NIHVIVO-2492 Modify AJAX controllers to be Actions-based.
This commit is contained in:
j2blake
parent
50e7e2099f
commit
a1e87a10b9
8 changed files with 67 additions and 35 deletions
|
|
@ -102,29 +102,6 @@ public class PolicyHelper {
|
|||
Or[] or() default @Or();
|
||||
}
|
||||
|
||||
/**
|
||||
* Are the actions that this servlet requires authorized for the current
|
||||
* user by the current policies?
|
||||
*/
|
||||
public static boolean isAuthorizedForServlet(HttpServletRequest req,
|
||||
HttpServlet servlet) {
|
||||
return isAuthorizedForServlet(req, servlet.getClass());
|
||||
}
|
||||
|
||||
/**
|
||||
* Are the actions that this servlet class requires authorized for the
|
||||
* current user by the current policies?
|
||||
*/
|
||||
public static boolean isAuthorizedForServlet(HttpServletRequest req,
|
||||
Class<? extends HttpServlet> servletClass) {
|
||||
try {
|
||||
return isAuthorizedForActionClauses(req,
|
||||
ActionClauses.forServletClass(servletClass));
|
||||
} catch (PolicyHelperException e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this action class authorized for the current user by the current
|
||||
* policies?
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import java.util.Arrays;
|
|||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -114,12 +115,34 @@ public class Actions {
|
|||
private static boolean isAuthorizedForAction(PolicyIface policy,
|
||||
IdentifierBundle ids, RequestedAction action) {
|
||||
PolicyDecision decision = policy.isAuthorized(ids, action);
|
||||
log.debug("decision for '" + action.getClass().getName() + "' was: "
|
||||
log.debug("decision for '" + action.getClass().getSimpleName() + "' was: "
|
||||
+ decision);
|
||||
return (decision != null)
|
||||
&& (decision.getAuthorized() == Authorization.AUTHORIZED);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuffer sb = new StringBuffer("Actions[");
|
||||
for (Iterator<Set<RequestedAction>> cit = clauseList.iterator(); cit.hasNext();) {
|
||||
Set<RequestedAction> clause = cit.next();
|
||||
sb.append("(");
|
||||
for (Iterator<RequestedAction> it = clause.iterator(); it.hasNext();) {
|
||||
RequestedAction action = it.next();
|
||||
sb.append(action.getClass().getSimpleName());
|
||||
if (it.hasNext()) {
|
||||
sb.append(", ");
|
||||
}
|
||||
}
|
||||
sb.append(")");
|
||||
if (cit.hasNext()) {
|
||||
sb.append(" or ");
|
||||
}
|
||||
}
|
||||
sb.append("]");
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Nobody knows about this action class, so only the root user should be
|
||||
* authorized for it.
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import com.hp.hpl.jena.query.ResultSetFormatter;
|
|||
import com.hp.hpl.jena.query.Syntax;
|
||||
import com.hp.hpl.jena.rdf.model.Model;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
|
||||
|
|
@ -35,7 +35,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
|||
*
|
||||
* The result is delivered in JSON format.
|
||||
*/
|
||||
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||
public class SparqlQueryAjaxController extends VitroAjaxController {
|
||||
private static final Log log = LogFactory
|
||||
.getLog(SparqlQueryAjaxController.class);
|
||||
|
|
@ -43,6 +42,11 @@ public class SparqlQueryAjaxController extends VitroAjaxController {
|
|||
private static final String PARAMETER_QUERY = "query";
|
||||
private static final String RESPONSE_MIME_TYPE = "application/javascript";
|
||||
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new UseBasicAjaxControllers());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerConfigurationLoader;
|
||||
import freemarker.template.Configuration;
|
||||
|
|
@ -42,7 +43,7 @@ public abstract class VitroAjaxController extends HttpServlet {
|
|||
protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
|
||||
throws ServletException, IOException {
|
||||
VitroRequest vreq = new VitroRequest(req);
|
||||
if (PolicyHelper.isAuthorizedForServlet(vreq, this)) {
|
||||
if (PolicyHelper.isAuthorizedForActions(vreq, requiredActions(vreq))) {
|
||||
doRequest(vreq, resp);
|
||||
} else {
|
||||
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
|
||||
|
|
@ -58,6 +59,17 @@ public abstract class VitroAjaxController extends HttpServlet {
|
|||
doGet(req, resp);
|
||||
}
|
||||
|
||||
/**
|
||||
* By default, a controller requires authorization for no actions.
|
||||
* Subclasses that require authorization to process their page will override
|
||||
* to return the actions that require authorization.
|
||||
* In some cases, the choice of actions will depend on the contents of the request.
|
||||
*/
|
||||
@SuppressWarnings("unused")
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return Actions.EMPTY;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the current Freemarker Configuration so the controller can process
|
||||
* its data through a template.
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import org.apache.commons.lang.StringUtils;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
||||
|
|
@ -17,12 +17,16 @@ import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
|||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
|
||||
|
||||
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||
public class PrimitiveDelete extends VitroAjaxController {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
private static final Log log = LogFactory.getLog(PrimitiveDelete.class);
|
||||
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new UseBasicAjaxControllers());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import com.hp.hpl.jena.rdf.model.Model;
|
|||
import com.hp.hpl.jena.shared.Lock;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
||||
|
|
@ -29,11 +29,15 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.DependentResourceDeleteJena;
|
|||
import edu.cornell.mannlib.vitro.webapp.dao.jena.event.EditEvent;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.EditN3Utils;
|
||||
|
||||
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||
public class PrimitiveRdfEdit extends VitroAjaxController {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new UseBasicAjaxControllers());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doRequest(VitroRequest vreq,
|
||||
HttpServletResponse response) throws ServletException, IOException {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import org.apache.commons.httpclient.HttpStatus;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
|
|
@ -24,7 +24,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
|||
* @author rjy7
|
||||
*
|
||||
*/
|
||||
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||
public class ReorderController extends VitroAjaxController {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
|
@ -33,6 +32,11 @@ public class ReorderController extends VitroAjaxController {
|
|||
private static String RANK_PREDICATE_PARAMETER_NAME = "predicate";
|
||||
private static String INDIVIDUAL_PREDICATE_PARAMETER_NAME = "individuals";
|
||||
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new UseBasicAjaxControllers());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ import org.json.JSONArray;
|
|||
|
||||
import com.hp.hpl.jena.sparql.lib.org.json.JSONObject;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
|
||||
|
|
@ -47,7 +47,6 @@ import edu.cornell.mannlib.vitro.webapp.search.lucene.LuceneSetup;
|
|||
* AutocompleteController generates autocomplete content
|
||||
* through a Lucene search.
|
||||
*/
|
||||
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
|
||||
public class AutocompleteController extends VitroAjaxController {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
|
@ -60,6 +59,11 @@ public class AutocompleteController extends VitroAjaxController {
|
|||
String NORESULT_MSG = "";
|
||||
private int defaultMaxSearchSize= 1000;
|
||||
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new UseBasicAjaxControllers());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doRequest(VitroRequest vreq, HttpServletResponse response)
|
||||
throws IOException, ServletException {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue