From 62b624fde47ab77dd154c7ae55dfc540a4619290 Mon Sep 17 00:00:00 2001 From: Christian Corsano Date: Wed, 30 Jan 2008 23:15:20 +0000 Subject: [PATCH] Integration du Core dans Acegi : authentification via EJB fonctionnelle. \n TODO: corriger les noms de roles (ROLE_AUTHOR ou AUTHOR, il faut decider), mettre en place le role ANONYMOUS quand aucune conference n'est selectionnee, et modifier jsp/secure/userinformation.jsp pour qu'il affiche quelque chose de dynamique ... --- .../WEB-INF/applicationContextAcegi.xml | 17 ++- YACOSWeb/WebContent/WEB-INF/web.xml | 7 +- YACOSWeb/WebContent/WEB-INF/yacos-servlet.xml | 9 +- YACOSWeb/src/org/yacos/auth/UserDetails.java | 111 ++++++++++++++++++ .../org/yacos/auth/UserDetailsService.java | 39 ++++++ .../ChoosePreferenceController.java | 13 +- .../controller/DispatchArticleController.java | 16 +-- .../controller/EvaluationController.java | 7 +- .../controller/ListArticleController.java | 13 +- .../author/controller/SArticleController.java | 15 +-- .../ChooseConferenceController.java | 14 +-- .../SUserRegistrationController.java | 18 +-- .../SessionService.java | 107 ++++++++--------- .../system/session/SessionServiceFilter.java | 47 ++++++++ 14 files changed, 280 insertions(+), 153 deletions(-) create mode 100644 YACOSWeb/src/org/yacos/auth/UserDetails.java create mode 100644 YACOSWeb/src/org/yacos/auth/UserDetailsService.java rename YACOSWeb/src/org/yacos/web/system/{controller => session}/SessionService.java (68%) create mode 100644 YACOSWeb/src/org/yacos/web/system/session/SessionServiceFilter.java diff --git a/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml b/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml index 690d63a..569b1c0 100644 --- a/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml +++ b/YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml @@ -68,12 +68,12 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem - - - - - - + + + + + + @@ -137,4 +137,9 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem + + + + + \ No newline at end of file diff --git a/YACOSWeb/WebContent/WEB-INF/web.xml b/YACOSWeb/WebContent/WEB-INF/web.xml index dfe6267..3eaa3da 100644 --- a/YACOSWeb/WebContent/WEB-INF/web.xml +++ b/YACOSWeb/WebContent/WEB-INF/web.xml @@ -42,6 +42,11 @@ lazyLoadingFilter org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter + + lazyLoadingFilter + /onverracaplustard + + @@ -88,7 +93,7 @@ SessionService - org.yacos.web.system.controller.SessionService + org.yacos.web.system.session.SessionServiceFilter diff --git a/YACOSWeb/WebContent/WEB-INF/yacos-servlet.xml b/YACOSWeb/WebContent/WEB-INF/yacos-servlet.xml index c05c0a3..af9c2ce 100644 --- a/YACOSWeb/WebContent/WEB-INF/yacos-servlet.xml +++ b/YACOSWeb/WebContent/WEB-INF/yacos-servlet.xml @@ -84,7 +84,6 @@ - - - - - @@ -278,7 +273,7 @@ + class="org.yacos.web.system.session.SessionService"> @@ -290,4 +285,4 @@ jndi-name="UserManagerBean/remote" cache="true" /> - \ No newline at end of file + diff --git a/YACOSWeb/src/org/yacos/auth/UserDetails.java b/YACOSWeb/src/org/yacos/auth/UserDetails.java new file mode 100644 index 0000000..103f708 --- /dev/null +++ b/YACOSWeb/src/org/yacos/auth/UserDetails.java @@ -0,0 +1,111 @@ +package org.yacos.auth; + +import java.util.ArrayList; +import java.util.List; +import org.acegisecurity.GrantedAuthority; +import org.acegisecurity.GrantedAuthorityImpl; +import org.yacos.core.users.Role; +import org.yacos.core.users.User; +import org.yacos.web.system.session.SessionService; + +public class UserDetails implements org.acegisecurity.userdetails.UserDetails { + /** + * + */ + private static final long serialVersionUID = 1L; + + private String login; + /** + * Password : used for authentication purpose only, is only writable + */ + private String password; + /** + * First Name of the user + */ + private String firstName; + /** + * Last name of the user + */ + private String lastName; + /** + * Organization or lab the user belongs to + */ + private String organization; + /** + * Active email (has to be used frequently) of the user + */ + private String email; + + public UserDetails(User user) { + this.login = user.getLogin(); + this.password = user.getPassword(); + this.firstName = user.getFirstName(); + this.lastName = user.getLastName(); + this.organization = user.getOrganization(); + this.email = user.getEmail(); + } + + public GrantedAuthority[] getAuthorities() { + Integer