fixed #78

hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java

@@ -22,7 +22,6 @@ import org.apache.commons.codec.binary.Base64;
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.GenericModuleImpl;
 import de.hsadmin.core.model.ModuleInterface;
-import de.hsadmin.core.model.TicketAuthentication;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.model.onetier.TicketValidator;
 
@@ -460,9 +459,9 @@ public class CLIClientConnectorServlet extends HttpServlet {
 				String login = a[0];
 				ticket = a[1];
 				try {
-					if (TicketAuthentication.getInstance().login(login, ticket)) {
+					tx = new Transaction(login);
+					if (tx.login(login, ticket)) {
 						// login successful
-						tx = new Transaction(login);
 						module = new GenericModuleImpl(tx);
 
 						// read arguments

hsarback/src/de/hsadmin/cliClientConnector/TechnicalException.java

@@ -13,6 +13,10 @@ public class TechnicalException extends RuntimeException {
 		super(extractCauseMessage(e));
 	}
 
+	public TechnicalException(String errorMsg) {
+		super(errorMsg);
+	}
+
 	private static String extractCauseMessage(Throwable e) {
 		if (e.getMessage() != null && !(e instanceof RollbackException)) {
 			return e.getMessage();

hsarback/src/de/hsadmin/core/model/TicketAuthentication.java

@@ -1,17 +0,0 @@
-package de.hsadmin.core.model;
-
-import de.hsadmin.core.model.onetier.TicketValidator;
-
-public class TicketAuthentication {
-
-	private static TicketAuthentication auth = new TicketAuthentication();
-	
-	public static TicketAuthentication getInstance() {
-		return auth;
-	}
-
-	public boolean login(String login, String ticket) throws AuthenticationException {
-		return TicketValidator.getInstance().validateTicket(login, ticket);
-	}
-
-}

hsarback/src/de/hsadmin/core/model/Transaction.java

@@ -4,6 +4,7 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import javax.jms.Queue;
 import javax.jms.QueueConnectionFactory;
@@ -21,9 +22,12 @@ import org.apache.openjpa.persistence.OpenJPAEntityManager;
 
 import de.hsadmin.cliClientConnector.TechnicalException;
 import de.hsadmin.core.model.onetier.PersistenceManager;
+import de.hsadmin.core.model.onetier.TicketValidator;
 import de.hsadmin.core.qserv.QueueClient;
 import de.hsadmin.core.qserv.QueueTask;
 import de.hsadmin.core.util.Config;
+import de.hsadmin.mods.cust.Customer;
+import de.hsadmin.mods.pac.Pac;
 import de.hsadmin.mods.user.UnixUser;
 
 public class Transaction {
@@ -76,8 +80,10 @@ public class Transaction {
 	}
 
 	public String getLoginName() {
-		if (loginName != null) return loginName;
-		return null;
+		if (loginName != null) {
+			return loginName;
+		}
+		throw new TechnicalException("no login");
 	}
 
 	public void enqueue(String hiveName, QueueTask task) {
@@ -193,4 +199,44 @@ public class Transaction {
 		return unixUser;
 	}
 
+	public boolean login(String user, String ticket) throws AuthenticationException {
+		String ticketUser = TicketValidator.getInstance().validateTicket(ticket);
+		if (user != null && user.equals(ticketUser)) {
+			return true;		// user himself
+		}
+		if (ticketUser != null && ticketUser.length() == 2) {
+			return true;		// 2-letter hostmaster
+		}
+		String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-";
+		if (ticketUser != null && ticketUser.startsWith(hostmasterAccountPrefix) && ticketUser.length() == 8) {
+			return true;		// hsh01 hostmaster
+		}
+		if (ticketUser != null && ticketUser.length() == 5) {
+			Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username");
+			userQuery.setParameter("username", user);
+			UnixUser unixUser = (UnixUser) userQuery.getSingleResult();
+			String pacName = unixUser.getPac().getName();
+			return ticketUser.equals(pacName);  // pac-admin
+		}
+		if (ticketUser != null && ticketUser.length() == 3) {
+			String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-";
+			Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername");
+			memberQuery.setParameter("membername", memberAccountPrefix + ticketUser);
+			Customer member = (Customer) memberQuery.getSingleResult();
+			Set<Pac> pacs = member.getPacs();
+			for (Pac p : pacs) {
+				if (p.getName().equals(user)) {
+					return true;  // member as pac-admin
+				}
+				Set<UnixUser> users = p.getUnixUser();
+				for (UnixUser u : users) {
+					if (u.getName().equals(user)) {
+						return true; // member as pac-user
+					}
+				}
+			}
+		}
+		throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + user);
+	}
+
 }

hsarback/src/de/hsadmin/core/model/onetier/TicketValidator.java

@@ -39,24 +39,7 @@ public class TicketValidator {
 		proxyValidateURL = validateURL;
 	}
 	
