForUser(username); |
| } |
| return null; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see |
| * org.eclipse.osbp.ui.api.useraccess.IUserAccessService#getUserFilterMap() |
| */ |
| @Override |
| public UserFilterMap getUserFilterMap() { |
| UserFilterMap userFilterMap = (UserFilterMap) getSessionAttribute(USER_FILTER_MAP_KEY); |
| if (userFilterMap == null) { |
| LOGGER.error("Authentication getUserFilterMap returned null"); |
| } |
| return userFilterMap; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * checkUsernameUniqueness (java.lang.String) |
| */ |
| @Override |
| public boolean checkLoggedInUsernameExists(String username) { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).checkUsernameExists(username); |
| } |
| return false; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * checkUsernameUniqueness (java.lang.String) |
| */ |
| @Override |
| public boolean checkNotLoggedInUsernameExists(String username) { |
| UserAccountDto userAccount = findUserAccount(username); |
| return (userAccount != null); |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * checkEmailUniqueness (java.lang.String) |
| */ |
| @Override |
| public boolean checkEmailExists(String email) { |
| AuthenticatingRealm realm = getAuthenticationRealm(); |
| if (realm instanceof UserAccessAuthorizationRealm) { |
| return ((UserAccessAuthorizationRealm) realm).checkEmailExists(email); |
| } |
| return false; |
| } |
| |
| /* |
| * (non-Javadoc) |
| * |
| * @see org.eclipse.osbp.ui.api.useraccess.IUserAccessService# |
| * getAllUserAccountRoles () |
| */ |
| @Override |
| public Map<String, Collection<String>> getAllUserAccountRoles() { // NOSONAR |
| Map<String, Collection<String>> userRolesMap = new HashMap<>(); |
| List<String> adminRoles = new ArrayList<>(); |
| Query query = new Query(); |
| int size = UserProtocol.getDtoUserAccountDtoService().size(query); |
| Collection<UserAccountDto> users = UserProtocol.getDtoUserAccountDtoService().getByIndex(0, size, query); |
| for (UserAccountDto user : users) { |
| if (user.getUserName() != null && user.getPosition() != null) { |
| boolean needsDefault = true; |
| for (Entry<String, IOrganizationService> entrySet : UserAccessService.sOrganizationServices.entrySet()) { |
| // as positions in organigram are not allowed to have spaces |
| |
| String organizationID = ProductConfiguration.getAuthenticationOrganizationId(); |
| ISubOrganization organization = entrySet.getValue().getOrganization(organizationID); |
| if (organization != null) { |
| IPosition position = organization.getPositionByLinkAlias(user.getPosition()); |
| if (position != null && position instanceof AbstractPosition) { |
| userRolesMap.put(user.getUserName(), ((AbstractPosition) position).getRoles()); |
| needsDefault = false; |
| } |
| } |
| } |
| if (needsDefault) { |
| List<String> userRoles = new ArrayList<>(); |
| userRoles.add(IUserAccessService.DEFAULTUSERROLE); |
| userRolesMap.put(user.getUserName(), userRoles); |
| } |
| } |
| } |
| // finally, add the admin and assign all roles |
| for (Entry<String, IOrganizationService> entrySet : UserAccessService.sOrganizationServices.entrySet()) { |
| adminRoles.addAll(entrySet.getValue().getRoles()); |
| } |
| // if the organizations provide no roles |
| if (adminRoles.isEmpty()) { |
| adminRoles.add(IUserAccessService.DEFAULTUSERROLE); |
| adminRoles.add(IUserAccessService.DEFAULTADMINROLE); |
| } |
| userRolesMap.put(IUserAccessService.ADMINISTRATOR, adminRoles); |
| return userRolesMap; |
| } |
| |
| /** |
| * Helper Method that converts the user account filter strings into a map. |
| * |
| * @param user |
| * the user |
| * @return the filter map |
| */ |
| private UserFilterMap createFilterMap(UserAccountDto user) { |
| UserFilterMap filterMap = new UserFilterMap(); |
| for (UserAccountFilterDto filter : user.getUserAccountFilter()) { |
| String[] splitFilter = filter.getFilter().split(":"); |
| if (filter.getInvers()) { |
| List<String> notFilterValueList = filterMap.getNotFilterMap().get(splitFilter[0]); |
| notFilterValueList = ((notFilterValueList != null) ? notFilterValueList : new ArrayList<>()); |