currentConferenceId = SessionService.getInstance().getCurrentConferenceId(); + + GrantedAuthority[] authorities = null; + + if(currentConferenceId != null){ + List rolesList = SessionService.getInstance().getConferenceManager().getRoles(login, currentConferenceId); + if(! rolesList.isEmpty()){ + authorities = new GrantedAuthority[rolesList.size()]; + } + + for(int i=0;i model1 = new HashMap(); diff --git a/YACOSWeb/src/org/yacos/web/PCmember/controller/ListArticleController.java b/YACOSWeb/src/org/yacos/web/PCmember/controller/ListArticleController.java index d79c19a..a3ba86f 100644 --- a/YACOSWeb/src/org/yacos/web/PCmember/controller/ListArticleController.java +++ b/YACOSWeb/src/org/yacos/web/PCmember/controller/ListArticleController.java @@ -11,7 +11,7 @@ import org.apache.commons.logging.LogFactory; import java.io.IOException; import java.util.List; import org.yacos.web.system.controller.NoConferenceSelectedException; -import org.yacos.web.system.controller.SessionService; +import org.yacos.web.system.session.SessionService; import org.yacos.core.article.Article; import org.yacos.core.article.IArticleManager; import org.yacos.core.exceptions.ConferenceDoesntExistException; @@ -22,8 +22,6 @@ public class ListArticleController extends SimpleFormController { private IArticleManager articleManager; - private SessionService sessionService; - public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, NoConferenceSelectedException { @@ -31,7 +29,7 @@ public class ListArticleController extends SimpleFormController { List
listArticle; try { - listArticle = articleManager.getArticles(sessionService.getCurrentConferenceId(request)); + listArticle = articleManager.getArticles(SessionService.getInstance().getCurrentConferenceId()); getServletContext().setAttribute("listArticle", listArticle); } catch (ConferenceDoesntExistException e) { logger.error(e.getMessage()); @@ -47,11 +45,4 @@ public class ListArticleController extends SimpleFormController { public void setArticleManager(IArticleManager articleManager) { this.articleManager = articleManager; } - - public SessionService getSessionService() { - return sessionService; - } - public void setSessionService(SessionService sessionService) { - this.sessionService = sessionService; - } } \ No newline at end of file diff --git a/YACOSWeb/src/org/yacos/web/author/controller/SArticleController.java b/YACOSWeb/src/org/yacos/web/author/controller/SArticleController.java index b2a2e00..670f55d 100644 --- a/YACOSWeb/src/org/yacos/web/author/controller/SArticleController.java +++ b/YACOSWeb/src/org/yacos/web/author/controller/SArticleController.java @@ -16,7 +16,7 @@ import org.springframework.web.multipart.MultipartFile; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.SimpleFormController; import org.springframework.web.servlet.view.RedirectView; -import org.yacos.web.system.controller.SessionService; +import org.yacos.web.system.session.SessionService; import org.yacos.core.article.Article; import org.yacos.core.article.IArticleManager; import org.yacos.core.conferences.Conference; @@ -29,16 +29,15 @@ public class SArticleController extends SimpleFormController { protected final Log logger = LogFactory.getLog(getClass()); private IArticleManager articleManager; - private SessionService sessionService; public ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object command, BindException errors) throws ServletException, IllegalStateException { // Fetching conference - Conference conf = sessionService.getCurrentConference(request); + Conference conf = SessionService.getInstance().getCurrentConference(); // Fetching user - User user = sessionService.getCurrentUser(request); + User user = SessionService.getInstance().getCurrentUser(); String title = ((FormSubmission) command).getTitle(); String theme = ((FormSubmission) command).getTheme(); @@ -95,12 +94,4 @@ public class SArticleController extends SimpleFormController { public void setArticleManager(IArticleManager articleManager) { this.articleManager = articleManager; } - - public SessionService getSessionService() { - return sessionService; - } - - public void setSessionService(SessionService sessionService) { - this.sessionService = sessionService; - } } \ No newline at end of file diff --git a/YACOSWeb/src/org/yacos/web/system/controller/ChooseConferenceController.java b/YACOSWeb/src/org/yacos/web/system/controller/ChooseConferenceController.java index 8e7f0d6..0ba747c 100644 --- a/YACOSWeb/src/org/yacos/web/system/controller/ChooseConferenceController.java +++ b/YACOSWeb/src/org/yacos/web/system/controller/ChooseConferenceController.java @@ -4,26 +4,18 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.Controller; +import org.yacos.web.system.session.SessionService; public class ChooseConferenceController implements Controller { - private SessionService sessionService; - - public SessionService getSessionService() { - return sessionService; - } - - public void setSessionService(SessionService sessionService) { - this.sessionService = sessionService; - } public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception { - // get IDConf + // get IDConf int idConf = Integer.parseInt(request.getParameter("idConf")); // Set idConf in session context - sessionService.setCurrentConferenceId(request, idConf); + SessionService.getInstance().setCurrentConferenceId(idConf); return new ModelAndView("main"); } diff --git a/YACOSWeb/src/org/yacos/web/system/controller/SUserRegistrationController.java b/YACOSWeb/src/org/yacos/web/system/controller/SUserRegistrationController.java index ded8a16..0349832 100644 --- a/YACOSWeb/src/org/yacos/web/system/controller/SUserRegistrationController.java +++ b/YACOSWeb/src/org/yacos/web/system/controller/SUserRegistrationController.java @@ -13,6 +13,7 @@ import org.springframework.web.servlet.view.RedirectView; import org.yacos.core.users.IUserManager; import org.yacos.core.users.User; import org.yacos.web.system.form.FormUser; +import org.yacos.web.system.session.SessionService; /** * FormController class for the user Sign In scenario (user registration) @@ -24,17 +25,6 @@ import org.yacos.web.system.form.FormUser; */ public class SUserRegistrationController extends SimpleFormController { private IUserManager userManager; - - private SessionService sessionService; - - public SessionService getSessionService() { - return sessionService; - } - - public void setSessionService(SessionService sessionService) { - this.sessionService = sessionService; - } - /** * @see org.springframework.web.servlet.mvc.SimpleFormController#onSubmit(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.validation.BindException) */ @@ -45,7 +35,7 @@ public class SUserRegistrationController extends SimpleFormController { FormUser userCommand = (FormUser) command; // Tries to retrieve the current user : case of user modification - User user = sessionService.getCurrentUser(request); + User user = SessionService.getInstance().getCurrentUser(); if( (userCommand.getIsNew()) && (userManager.getUser(userCommand.getLogin()) != null)){ errors.rejectValue("login", "form.register.error.alreadyExists"); @@ -87,9 +77,9 @@ public class SUserRegistrationController extends SimpleFormController { User currentUser = new User(); user.setIsNew(true); // TODO : see how JAAS could change the way of getting the current User - if(sessionService.isUserLogged(request)){ + if(SessionService.getInstance().isUserLogged()){ // If he is logged, we use his profile information to fill the form - currentUser = (User) sessionService.getCurrentUser(request); + currentUser = (User) SessionService.getInstance().getCurrentUser(); user.setIsNew(false); } diff --git a/YACOSWeb/src/org/yacos/web/system/controller/SessionService.java b/YACOSWeb/src/org/yacos/web/system/session/SessionService.java similarity index 68% rename from YACOSWeb/src/org/yacos/web/system/controller/SessionService.java rename to YACOSWeb/src/org/yacos/web/system/session/SessionService.java index df852c4..3ab801f 100644 --- a/YACOSWeb/src/org/yacos/web/system/controller/SessionService.java +++ b/YACOSWeb/src/org/yacos/web/system/session/SessionService.java @@ -1,17 +1,9 @@ -package org.yacos.web.system.controller; - -import java.io.IOException; +package org.yacos.web.system.session; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.springframework.web.util.WebUtils; import org.yacos.core.conferences.Conference; @@ -24,9 +16,11 @@ import org.yacos.core.users.User; * @author christiancorsano * */ -public class SessionService implements Filter { - private static ServletContext servletContext = null; - private static HttpServletRequest request = null; +public class SessionService { + private static SessionService instance = new SessionService(); + + protected static ServletContext servletContext = null; + protected static HttpServletRequest