Changeset 877

Timestamp:

11/11/10 14:14:31 (14 years ago)

Author:

oschonef

Message:

• add role based authorization
• add external authentication filters (HTTP Basic Auth, Shibboleth
• add stub Admin page

Location:

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry

Files:

• pom.xml (modified) (1 diff)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/Application.java (modified) (3 diffs)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/ApplicationSession.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/auth (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/auth/AuthFilter.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/auth/AuthPrincipal.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/auth/AuthStrategy.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/auth/BasicAuthStrategy.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/auth/ShibbolethAuthStrategy.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/AdminPage.html (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/AdminPage.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/AuthenticationStatePanel.html (modified) (1 diff)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/AuthenticationStatePanel.java (modified) (3 diffs)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/BasePage.java (modified) (4 diffs)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/CreateVirtualCollectionPage.java (modified) (1 diff)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/HomePage.java (modified) (1 diff)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/LoginPage.html (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/LoginPage.java (added)
• src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/MenuItem.java (modified) (3 diffs)
• src/main/webapp/WEB-INF/web.xml (modified) (1 diff)

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/pom.xml

@@ -145 +145 @@
 
     <dependency>
+        <groupId>commons-codec</groupId>
+        <artifactId>commons-codec</artifactId>
+        <version>1.4</version>
+        <type>jar</type>
+    </dependency>
+
+    <dependency>
       <groupId>javax.xml.bind</groupId>
       <artifactId>jaxb-api</artifactId>

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/Application.java

@@ -1 +1 @@
 package eu.clarin.cmdi.virtualcollectionregistry.gui;
 
+import java.io.BufferedReader;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.HashSet;
+import java.util.Set;
+
 import org.apache.wicket.Page;
-import org.apache.wicket.protocol.http.WebApplication;
+import org.apache.wicket.authentication.AuthenticatedWebApplication;
+import org.apache.wicket.authentication.AuthenticatedWebSession;
+import org.apache.wicket.authorization.strategies.role.Roles;
+import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.session.pagemap.LeastRecentlyAccessedEvictionStrategy;
 
+import eu.clarin.cmdi.virtualcollectionregistry.gui.pages.AdminPage;
+import eu.clarin.cmdi.virtualcollectionregistry.gui.pages.CreateVirtualCollectionPage;
 import eu.clarin.cmdi.virtualcollectionregistry.gui.pages.HomePage;
+import eu.clarin.cmdi.virtualcollectionregistry.gui.pages.LoginPage;
 
-public class Application extends WebApplication {
+public class Application extends AuthenticatedWebApplication {
+    private static final String CONFIG_PARAM_ADMINDB = "admindb";
+    private Set<String> adminUsers =
+        new HashSet<String>();
 
     @Override
     protected void init() {
         super.init();
+
+        String s = getServletContext().getInitParameter(CONFIG_PARAM_ADMINDB);
+        if (s != null) {
+            try {
+                loadAdminDatabase(s);
+            } catch (IOException e ) {
+                // FIXME: handle error
+            }
+        }
+        if (adminUsers.isEmpty()) {
+            // FIXME: better logging
+            System.err.println("WARNING: no admin users have been defined");
+        }
         getMarkupSettings().setDefaultMarkupEncoding("utf-8");
         getRequestCycleSettings().setResponseRequestEncoding("utf-8");
@@ -20 +49 @@
             getMarkupSettings().setStripWicketTags(true);
         }
+        mountBookmarkablePage("/home", HomePage.class);
+        mountBookmarkablePage("/create", CreateVirtualCollectionPage.class);
+        mountBookmarkablePage("/admin", AdminPage.class);
     }
 
@@ -27 +59 @@
     }
 
+    @Override
+    protected Class<? extends WebPage> getSignInPageClass() {
+        return LoginPage.class;
+    }
+
+    @Override
+    protected Class<? extends AuthenticatedWebSession> getWebSessionClass() {
+        return ApplicationSession.class;
+    }
+
+    public boolean hasAnyRole(String[] roles) {
+        if (roles != null) {
+            final Roles sessionRoles = AuthenticatedWebSession.get().getRoles();
+            if (sessionRoles != null) {
+                for (String role : roles) {
+                    if (sessionRoles.hasRole(role)) {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
+    boolean isAdmin(String user) {
+        return adminUsers.contains(user);
+    }
+
+    private void loadAdminDatabase(String filename) throws IOException {
+        adminUsers.clear();
+        BufferedReader reader = new BufferedReader(new InputStreamReader(
+                new FileInputStream(filename)));
+        String line;
+        while ((line = reader.readLine()) != null) {
+            line = line.trim();
+            if (line.isEmpty() || line.startsWith("#")) {
+                continue;
+            }
+            adminUsers.add(line);
+        } // while
+        reader.close();
+    }
+
 } // class Application

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/AuthenticationStatePanel.html

@@ -9 +9 @@
 <div wicket:id="login"></div>
 <wicket:fragment wicket:id="loginFragment">
-  <!-- Anonymous [Login] -->
+  Anonymous <a wicket:id="loginLink" href="#">[Login]</a>
 </wicket:fragment>
 
 <div wicket:id="logout"></div>
 <wicket:fragment wicket:id="logoutFragment">
-  &lt;$Username&gt; [Logout]
+  <span wicket:id="username">username</span>
+  <!-- <a wicket:id="logoutLink" href="#">[Logout]</a>  -->
 </wicket:fragment>
 </wicket:panel>

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/AuthenticationStatePanel.java

@@ -1 +1 @@
 package eu.clarin.cmdi.virtualcollectionregistry.gui.pages;
 
+import org.apache.wicket.Page;
+import org.apache.wicket.authentication.AuthenticatedWebSession;
+import org.apache.wicket.markup.html.basic.Label;
+import org.apache.wicket.markup.html.link.StatelessLink;
 import org.apache.wicket.markup.html.panel.Fragment;
 import org.apache.wicket.markup.html.panel.Panel;
+import org.apache.wicket.model.Model;
+
+import eu.clarin.cmdi.virtualcollectionregistry.gui.ApplicationSession;
 
 @SuppressWarnings("serial")
@@ -18 +25 @@
             super(id, "loginFragment", AuthenticationStatePanel.this);
             setRenderBodyOnly(true);
+            final StatelessLink loginLink = new StatelessLink("loginLink") {
+                @Override
+                public void onClick() {
+                }
+
+                @Override
+                protected CharSequence getURL() {
+                    final Page page = getPage();
+                    StringBuilder url =
+                        new StringBuilder(urlFor(page.getClass(),
+                                page.getPageParameters()));
+                    if (url.indexOf("?") != -1) {
+                        url.append('&');
+                    } else {
+                        url.append('?');
+                    }
+                    url.append("authAction=LOGIN");
+                    return url.toString();
+                }
+            };
+            add(loginLink);
         }
 
         @Override
         public boolean isVisible() {
+            return !((AuthenticatedWebSession) getSession()).isSignedIn();
+        }
+
+        @Override
+        protected boolean getStatelessHint() {
             return true;
         }
@@ -27 +60 @@
 
     private class LogoutFragment extends Fragment {
+        private Label usernameLabel;
+        
         public LogoutFragment(String id) {
             super(id, "logoutFragment", AuthenticationStatePanel.this);
             setRenderBodyOnly(true);
+            usernameLabel = new Label("username");
+            add(usernameLabel);
+//            final StatelessLink logoutLink = new StatelessLink("logoutLink") {
+//                @Override
+//                public void onClick() {
+//                }
+//            };
+//            add(logoutLink);
         }
 
         @Override
         public boolean isVisible() {
-            return false;
+            return ((AuthenticatedWebSession) getSession()).isSignedIn();
+        }
+
+        @Override
+        protected void onBeforeRender() {
+            ApplicationSession session = (ApplicationSession) getSession();
+            usernameLabel.setDefaultModel(new Model<String>(session.getUser()));
+            super.onBeforeRender();
         }
     } // private class LogoutFragment
 
+    @Override
+    protected boolean getStatelessHint() {
+        return true;
+    }
+
 } // class AuthenticationStatePanel

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/BasePage.java

@@ -1 +1 @@
 package eu.clarin.cmdi.virtualcollectionregistry.gui.pages;
 
+import java.security.Principal;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
@@ -6 +11 @@
 
 import eu.clarin.cmdi.virtualcollectionregistry.VirtualCollectionRegistry;
+import eu.clarin.cmdi.virtualcollectionregistry.gui.ApplicationSession;
 
 public class BasePage extends WebPage {
 
-    public BasePage() {
+    protected BasePage() {
         super();
         // authentication state
@@ -22 +28 @@
                 new Model<String>("Create Virtual Collection"),
                 CreateVirtualCollectionPage.class));
+        menu.addMenuItem(new MenuItem<AdminPage>(
+                new Model<String>("Admin Page"),
+                AdminPage.class));
         add(menu);
         
@@ -29 +38 @@
     }
 
+    @Override
+    protected void onBeforeRender() {
+        // skip lazy auto-auth for login page
+        if (!this.getClass().isInstance(LoginPage.class)) {
+            final HttpServletRequest request =
+                getWebRequestCycle().getWebRequest().getHttpServletRequest();
+            final ApplicationSession session =
+                (ApplicationSession) getSession();
+            if (!session.isSignedIn()) {
+                if (request.getAuthType() != null) {
+                    // FIXME: better logging
+                    System.err.println("Auth, but no authed session -> login");
+                    final Principal principal = request.getUserPrincipal();
+                    if (!session.signIn(principal)) {
+                        throw new RestartResponseException(getApplication()
+                                .getApplicationSettings()
+                                .getAccessDeniedPage());
+                    }
+                }
+            } else {
+                if (request.getAuthType() == null) {
+                    // FIXME: better logging
+                    System.err.println("Lost Session!");
+                    session.invalidate();
+                    throw new RestartResponseException(getApplication()
+                            .getApplicationSettings()
+                            .getPageExpiredErrorPage());
+                }
+            }
+        }
+        super.onBeforeRender();
+    }
+
 } // class BasePage

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/CreateVirtualCollectionPage.java

@@ -1 +1 @@
 package eu.clarin.cmdi.virtualcollectionregistry.gui.pages;
+
+import org.apache.wicket.authorization.strategies.role.Roles;
+import org.apache.wicket.authorization.strategies.role.annotations.AuthorizeInstantiation;
 
 import eu.clarin.cmdi.virtualcollectionregistry.gui.wizard.CreateVirtualCollectionWizard;
 
+@AuthorizeInstantiation(Roles.USER)
 public class CreateVirtualCollectionPage extends BasePage {
 

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/HomePage.java

@@ -8 +8 @@
     }
     
-} // class Homepage
+} // class HomePage

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/MenuItem.java

@@ -1 +1 @@
 package eu.clarin.cmdi.virtualcollectionregistry.gui.pages;
 
+import org.apache.wicket.authorization.IAuthorizationStrategy;
+import org.apache.wicket.authorization.strategies.role.annotations.AuthorizeAction;
 import org.apache.wicket.markup.ComponentTag;
 import org.apache.wicket.markup.html.WebPage;
@@ -8 +10 @@
 import org.apache.wicket.markup.html.panel.Panel;
 import org.apache.wicket.model.IModel;
+
+import eu.clarin.cmdi.virtualcollectionregistry.gui.Application;
 
 @SuppressWarnings("serial")
@@ -24 +28 @@
                 }
             }
-            
+
+            @Override
+            public boolean isVisible() {
+                boolean visible = true;
+                final IAuthorizationStrategy strategy = getApplication()
+                    .getSecuritySettings().getAuthorizationStrategy();
+                if (!strategy.isInstantiationAuthorized(pageClass)) {
+                    AuthorizeAction a =
+                        pageClass.getAnnotation(AuthorizeAction.class);
+                    if ((a != null) && "ENABLE".equals(a.action())) {
+                        final Application app = (Application) getApplication();
+                        if (app.hasAnyRole(a.deny())) {
+                            visible = false;
+                        } else {
+                            visible = app.hasAnyRole(a.roles());
+                        }
+                    }
+                }
+                return visible;
+            }
         };
         pageLink.add(new Label("title", title));

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/webapp/WEB-INF/web.xml

@@ -18 +18 @@
     <filter-name>PersistenceFilter</filter-name>
     <servlet-name>REST-Web-Service</servlet-name>
+  </filter-mapping>
+
+  <filter>
+    <filter-name>AuthFilter</filter-name>
+    <filter-class>eu.clarin.cmdi.virtualcollectionregistry.gui.auth.AuthFilter</filter-class>
+  </filter>
+
+  <filter-mapping>
+    <filter-name>AuthFilter</filter-name>
+    <url-pattern>/app/*</url-pattern>
   </filter-mapping>