Revision 3748
org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/tables/EntitiesRepoTable.java | ||
---|---|---|
492 | 492 |
" \"commit\": [ \"*\" ],\n" + |
493 | 493 |
" \"view\": [ \"*\" ],\n" + |
494 | 494 |
" \"history\": [ \"*\" ],\n" + |
495 |
" \"update\": [ \"*\" ],\n" +
|
|
495 |
" \"update\": [ \"*\" ]\n" + |
|
496 | 496 |
"}") |
497 | 497 |
.setDescription("Json with the information of what operations the different users can do.\nExample:\n{\n" + |
498 | 498 |
" \"checkout\": [ \"user1\", \"user2\"],\n" + |
org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/requests/AbstractRequestLocaldb.java | ||
---|---|---|
60 | 60 |
} |
61 | 61 |
|
62 | 62 |
if( !this.getRepository().isAuthorizationRequired() ) { |
63 |
LOGGER.info("Repository authorization not required."); |
|
63 | 64 |
return true; |
64 | 65 |
} |
65 | 66 |
|
org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/requests/EntitiesRequestLocaldb.java | ||
---|---|---|
32 | 32 |
import org.gvsig.vcsgis.lib.VCSGisEntityEditable; |
33 | 33 |
import static org.gvsig.vcsgis.lib.VCSGisManager.ERR_CANT_RETRIEVE_ENTITIES; |
34 | 34 |
import static org.gvsig.vcsgis.lib.VCSGisManager.ERR_NO_ERROR; |
35 |
import org.gvsig.vcsgis.lib.VCSGisUser; |
|
35 | 36 |
import org.gvsig.vcsgis.lib.repository.localdb.VCSGisRepositoryLocaldb; |
36 | 37 |
import org.gvsig.vcsgis.lib.repository.localdb.tables.EntitiesRepoTable; |
37 | 38 |
import org.gvsig.vcsgis.lib.repository.requests.VCSGisEntitiesRequest; |
... | ... | |
68 | 69 |
|
69 | 70 |
List<VCSGisEntity> list = new ArrayList<>(); |
70 | 71 |
entities_it = entitiesTable.getAll(this.getRepository()); |
72 |
VCSGisUser user = this.getUser(); |
|
73 |
boolean authenticationRequired = this.getRepository().isAuthenticationRequired(); |
|
71 | 74 |
for (Feature fentity : entities_it) { |
72 |
VCSGisEntityEditable entity = new EntityEditableImpl(); |
|
73 |
if( this.isAuthorized(entity, "view") ) { |
|
74 |
entity.copyfrom(new EntitiesRepoTable.EntityRepoRow(this.getRepository(), fentity)); |
|
75 |
VCSGisEntityEditable rEntity = new EntitiesRepoTable.EntityRepoRow(this.getRepository(), fentity); |
|
76 |
if( !authenticationRequired || rEntity.isAuthorized(user, "view") ) { |
|
77 |
EntityEditableImpl entity = new EntityEditableImpl(); |
|
78 |
entity.copyfrom(rEntity); |
|
75 | 79 |
list.add(entity); |
76 | 80 |
} |
77 | 81 |
} |
org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/VCSGisRepositoryLocaldb.java | ||
---|---|---|
23 | 23 |
package org.gvsig.vcsgis.lib.repository.localdb; |
24 | 24 |
|
25 | 25 |
import java.time.LocalDateTime; |
26 |
import java.util.Date; |
|
26 | 27 |
import java.util.HashMap; |
27 | 28 |
import java.util.List; |
28 | 29 |
import java.util.Map; |
... | ... | |
468 | 469 |
public boolean isAuthenticationRequired() { |
469 | 470 |
ConfigRepoTable varsTable = new ConfigRepoTable(); |
470 | 471 |
return BooleanUtils.toBoolean(varsTable.get(this, "AUTHENTICATION")); |
471 |
// return this.authenticationRequired; |
|
472 | 472 |
} |
473 | 473 |
|
474 | 474 |
public boolean isAuthorizationRequired() { |
475 | 475 |
ConfigRepoTable varsTable = new ConfigRepoTable(); |
476 | 476 |
return BooleanUtils.toBoolean(varsTable.get(this, "AUTHORIZATION")); |
477 |
// return this.authorizationRequired; |
|
478 | 477 |
} |
479 | 478 |
|
480 | 479 |
public boolean isAuthenticated(AbstractRequest request) { |
481 | 480 |
if( !this.isAuthenticationRequired() ) { |
481 |
LOGGER.info("Authentication not required for this repository."); |
|
482 | 482 |
return true; |
483 | 483 |
} |
484 | 484 |
if( StringUtils.isBlank(request.getUserCode()) ) { |
... | ... | |
501 | 501 |
} |
502 | 502 |
} |
503 | 503 |
|
504 |
Date d = new java.util.Date(expireTime_l); |
|
505 |
Date now = new java.util.Date(); |
|
506 |
|
|
507 |
LOGGER.info("Repository authentication for user with userCode '"+request.getUserCode()+"' expire at '"+d.toString()+"' (now is '"+now.toString()+"'."); |
|
504 | 508 |
return true; |
505 | 509 |
} |
506 | 510 |
|
... | ... | |
513 | 517 |
return false; |
514 | 518 |
} |
515 | 519 |
if( !this.isAuthorizationRequired() ) { |
520 |
LOGGER.info("Repository authorization not required."); |
|
516 | 521 |
return true; |
517 | 522 |
} |
518 | 523 |
if( operation == null ) { |
... | ... | |
525 | 530 |
return false; |
526 | 531 |
} |
527 | 532 |
List<String> operations = user.getAllowedOperationsAsList(); |
528 |
if( operation == null ) { |
|
533 |
if( operations == null ) { |
|
534 |
LOGGER.info("All repository operations are allowed for user '"+user.getIdentifier()+"' ("+user.getUserCode()+")."); |
|
529 | 535 |
return true; |
530 | 536 |
} |
531 | 537 |
if( !operations.contains(operation) ) { |
532 | 538 |
request.error(ERR_USER_NOT_AUTHORIZED,"User '"+request.getUserCode()+"' is not authorized to '"+request.getRequestName()+"'."); |
533 | 539 |
return false; |
534 | 540 |
} |
541 |
LOGGER.info("Repository authorization for '"+operation + "' operation is allowed for user '"+user.getIdentifier()+"' ("+user.getUserCode()+")."); |
|
535 | 542 |
return true; |
536 | 543 |
} |
537 | 544 |
|
org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/workspace/VCSGisWorkspaceImpl.java | ||
---|---|---|
3214 | 3214 |
|
3215 | 3215 |
private int execute(VCSGisRequest request) { |
3216 | 3216 |
while(true) { |
3217 |
LOGGER.info("Client execute '"+request.getRequestName()+"' with user '"+this.currentUserCode+"' token = "+this.authenticationToken ); |
|
3217 | 3218 |
request.cleanLastError(); |
3218 | 3219 |
switch(request.execute()) { |
3219 | 3220 |
case ERR_CANT_AUTHENTICATE_USER: |
org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/VCSGisUtils.java | ||
---|---|---|
104 | 104 |
import static org.gvsig.vcsgis.lib.VCSGisManager.STATE_LOCAL_UNMODIFIED; |
105 | 105 |
import static org.gvsig.vcsgis.lib.VCSGisManager.TOPOLOGYPLAN_MODE_RECOMMENDED; |
106 | 106 |
import org.gvsig.vcsgis.lib.workspace.VCSGisWorkspaceEntity; |
107 |
import org.slf4j.Logger; |
|
108 |
import org.slf4j.LoggerFactory; |
|
107 | 109 |
|
108 | 110 |
/** |
109 | 111 |
* |
... | ... | |
111 | 113 |
*/ |
112 | 114 |
public class VCSGisUtils { |
113 | 115 |
|
116 |
private static final Logger LOGGER = LoggerFactory.getLogger(VCSGisUtils.class); |
|
117 |
|
|
118 |
|
|
114 | 119 |
public static final String ENTITY_CODE = "EntityCode"; |
115 | 120 |
public static final String ENTITY_NAME = "EntityName"; |
116 | 121 |
public static final String ENTITY_DATATABLENAME = "DataTableName"; |
... | ... | |
376 | 381 |
} |
377 | 382 |
|
378 | 383 |
public static boolean isAuthorized(VCSGisEntity entity, String operation, VCSGisUser user) { |
379 |
String userid = user.getIdentifier().toLowerCase(); |
|
380 | 384 |
String s = entity.getAuthorizations(); |
381 | 385 |
if( StringUtils.isBlank(s) ) { |
386 |
LOGGER.info("Repository authorization for '" + entity.getEntityName() + "' entity isn't actived."); |
|
382 | 387 |
return true; |
383 | 388 |
} |
384 |
JsonObject authorizations = Json.createObject(s); |
|
385 |
if( authorizations==null ) { |
|
386 |
return false; |
|
387 |
} |
|
388 |
if( StringUtils.isBlank(userid) || StringUtils.isBlank(operation)) { |
|
389 |
return false; |
|
390 |
} |
|
391 |
JsonArray op = authorizations.getJsonArray(operation.toLowerCase()); |
|
392 |
if( op == null ) { |
|
393 |
return false; |
|
394 |
} |
|
395 |
Iterator<JsonValue> it = op.iterator(); |
|
396 |
while (it.hasNext()) { |
|
397 |
JsonValue value = it.next(); |
|
398 |
String userOrRole = ((JsonString)value).getString(); |
|
399 |
if(StringUtils.equalsIgnoreCase(userOrRole,"*")){ |
|
400 |
return true; |
|
389 |
String userid = user.getIdentifier().toLowerCase(); |
|
390 |
try { |
|
391 |
JsonObject authorizations = Json.createObject(s); |
|
392 |
if (authorizations == null) { |
|
393 |
return false; |
|
401 | 394 |
} |
402 |
if(StringUtils.equalsIgnoreCase(userOrRole,userid)){
|
|
403 |
return true;
|
|
395 |
if (StringUtils.isBlank(userid) || StringUtils.isBlank(operation)) {
|
|
396 |
return false;
|
|
404 | 397 |
} |
405 |
for (String role : user.getRolesAsList()) { |
|
406 |
if(StringUtils.equalsIgnoreCase(userOrRole,"$"+role)){ |
|
398 |
JsonArray op = authorizations.getJsonArray(operation.toLowerCase()); |
|
399 |
if (op == null) { |
|
400 |
return false; |
|
401 |
} |
|
402 |
Iterator<JsonValue> it = op.iterator(); |
|
403 |
while (it.hasNext()) { |
|
404 |
JsonValue value = it.next(); |
|
405 |
String userOrRole = ((JsonString) value).getString(); |
|
406 |
if (StringUtils.equalsIgnoreCase(userOrRole, "*")) { |
|
407 |
LOGGER.info("Repository authorization for '"+operation+"' operation for '" + entity.getEntityName() + "' entity is allowed for all users."); |
|
407 | 408 |
return true; |
408 | 409 |
} |
409 |
|
|
410 |
if (StringUtils.equalsIgnoreCase(userOrRole, userid)) { |
|
411 |
LOGGER.info("Repository authorization for '"+operation+"' operation for '" + entity.getEntityName() + "' entity is allowed for user '" + userid + "'(" + user.getUserCode() + ")."); |
|
412 |
return true; |
|
413 |
} |
|
414 |
for (String role : user.getRolesAsList()) { |
|
415 |
if (StringUtils.equalsIgnoreCase(userOrRole, "$" + role)) { |
|
416 |
LOGGER.info("Repository authorization for '"+operation+"' operation for '" + entity.getEntityName() + "' entity is allowed for user '" + userid + "/"+role+"' (" + user.getUserCode() + ")."); |
|
417 |
return true; |
|
418 |
} |
|
419 |
} |
|
410 | 420 |
} |
421 |
} catch (Exception ex) { |
|
422 |
LOGGER.warn("Can't verify authorization of user '"+userid+"'.", ex); |
|
423 |
return false; |
|
411 | 424 |
} |
412 | 425 |
|
413 |
// if( op.contains(userid) ) { |
|
414 |
// if( op.getValuesAs(String.class).toString().contains(userid) ) { |
|
415 |
// return true; |
|
416 |
// } |
|
417 | 426 |
return false; |
418 | 427 |
} |
419 | 428 |
|
... | ... | |
505 | 514 |
if( StringUtils.isBlank(s) ) { |
506 | 515 |
return Collections.EMPTY_LIST; |
507 | 516 |
} |
508 |
List<String> l = new ArrayList<>(); |
|
509 |
String[] ss = StringUtils.split(s, ","); |
|
510 |
for (String s1 : ss) { |
|
511 |
if( StringUtils.isBlank(s1) ) { |
|
512 |
continue; |
|
517 |
try{ |
|
518 |
List<String> l = new ArrayList<>(); |
|
519 |
String[] ss = StringUtils.split(s, ","); |
|
520 |
for (String s1 : ss) { |
|
521 |
if (StringUtils.isBlank(s1)) { |
|
522 |
continue; |
|
523 |
} |
|
524 |
if (toLowerCase) { |
|
525 |
l.add(s1.trim().toLowerCase()); |
|
526 |
} else { |
|
527 |
l.add(s1.trim()); |
|
528 |
} |
|
513 | 529 |
} |
514 |
if(toLowerCase){ |
|
515 |
l.add(s1.trim().toLowerCase()); |
|
516 |
} else { |
|
517 |
l.add(s1.trim()); |
|
518 |
} |
|
530 |
return l; |
|
531 |
} catch (Exception ex) { |
|
532 |
return Collections.EMPTY_LIST; |
|
519 | 533 |
} |
520 |
return l; |
|
521 | 534 |
} |
522 | 535 |
|
523 | 536 |
|
org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/pom.xml | ||
---|---|---|
9 | 9 |
<parent> |
10 | 10 |
<groupId>org.gvsig</groupId> |
11 | 11 |
<artifactId>org.gvsig.desktop</artifactId> |
12 |
<version>2.0.323</version>
|
|
12 |
<version>2.0.324-SNAPSHOT</version>
|
|
13 | 13 |
</parent> |
14 | 14 |
|
15 | 15 |
<properties> |
16 | 16 |
<jettyVersion>9.4.34.v20201102</jettyVersion> |
17 | 17 |
<org.gvsig.h2spatial.provider>org.gvsig.h2spatial.h2gis132.provider</org.gvsig.h2spatial.provider> |
18 |
<gvsig.topology.version>1.0.60</gvsig.topology.version>
|
|
18 |
<gvsig.topology.version>1.0.61</gvsig.topology.version>
|
|
19 | 19 |
</properties> |
20 | 20 |
|
21 | 21 |
<url>https://devel.gvsig.org/sites/org.gvsig.vcsgis/${project.version}</url> |
Also available in: Unified diff