| notFilterValueList.add(splitFilter[1]); |
| filterMap.getNotFilterMap().put(splitFilter[0], notFilterValueList); |
| } else { |
| List<String> inFilterValueList = filterMap.getInFilterMap().get(splitFilter[0]); |
| inFilterValueList = ((inFilterValueList != null) ? inFilterValueList : new ArrayList<>()); |
| inFilterValueList.add(splitFilter[1]); |
| filterMap.getInFilterMap().put(splitFilter[0], inFilterValueList); |
| } |
| } |
| return filterMap; |
| } |
| |
| /** |
| * Bind persistence service. |
| * |
| * @param persistenceService |
| * the persistence service |
| */ |
| @Reference(cardinality = ReferenceCardinality.MANDATORY, policy = ReferencePolicy.STATIC) |
| public synchronized void bindPersistenceService(final IPersistenceService persistenceService) { |
| UserProtocol.persistenceService = persistenceService; |
| LOGGER.debug("UserProtocolPersistenceService bound"); |
| } |
| |
| /** |
| * Unbind persistence service. |
| * |
| * @param persistenceService |
| * the persistence service |
| */ |
| public synchronized void unbindPersistenceService(final IPersistenceService persistenceService) { // NOSONAR |
| UserProtocol.persistenceService = null; |
| LOGGER.debug("UserProtocolPersistenceService unbound"); |
| } |
| |
| /** |
| * Bind organization service. |
| * |
| * @param organization |
| * the organization |
| */ |
| @Reference(cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC) |
| public void bindOrganizationService(IOrganizationService organization) { |
| LOGGER.debug(UserAccessService.class.getCanonicalName() + ": " + organization.getClass().getCanonicalName() + " bound"); |
| sOrganizationServices.put(organization.getClass().getCanonicalName(), organization); |
| triggerComplexDataContainerChangedListeners(); |
| } |
| |
| /** |
| * Unbind organization service. |
| * |
| * @param organization |
| * the organization |
| */ |
| public void unbindOrganizationService(IOrganizationService organization) { |
| LOGGER.debug(UserAccessService.class.getCanonicalName() + ": " + organization.getClass().getCanonicalName() + " unbound"); |
| sOrganizationServices.remove(organization.getClass().getCanonicalName()); |
| triggerComplexDataContainerChangedListeners(); |
| } |
| |
| public void addComplexDataContainerChangedListener(IComplexDataContainerChangedListener listener) { |
| complexDataContainerChangedListeners.add(listener); |
| } |
| |
| public void removeComplexDataContainerChangedListener(IComplexDataContainerChangedListener listener) { |
| complexDataContainerChangedListeners.remove(listener); |
| } |
| |
| public static void triggerComplexDataContainerChangedListeners() { |
| for (IComplexDataContainerChangedListener listener : complexDataContainerChangedListeners) { |
| listener.complexDataContainerChanged(); |
| } |
| } |
| |
| |
| @SuppressWarnings("unchecked") |
| @Override |
| public Map<String, Object> getProperties() { |
| UserAccountDto user = getUser(); |
| if (user != null) { |
| ObjectInputStream objIn; |
| byte[] byteArray = user.getSavedProperties(); |
| if (byteArray != null){ |
| try { |
| objIn = new ObjectInputStream(new ByteArrayInputStream(byteArray)); |
| return (HashMap<String, Object>) objIn.readObject(); |
| } catch (IOException | ClassNotFoundException e) { |
| LOGGER.error(e.getClass().getName(), e); |
| } |
| } else { |
| return new HashMap<>(); |
| } |
| } |
| return Collections.EMPTY_MAP; |
| } |
| |
| @Override |
| public void persistProperties(Map<String, Object> properties) { |
| // must reread from db as data could have been changed |
| UserAccountDto user = getDtoUserAccountDtoService().get(getUser().getId()); |
| if (user != null) { |
| try { |
| ByteArrayOutputStream out = new ByteArrayOutputStream(); |
| ObjectOutputStream objOut = new ObjectOutputStream(out); |
| objOut.writeObject(properties); |
| objOut.close(); |
| user.setSavedProperties(out.toByteArray()); |
| UserProtocol.getDtoUserAccountDtoService().update(user); |
| } catch (IOException e) { |
| LOGGER.error(e.getClass().getName(), e); |
| } |
| } |
| } |
| |
| } |