Menu
▾
▴
[Hyperic-hq-discuss] hq r14165 - in trunk: src/org/hyperic/hq/ui/security web/META-INF web/WEB-INF
|
From: <dcr...@hy...> - 2010-01-12 02:13:36
|
Author: dcrutchf Date: 2010-01-11 18:13:27 -0800 (Mon, 11 Jan 2010) New Revision: 14165 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=14165 Modified: trunk/src/org/hyperic/hq/ui/security/InternalAuthenticationProvider.java trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java trunk/web/META-INF/security-context.xml trunk/web/WEB-INF/web.xml Log: Updated web.xml (had filters out of order) Updated auth provider and session init strategy to load dashboard preferences Updated security context to load list of auth providers (this may change later on) Modified: trunk/src/org/hyperic/hq/ui/security/InternalAuthenticationProvider.java =================================================================== --- trunk/src/org/hyperic/hq/ui/security/InternalAuthenticationProvider.java 2010-01-12 01:44:14 UTC (rev 14164) +++ trunk/src/org/hyperic/hq/ui/security/InternalAuthenticationProvider.java 2010-01-12 02:13:27 UTC (rev 14165) @@ -18,16 +18,30 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; -import org.springframework.stereotype.Component; /* - * This class is responsible for authenticating a user using HQ's internal user store. + * This class is responsible for authenticating a user using HQ's internal user store. It can also be configured to enable guest user access as well as override the guest username. * */ -@Component public class InternalAuthenticationProvider implements AuthenticationProvider { private static Log log = LogFactory.getLog(InternalAuthenticationProvider.class.getName()); + private String guestUserName = "guest"; + private boolean guestEnabled = false; + + // TODO get this from the db instead + public String getGuestUserName() { + return guestUserName; + } + + public boolean isGuestEnabled() { + return guestEnabled; + } + + public void setGuestEnabled(boolean guestEnabled) { + this.guestEnabled = guestEnabled; + } + public Authentication authenticate(Authentication authentication) throws AuthenticationException { // TODO: Once this is evolution, remove the getOne in favor of DI AuthBossLocal authBoss = AuthBossEJBImpl.getOne(); @@ -38,8 +52,16 @@ // ...then we attempt to authenticate using authBoss... try { - int sid = authBoss.login(username, password); - + // ...check to see if we the user is trying to log in as guest user... + int sid; + + if (this.isGuestEnabled() && this.getGuestUserName().equalsIgnoreCase(username)) { + sid = authBoss.loginGuest(); + } else { + // ...this is a non guest user, authenticate... + sid = authBoss.login(username, password); + } + if (log.isTraceEnabled()) { log.trace("Logged in as [" + username + "] with session id [" + sid + "]"); } Modified: trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java =================================================================== --- trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java 2010-01-12 01:44:14 UTC (rev 14164) +++ trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java 2010-01-12 02:13:27 UTC (rev 14165) @@ -5,6 +5,8 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.Map.Entry; import javax.ejb.FinderException; import javax.servlet.ServletContext; @@ -28,7 +30,11 @@ import org.hyperic.hq.bizapp.shared.AuthzBoss; import org.hyperic.hq.ui.Constants; import org.hyperic.hq.ui.WebUser; +import org.hyperic.hq.ui.server.session.DashboardManagerEJBImpl; +import org.hyperic.hq.ui.server.session.UserDashboardConfig; +import org.hyperic.hq.ui.shared.DashboardManagerLocal; import org.hyperic.hq.ui.util.ContextUtils; +import org.hyperic.image.widget.ResourceTree; import org.hyperic.util.config.ConfigResponse; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.session.SessionAuthenticationException; @@ -105,6 +111,10 @@ session.setAttribute(Constants.USER_OPERATIONS_ATTR, userOperationsMap); + // Load up the user's dashboard preferences + loadDashboard(ctx, webUser, authzBoss); + setXlibFlag(session); + if (log.isDebugEnabled()) { log.debug("Stashing user operations in the session"); } @@ -127,7 +137,63 @@ } } + private boolean mergeValues(ConfigResponse config, ConfigResponse other, boolean overWrite) { + boolean updated = true; + Set<Entry<Object,Object>> entrySet = other.toProperties().entrySet(); + + for (Iterator<Entry<Object, Object>> i = entrySet.iterator(); i.hasNext();) { + Entry<Object, Object> entry = i.next(); + String key = (String) entry.getKey(); + String value = (String) entry.getValue(); + + if (overWrite || config.getValue(key) == null) { + config.setValue(key, value); + updated = true; + } + } + return updated; + } + private static void setXlibFlag(HttpSession session) { + try { + new ResourceTree(1); // See if graphics engine is present + session.setAttribute(Constants.XLIB_INSTALLED, Boolean.TRUE); + } catch (Throwable t) { + session.setAttribute(Constants.XLIB_INSTALLED, Boolean.FALSE); + } + } + + private void loadDashboard(ServletContext ctx, WebUser webUser, AuthzBoss authzBoss) { + try { + DashboardManagerLocal dashManager = DashboardManagerEJBImpl.getOne(); + ConfigResponse defaultUserDashPrefs = + (ConfigResponse) ctx.getAttribute(Constants.DEF_USER_DASH_PREFS); + AuthzSubject me = + authzBoss.findSubjectById(webUser.getSessionId(), + webUser.getSubject().getId()); + UserDashboardConfig userDashboard = dashManager.getUserDashboard(me, me); + + if (userDashboard == null) { + userDashboard = dashManager.createUserDashboard(me, me, webUser.getName()); + } + + ConfigResponse userDashobardConfig = userDashboard.getConfig(); + + if (mergeValues(userDashobardConfig, defaultUserDashPrefs, false)) { + dashManager.configureDashboard(me, userDashboard, + userDashobardConfig); + } + } catch (PermissionException e) { + e.printStackTrace(); + } catch (SessionNotFoundException e) { + // User not logged in + } catch (SessionTimeoutException e) { + // User session has expired + } catch (RemoteException e) { + // Cannot look up this user + } + } + private static Map<String, Boolean> loadUserPermissions(Integer sessionId, AuthzBoss authzBoss) throws SessionTimeoutException, SessionNotFoundException, PermissionException, RemoteException, FinderException { // look up the user's permissions Modified: trunk/web/META-INF/security-context.xml =================================================================== --- trunk/web/META-INF/security-context.xml 2010-01-12 01:44:14 UTC (rev 14164) +++ trunk/web/META-INF/security-context.xml 2010-01-12 02:13:27 UTC (rev 14165) @@ -1,132 +1,139 @@ - <beans xmlns="http://www.springframework.org/schema/beans" +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-3.0.xsd - http://www.springframework.org/schema/context - http://www.springframework.org/schema/context/spring-context-2.5.xsd - http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.0.xsd"> - <!-- Auto wire our custom security beans --> - <context:component-scan base-package="org.hyperic.hq.ui.security" /> - - <!-- This bean handles the actual of authentication user credentials --> - <sec:authentication-manager alias="authenticationManager"> - <sec:authentication-provider ref="internalAuthenticationProvider" /> - </sec:authentication-manager> + http://www.springframework.org/schema/beans/spring-beans-3.0.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context-2.5.xsd + http://www.springframework.org/schema/security + http://www.springframework.org/schema/security/spring-security-3.0.xsd"> + <!-- Auto wire our custom security beans --> + <context:component-scan base-package="org.hyperic.hq.ui.security" /> - <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> - <sec:filter-chain-map path-type="ant"> - <sec:filter-chain pattern="/login.jsp" filters="none" /> - <sec:filter-chain pattern="/*.ico" filters="none" /> - <sec:filter-chain pattern="/css/**" filters="none" /> - <sec:filter-chain pattern="/js/**" filters="none" /> - <sec:filter-chain pattern="/images/**" filters="none" /> - <sec:filter-chain pattern="/ui-docs/**" filters="none" /> - <sec:filter-chain pattern="/hqu/hqapi*/**" filters="securityContextPersistenceFilter, + <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> + <sec:filter-chain-map path-type="ant"> + <sec:filter-chain pattern="/login.jsp" filters="none" /> + <sec:filter-chain pattern="/*.ico" filters="none" /> + <sec:filter-chain pattern="/css/**" filters="none" /> + <sec:filter-chain pattern="/js/**" filters="none" /> + <sec:filter-chain pattern="/images/**" filters="none" /> + <sec:filter-chain pattern="/ui-docs/**" filters="none" /> + <sec:filter-chain pattern="/hqu/hqapi*/**" filters="securityContextPersistenceFilter, basicAuthenticationFilter, basicAuthenticationExceptionTranslationFilter, sessionManagementFilter, - filterSecurityInterceptor" /> - <sec:filter-chain pattern="/**" filters="securityContextPersistenceFilter, - logoutFilter, - basicAuthenticationFilter, - formBasedAuthenticationFilter, - sessionManagementFilter, - formAuthenticationExceptionTranslationFilter, - filterSecurityInterceptor" /> - </sec:filter-chain-map> - </bean> - - <!