HSAdmin Backend Domains, E-Mail, Datenbanken
Peter Hormanns
2012-06-12 630795f59c92f52f399898b610145ef641af70d0
fixed #78
6 files modified
1 files deleted
121 ■■■■ changed files
hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java 5 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/cliClientConnector/TechnicalException.java 4 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/core/model/TicketAuthentication.java 17 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/core/model/Transaction.java 50 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/core/model/onetier/TicketValidator.java 19 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/remote/AbstractRemote.java 17 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/remote/RoleRemote.java 9 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java
@@ -22,7 +22,6 @@
import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.GenericModuleImpl;
import de.hsadmin.core.model.ModuleInterface;
import de.hsadmin.core.model.TicketAuthentication;
import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.model.onetier.TicketValidator;
@@ -460,9 +459,9 @@
                String login = a[0];
                ticket = a[1];
                try {
                    if (TicketAuthentication.getInstance().login(login, ticket)) {
                    tx = new Transaction(login);
                    if (tx.login(login, ticket)) {
                        // login successful
                        tx = new Transaction(login);
                        module = new GenericModuleImpl(tx);
                        // read arguments
hsarback/src/de/hsadmin/cliClientConnector/TechnicalException.java
@@ -13,6 +13,10 @@
        super(extractCauseMessage(e));
    }
    public TechnicalException(String errorMsg) {
        super(errorMsg);
    }
    private static String extractCauseMessage(Throwable e) {
        if (e.getMessage() != null && !(e instanceof RollbackException)) {
            return e.getMessage();
hsarback/src/de/hsadmin/core/model/TicketAuthentication.java
File was deleted
hsarback/src/de/hsadmin/core/model/Transaction.java
@@ -4,6 +4,7 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jms.Queue;
import javax.jms.QueueConnectionFactory;
@@ -21,9 +22,12 @@
import de.hsadmin.cliClientConnector.TechnicalException;
import de.hsadmin.core.model.onetier.PersistenceManager;
import de.hsadmin.core.model.onetier.TicketValidator;
import de.hsadmin.core.qserv.QueueClient;
import de.hsadmin.core.qserv.QueueTask;
import de.hsadmin.core.util.Config;
import de.hsadmin.mods.cust.Customer;
import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser;
public class Transaction {
@@ -76,8 +80,10 @@
    }
    public String getLoginName() {
        if (loginName != null) return loginName;
        return null;
        if (loginName != null) {
            return loginName;
        }
        throw new TechnicalException("no login");
    }
    public void enqueue(String hiveName, QueueTask task) {
@@ -193,4 +199,44 @@
        return unixUser;
    }
    public boolean login(String user, String ticket) throws AuthenticationException {
        String ticketUser = TicketValidator.getInstance().validateTicket(ticket);
        if (user != null && user.equals(ticketUser)) {
            return true;        // user himself
        }
        if (ticketUser != null && ticketUser.length() == 2) {
            return true;        // 2-letter hostmaster
        }
        String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-";
        if (ticketUser != null && ticketUser.startsWith(hostmasterAccountPrefix) && ticketUser.length() == 8) {
            return true;        // hsh01 hostmaster
        }
        if (ticketUser != null && ticketUser.length() == 5) {
            Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username");
            userQuery.setParameter("username", user);
            UnixUser unixUser = (UnixUser) userQuery.getSingleResult();
            String pacName = unixUser.getPac().getName();
            return ticketUser.equals(pacName);  // pac-admin
        }
        if (ticketUser != null && ticketUser.length() == 3) {
            String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-";
            Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername");
            memberQuery.setParameter("membername", memberAccountPrefix + ticketUser);
            Customer member = (Customer) memberQuery.getSingleResult();
            Set<Pac> pacs = member.getPacs();
            for (Pac p : pacs) {
                if (p.getName().equals(user)) {
                    return true;  // member as pac-admin
                }
                Set<UnixUser> users = p.getUnixUser();
                for (UnixUser u : users) {
                    if (u.getName().equals(user)) {
                        return true; // member as pac-user
                    }
                }
            }
        }
        throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + user);
