litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create the admin/showAuth page to replace admin/showids.jsp, edit/selfeditcheck.jsp and admin/checkblacklist.jsp

Browse source
This commit is contained in:
j2blake 2011-06-05 23:38:33 +00:00
parent c3ba76acdc
commit ec690dd31f
5 changed files with 200 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java Normal file
View file

@ -0,0 +1,104 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.controller.admin;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
/**
* Show a summary of who is logged in and how they are to be treated by the
* authorization system.
*/
public class ShowAuthController extends FreemarkerHttpServlet {
@Override
protected Actions requiredActions(VitroRequest vreq) {
return Actions.AUTHORIZED;
}
@Override
protected ResponseValues processRequest(VitroRequest vreq) {
Map<String, Object> body = new HashMap<String, Object>();
body.put("identifiers", RequestIdentifiers.getIdBundleForRequest(vreq));
body.put("currentUser", LoginStatusBean.getCurrentUser(vreq));
body.put("associatedIndividuals", getAssociatedIndividuals(vreq));
body.put("factories", getIdentifierFactoryNames(vreq));
body.put("policies", ServletPolicyList.getPolicies(vreq));
body.put("matchingProperty", getMatchingProperty(vreq));
return new TemplateResponseValues("admin-showAuth.ftl", body);
}
private List<String> getIdentifierFactoryNames(VitroRequest vreq) {
ServletContext ctx = vreq.getSession().getServletContext();
return ActiveIdentifierBundleFactories.getFactoryNames(ctx);
}
private String getMatchingProperty(VitroRequest vreq) {
return ConfigurationProperties.getBean(vreq).getProperty(
"selfEditing.idMatchingProperty", "");
}
private List<AssociatedIndividual> getAssociatedIndividuals(
VitroRequest vreq) {
List<AssociatedIndividual> list = new ArrayList<AssociatedIndividual>();
IdentifierBundle ids = RequestIdentifiers.getIdBundleForRequest(vreq);
for (String uri : HasAssociatedIndividual.getIndividualUris(ids)) {
list.add(new AssociatedIndividual(uri, mayEditIndividual(vreq, uri)));
}
return list;
}
/**
* Is the current user authorized to edit an arbitrary object property on
* this individual?
*/
private boolean mayEditIndividual(VitroRequest vreq, String individualUri) {
RequestedAction action = new EditObjPropStmt(individualUri,
RequestActionConstants.SOME_URI,
RequestActionConstants.SOME_URI);
return PolicyHelper.isAuthorizedForActions(vreq, action);
}
public class AssociatedIndividual {
private final String uri;
private final boolean editable;
public AssociatedIndividual(String uri, boolean editable) {
this.uri = uri;
this.editable = editable;
}
public String getUri() {
return uri;
}
public boolean isEditable() {
return editable;
}
}
}

27
webapp/web/admin/showids.jsp
View file

@ -1,27 +0,0 @@
<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
<%@page
import="edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers"%>
<%@page
import="java.util.List"%>
<%-- doesn't use vitro:confirmAuthorization becuase the we want to be able to see IDs for any user. --%>
<%-- uses "security through obscurity", and doesn't give away much information. --%>
<%
List idb = RequestIdentifiers.getIdBundleForRequest(request);
out.write("<html><body>");
out.write("<h2>Identifiers in effect: </h2>");
out.write("<p>This is a utility that shows which identifiers are in effect.</p>\n");
out.write("<table><tr><th>class</th><th>value</th></tr>\n");
for( Object id : idb ){
out.write( "<tr>" );
out.write( "<td>" + id.getClass().getName() + "</td>");
out.write( "<td>" + id.toString() + "</td>" );
out.write( "</tr>\n" );
}
out.write("</table>\n");
out.write("</body></html>");
%>

22
webapp/web/css/showAuth.css Normal file
View file

@ -0,0 +1,22 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/* Styles for Freemarker template showAuth */
#show-auth * h3 {
padding: 20px 0 12px 0;
}
#show-auth * caption {
padding: 20px 0 12px 0;
margin: 0;
text-align: left;
}
#show-auth * th {
padding: 4px 10px 4px 10px;
border: 1px solid black;
text-align: right;
}
#show-auth * td {
padding: 4px 10px 4px 10px;
text-align: left;
border: 1px solid black;
}

99
webapp/web/edit/selfeditcheck.jsp
View file

@ -1,99 +0,0 @@
<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
<%@ page import="edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.EditSubmission" %>
<%@ page import="edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.Field" %>
<%@ page import="edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep" %>
<%@ page import="org.apache.commons.logging.Log" %>
<%@ page import="org.apache.commons.logging.LogFactory" %>
<%@ page import="java.io.StringReader" %>
<%@ page import="java.util.*" %>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.NetId"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers"%>
<%@page import="java.io.IOException"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyList"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt"%>
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<h1>SelfEditing Sanity Check</h1>
<h3>Is there a self editing policy in the context?</h3>
<%
PolicyList spl = ServletPolicyList.getPolicies(application);
SelfEditingPolicy sePolicy = null;
ListIterator it = spl.listIterator();
String found = "Could not find a SelfEditingPolicy";
while(it.hasNext()){
PolicyIface p = (PolicyIface)it.next();
if( p instanceof SelfEditingPolicy ){
found = "Found a SelfEditingPolicy";
sePolicy = (SelfEditingPolicy)p;
}
}
%>
<%= found %>
<%--
<h3>Do you have a REMOTE_USER header from CUWebAuth?</h3>
<% String user = request.getHeader("REMOTE_USER");
if( user != null && user.length() > 0){
%> Found a remote user of <%= user %>. <%
}else{
%> Could not find a remote user. Maybe you are not logged into CUWebAutn? <%
}
%>
<h3>Check if we can get a SelfEditingIdentifer for <%= user %></h3>
<%
SelfEditingIdentifierFactory.SelfEditing selfEditingId = null;
IdentifierBundle ib = null;
if( user != null && user.length() > 0){
ib = RequestIdentifiers.getIdBundleForRequest(request);
for( Object obj : ib){
if( obj instanceof SelfEditingIdentifierFactory.SelfEditing )
selfEditingId = (SelfEditingIdentifierFactory.SelfEditing) obj;
}
if( selfEditingId != null )
found = "found a SelfEditingId " + selfEditingId.getValue();
else
found = "Cound not find a SelfEditingId";
%>
<%= found %>
<%}else{%>
Cannot check becaue user is <%= user %>.
<%} %>
<h3>Is that SelfEditingIdentifer blacklisted?</h3>
<% if( user == null || user.length() == 0 ){ %>
No REMOTE_USER to check
<% }else if( selfEditingId == null ){ %>
no SelfEditingId to check
<% }else if( selfEditingId.getBlacklisted() != null){%>
SelfEditingId blacklisted because of <%= selfEditingId.getBlacklisted() %>
<% } else {%>
SelfEditingId is not blacklisted.
<% } %>
<h3>Can an object property be edited with this SelfEditingId and Policy?</h3>
<% if( user == null || selfEditingId == null ){ %>
No
<% }else{
AddObjectPropStmt whatToAuth = new AddObjectPropStmt(
selfEditingId.getValue(),"http://mannlib.cornell.edu/fine#prp999" ,"http://mannlib.cornell.edu/fine#prp999");
PolicyDecision pdecison = sePolicy.isAuthorized(ib, whatToAuth);
%> The policy decision was <%= pdecison %>
<% } %>
--%>

74
webapp/web/templates/freemarker/body/admin/admin-showAuth.ftl Normal file
View file

@ -0,0 +1,74 @@
<#-- $This file is distributed under the terms of the license in /doc/license.txt$ -->
<#-- Template viewing the authorization mechanisms: current identifiers, factories, policies, etc. -->
${stylesheets.add('<link rel="stylesheet" href="${urls.base}/css/showAuth.css" />')}
<h2>Authorization Info</h2>
<section id="show-auth" role="region">
<#if currentUser?has_content>
<table summary="Information about the current user" style="border: 1">
<caption>Current user</caption>
<tr><th>URI:</th><td>${currentUser.URI}</td></tr>
<tr><th>First name:</th><td>${currentUser.firstName}</td></tr>
<tr><th>Last name:</th><td>${currentUser.lastName}</td></tr>
<tr><th>Username:</th><td>${currentUser.username}</td></tr>
<tr><th>Login count:</th><td>${currentUser.loginCount}</td></tr>
<tr><th>Role:</th><td>${currentUser.roleURI}</td></tr>
</table>
<#else>
<h3>Not logged in</h3>
</#if>
<table summary="VIVO revision's levels table">
<caption>Identifiers:</caption>
<#list identifiers as identifier>
<tr>
<td>${identifier}</td>
</tr>
</#list>
</table>
<table summary="Associated Individuals">
<caption>AssociatedIndividuals:
<#if matchingProperty??>
(match by <pre>${matchingProperty}</pre>)
<#else>
(matching property is not defined)
</#if>
</caption>
<#if associatedIndividuals?has_content>
<#list associatedIndividuals as associatedIndividual>
<tr>
<td>${associatedIndividual.uri}</td>
<#if associatedIndividual.editable>
<td>May edit</td>
<#else>
<td>May not edit</td>
</#if>
</tr>
</#list>
<#else>
<tr><td>none</td></tr>
</#if>
</table>
<table summary="Active Identifier Factories">
<caption>Identifier factories:</caption>
<#list factories as factory>
<tr>
<td>${factory}</td>
</tr>
</#list>
</table>
<table summary="Policies">
<caption>Policies:</caption>
<#list policies as policy>
<tr>
<td>${policy}</td>
</tr>
</#list>
</table>
</section>