request = null; private IConferenceManager conferenceManager; private IUserManager userManager; @@ -34,14 +28,21 @@ public class SessionService implements Filter { private User currentUser; private Conference currentConference; - public SessionService(){ + private SessionService(){ + } + + public static SessionService getInstance(){ + if(instance == null){ + instance = new SessionService(); + } + return instance; } /** * Init method to be called at filter time * Makes the sessionAttributes available in the request context */ - private void init(){ + protected void init(){ if(request != null && servletContext != null){ try { if(userManager == null || conferenceManager == null){ @@ -51,10 +52,10 @@ public class SessionService implements Filter { } // Put the current conference in the request context to make it accessible in JSPs // This avoid to put the whole object in the session - request.setAttribute("currentConference", getCurrentConference(request)); + request.setAttribute("currentConference", getCurrentConference()); // Put the current conference in the request context to make it accessible in JSPs // This avoid to put the whole object in the session - request.setAttribute("currentUser", getCurrentUser(request)); + request.setAttribute("currentUser", getCurrentUser()); } catch (NamingException e) { // TODO Auto-generated catch block e.printStackTrace(); @@ -85,7 +86,7 @@ public class SessionService implements Filter { * @param request The current HTTP request object, necessary for session operations * @return The current conference id */ - public Integer getCurrentConferenceId(HttpServletRequest request) { + public Integer getCurrentConferenceId() { // Retrieve the ID from the session Integer confId = (Integer) WebUtils.getSessionAttribute(request, "currentConferenceId"); return confId; @@ -96,7 +97,7 @@ public class SessionService implements Filter { * @param request The current HTTP request object, necessary for session operations * @param currentConferenceId The id to set as the new current conference */ - public void setCurrentConferenceId(HttpServletRequest request,Integer currentConferenceId) { + public void setCurrentConferenceId(Integer currentConferenceId) { WebUtils.setSessionAttribute(request, "currentConferenceId", currentConferenceId); currentConference = conferenceManager.getConference(currentConferenceId); request.setAttribute("currentConference", currentConference); @@ -107,8 +108,8 @@ public class SessionService implements Filter { * @param request The current HTTP request object, necessary for session operations * @param c The conference object to set as current */ - public void setCurrentConference(HttpServletRequest request, Conference c){ - setCurrentConferenceId(request, c.getId() ); + public void setCurrentConference(Conference c){ + setCurrentConferenceId( c.getId() ); currentConference = c; } @@ -117,8 +118,8 @@ public class SessionService implements Filter { * @param request The current HTTP request object, necessary for session operations * @return The conference object */ - public Conference getCurrentConference(HttpServletRequest request){ - Integer id = getCurrentConferenceId(request); + public Conference getCurrentConference(){ + Integer id = getCurrentConferenceId(); // The currentConference can be out to date : force the update if(currentConference != null && id != currentConference.getId()){ @@ -136,9 +137,9 @@ public class SessionService implements Filter { * @param request The current HTTP request object, necessary for session operations * @param currentUser The new current user to set */ - public void setCurrentUser(HttpServletRequest request,User currentUser) { + public void setCurrentUser(User currentUser) { this.currentUser = currentUser; - this.setCurrentUserLogin(request,currentUser.getLogin()); + this.setCurrentUserLogin(currentUser.getLogin()); } /** @@ -146,7 +147,7 @@ public class SessionService implements Filter { * @param request The current HTTP request object, necessary for session operations * @param login The new current user login */ - public void setCurrentUserLogin(HttpServletRequest request, String login) { + public void setCurrentUserLogin(String login) { WebUtils.setSessionAttribute(request, "currentUserLogin", login); currentUser = userManager.getUser(login); request.setAttribute("currentUser", currentUser); @@ -159,7 +160,7 @@ public class SessionService implements