Examples of it.eng.spagobi.services.security.exceptions.SecurityException

• it.eng.spagobi.services.security.exceptions.SecurityException

          errorHandler.addError(emfu);
          return;
        }
      } catch (Exception e) {
        logger.error("Reading user information... ERROR");
        throw new SecurityException("Reading user information... ERROR",e);
      }
      //getting security type: if it's internal (SpagoBI) active pwd management and checks
      boolean isInternalSecurity = ("true".equalsIgnoreCase((String)request.getAttribute("isInternalSecurity")))?true:false;
      logger.debug("isInternalSecurity: " + isInternalSecurity);
      if (isInternalSecurity)  {
        //gets the user bo
        ISbiUserDAO userDao = DAOFactory.getSbiUserDAO();
        SbiUser user = userDao.loadSbiUserByUserId(userId);

        //check user's role: if he's admin it doesn't apply checks on password
        String strAdminPatter =  SingletonConfig.getInstance().getConfigValue("SPAGOBI.SECURITY.ROLE-TYPE-PATTERNS.ADMIN-PATTERN");
        int sbiUserId=-1;
        if (user!=null)sbiUserId=user.getId();
        List lstRoles = userDao.loadSbiUserRolesById(sbiUserId);
        boolean isAdminUser = false;

        for (int i=0; i<lstRoles.size(); i++){
          SbiExtRoles tmpRole = (SbiExtRoles)lstRoles.get(i);
          Role role = DAOFactory.getRoleDAO().loadByID(tmpRole.getExtRoleId());
          if (role.getName().equals(strAdminPatter)){
            isAdminUser = true;
            logger.debug("User is administrator. Checks on the password are not applied !");
            break;
          }
        }

        if (!isAdminUser){
          //check validation of the password
          logger.debug("Validation password starting...");

          boolean goToChangePwd = checkPwd(user);
          if (goToChangePwd){
            response.setAttribute("user_id", user.getUserId());
            String url = servletRequest.getProtocol().substring(0,servletRequest.getProtocol().indexOf("/")) +
            "://"+servletRequest.getServerName()+":"+servletRequest.getLocalPort()+servletRequest.getContextPath();
            response.setAttribute("start_url", url);
            response.setAttribute(SpagoBIConstants.PUBLISHER_NAME, "ChangePwdPublisher");
            return;
          }

          logger.info("The pwd is active!");
          //update lastAccessDate on db with current date
          try{
            if (user!=null){
              user.setDtLastAccess(new Date());
              userDao.updateSbiUser(user, user.getId());
            }
          }catch(Exception e){
            logger.error("Error while update user's dtLastAccess: " + e);
          }
        }
      }
    }

    try {
      profile=UserUtilities.getUserProfile(userId);
      if (profile == null){
        logger.error("user not created");
        EMFUserError emfu = new EMFUserError(EMFErrorSeverity.ERROR, 501);
        errorHandler.addError(emfu);
        return;
      }

      Boolean userHasChanged = Boolean.TRUE;
      // try to find if the user has changed: if so, the session parameters must be reset, see also homebis.jsp
      // check previous userId with current one: if they are equals, user has not changed
      if (previousProfile != null && previousProfile.getUserId().equals(((UserProfile)profile).getUserId())) {
        userHasChanged = Boolean.FALSE;
      }
      response.setAttribute("USER_HAS_CHANGED", userHasChanged);
      // put user profile into session
      permSess.setAttribute(IEngUserProfile.ENG_USER_PROFILE, profile);


    } catch (Exception e) {
      logger.error("Reading user information... ERROR");
      throw new SecurityException("Reading user information... ERROR",e);
    }

    //String username = (String) profile.getUserUniqueIdentifier();
    String username = (String) ((UserProfile)profile).getUserId();
    if (!UserUtilities.userFunctionalityRootExists(username)) {

      SpagoBIUserProfile user = supplier.createUserProfile(userId);
      user.setFunctions(UserUtilities.readFunctionality(user.getRoles()));
      profile = new UserProfile(user);
    } catch (Exception e) {
      logger.error("An error occurred while creating user profile for user [" + userId + "]");
      throw new SecurityException("An error occurred while creating user profile for user [" + userId + "]", e);
    } finally {
      logger.debug("OUT");
    }
    return profile;
  }

    user.setFunctions(readFunctionality(user.getRoles()));
    userProfile = new UserProfile(user);
      } catch (Exception e) {
        logger.error("An error occured while retrieving user profile for user[" + userId +"]");
        throw new SecurityException("An error occured while retrieving user profile for user[" + userId +"]", e);
      }

      logger.debug("userProfile created.UserID= " + (String) userProfile.getUserUniqueIdentifier());
      logger.debug("Attributes name of the user profile: " + userProfile.getUserAttributeNames());
      logger.debug("Functionalities of the user profile: " + userProfile.getFunctionalities());

    SpagoBIUserProfile user = supplier.createUserProfile(userId);
    user.setFunctions(readFunctionality(user.getRoles()));
    return new UserProfile(user);
      } catch (Exception e) {
        logger.error("Exception while creating user profile",e);
      throw new SecurityException("Exception while creating user profile", e);
      }finally{
        logger.debug("OUT");
      }
    }

    if (user==null) return null;
    user.setFunctions(readFunctionality(user.getRoles()));
    return new UserProfile(user);
      } catch (Exception e) {
        logger.error("Exception while creating user profile",e);
      throw new SecurityException("Exception while creating user profile", e);
      }finally{
        logger.debug("OUT");
      }
    }

      }

  } catch (Exception e) {
      logger.error("Exception");
      throw new SecurityException("Exception", e);
  } finally {
      logger.debug("OUT");
  }

    }