fixed #78
This commit is contained in:
parent
7aa3dfc2a9
commit
630795f59c
@ -22,7 +22,6 @@ import org.apache.commons.codec.binary.Base64;
|
||||
import de.hsadmin.core.model.AbstractEntity;
|
||||
import de.hsadmin.core.model.GenericModuleImpl;
|
||||
import de.hsadmin.core.model.ModuleInterface;
|
||||
import de.hsadmin.core.model.TicketAuthentication;
|
||||
import de.hsadmin.core.model.Transaction;
|
||||
import de.hsadmin.core.model.onetier.TicketValidator;
|
||||
|
||||
@ -460,9 +459,9 @@ public class CLIClientConnectorServlet extends HttpServlet {
|
||||
String login = a[0];
|
||||
ticket = a[1];
|
||||
try {
|
||||
if (TicketAuthentication.getInstance().login(login, ticket)) {
|
||||
// login successful
|
||||
tx = new Transaction(login);
|
||||
if (tx.login(login, ticket)) {
|
||||
// login successful
|
||||
module = new GenericModuleImpl(tx);
|
||||
|
||||
// read arguments
|
||||
|
@ -13,6 +13,10 @@ public class TechnicalException extends RuntimeException {
|
||||
super(extractCauseMessage(e));
|
||||
}
|
||||
|
||||
public TechnicalException(String errorMsg) {
|
||||
super(errorMsg);
|
||||
}
|
||||
|
||||
private static String extractCauseMessage(Throwable e) {
|
||||
if (e.getMessage() != null && !(e instanceof RollbackException)) {
|
||||
return e.getMessage();
|
||||
|
@ -1,17 +0,0 @@
|
||||
package de.hsadmin.core.model;
|
||||
|
||||
import de.hsadmin.core.model.onetier.TicketValidator;
|
||||
|
||||
public class TicketAuthentication {
|
||||
|
||||
private static TicketAuthentication auth = new TicketAuthentication();
|
||||
|
||||
public static TicketAuthentication getInstance() {
|
||||
return auth;
|
||||
}
|
||||
|
||||
public boolean login(String login, String ticket) throws AuthenticationException {
|
||||
return TicketValidator.getInstance().validateTicket(login, ticket);
|
||||
}
|
||||
|
||||
}
|
@ -4,6 +4,7 @@ import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.jms.Queue;
|
||||
import javax.jms.QueueConnectionFactory;
|
||||
@ -21,9 +22,12 @@ import org.apache.openjpa.persistence.OpenJPAEntityManager;
|
||||
|
||||
import de.hsadmin.cliClientConnector.TechnicalException;
|
||||
import de.hsadmin.core.model.onetier.PersistenceManager;
|
||||
import de.hsadmin.core.model.onetier.TicketValidator;
|
||||
import de.hsadmin.core.qserv.QueueClient;
|
||||
import de.hsadmin.core.qserv.QueueTask;
|
||||
import de.hsadmin.core.util.Config;
|
||||
import de.hsadmin.mods.cust.Customer;
|
||||
import de.hsadmin.mods.pac.Pac;
|
||||
import de.hsadmin.mods.user.UnixUser;
|
||||
|
||||
public class Transaction {
|
||||
@ -76,8 +80,10 @@ public class Transaction {
|
||||
}
|
||||
|
||||
public String getLoginName() {
|
||||
if (loginName != null) return loginName;
|
||||
return null;
|
||||
if (loginName != null) {
|
||||
return loginName;
|
||||
}
|
||||
throw new TechnicalException("no login");
|
||||
}
|
||||
|
||||
public void enqueue(String hiveName, QueueTask task) {
|
||||
@ -193,4 +199,44 @@ public class Transaction {
|
||||
return unixUser;
|
||||
}
|
||||
|
||||
public boolean login(String user, String ticket) throws AuthenticationException {
|
||||
String ticketUser = TicketValidator.getInstance().validateTicket(ticket);
|
||||
if (user != null && user.equals(ticketUser)) {
|
||||
return true; // user himself
|
||||
}
|
||||
if (ticketUser != null && ticketUser.length() == 2) {
|
||||
return true; // 2-letter hostmaster
|
||||
}
|
||||
String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-";
|
||||
if (ticketUser != null && ticketUser.startsWith(hostmasterAccountPrefix) && ticketUser.length() == 8) {
|
||||
return true; // hsh01 hostmaster
|
||||
}
|
||||
if (ticketUser != null && ticketUser.length() == 5) {
|
||||
Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username");
|
||||
userQuery.setParameter("username", user);
|
||||
UnixUser unixUser = (UnixUser) userQuery.getSingleResult();
|
||||
String pacName = unixUser.getPac().getName();
|
||||
return ticketUser.equals(pacName); // pac-admin
|
||||
}
|
||||
if (ticketUser != null && ticketUser.length() == 3) {
|
||||
String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-";
|
||||
Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername");
|
||||
memberQuery.setParameter("membername", memberAccountPrefix + ticketUser);
|
||||
Customer member = (Customer) memberQuery.getSingleResult();
|
||||
Set<Pac> pacs = member.getPacs();
|
||||
for (Pac p : pacs) {
|
||||
if (p.getName().equals(user)) {
|
||||
return true; // member as pac-admin
|
||||
}
|
||||
Set<UnixUser> users = p.getUnixUser();
|
||||
for (UnixUser u : users) {
|
||||
if (u.getName().equals(user)) {
|
||||
return true; // member as pac-user
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + user);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -39,24 +39,7 @@ public class TicketValidator {
|
||||
proxyValidateURL = validateURL;
|
||||
}
|
||||
|
||||
public boolean validateTicket(String runAsUser, String ticket) throws AuthenticationException {
|
||||
String ticketUser = validateTicket(ticket);