Filter { * @param request The current HTTP request object, necessary for session operations * @return The current user login */ - public String getCurrentUserLogin(HttpServletRequest request){ + public String getCurrentUserLogin(){ // Retrieve the login from the session String login = (String) WebUtils.getSessionAttribute(request, "currentUserLogin"); return login; @@ -167,12 +168,11 @@ public class SessionService implements Filter { /** * Get (if necessary) and returns the current user object - * @param request The current HTTP request object, necessary for session operations * @return The current User */ - public User getCurrentUser(HttpServletRequest request) { + public User getCurrentUser() { // Retrieve the login from the session - String login = this.getCurrentUserLogin(request); + String login = this.getCurrentUserLogin(); // The user can be out to date : force the update if(currentUser != null && (! currentUser.getLogin().equals(login)) ){ @@ -180,7 +180,7 @@ public class SessionService implements Filter { } // Check if the user object is already in cache - if(currentUser == null || (this.getCurrentUser(request).getLogin().equals(login)) ){ + if(currentUser == null || (this.getCurrentUser().getLogin().equals(login)) ){ // Checks login for validity if(login == null || login.equals("")){ currentUser = null; @@ -194,42 +194,27 @@ public class SessionService implements Filter { /** * Returns whether the user is logged (is there a current User for this session) - * @param request The current HTTP request object, necessary for session operations * @return true if there's a current user in the session, false otherwise */ - public boolean isUserLogged(HttpServletRequest request){ - return getCurrentUser(request) != null; - } - - /* ========================= */ - /* = Filter implementation = */ - /* ========================= */ - - /** - * Inits the filter, and set the servletContext for this session service - */ - public void init(FilterConfig config) throws ServletException { - SessionService.servletContext = config.getServletContext(); - } - - /** - * Fetch the current session data so that every JSP has access to it - */ - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - if(request instanceof HttpServletRequest){ - SessionService.request = (HttpServletRequest) request; - init(); - } - - chain.doFilter(request, response); + public boolean isUserLogged(){ + return getCurrentUser() != null; } /** - * Clean the static attributes + * Puts an object in the session + * @param name The name of the attribute in the session + * @param attribute The attribute object */ - public void destroy() { - SessionService.servletContext = null; - SessionService.request = null; + public void setSessionAttribute(String name, Object attribute){ + WebUtils.setSessionAttribute(request, name, attribute); + } + + /** + * Retrieves an object from the Session + * @param name The name of the attribute to retrieve + * @return The attribute object + */ + public Object getSessionAttribute(String name){ + return WebUtils.getSessionAttribute(request, name); } } diff --git a/YACOSWeb/src/org/yacos/web/system/session/SessionServiceFilter.java b/YACOSWeb/src/org/yacos/web/system/session/SessionServiceFilter.java new file mode 100644 index 0000000..5a8262b --- /dev/null +++ b/YACOSWeb/src/org/yacos/web/system/session/SessionServiceFilter.java @@ -0,0 +1,47 @@ +package org.yacos.web.system.session; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +/** + * Filter to initialize the SessionService singleton + * @author christiancorsano + * + */ +public class SessionServiceFilter implements Filter { + /** + * Inits the filter, and set the servletContext for this session service + */ + public void init(FilterConfig config) throws ServletException { + SessionService.servletContext = config.getServletContext(); + } + + /** + * Puts the request object into SessionService and tells it to init + */ + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws IOException, ServletException { + if(request instanceof HttpServletRequest){ + SessionService.request = (HttpServletRequest) request; + SessionService.getInstance().init(); + } + + // Continue the filter chain + chain.doFilter(request, response); + } + + /** + * Clean the static attributes + */ + public void destroy() { + SessionService.servletContext = null; + SessionService.request = null; + } +} \ No newline at end of file