Examples of org.structr.common.SecurityContext

org.structr.common.SecurityContext
Encapsulates the current user and access path and provides methods to query permission flags for a given node. This is the place where HttpServletRequest and Authenticator get together. @author Christian Morgner

        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        response.getOutputStream().write("ERROR (400): Request does not contain multipart content.\n".getBytes("UTF-8"));
        return;
      }


      final SecurityContext securityContext = getConfig().getAuthenticator().initializeAndExamineRequest(request, response);


      if (securityContext.getUser(false) == null && Boolean.FALSE.equals(Boolean.parseBoolean(StructrApp.getConfigurationValue("UploadServlet.allowAnonymousUploads", "false")))) {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        response.getOutputStream().write("ERROR (403): Anonymous uploads forbidden.\n".getBytes("UTF-8"));
        return;
      }
      
      // Ensure access mode is frontend
      securityContext.setAccessMode(AccessMode.Frontend);


      request.setCharacterEncoding("UTF-8");


      // Important: Set character encoding before calling response.getWriter() !!, see Servlet Spec 5.4
      response.setCharacterEncoding("UTF-8");

View Full Code Here

        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        response.getOutputStream().write("ERROR (400): URL path doesn't end with UUID.\n".getBytes("UTF-8"));
        return;
      }


      final SecurityContext securityContext = getConfig().getAuthenticator().initializeAndExamineRequest(request, response);


      // Ensure access mode is frontend
      securityContext.setAccessMode(AccessMode.Frontend);


      request.setCharacterEncoding("UTF-8");


      // Important: Set character encoding before calling response.getWriter() !!, see Servlet Spec 5.4
      response.setCharacterEncoding("UTF-8");


      // don't continue on redirects
      if (response.getStatus() == 302) {
        return;
      }


      uploader.setFileSizeMax(MAX_FILE_SIZE);
      uploader.setSizeMax(MAX_REQUEST_SIZE);


      List<FileItem> fileItemsList = uploader.parseRequest(request);
      Iterator<FileItem> fileItemsIterator = fileItemsList.iterator();


      while (fileItemsIterator.hasNext()) {


        final FileItem fileItem = fileItemsIterator.next();


        try {


          final GraphObject node = StructrApp.getInstance().get(uuid);


          if (node == null) {


            response.setStatus(HttpServletResponse.SC_NOT_FOUND);
            response.getOutputStream().write("ERROR (404): File not found.\n".getBytes("UTF-8"));


          }


          if (node instanceof org.structr.web.entity.AbstractFile) {


            final org.structr.dynamic.File file = (org.structr.dynamic.File) node;
            
            if (securityContext.isAllowed(file, Permission.write)) {


              FileHelper.writeToFile(file, fileItem.getInputStream());
              file.increaseVersion();
              
            } else {

View Full Code Here

   * @throws FrameworkException
   */
  @Override
  public SecurityContext initializeAndExamineRequest(final HttpServletRequest request, final HttpServletResponse response) throws FrameworkException {


    SecurityContext securityContext;


    Principal user = checkSessionAuthentication(request);


    if (user == null) {


      user = checkExternalAuthentication(request, response);


    }


    if (user == null) {


      user = getUser(request, true);


    }


    if (user == null) {


      // If no user could be determined, assume frontend access
      securityContext = SecurityContext.getInstance(user, request, AccessMode.Frontend);


    } else {




      if (user instanceof SuperUser) {


        securityContext = SecurityContext.getSuperUserInstance(request);


      } else {


        securityContext = SecurityContext.getInstance(user, request, AccessMode.Backend);


      }


    }


    securityContext.setAuthenticator(this);


    // test for cross site resource sharing
    String origin = request.getHeader("Origin");
    if (!StringUtils.isBlank(origin)) {

View Full Code Here

      }


    } else if ("auth".equals(action)) {


      String accessToken = oauthServer.getAccessToken(request);
      SecurityContext superUserContext = SecurityContext.getSuperUserInstance();


      if (accessToken != null) {


        logger.log(Level.FINE, "Got access token {0}", accessToken);
        //securityContext.setAttribute("OAuthAccessToken", accessToken);

View Full Code Here

  public void processMessage(WebSocketMessage webSocketData) {


    final String pageId = webSocketData.getId();
    final Map<String, Object> nodeData = webSocketData.getNodeData();
    final String modifiedHtml = (String) nodeData.get("source");
    final SecurityContext securityContext = getWebSocket().getSecurityContext();
    final App app = StructrApp.getInstance(securityContext);


    Page modifiedPage = null;


    Page sourcePage = getPage(pageId);

View Full Code Here

  }


  @Override
  public void processMessage(WebSocketMessage webSocketData) throws FrameworkException {


    final SecurityContext securityContext        = getWebSocket().getSecurityContext();
    final App app                                = StructrApp.getInstance(securityContext);
    final Query query                            = app.nodeQuery();
    final List<? extends GraphObject> resultList = new LinkedList<>();
    final Set<AbstractNode> filteredResults      = new LinkedHashSet<>();

View Full Code Here

  }


  @Override
  public void processMessage(WebSocketMessage webSocketData) {


    final SecurityContext securityContext = getWebSocket().getSecurityContext();
    String sourceId                       = webSocketData.getId();
    Map<String, Object> properties        = webSocketData.getNodeData();
    String targetId                       = (String) properties.get("targetId");
    final String syncMode                 = (String) properties.get("syncMode");
    final DOMNode sourceNode              = (DOMNode) getNode(sourceId);

View Full Code Here

  }


  @Override
  protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws UnsupportedEncodingException {


    SecurityContext securityContext = null;
    Authenticator authenticator = null;
    Result result = null;
    Resource resource = null;


    try {

View Full Code Here


  // <editor-fold defaultstate="collapsed" desc="DELETE">
  @Override
  protected void doDelete(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {


    SecurityContext securityContext = null;
    Authenticator authenticator     = null;
    RestMethodResult result         = null;
    Resource resource               = null;


    try {

View Full Code Here


  // <editor-fold defaultstate="collapsed" desc="GET">
  @Override
  protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {


    SecurityContext securityContext = null;
    Authenticator authenticator     = null;
    Result result                   = null;
    Resource resource               = null;


    try {

View Full Code Here

0 1 2 3 4 5

TOP

Related Classes of org.structr.common.SecurityContext

org.structr.cloud.CloudConnection

org.structr.core.entity.AbstractNode

org.structr.core.entity.Principal

org.structr.core.entity.SuperUser

org.structr.core.graph.BulkChangeNodePropertyKeyCommand

org.structr.core.graph.BulkCreateLabelsCommand

org.structr.core.graph.BulkDeleteSoftDeletedNodesCommand

org.structr.core.graph.BulkRebuildIndexCommand

org.structr.core.graph.BulkSetNodePropertiesCommand

org.structr.core.graph.BulkSetUuidCommand

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.