From b07049a11644d4a9a4f0937c511528a928b8894f Mon Sep 17 00:00:00 2001 From: jeb228 Date: Wed, 6 Oct 2010 16:06:25 +0000 Subject: [PATCH] NIHVIVO-736 begin the transition from LoginFormBean to LoginStatusBean. --- .../mannlib/vedit/beans/LoginStatusBean.java | 138 ++++++++++++++++++ .../webapp/controller/edit/Authenticate.java | 51 ++++--- webapp/web/siteAdmin/advancedDataTools.jsp | 2 +- webapp/web/siteAdmin/dataInput.jsp | 2 +- webapp/web/siteAdmin/ontologyEditor.jsp | 2 +- webapp/web/siteAdmin/siteAdminMain.jsp | 15 +- webapp/web/siteAdmin/siteConfiguration.jsp | 4 +- 7 files changed, 175 insertions(+), 39 deletions(-) create mode 100644 webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java diff --git a/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java new file mode 100644 index 000000000..4b9c5bcdb --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java @@ -0,0 +1,138 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vedit.beans; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * An immutable object that records the user's login info as a session + * attribute. + */ +public class LoginStatusBean { + private static final Log log = LogFactory.getLog(LoginStatusBean.class); + + /** + * Security level when the user has not logged in. Also used as a minimum + * level when we want to include every user, logged in or not. + */ + public static final int ANYBODY = 0; + + /** Security level when a user with no privileges is logged in. */ + public static final int NON_EDITOR = 1; + + /** Security level when an authorized editor is logged in. */ + public static final int EDITOR = 4; + + /** Security level when an authorized curator is logged in. */ + public static final int CURATOR = 5; + + /** Security level when a system administrator is logged in. */ + public static final int DBA = 50; + + /** A bean to return when the user has not logged in. */ + private static final LoginStatusBean DUMMY_BEAN = new LoginStatusBean("", + "", ANYBODY); + + /** The bean is attached to the session by this name. */ + private static final String ATTRIBUTE_NAME = "loginStatus"; + + // ---------------------------------------------------------------------- + // static methods + // ---------------------------------------------------------------------- + + /** + * Attach this bean to the session. + */ + public static void setBean(HttpSession session, LoginStatusBean lsb) { + session.setAttribute(ATTRIBUTE_NAME, lsb); + } + + /** + * Get the bean from this request, or a dummy bean if the user is not logged + * in. + */ + public static LoginStatusBean getBean(HttpServletRequest request) { + if (request == null) { + return DUMMY_BEAN; + } + + HttpSession session = request.getSession(false); + if (session == null) { + return DUMMY_BEAN; + } + + return getBean(session); + } + + /** + * Get the bean from this session, or a dummy bean if the user is not logged + * in. + */ + public static LoginStatusBean getBean(HttpSession session) { + if (session == null) { + return DUMMY_BEAN; + } + + Object o = session.getAttribute(ATTRIBUTE_NAME); + if (o == null) { + return DUMMY_BEAN; + } + + if (!(o instanceof LoginStatusBean)) { + log.warn("Tried to get login status bean, but found an instance of " + + o.getClass().getName() + ": " + o); + return DUMMY_BEAN; + } + + return (LoginStatusBean) o; + } + + // ---------------------------------------------------------------------- + // the bean + // ---------------------------------------------------------------------- + + private final String userURI; + private final String username; + private final int securityLevel; + + public LoginStatusBean(String userURI, String username, int securityLevel) { + this.userURI = userURI; + this.username = username; + this.securityLevel = securityLevel; + } + + public String getUserURI() { + return userURI; + } + + public String getUsername() { + return username; + } + + public int getSecurityLevel() { + return securityLevel; + } + + public boolean isLoggedIn() { + return securityLevel > ANYBODY; + } + + public boolean isLoggedInAs(int level) { + return securityLevel == level; + } + + public boolean isLoggedInAtLeast(int minimumLevel) { + return securityLevel >= minimumLevel; + } + + @Override + public String toString() { + return "LoginStatusBean[userURI=" + userURI + ", username=" + username + + ", securityLevel=" + securityLevel + "]"; + } + +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java index cb1447977..5cc13b2f2 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java @@ -25,6 +25,7 @@ import org.apache.commons.logging.LogFactory; import com.hp.hpl.jena.ontology.OntModel; import edu.cornell.mannlib.vedit.beans.LoginFormBean; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole; import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; @@ -287,6 +288,7 @@ public class Authenticate extends FreemarkerHttpServlet { HttpSession session = request.getSession(); // Put the login info into the session. + // TODO the LoginFormBean is being phased out. LoginFormBean lfb = new LoginFormBean(); lfb.setUserURI(user.getURI()); lfb.setLoginStatus("authenticated"); @@ -295,6 +297,11 @@ public class Authenticate extends FreemarkerHttpServlet { lfb.setLoginRemoteAddr(request.getRemoteAddr()); lfb.setLoginName(user.getUsername()); session.setAttribute("loginHandler", lfb); + // TODO this should eventually replace the LoginFormBean. + LoginStatusBean lsb = new LoginStatusBean(user.getURI(), + user.getUsername(), parseUserSecurityLevel(user)); + LoginStatusBean.setBean(session, lsb); + log.info("Adding status bean: " + lsb); // Remove the login process info from the session. session.removeAttribute(LoginProcessBean.SESSION_ATTRIBUTE); @@ -307,15 +314,10 @@ public class Authenticate extends FreemarkerHttpServlet { getUserDao(request).updateUser(user); // Set the timeout limit on the session - editors, etc, get more. - session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL); // seconds, - // not - // milliseconds - try { - if ((int) Integer.decode(lfb.getLoginRole()) > 1) { - session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL); - } - } catch (NumberFormatException e) { - // No problem - leave it at the default. + if (lsb.isLoggedInAtLeast(LoginStatusBean.EDITOR)) { + session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL); + } else { + session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL); } // Record the user in the user/Session map. @@ -437,10 +439,8 @@ public class Authenticate extends FreemarkerHttpServlet { if (session == null) { return State.NOWHERE; } - - LoginFormBean lfb = (LoginFormBean) session - .getAttribute("loginHandler"); - if ((lfb != null) && (lfb.getLoginStatus().equals("authenticated"))) { + + if (LoginStatusBean.getBean(request).isLoggedIn()) { return State.LOGGED_IN; } @@ -456,19 +456,13 @@ public class Authenticate extends FreemarkerHttpServlet { return null; } - HttpSession session = request.getSession(false); - if (session == null) { - return null; - } - - LoginFormBean lfb = (LoginFormBean) session - .getAttribute("loginHandler"); - if (lfb == null) { + LoginStatusBean lsb = LoginStatusBean.getBean(request); + if (!lsb.isLoggedIn()) { log.debug("getLoggedInUser: not logged in"); return null; } - return userDao.getUserByUsername(lfb.getLoginName()); + return userDao.getUserByUsername(lsb.getUsername()); } /** @@ -520,6 +514,19 @@ public class Authenticate extends FreemarkerHttpServlet { return LoginProcessBean.getBeanFromSession(request); } + /** + * Parse the role URI from User. Don't crash if it is not valid. + */ + private int parseUserSecurityLevel(User user) { + try { + return Integer.parseInt(user.getRoleURI()); + } catch (NumberFormatException e) { + log.warn("Invalid RoleURI '" + user.getRoleURI() + "' for user '" + + user.getURI() + "'"); + return 1; + } + } + // ---------------------------------------------------------------------- // Public utility methods. // ---------------------------------------------------------------------- diff --git a/webapp/web/siteAdmin/advancedDataTools.jsp b/webapp/web/siteAdmin/advancedDataTools.jsp index 22596b0bd..65201f70f 100644 --- a/webapp/web/siteAdmin/advancedDataTools.jsp +++ b/webapp/web/siteAdmin/advancedDataTools.jsp @@ -1,6 +1,6 @@ <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%> -<% if (securityLevel >= loginHandler.DBA) { %> +<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) { %>

Advanced Data Tools

diff --git a/webapp/web/siteAdmin/dataInput.jsp b/webapp/web/siteAdmin/dataInput.jsp index 580308c7f..387c7572e 100644 --- a/webapp/web/siteAdmin/dataInput.jsp +++ b/webapp/web/siteAdmin/dataInput.jsp @@ -1,6 +1,6 @@ <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%> -<% if (securityLevel >= loginHandler.EDITOR) { %> +<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.EDITOR) { %>

Data Input

diff --git a/webapp/web/siteAdmin/ontologyEditor.jsp b/webapp/web/siteAdmin/ontologyEditor.jsp index 26b623961..3f6ec5d01 100644 --- a/webapp/web/siteAdmin/ontologyEditor.jsp +++ b/webapp/web/siteAdmin/ontologyEditor.jsp @@ -2,7 +2,7 @@ <%@ page import="edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener"%> -<% if (securityLevel >= loginHandler.CURATOR) { %> +<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) { %>
diff --git a/webapp/web/siteAdmin/siteAdminMain.jsp b/webapp/web/siteAdmin/siteAdminMain.jsp index a4bb30854..0d70dcec0 100644 --- a/webapp/web/siteAdmin/siteAdminMain.jsp +++ b/webapp/web/siteAdmin/siteAdminMain.jsp @@ -1,5 +1,6 @@ <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%> +<%@ page import="edu.cornell.mannlib.vedit.beans.LoginStatusBean" %> <%@ page import="edu.cornell.mannlib.vitro.webapp.beans.Portal" %> <%@ page import="edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory" %> <%@ page import="edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener"%> @@ -11,17 +12,10 @@ <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %><%/* this odd thing points to something in web.xml */ %> <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %> - - <% Portal portal = (Portal) request.getAttribute("portalBean"); - final String DEFAULT_SEARCH_METHOD = "fulltext"; /* options are fulltext/termlike */ - - int securityLevel = loginHandler.ANYBODY; - String loginStatus = loginHandler.getLoginStatus(); - if ( loginStatus.equals("authenticated")) { - securityLevel = Integer.parseInt( loginHandler.getLoginRole() ); - } + final String DEFAULT_SEARCH_METHOD = "fulltext"; /* options are fulltext/termlike */ + LoginStatusBean loginBean = LoginStatusBean.getBean(request); %> @@ -44,9 +38,6 @@ <%@ include file="advancedDataTools.jsp" %> <%@ include file="customReports.jsp" %> - <%-- - <%@ include file="sessionPreferences.jsp" %> - --%>
diff --git a/webapp/web/siteAdmin/siteConfiguration.jsp b/webapp/web/siteAdmin/siteConfiguration.jsp index 453f1d95a..0ff2dce49 100644 --- a/webapp/web/siteAdmin/siteConfiguration.jsp +++ b/webapp/web/siteAdmin/siteConfiguration.jsp @@ -1,6 +1,6 @@ <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%> -<% if (securityLevel >= loginHandler.CURATOR) { %> +<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR) { %>

Site Configuration

@@ -16,7 +16,7 @@
  • Tab management
    • -<% if (securityLevel >= loginHandler.DBA) { %> +<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA) { %>
  • User accounts
    • <% } %>