litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2279 Remove securityLevel from LoginStatusBean

Browse source
This commit is contained in:
j2blake 2011-06-06 15:18:37 +00:00
parent 63078edb62
commit ccb6cc549d
5 changed files with 92 additions and 115 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java
View file

@ -20,27 +20,9 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
public class LoginStatusBean {
private static final Log log = LogFactory.getLog(LoginStatusBean.class);
/**
* Security level when the user has not logged in. Also used as a minimum
* level when we want to include every user, logged in or not.
*/
public static final int ANYBODY = 0;
/** Security level when a user with no privileges is logged in. */
public static final int NON_EDITOR = 1;
/** Security level when an authorized editor is logged in. */
public static final int EDITOR = 4;
/** Security level when an authorized curator is logged in. */
public static final int CURATOR = 5;
/** Security level when a system administrator is logged in. */
public static final int DBA = 50;
/** A bean to return when the user has not logged in. */
private static final LoginStatusBean DUMMY_BEAN = new LoginStatusBean("",
"", ANYBODY, AuthenticationSource.UNKNOWN);
"", AuthenticationSource.UNKNOWN);
/** The bean is attached to the session by this name. */
private static final String ATTRIBUTE_NAME = "loginStatus";
@ -137,14 +119,12 @@ public class LoginStatusBean {
private final String userURI;
private final String username;
private final int securityLevel;
private final AuthenticationSource authenticationSource;
public LoginStatusBean(String userURI, String username, int securityLevel,
public LoginStatusBean(String userURI, String username,
AuthenticationSource authenticationSource) {
this.userURI = userURI;
this.username = username;
this.securityLevel = securityLevel;
this.authenticationSource = authenticationSource;
}
@ -156,10 +136,6 @@ public class LoginStatusBean {
return username;
}
public int getSecurityLevel() {
return securityLevel;
}
public AuthenticationSource getAuthenticationSource() {
return authenticationSource;
}
@ -175,7 +151,6 @@ public class LoginStatusBean {
@Override
public String toString() {
return "LoginStatusBean[userURI=" + userURI + ", username=" + username
+ ", securityLevel=" + securityLevel
+ ", authenticationSource=" + authenticationSource + "]";
}

41
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
View file

@ -31,9 +31,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.LogoutEvent;
* The "standard" implementation of Authenticator.
*/
public class BasicAuthenticator extends Authenticator {
/** User roles are recorded in the model like "role:/50", etc. */
private static final String ROLE_NAMESPACE = "role:/";
private static final Log log = LogFactory.getLog(BasicAuthenticator.class);
private final HttpServletRequest request;
@ -105,25 +102,20 @@ public class BasicAuthenticator extends Authenticator {
recordLoginOnUserRecord(user);
String userUri = user.getURI();
int securityLevel = parseUserSecurityLevel(user);
recordLoginWithOrWithoutUserAccount(username, userUri, securityLevel,
authSource);
recordLoginWithOrWithoutUserAccount(username, userUri, authSource);
}
@Override
public void recordLoginWithoutUserAccount(String username,
String individualUri, AuthenticationSource authSource) {
int securityLevel = LoginStatusBean.NON_EDITOR;
recordLoginWithOrWithoutUserAccount(username, individualUri, securityLevel,
authSource);
recordLoginWithOrWithoutUserAccount(username, individualUri, authSource);
}
/** This much is in common on login, whether or not you have a user account. */
private void recordLoginWithOrWithoutUserAccount(String username,
String userUri, int securityLevel, AuthenticationSource authSource) {
String userUri, AuthenticationSource authSource) {
HttpSession session = request.getSession();
createLoginStatusBean(username, userUri, securityLevel, authSource,
session);
createLoginStatusBean(username, userUri, authSource, session);
setSessionTimeoutLimit(session);
recordInUserSessionMap(userUri, session);
notifyOtherUsers(userUri, session);
@ -144,10 +136,8 @@ public class BasicAuthenticator extends Authenticator {
* Put the login bean into the session.
*/
private void createLoginStatusBean(String username, String userUri,
int securityLevel, AuthenticationSource authSource,
HttpSession session) {
LoginStatusBean lsb = new LoginStatusBean(userUri, username,
securityLevel, authSource);
AuthenticationSource authSource, HttpSession session) {
LoginStatusBean lsb = new LoginStatusBean(userUri, username, authSource);
LoginStatusBean.setBean(session, lsb);
log.debug("Adding status bean: " + lsb);
}
@ -318,23 +308,4 @@ public class BasicAuthenticator extends Authenticator {
return wadf;
}
/**
* Parse the role URI from User. Don't crash if it is not valid.
*/
private int parseUserSecurityLevel(User user) {
String roleURI = user.getRoleURI();
try {
if (roleURI.startsWith(ROLE_NAMESPACE)) {
String roleLevel = roleURI.substring(ROLE_NAMESPACE.length());
return Integer.parseInt(roleLevel);
} else {
return Integer.parseInt(roleURI);
}
} catch (NumberFormatException e) {
log.warn("Invalid RoleURI '" + roleURI + "' for user '"
+ user.getURI() + "'");
return 1;
}
}
}

20
webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java
View file

@ -153,28 +153,10 @@ public class AuthenticatorStub extends Authenticator {
User user = getUserByUsername(username);
LoginStatusBean lsb = new LoginStatusBean(user.getURI(), username,
parseUserSecurityLevel(user.getRoleURI()), authSource);
authSource);
LoginStatusBean.setBean(request.getSession(), lsb);
}
private static final String ROLE_NAMESPACE = "role:/";
/**
* Parse the role URI from User. Don't crash if it is not valid.
*/
private int parseUserSecurityLevel(String roleURI) {
try {
if (roleURI.startsWith(ROLE_NAMESPACE)) {
String roleLevel = roleURI.substring(ROLE_NAMESPACE.length());
return Integer.parseInt(roleLevel);
} else {
return Integer.parseInt(roleURI);
}
} catch (NumberFormatException e) {
throw new IllegalArgumentException(e);
}
}
// ----------------------------------------------------------------------
// Un-implemented methods
// ----------------------------------------------------------------------

16
webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
View file

@ -119,10 +119,10 @@ public class AuthenticateTest extends AbstractTestClass {
userDao.addUser(createUserFromUserInfo(OLD_DBA));
userDao.addUser(createUserFromUserInfo(OLD_SELF));
userDao.addUser(createUserFromUserInfo(OLD_STRANGER));
webappDaoFactory = new WebappDaoFactoryStub();
webappDaoFactory.setUserDao(userDao);
servletContext = new ServletContextStub();
servletContext.setAttribute("webappDaoFactory", webappDaoFactory);
@ -394,7 +394,8 @@ public class AuthenticateTest extends AbstractTestClass {
doTheRequest();
assertProcessBean(FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, NO_MSG,
"Your new password cannot match the current one.", URL_LOGIN, URL_WITH_LINK);
"Your new password cannot match the current one.", URL_LOGIN,
URL_WITH_LINK);
assertRedirectToLoginProcessPage();
}
@ -415,8 +416,7 @@ public class AuthenticateTest extends AbstractTestClass {
@Test
public void alreadyLoggedIn() {
LoginStatusBean statusBean = new LoginStatusBean(OLD_DBA_URI,
OLD_DBA_NAME, OLD_DBA_SECURITY_LEVEL,
AuthenticationSource.INTERNAL);
OLD_DBA_NAME, AuthenticationSource.INTERNAL);
LoginStatusBean.setBean(session, statusBean);
setRequestFromLoginLink(URL_WITH_LINK);
@ -471,14 +471,14 @@ public class AuthenticateTest extends AbstractTestClass {
public void exitDbaFromLoginPage() {
setProcessBean(LOGGING_IN, NO_USER, URL_LOGIN, URL_LOGIN);
setLoginNameAndPassword(OLD_DBA_NAME, OLD_DBA_PW);
doTheRequest();
assertNoProcessBean();
assertNewLoginSessions(OLD_DBA_NAME);
assertRedirect(URL_SITE_ADMIN);
}
// ----------------------------------------------------------------------
// Helper methods
// ----------------------------------------------------------------------

101
webapp/test/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HiddenFromDisplayBelowRoleLevelFilterTest.java
View file

@ -2,10 +2,6 @@
package edu.cornell.mannlib.vitro.webapp.dao.filtering.filters;
import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.CURATOR;
import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.DBA;
import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.EDITOR;
import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.NON_EDITOR;
import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource.INTERNAL;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
@ -25,8 +21,10 @@ import org.junit.runners.Parameterized.Parameters;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.IndividualDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.UserDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
@ -37,6 +35,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatementImpl;
import edu.cornell.mannlib.vitro.webapp.beans.User;
import edu.cornell.mannlib.vitro.webapp.beans.VClass;
/**
@ -95,15 +94,49 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends
private static final String NS = "http://someDomain/individual/";
private static final String ROLE_NON_EDITOR = "1";
private static final String ROLE_EDITOR = "4";
private static final String ROLE_CURATOR = "5";
private static final String ROLE_DBA = "50";
private static final User USER_SELF = user("userSelf", "self_editor",
ROLE_NON_EDITOR);
private static final User USER_EDITOR = user("userEditor", "editor",
ROLE_EDITOR);
private static final User USER_CURATOR = user("userCurator", "curator",
ROLE_CURATOR);
private static final User USER_DBA = user(NS + "userDba", "dba", ROLE_DBA);
/** Create a User */
private static User user(String uri, String username, String roleUri) {
User user = new User();
user.setURI(NS + uri);
user.setUsername(username);
user.setRoleURI(roleUri);
return user;
}
private static final UserDaoStub DAO_USER = userDao(USER_SELF, USER_EDITOR,
USER_CURATOR, USER_DBA);
/** Create the UserDao */
private static UserDaoStub userDao(User... users) {
UserDaoStub dao = new UserDaoStub();
for (User user : users) {
dao.addUser(user);
}
return dao;
}
private static final LoginStatusBean LOGIN_NONE = null;
private static final LoginStatusBean LOGIN_SELF = new LoginStatusBean(NS
+ "userSelf", "self_editor", NON_EDITOR, INTERNAL);
private static final LoginStatusBean LOGIN_EDITOR = new LoginStatusBean(NS
+ "userEditor", "editor", EDITOR, INTERNAL);
private static final LoginStatusBean LOGIN_CURATOR = new LoginStatusBean(NS
+ "userCurator", "curator", CURATOR, INTERNAL);
private static final LoginStatusBean LOGIN_DBA = new LoginStatusBean(NS
+ "userDba", "dba", DBA, INTERNAL);
private static final LoginStatusBean LOGIN_SELF = loginStatusBean(
USER_SELF, INTERNAL);
private static final LoginStatusBean LOGIN_EDITOR = loginStatusBean(
USER_EDITOR, INTERNAL);
private static final LoginStatusBean LOGIN_CURATOR = loginStatusBean(
USER_CURATOR, INTERNAL);
private static final LoginStatusBean LOGIN_DBA = loginStatusBean(USER_DBA,
INTERNAL);
private static final LoginStatusBean[] LOGINS = new LoginStatusBean[] {
LOGIN_NONE, LOGIN_SELF, LOGIN_EDITOR, LOGIN_CURATOR, LOGIN_DBA };
@ -135,6 +168,11 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends
return i;
}
private static LoginStatusBean loginStatusBean(User user,
AuthenticationSource auth) {
return new LoginStatusBean(user.getURI(), user.getUsername(), auth);
}
private static final VClass PUBLIC_VCLASS = vClass("PUBLIC_vclass",
RoleLevel.PUBLIC);
private static final VClass SELF_VCLASS = vClass("SELF_vclass",
@ -739,21 +777,32 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends
}
public static RoleLevel getRoleLevel(LoginStatusBean loginStatus) {
if (loginStatus != null) {
switch (loginStatus.getSecurityLevel()) {
case LoginStatusBean.NON_EDITOR:
return RoleLevel.SELF;
case LoginStatusBean.EDITOR:
return RoleLevel.EDITOR;
case LoginStatusBean.CURATOR:
return RoleLevel.CURATOR;
case LoginStatusBean.DBA:
return RoleLevel.DB_ADMIN;
default:
break;
}
if (loginStatus == null) {
return RoleLevel.PUBLIC;
}
String userUri = loginStatus.getUserURI();
if (userUri == null) {
return RoleLevel.PUBLIC;
}
User user = DAO_USER.getUserByURI(userUri);
if (user == null) {
return RoleLevel.PUBLIC;
}
String roleURI = user.getRoleURI();
if ("1".equals(roleURI)) {
return RoleLevel.SELF;
} else if ("4".equals(roleURI)) {
return RoleLevel.EDITOR;
} else if ("5".equals(roleURI)) {
return RoleLevel.CURATOR;
} else if ("50".equals(roleURI)) {
return RoleLevel.DB_ADMIN;
} else {
return RoleLevel.PUBLIC;
}
return RoleLevel.PUBLIC;
}
// ----------------------------------------------------------------------