-	public boolean validateTicket(String runAsUser, String ticket) throws AuthenticationException {
-		String ticketUser = validateTicket(ticket);
-		if (runAsUser != null && 
-				(runAsUser.equals(ticketUser)		// user himself
-					|| (ticketUser.length() == 5 && runAsUser.startsWith(ticketUser))
-													// pac-admin
-					|| (ticketUser.length() == 3 && runAsUser.startsWith(ticketUser))
-													// member
-					|| ticketUser.length() == 2)	// hostmaster
-					// TODO: add test for member-account
-				) {
-			return true;
-		} else {
-			throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + runAsUser);
-		}
-	}
-
-	private String validateTicket(String ticket) throws AuthenticationException {
+	public String validateTicket(String ticket) throws AuthenticationException {
 		if (proxyServiceURL == null || proxyServiceURL == null) {
 			log.fatal("TicketValidator is not initialized.");
 			throw new RuntimeException("TicketValidator is not initialized.");

hsarback/src/de/hsadmin/remote/AbstractRemote.java

@@ -8,24 +8,17 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 
+import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AuthenticationException;
 import de.hsadmin.core.model.AuthorisationException;
-import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.GenericModuleImpl;
 import de.hsadmin.core.model.HSAdminException;
 import de.hsadmin.core.model.ModuleInterface;
-import de.hsadmin.core.model.TicketAuthentication;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.mods.user.UnixUser;
 
 public abstract class AbstractRemote implements IRemote {
 
-	private TicketAuthentication authentication;
-
-	public AbstractRemote() {
-		authentication = new TicketAuthentication();
-	}
-
 	protected abstract Class<? extends AbstractEntity> getEntityClass();
 
 	protected abstract void entity2map(AbstractEntity entity, Map<String, Object> resultMap);
@@ -39,7 +32,7 @@ public abstract class AbstractRemote implements IRemote {
 		String user = runAsUser;
 		Transaction transaction = new Transaction(user);
 		try {
-			if (authentication.login(user, ticket)) {
+			if (transaction.login(user, ticket)) {
 				ModuleInterface module = new GenericModuleImpl(transaction);
 				UnixUser unixUser = transaction.getLoginUser();
 				List<AbstractEntity> list = module.search(getEntityClass(),
@@ -73,7 +66,7 @@ public abstract class AbstractRemote implements IRemote {
 		String user = runAsUser;
 		Transaction transaction = new Transaction(user);
 		try {
-			if (authentication.login(user, ticket)) {
+			if (transaction.login(user, ticket)) {
 				ModuleInterface module = new GenericModuleImpl(transaction);
 				Constructor<? extends AbstractEntity> constructor = 
 					getEntityClass().getConstructor();
@@ -100,7 +93,7 @@ public abstract class AbstractRemote implements IRemote {
 		String user = runAsUser;
 		Transaction transaction = new Transaction(user);
 		try {
-			if (authentication.login(user, ticket)) {
+			if (transaction.login(user, ticket)) {
 				ModuleInterface module = new GenericModuleImpl(transaction);
 				UnixUser unixUser = transaction.getLoginUser();
 				String queryCondition = buildQueryCondition(whereParams);
@@ -137,7 +130,7 @@ public abstract class AbstractRemote implements IRemote {
 		String user = runAsUser;
 		Transaction transaction = new Transaction(user);
 		try {
-			if (authentication.login(user, ticket)) {
+			if (transaction.login(user, ticket)) {
 				ModuleInterface module = new GenericModuleImpl(transaction);
 				UnixUser unixUser = transaction.getLoginUser();
 				ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>();

hsarback/src/de/hsadmin/remote/RoleRemote.java

@@ -9,7 +9,6 @@ import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AuthenticationException;
 import de.hsadmin.core.model.GenericModuleImpl;
 import de.hsadmin.core.model.HSAdminException;
-import de.hsadmin.core.model.TicketAuthentication;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.util.Config;
 import de.hsadmin.mods.dom.Domain;
@@ -17,18 +16,12 @@ import de.hsadmin.mods.pac.Pac;
 
 public class RoleRemote implements IRemote {
 
-	private TicketAuthentication authentication;
-
-	public RoleRemote() {
-		authentication = new TicketAuthentication();
-	}
-	
 	@Override
 	public List<Map<String, Object>> search(String runAsUser, String ticket,
 			Map<String, String> whereParams) throws HSAdminException {
 		String user = runAsUser;
 		Transaction transaction = new Transaction(user);
-		if (authentication.login(user, ticket)) {
+		if (transaction.login(user, ticket)) {
 			String role = "USER";
 			String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer");
 			String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster");