Revision 3748
| org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/tables/EntitiesRepoTable.java | ||
|---|---|---|
| 492 | 492 |
" \"commit\": [ \"*\" ],\n" + |
| 493 | 493 |
" \"view\": [ \"*\" ],\n" + |
| 494 | 494 |
" \"history\": [ \"*\" ],\n" + |
| 495 |
" \"update\": [ \"*\" ],\n" +
|
|
| 495 |
" \"update\": [ \"*\" ]\n" + |
|
| 496 | 496 |
"}") |
| 497 | 497 |
.setDescription("Json with the information of what operations the different users can do.\nExample:\n{\n" +
|
| 498 | 498 |
" \"checkout\": [ \"user1\", \"user2\"],\n" + |
| org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/requests/AbstractRequestLocaldb.java | ||
|---|---|---|
| 60 | 60 |
} |
| 61 | 61 |
|
| 62 | 62 |
if( !this.getRepository().isAuthorizationRequired() ) {
|
| 63 |
LOGGER.info("Repository authorization not required.");
|
|
| 63 | 64 |
return true; |
| 64 | 65 |
} |
| 65 | 66 |
|
| org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/requests/EntitiesRequestLocaldb.java | ||
|---|---|---|
| 32 | 32 |
import org.gvsig.vcsgis.lib.VCSGisEntityEditable; |
| 33 | 33 |
import static org.gvsig.vcsgis.lib.VCSGisManager.ERR_CANT_RETRIEVE_ENTITIES; |
| 34 | 34 |
import static org.gvsig.vcsgis.lib.VCSGisManager.ERR_NO_ERROR; |
| 35 |
import org.gvsig.vcsgis.lib.VCSGisUser; |
|
| 35 | 36 |
import org.gvsig.vcsgis.lib.repository.localdb.VCSGisRepositoryLocaldb; |
| 36 | 37 |
import org.gvsig.vcsgis.lib.repository.localdb.tables.EntitiesRepoTable; |
| 37 | 38 |
import org.gvsig.vcsgis.lib.repository.requests.VCSGisEntitiesRequest; |
| ... | ... | |
| 68 | 69 |
|
| 69 | 70 |
List<VCSGisEntity> list = new ArrayList<>(); |
| 70 | 71 |
entities_it = entitiesTable.getAll(this.getRepository()); |
| 72 |
VCSGisUser user = this.getUser(); |
|
| 73 |
boolean authenticationRequired = this.getRepository().isAuthenticationRequired(); |
|
| 71 | 74 |
for (Feature fentity : entities_it) {
|
| 72 |
VCSGisEntityEditable entity = new EntityEditableImpl(); |
|
| 73 |
if( this.isAuthorized(entity, "view") ) {
|
|
| 74 |
entity.copyfrom(new EntitiesRepoTable.EntityRepoRow(this.getRepository(), fentity)); |
|
| 75 |
VCSGisEntityEditable rEntity = new EntitiesRepoTable.EntityRepoRow(this.getRepository(), fentity); |
|
| 76 |
if( !authenticationRequired || rEntity.isAuthorized(user, "view") ) {
|
|
| 77 |
EntityEditableImpl entity = new EntityEditableImpl(); |
|
| 78 |
entity.copyfrom(rEntity); |
|
| 75 | 79 |
list.add(entity); |
| 76 | 80 |
} |
| 77 | 81 |
} |
| org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/repository/localdb/VCSGisRepositoryLocaldb.java | ||
|---|---|---|
| 23 | 23 |
package org.gvsig.vcsgis.lib.repository.localdb; |
| 24 | 24 |
|
| 25 | 25 |
import java.time.LocalDateTime; |
| 26 |
import java.util.Date; |
|
| 26 | 27 |
import java.util.HashMap; |
| 27 | 28 |
import java.util.List; |
| 28 | 29 |
import java.util.Map; |
| ... | ... | |
| 468 | 469 |
public boolean isAuthenticationRequired() {
|
| 469 | 470 |
ConfigRepoTable varsTable = new ConfigRepoTable(); |
| 470 | 471 |
return BooleanUtils.toBoolean(varsTable.get(this, "AUTHENTICATION")); |
| 471 |
// return this.authenticationRequired; |
|
| 472 | 472 |
} |
| 473 | 473 |
|
| 474 | 474 |
public boolean isAuthorizationRequired() {
|
| 475 | 475 |
ConfigRepoTable varsTable = new ConfigRepoTable(); |
| 476 | 476 |
return BooleanUtils.toBoolean(varsTable.get(this, "AUTHORIZATION")); |
| 477 |
// return this.authorizationRequired; |
|
| 478 | 477 |
} |
| 479 | 478 |
|
| 480 | 479 |
public boolean isAuthenticated(AbstractRequest request) {
|
| 481 | 480 |
if( !this.isAuthenticationRequired() ) {
|
| 481 |
LOGGER.info("Authentication not required for this repository.");
|
|
| 482 | 482 |
return true; |
| 483 | 483 |
} |
| 484 | 484 |
if( StringUtils.isBlank(request.getUserCode()) ) {
|
| ... | ... | |
| 501 | 501 |
} |
| 502 | 502 |
} |
| 503 | 503 |
|
| 504 |
Date d = new java.util.Date(expireTime_l); |
|
| 505 |
Date now = new java.util.Date(); |
|
| 506 |
|
|
| 507 |
LOGGER.info("Repository authentication for user with userCode '"+request.getUserCode()+"' expire at '"+d.toString()+"' (now is '"+now.toString()+"'.");
|
|
| 504 | 508 |
return true; |
| 505 | 509 |
} |
| 506 | 510 |
|
| ... | ... | |
| 513 | 517 |
return false; |
| 514 | 518 |
} |
| 515 | 519 |
if( !this.isAuthorizationRequired() ) {
|
| 520 |
LOGGER.info("Repository authorization not required.");
|
|
| 516 | 521 |
return true; |
| 517 | 522 |
} |
| 518 | 523 |
if( operation == null ) {
|
| ... | ... | |
| 525 | 530 |
return false; |
| 526 | 531 |
} |
| 527 | 532 |
List<String> operations = user.getAllowedOperationsAsList(); |
| 528 |
if( operation == null ) {
|
|
| 533 |
if( operations == null ) {
|
|
| 534 |
LOGGER.info("All repository operations are allowed for user '"+user.getIdentifier()+"' ("+user.getUserCode()+").");
|
|
| 529 | 535 |
return true; |
| 530 | 536 |
} |
| 531 | 537 |
if( !operations.contains(operation) ) {
|
| 532 | 538 |
request.error(ERR_USER_NOT_AUTHORIZED,"User '"+request.getUserCode()+"' is not authorized to '"+request.getRequestName()+"'."); |
| 533 | 539 |
return false; |
| 534 | 540 |
} |
| 541 |
LOGGER.info("Repository authorization for '"+operation + "' operation is allowed for user '"+user.getIdentifier()+"' ("+user.getUserCode()+").");
|
|
| 535 | 542 |
return true; |
| 536 | 543 |
} |
| 537 | 544 |
|
| org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/workspace/VCSGisWorkspaceImpl.java | ||
|---|---|---|
| 3214 | 3214 |
|
| 3215 | 3215 |
private int execute(VCSGisRequest request) {
|
| 3216 | 3216 |
while(true) {
|
| 3217 |
LOGGER.info("Client execute '"+request.getRequestName()+"' with user '"+this.currentUserCode+"' token = "+this.authenticationToken );
|
|
| 3217 | 3218 |
request.cleanLastError(); |
| 3218 | 3219 |
switch(request.execute()) {
|
| 3219 | 3220 |
case ERR_CANT_AUTHENTICATE_USER: |
| org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/org.gvsig.vcsgis.lib/org.gvsig.vcsgis.lib.impl/src/main/java/org/gvsig/vcsgis/lib/VCSGisUtils.java | ||
|---|---|---|
| 104 | 104 |
import static org.gvsig.vcsgis.lib.VCSGisManager.STATE_LOCAL_UNMODIFIED; |
| 105 | 105 |
import static org.gvsig.vcsgis.lib.VCSGisManager.TOPOLOGYPLAN_MODE_RECOMMENDED; |
| 106 | 106 |
import org.gvsig.vcsgis.lib.workspace.VCSGisWorkspaceEntity; |
| 107 |
import org.slf4j.Logger; |
|
| 108 |
import org.slf4j.LoggerFactory; |
|
| 107 | 109 |
|
| 108 | 110 |
/** |
| 109 | 111 |
* |
| ... | ... | |
| 111 | 113 |
*/ |
| 112 | 114 |
public class VCSGisUtils {
|
| 113 | 115 |
|
| 116 |
private static final Logger LOGGER = LoggerFactory.getLogger(VCSGisUtils.class); |
|
| 117 |
|
|
| 118 |
|
|
| 114 | 119 |
public static final String ENTITY_CODE = "EntityCode"; |
| 115 | 120 |
public static final String ENTITY_NAME = "EntityName"; |
| 116 | 121 |
public static final String ENTITY_DATATABLENAME = "DataTableName"; |
| ... | ... | |
| 376 | 381 |
} |
| 377 | 382 |
|
| 378 | 383 |
public static boolean isAuthorized(VCSGisEntity entity, String operation, VCSGisUser user) {
|
| 379 |
String userid = user.getIdentifier().toLowerCase(); |
|
| 380 | 384 |
String s = entity.getAuthorizations(); |
| 381 | 385 |
if( StringUtils.isBlank(s) ) {
|
| 386 |
LOGGER.info("Repository authorization for '" + entity.getEntityName() + "' entity isn't actived.");
|
|
| 382 | 387 |
return true; |
| 383 | 388 |
} |
| 384 |
JsonObject authorizations = Json.createObject(s); |
|
| 385 |
if( authorizations==null ) {
|
|
| 386 |
return false; |
|
| 387 |
} |
|
| 388 |
if( StringUtils.isBlank(userid) || StringUtils.isBlank(operation)) {
|
|
| 389 |
return false; |
|
| 390 |
} |
|
| 391 |
JsonArray op = authorizations.getJsonArray(operation.toLowerCase()); |
|
| 392 |
if( op == null ) {
|
|
| 393 |
return false; |
|
| 394 |
} |
|
| 395 |
Iterator<JsonValue> it = op.iterator(); |
|
| 396 |
while (it.hasNext()) {
|
|
| 397 |
JsonValue value = it.next(); |
|
| 398 |
String userOrRole = ((JsonString)value).getString(); |
|
| 399 |
if(StringUtils.equalsIgnoreCase(userOrRole,"*")){
|
|
| 400 |
return true; |
|
| 389 |
String userid = user.getIdentifier().toLowerCase(); |
|
| 390 |
try {
|
|
| 391 |
JsonObject authorizations = Json.createObject(s); |
|
| 392 |
if (authorizations == null) {
|
|
| 393 |
return false; |
|
| 401 | 394 |
} |
| 402 |
if(StringUtils.equalsIgnoreCase(userOrRole,userid)){
|
|
| 403 |
return true;
|
|
| 395 |
if (StringUtils.isBlank(userid) || StringUtils.isBlank(operation)) {
|
|
| 396 |
return false;
|
|
| 404 | 397 |
} |
| 405 |
for (String role : user.getRolesAsList()) {
|
|
| 406 |
if(StringUtils.equalsIgnoreCase(userOrRole,"$"+role)){
|
|
| 398 |
JsonArray op = authorizations.getJsonArray(operation.toLowerCase()); |
|
| 399 |
if (op == null) {
|
|
| 400 |
return false; |
|
| 401 |
} |
|
| 402 |
Iterator<JsonValue> it = op.iterator(); |
|
| 403 |
while (it.hasNext()) {
|
|
| 404 |
JsonValue value = it.next(); |
|
| 405 |
String userOrRole = ((JsonString) value).getString(); |
|
| 406 |
if (StringUtils.equalsIgnoreCase(userOrRole, "*")) {
|
|
| 407 |
LOGGER.info("Repository authorization for '"+operation+"' operation for '" + entity.getEntityName() + "' entity is allowed for all users.");