-- Setup security context persistence filter --> - <bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" /> - - <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> - <property name="securityContextRepository" ref="securityContextRepository" /> - </bean> - - <!-- For logout --> - <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> - <constructor-arg value="/login.jsp" /> - <constructor-arg> - <list> - <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean> - </list> - </constructor-arg> - </bean> - - <!-- For basic authentication --> - <bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter"> - <property name="authenticationManager" ref="authenticationManager" /> - <property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" /> - </bean> - - <bean id="basicAuthenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint"> - <property name="realmName" value="HQ-Realm" /> - </bean> - - <bean id="basicAuthenticationExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> - <property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" /> - <property name="accessDeniedHandler"> - <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl" /> - </property> - </bean> - - <!-- For form-based authentication --> - <bean id="formBasedAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> - <property name="authenticationManager" ref="authenticationManager" /> - <property name="sessionAuthenticationStrategy" ref="sessionInitializationStrategy" /> - <property name="authenticationSuccessHandler"> - <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> - <property name="defaultTargetUrl" value="/Dashboard.do" /> - </bean> - </property> - <property name="authenticationFailureHandler"> - <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> - <property name="defaultFailureUrl" value="/login.jsp?authfailed=true" /> - </bean> - </property> - </bean> - - <bean id="formAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> - <property name="loginFormUrl" value="/login.jsp" /> - </bean> - - <bean id="formAuthenticationExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> - <property name="authenticationEntryPoint" ref="formAuthenticationEntryPoint" /> - </bean> - - <!-- Setup session management filter --> - <bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter"> - <constructor-arg ref="securityContextRepository" /> - <property name="sessionAuthenticationStrategy" ref="sessionInitializationStrategy" /> - </bean> - - <!-- Setup the filter security interceptor --> - <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> - <property name="authenticationManager" ref="authenticationManager" /> - <property name="accessDecisionManager"> - <bean class="org.springframework.security.access.vote.AffirmativeBased"> - <property name="allowIfAllAbstainDecisions" value="false" /> - <property name="decisionVoters"> - <list> - <bean class="org.springframework.security.access.vote.RoleVoter" /> - </list> - </property> - </bean> - </property> - <property name="securityMetadataSource"> - <sec:filter-security-metadata-source> - <sec:intercept-url pattern="/login.jsp" /> - <sec:intercept-url pattern="/favicon.ico" /> - <sec:intercept-url pattern="/css/**" /> - <sec:intercept-url pattern="/js/**" /> - <sec:intercept-url pattern="/images/**" /> - <sec:intercept-url pattern="/ui_docs/**" /> - <sec:intercept-url pattern="/hqu/hqapi*/**" access="ROLE_USER" /> - <sec:intercept-url pattern="/**" access="ROLE_USER" /> - </sec:filter-security-metadata-source> - </property> - </bean> - </beans> \ No newline at end of file + filterSecurityInterceptor" /> + <sec:filter-chain pattern="/**" filters="securityContextPersistenceFilter, + logoutFilter, + basicAuthenticationFilter, + formBasedAuthenticationFilter, + sessionManagementFilter, + formAuthenticationExceptionTranslationFilter, + filterSecurityInterceptor" /> + </sec:filter-chain-map> + </bean> + + <!-- Setup security context persistence filter --> + <bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" /> + + <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> + <property name="securityContextRepository" ref="securityContextRepository" /> + </bean> + + <!-- For logout --> + <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> + <constructor-arg value="/login.jsp" /> + <constructor-arg> + <list> + <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean> + </list> + </constructor-arg> + </bean> + + <!-- For basic authentication --> + <bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter"> + <property name="authenticationManager" ref="authenticationManager" /> + <property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" /> + </bean> + + <bean id="basicAuthenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint"> + <property name="realmName" value="HQ-Realm" /> + </bean> + + <bean id="basicAuthenticationExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> + <property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" /> + <property name="accessDeniedHandler"> + <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl" /> + </property> + </bean> + + <!-- For form-based authentication --> + <bean id="formBasedAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> + <property name="authenticationManager" ref="authenticationManager" /> + <property name="sessionAuthenticationStrategy" ref="sessionInitializationStrategy" /> + <property name="authenticationSuccessHandler"> + <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"> + <property name="defaultTargetUrl" value="/Dashboard.do" /> + </bean> + </property> + <property name="authenticationFailureHandler"> + <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> + <property name="defaultFailureUrl" value="/login.jsp?authfailed=true" /> + </bean> + </property> + </bean> + + <bean id="formAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> + <property name="loginFormUrl" value="/login.jsp" /> + </bean> + + <bean id="formAuthenticationExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> + <property name="authenticationEntryPoint" ref="formAuthenticationEntryPoint" /> + </bean> + + <!-- Setup session management filter --> + <bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter"> + <constructor-arg ref="securityContextRepository" /> + <property name="sessionAuthenticationStrategy" ref="sessionInitializationStrategy" /> + </bean> + + <!-- Setup the filter security interceptor --> + <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> + <property name="authenticationManager" ref="authenticationManager" /> + <property name="accessDecisionManager"> + <bean class="org.springframework.security.access.vote.AffirmativeBased"> + <property name="allowIfAllAbstainDecisions" value="false" /> + <property name="decisionVoters"> + <list> + <bean class="org.springframework.security.access.vote.RoleVoter" /> + </list> + </property> + </bean> + </property> + <property name="securityMetadataSource"> + <sec:filter-security-metadata-source> + <sec:intercept-url pattern="/login.jsp" /> + <sec:intercept-url pattern="/favicon.ico" /> + <sec:intercept-url pattern="/css/**" /> + <sec:intercept-url pattern="/js/**" /> + <sec:intercept-url pattern="/images/**" /> + <sec:intercept-url pattern="/ui_docs/**" /> + <sec:intercept-url pattern="/hqu/hqapi*/**" access="ROLE_USER" /> + <sec:intercept-url pattern="/**" access="ROLE_USER" /> + </sec:filter-security-metadata-source> + </property> + </bean> + + <bean id="internalAuthenticationProvider" class="org.hyperic.hq.ui.security.InternalAuthenticationProvider"> + <property name="guestEnabled" value="true" /> + </bean> + + <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> + <property name="providers"> + <list> + <ref local="internalAuthenticationProvider" /> + </list> + </property> + </bean> +</beans> \ No newline at end of file Modified: trunk/web/WEB-INF/web.xml =================================================================== --- trunk/web/WEB-INF/web.xml 2010-01-12 01:44:14 UTC (rev 14164) +++ trunk/web/WEB-INF/web.xml 2010-01-12 02:13:27 UTC (rev 14165) @@ -75,11 +75,6 @@ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> - <filter-mapping> - <filter-name>filterChainProxy</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - <filter> <filter-name>Resource-Filter</filter-name> <filter-class>org.hyperic.hq.ui.ResourceFilter</filter-class> @@ -100,6 +95,11 @@ <url-pattern>/*</url-pattern> </filter-mapping> + <filter-mapping> + <filter-name>filterChainProxy</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + <filter-mapping> <filter-name>Resource-Filter</filter-name> <url-pattern>/images/*</url-pattern> |
