Menu
▾
▴
[Hyperic-hq-discuss] hq r14241 - in trunk/src/org/hyperic/hq/ui: action/admin/user security
|
From: <dcr...@hy...> - 2010-01-28 03:08:20
|
Author: dcrutchf Date: 2010-01-27 19:08:11 -0800 (Wed, 27 Jan 2010) New Revision: 14241 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=14241 Modified: trunk/src/org/hyperic/hq/ui/action/admin/user/RegisterAction.java trunk/src/org/hyperic/hq/ui/security/BaseSessionInitializationStrategy.java Log: Added logic to handle the custom provider use case Modified: trunk/src/org/hyperic/hq/ui/action/admin/user/RegisterAction.java =================================================================== --- trunk/src/org/hyperic/hq/ui/action/admin/user/RegisterAction.java 2010-01-27 23:30:36 UTC (rev 14240) +++ trunk/src/org/hyperic/hq/ui/action/admin/user/RegisterAction.java 2010-01-28 03:08:11 UTC (rev 14241) @@ -28,7 +28,9 @@ import java.util.HashMap; import java.util.Iterator; import java.util.List; +import java.util.Map; +import javax.security.auth.login.FailedLoginException; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -39,9 +41,11 @@ import org.apache.struts.action.ActionForm; import org.apache.struts.action.ActionForward; import org.apache.struts.action.ActionMapping; +import org.hyperic.hq.auth.shared.SessionManager; import org.hyperic.hq.authz.server.session.AuthzSubject; import org.hyperic.hq.authz.server.session.AuthzSubjectManagerEJBImpl; import org.hyperic.hq.authz.server.session.Operation; +import org.hyperic.hq.authz.shared.AuthzSubjectManagerLocal; import org.hyperic.hq.bizapp.shared.AuthBoss; import org.hyperic.hq.bizapp.shared.AuthzBoss; import org.hyperic.hq.common.shared.HQConstants; @@ -70,8 +74,9 @@ HttpServletRequest request, HttpServletResponse response) throws Exception { - Log log = LogFactory.getLog(RegisterAction.class.getName()); - + final Log log = LogFactory.getLog(RegisterAction.class.getName()); + final boolean debug = log.isDebugEnabled(); + Integer sessionId = RequestUtils.getSessionId(request); EditForm userForm = (EditForm)form; HttpSession session = request.getSession(false); @@ -85,7 +90,6 @@ ServletContext ctx = getServlet().getServletContext(); AuthzBoss authzBoss = ContextUtils.getAuthzBoss(ctx); AuthBoss authBoss = ContextUtils.getAuthBoss(ctx); - WebUser webUser = RequestUtils.getWebUser(session); // password was saved off when the user logged in @@ -95,10 +99,12 @@ // use the overlord to register the subject, and don't add // a principal - log.trace("registering subject [" + webUser.getUsername() + "]"); + if (debug) log.debug("registering subject [" + webUser.getUsername() + "]"); - AuthzSubject target = - AuthzSubjectManagerEJBImpl.getOne().findSubjectById(userForm.getId()); + Integer authzSubjectId = userForm.getId(); + AuthzSubjectManagerLocal authzSubjectManager = AuthzSubjectManagerEJBImpl.getOne(); + AuthzSubject target = authzSubjectManager.findSubjectById(authzSubjectId); + authzBoss.updateSubject(sessionId, target, Boolean.TRUE, HQConstants.ApplicationName, userForm.getDepartment(), @@ -113,20 +119,31 @@ // one for this subject.. must be done before pulling the // new subject in order to do it with his own credentials authBoss.logout(sessionId.intValue()); - sessionId = new Integer(authBoss.login(webUser.getUsername(), + + try { + sessionId = new Integer(authBoss.login(webUser.getUsername(), password)); + } catch(FailedLoginException e) { + // This should only fail in the instance we are using a custom auth provider + // TODO this needs to be reworked in evolution... + if (debug) log.debug("AuthzSubject refreshed failed via legacy method, retrieving directly."); + + sessionId = SessionManager.getInstance().put(authzSubjectManager.findSubjectById(authzSubjectId)); + } + + if (debug) log.debug("finding subject [" + webUser.getUsername() + "]"); - log.trace("finding subject [" + webUser.getUsername() + "]"); - // the new user has no prefs, but we still want to pick up // the defaults ConfigResponse preferences = (ConfigResponse)ctx.getAttribute(Constants.DEF_USER_PREFS); // look up the user's permissions - log.trace("getting all operations"); - HashMap userOpsMap = new HashMap(); + if (debug) log.debug("getting all operations"); + + Map userOpsMap = new HashMap(); List userOps = authzBoss.getAllOperations(sessionId); + for (Iterator it=userOps.iterator(); it.hasNext();) { Operation op = (Operation)it.next(); userOpsMap.put(op.getName(), Boolean.TRUE); @@ -134,10 +151,12 @@ // we also need to create up a new web user webUser = new WebUser(target, sessionId, preferences, false); + session.setAttribute(Constants.WEBUSER_SES_ATTR, webUser); session.setAttribute(Constants.USER_OPERATIONS_ATTR, userOpsMap); - HashMap parms = new HashMap(1); + Map parms = new HashMap(1); + parms.put(Constants.USER_PARAM, target.getId()); return returnSuccess(request, mapping, parms, false); Modified: trunk/src/org/hyperic/hq/ui/security/BaseSessionInitializationStrategy.java =================================================================== --- trunk/src/org/hyperic/hq/ui/security/BaseSessionInitializationStrategy.java 2010-01-27 23:30:36 UTC (rev 14240) +++ trunk/src/org/hyperic/hq/ui/security/BaseSessionInitializationStrategy.java 2010-01-28 03:08:11 UTC (rev 14241) @@ -6,6 +6,7 @@ import java.util.List; import java.util.Map; +import javax.ejb.CreateException; import javax.ejb.FinderException; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; @@ -26,6 +27,8 @@ import org.hyperic.hq.authz.shared.PermissionException; import org.hyperic.hq.bizapp.shared.AuthBoss; import org.hyperic.hq.bizapp.shared.AuthzBoss; +import org.hyperic.hq.common.ApplicationException; +import org.hyperic.hq.common.shared.HQConstants; import org.hyperic.hq.ui.Constants; import org.hyperic.hq.ui.WebUser; import org.hyperic.hq.ui.util.ContextUtils; @@ -56,22 +59,25 @@ AuthBoss authBoss = ContextUtils.getAuthBoss(ctx); // look up the subject record - AuthzSubject subjPojo = authzBoss.getCurrentSubject(sessionId); - AuthzSubjectValue subject = null; + AuthzSubject currentSubject = authzBoss.getCurrentSubject(sessionId); boolean needsRegistration = false; - if (subjPojo == null) { - subject = new AuthzSubjectValue(); + if (currentSubject == null) { + try { + AuthzSubject overlord = authzSubjectManager.getOverlordPojo(); + currentSubject = authzSubjectManager.createSubject(overlord, username, true, HQConstants.ApplicationName, "", "", "", "", "", "", false); + } catch (CreateException e) { + throw new SessionAuthenticationException("Unable to add user to authorization system"); + } - subject.setName(username); - needsRegistration = true; + sessionId = SessionManager.getInstance().put(currentSubject); } else { - subject = subjPojo.getAuthzSubjectValue(); - - needsRegistration = subjPojo.getEmailAddress() == null || subjPojo.getEmailAddress().length() == 0; + needsRegistration = currentSubject.getEmailAddress() == null || currentSubject.getEmailAddress().length() == 0; } + AuthzSubjectValue subject = currentSubject.getAuthzSubjectValue(); + // figure out if the user has a principal boolean hasPrincipal = authBoss.isUser(sessionId, subject.getName()); ConfigResponse preferences = needsRegistration ? new ConfigResponse() : |