|
|
| 407 | 408 |
return true; |
| 408 | 409 |
} |
| 409 |
|
|
| 410 |
if (StringUtils.equalsIgnoreCase(userOrRole, userid)) {
|
|
| 411 |
LOGGER.info("Repository authorization for '"+operation+"' operation for '" + entity.getEntityName() + "' entity is allowed for user '" + userid + "'(" + user.getUserCode() + ").");
|
|
| 412 |
return true; |
|
| 413 |
} |
|
| 414 |
for (String role : user.getRolesAsList()) {
|
|
| 415 |
if (StringUtils.equalsIgnoreCase(userOrRole, "$" + role)) {
|
|
| 416 |
LOGGER.info("Repository authorization for '"+operation+"' operation for '" + entity.getEntityName() + "' entity is allowed for user '" + userid + "/"+role+"' (" + user.getUserCode() + ").");
|
|
| 417 |
return true; |
|
| 418 |
} |
|
| 419 |
} |
|
| 410 | 420 |
} |
| 421 |
} catch (Exception ex) {
|
|
| 422 |
LOGGER.warn("Can't verify authorization of user '"+userid+"'.", ex);
|
|
| 423 |
return false; |
|
| 411 | 424 |
} |
| 412 | 425 |
|
| 413 |
// if( op.contains(userid) ) {
|
|
| 414 |
// if( op.getValuesAs(String.class).toString().contains(userid) ) {
|
|
| 415 |
// return true; |
|
| 416 |
// } |
|
| 417 | 426 |
return false; |
| 418 | 427 |
} |
| 419 | 428 |
|
| ... | ... | |
| 505 | 514 |
if( StringUtils.isBlank(s) ) {
|
| 506 | 515 |
return Collections.EMPTY_LIST; |
| 507 | 516 |
} |
| 508 |
List<String> l = new ArrayList<>(); |
|
| 509 |
String[] ss = StringUtils.split(s, ","); |
|
| 510 |
for (String s1 : ss) {
|
|
| 511 |
if( StringUtils.isBlank(s1) ) {
|
|
| 512 |
continue; |
|
| 517 |
try{
|
|
| 518 |
List<String> l = new ArrayList<>(); |
|
| 519 |
String[] ss = StringUtils.split(s, ","); |
|
| 520 |
for (String s1 : ss) {
|
|
| 521 |
if (StringUtils.isBlank(s1)) {
|
|
| 522 |
continue; |
|
| 523 |
} |
|
| 524 |
if (toLowerCase) {
|
|
| 525 |
l.add(s1.trim().toLowerCase()); |
|
| 526 |
} else {
|
|
| 527 |
l.add(s1.trim()); |
|
| 528 |
} |
|
| 513 | 529 |
} |
| 514 |
if(toLowerCase){
|
|
| 515 |
l.add(s1.trim().toLowerCase()); |
|
| 516 |
} else {
|
|
| 517 |
l.add(s1.trim()); |
|
| 518 |
} |
|
| 530 |
return l; |
|
| 531 |
} catch (Exception ex) {
|
|
| 532 |
return Collections.EMPTY_LIST; |
|
| 519 | 533 |
} |
| 520 |
return l; |
|
| 521 | 534 |
} |
| 522 | 535 |
|
| 523 | 536 |
|
| org.gvsig.vcsgis/trunk/org.gvsig.vcsgis/pom.xml | ||
|---|---|---|
| 9 | 9 |
<parent> |
| 10 | 10 |
<groupId>org.gvsig</groupId> |
| 11 | 11 |
<artifactId>org.gvsig.desktop</artifactId> |
| 12 |
<version>2.0.323</version>
|
|
| 12 |
<version>2.0.324-SNAPSHOT</version>
|
|
| 13 | 13 |
</parent> |
| 14 | 14 |
|
| 15 | 15 |
<properties> |
| 16 | 16 |
<jettyVersion>9.4.34.v20201102</jettyVersion> |
| 17 | 17 |
<org.gvsig.h2spatial.provider>org.gvsig.h2spatial.h2gis132.provider</org.gvsig.h2spatial.provider> |
| 18 |
<gvsig.topology.version>1.0.60</gvsig.topology.version>
|
|
| 18 |
<gvsig.topology.version>1.0.61</gvsig.topology.version>
|
|
| 19 | 19 |
</properties> |
| 20 | 20 |
|
| 21 | 21 |
<url>https://devel.gvsig.org/sites/org.gvsig.vcsgis/${project.version}</url>
|
Also available in: Unified diff