|
||||
if (runAsUser != null &&
|
||||
(runAsUser.equals(ticketUser) // user himself
|
||||
|| (ticketUser.length() == 5 && runAsUser.startsWith(ticketUser))
|
||||
// pac-admin
|
||||
|| (ticketUser.length() == 3 && runAsUser.startsWith(ticketUser))
|
||||
// member
|
||||
|| ticketUser.length() == 2) // hostmaster
|
||||
// TODO: add test for member-account
|
||||
) {
|
||||
return true;
|
||||
} else {
|
||||
throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + runAsUser);
|
||||
}
|
||||
}
|
||||
|
||||
private String validateTicket(String ticket) throws AuthenticationException {
|
||||
public String validateTicket(String ticket) throws AuthenticationException {
|
||||
if (proxyServiceURL == null || proxyServiceURL == null) {
|
||||
log.fatal("TicketValidator is not initialized.");
|
||||
throw new RuntimeException("TicketValidator is not initialized.");
|
||||
|
@ -8,24 +8,17 @@ import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import de.hsadmin.core.model.AbstractEntity;
|
||||
import de.hsadmin.core.model.AuthenticationException;
|
||||
import de.hsadmin.core.model.AuthorisationException;
|
||||
import de.hsadmin.core.model.AbstractEntity;
|
||||
import de.hsadmin.core.model.GenericModuleImpl;
|
||||
import de.hsadmin.core.model.HSAdminException;
|
||||
import de.hsadmin.core.model.ModuleInterface;
|
||||
import de.hsadmin.core.model.TicketAuthentication;
|
||||
import de.hsadmin.core.model.Transaction;
|
||||
import de.hsadmin.mods.user.UnixUser;
|
||||
|
||||
public abstract class AbstractRemote implements IRemote {
|
||||
|
||||
private TicketAuthentication authentication;
|
||||
|
||||
public AbstractRemote() {
|
||||
authentication = new TicketAuthentication();
|
||||
}
|
||||
|
||||
protected abstract Class<? extends AbstractEntity> getEntityClass();
|
||||
|
||||
protected abstract void entity2map(AbstractEntity entity, Map<String, Object> resultMap);
|
||||
@ -39,7 +32,7 @@ public abstract class AbstractRemote implements IRemote {
|
||||
String user = runAsUser;
|
||||
Transaction transaction = new Transaction(user);
|
||||
try {
|
||||
if (authentication.login(user, ticket)) {
|
||||
if (transaction.login(user, ticket)) {
|
||||
ModuleInterface module = new GenericModuleImpl(transaction);
|
||||
UnixUser unixUser = transaction.getLoginUser();
|
||||
List<AbstractEntity> list = module.search(getEntityClass(),
|
||||
@ -73,7 +66,7 @@ public abstract class AbstractRemote implements IRemote {
|
||||
String user = runAsUser;
|
||||
Transaction transaction = new Transaction(user);
|
||||
try {
|
||||
if (authentication.login(user, ticket)) {
|
||||
if (transaction.login(user, ticket)) {
|
||||
ModuleInterface module = new GenericModuleImpl(transaction);
|
||||
Constructor<? extends AbstractEntity> constructor =
|
||||
getEntityClass().getConstructor();
|
||||
@ -100,7 +93,7 @@ public abstract class AbstractRemote implements IRemote {
|
||||
String user = runAsUser;
|
||||
Transaction transaction = new Transaction(user);
|
||||
try {
|
||||
if (authentication.login(user, ticket)) {
|
||||
if (transaction.login(user, ticket)) {
|
||||
ModuleInterface module = new GenericModuleImpl(transaction);
|
||||
UnixUser unixUser = transaction.getLoginUser();
|
||||
String queryCondition = buildQueryCondition(whereParams);
|
||||
@ -137,7 +130,7 @@ public abstract class AbstractRemote implements IRemote {
|
||||
String user = runAsUser;
|
||||
Transaction transaction = new Transaction(user);
|
||||
try {
|
||||
if (authentication.login(user, ticket)) {
|
||||
if (transaction.login(user, ticket)) {
|
||||
ModuleInterface module = new GenericModuleImpl(transaction);
|
||||
UnixUser unixUser = transaction.getLoginUser();
|
||||
ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>();
|
||||
|
@ -9,7 +9,6 @@ import de.hsadmin.core.model.AbstractEntity;
|
||||
import de.hsadmin.core.model.AuthenticationException;
|
||||
import de.hsadmin.core.model.GenericModuleImpl;
|
||||
import de.hsadmin.core.model.HSAdminException;
|
||||
import de.hsadmin.core.model.TicketAuthentication;
|
||||
import de.hsadmin.core.model.Transaction;
|
||||
import de.hsadmin.core.util.Config;
|
||||
import de.hsadmin.mods.dom.Domain;
|
||||
@ -17,18 +16,12 @@ import de.hsadmin.mods.pac.Pac;
|
||||
|
||||
public class RoleRemote implements IRemote {
|
||||
|
||||
private TicketAuthentication authentication;
|
||||
|
||||
public RoleRemote() {
|
||||
authentication = new TicketAuthentication();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Map<String, Object>> search(String runAsUser, String ticket,
|
||||
Map<String, String> whereParams) throws HSAdminException {
|
||||
String user = runAsUser;
|
||||
Transaction transaction = new Transaction(user);
|
||||
if (authentication.login(user, ticket)) {
|
||||
if (transaction.login(user, ticket)) {
|
||||
String role = "USER";
|
||||
String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer");
|
||||
String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster");
|
||||
|
Loading…
Reference in New Issue
Block a user