    }
}
hsarback/src/de/hsadmin/core/model/onetier/TicketValidator.java
@@ -39,24 +39,7 @@
        proxyValidateURL = validateURL;
    }
    
    public boolean validateTicket(String runAsUser, String ticket) throws AuthenticationException {
        String ticketUser = validateTicket(ticket);
        if (runAsUser != null &&
                (runAsUser.equals(ticketUser)        // user himself
                    || (ticketUser.length() == 5 && runAsUser.startsWith(ticketUser))
                                                    // pac-admin
                    || (ticketUser.length() == 3 && runAsUser.startsWith(ticketUser))
                                                    // member
                    || ticketUser.length() == 2)    // hostmaster
                    // TODO: add test for member-account
                ) {
            return true;
        } else {
            throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + runAsUser);
        }
    }
    private String validateTicket(String ticket) throws AuthenticationException {
    public String validateTicket(String ticket) throws AuthenticationException {
        if (proxyServiceURL == null || proxyServiceURL == null) {
            log.fatal("TicketValidator is not initialized.");
            throw new RuntimeException("TicketValidator is not initialized.");
hsarback/src/de/hsadmin/remote/AbstractRemote.java
@@ -8,23 +8,16 @@
import java.util.List;
import java.util.Map;
import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AuthenticationException;
import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.GenericModuleImpl;
import de.hsadmin.core.model.HSAdminException;
import de.hsadmin.core.model.ModuleInterface;
import de.hsadmin.core.model.TicketAuthentication;
import de.hsadmin.core.model.Transaction;
import de.hsadmin.mods.user.UnixUser;
public abstract class AbstractRemote implements IRemote {
    private TicketAuthentication authentication;
    public AbstractRemote() {
        authentication = new TicketAuthentication();
    }
    protected abstract Class<? extends AbstractEntity> getEntityClass();
@@ -39,7 +32,7 @@
        String user = runAsUser;
        Transaction transaction = new Transaction(user);
        try {
            if (authentication.login(user, ticket)) {
            if (transaction.login(user, ticket)) {
                ModuleInterface module = new GenericModuleImpl(transaction);
                UnixUser unixUser = transaction.getLoginUser();
                List<AbstractEntity> list = module.search(getEntityClass(),
@@ -73,7 +66,7 @@
        String user = runAsUser;
        Transaction transaction = new Transaction(user);
        try {
            if (authentication.login(user, ticket)) {
            if (transaction.login(user, ticket)) {
                ModuleInterface module = new GenericModuleImpl(transaction);
                Constructor<? extends AbstractEntity> constructor = 
                    getEntityClass().getConstructor();
@@ -100,7 +93,7 @@
        String user = runAsUser;
        Transaction transaction = new Transaction(user);
        try {
            if (authentication.login(user, ticket)) {
            if (transaction.login(user, ticket)) {
                ModuleInterface module = new GenericModuleImpl(transaction);
                UnixUser unixUser = transaction.getLoginUser();
                String queryCondition = buildQueryCondition(whereParams);
@@ -137,7 +130,7 @@
        String user = runAsUser;
        Transaction transaction = new Transaction(user);
        try {
            if (authentication.login(user, ticket)) {
            if (transaction.login(user, ticket)) {
                ModuleInterface module = new GenericModuleImpl(transaction);
                UnixUser unixUser = transaction.getLoginUser();
                ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>();
hsarback/src/de/hsadmin/remote/RoleRemote.java
@@ -9,7 +9,6 @@
import de.hsadmin.core.model.AuthenticationException;
import de.hsadmin.core.model.GenericModuleImpl;
import de.hsadmin.core.model.HSAdminException;
import de.hsadmin.core.model.TicketAuthentication;
import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.Config;
import de.hsadmin.mods.dom.Domain;
@@ -17,18 +16,12 @@
public class RoleRemote implements IRemote {
    private TicketAuthentication authentication;
    public RoleRemote() {
        authentication = new TicketAuthentication();
    }
    @Override
    public List<Map<String, Object>> search(String runAsUser, String ticket,
            Map<String, String> whereParams) throws HSAdminException {
        String user = runAsUser;
        Transaction transaction = new Transaction(user);
        if (authentication.login(user, ticket)) {
        if (transaction.login(user, ticket)) {
            String role = "USER";
            String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer");
            String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster");