removed getUser from cookie as it is unreliable
git-svn-id: https://svn.research-infrastructures.eu/d4science/gcube/trunk/portal/portal-manager@141466 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
f0cc8edf7f
commit
16f03b92db
2
pom.xml
2
pom.xml
|
@ -10,7 +10,7 @@
|
|||
|
||||
<groupId>org.gcube.common.portal</groupId>
|
||||
<artifactId>portal-manager</artifactId>
|
||||
<version>2.1.0-SNAPSHOT</version>
|
||||
<version>2.2.0-SNAPSHOT</version>
|
||||
<packaging>jar</packaging>
|
||||
<name>gCube Portal Manager</name>
|
||||
<description>
|
||||
|
|
|
@ -1,107 +0,0 @@
|
|||
package org.gcube.common.portal;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.Key;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.liferay.portal.model.Company;
|
||||
import com.liferay.portal.service.CompanyLocalServiceUtil;
|
||||
import com.liferay.portal.service.UserLocalServiceUtil;
|
||||
import com.liferay.util.Encryptor;
|
||||
/**
|
||||
*
|
||||
* @author Massimiliano Assante, CNR-ISTI
|
||||
*
|
||||
*/
|
||||
public class ContextUserUtil {
|
||||
private static final Logger _log = LoggerFactory.getLogger(ContextUserUtil.class);
|
||||
/**
|
||||
*
|
||||
* @param httpServletRequest
|
||||
* @returnthe current user LR id
|
||||
*/
|
||||
protected static Long getCurrentUserId(HttpServletRequest httpServletRequest) {
|
||||
Cookie[] cookies = httpServletRequest.getCookies();
|
||||
String userId = null;
|
||||
String companyId = null;
|
||||
if (cookies != null) {
|
||||
for (Cookie c : cookies) {
|
||||
if ("COMPANY_ID".equals(c.getName())) {
|
||||
companyId = c.getValue();
|
||||
} else if ("ID".equals(c.getName())) {
|
||||
_log.debug("User id before ascii conversion is " + c.getValue());
|
||||
userId = hexStringToStringByAscii(c.getValue());
|
||||
}
|
||||
}
|
||||
if (userId != null && companyId != null) {
|
||||
try {
|
||||
Company company = CompanyLocalServiceUtil.getCompany(Long.parseLong(companyId));
|
||||
_log.debug("company is " + company);
|
||||
Key key = company.getKeyObj();
|
||||
_log.debug("key is " + company.getKey());
|
||||
_log.debug("User id after ascii conversion is " + userId);
|
||||
String userIdPlain = Encryptor.decrypt(key, userId);
|
||||
return Long.valueOf(userIdPlain);
|
||||
|
||||
} catch (Exception pException) {
|
||||
_log.warn("Exception while getting current user from cookie, returning current user from http header");
|
||||
return getUserFromHeader(httpServletRequest);
|
||||
}
|
||||
} else {
|
||||
if (isWithinPortal()) {
|
||||
_log.debug("Something wrong with cookies, returning current user from http header");
|
||||
return getUserFromHeader(httpServletRequest);
|
||||
} else { //you must be in dev
|
||||
_log.debug("DEV MODE Intercepted ...");
|
||||
return null;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
_log.warn("Cookies are not present, returning current user from http header");
|
||||
return getUserFromHeader(httpServletRequest);
|
||||
}
|
||||
}
|
||||
|
||||
private static long getUserFromHeader(HttpServletRequest httpServletRequest) {
|
||||
String userHeaderIdString = httpServletRequest.getHeader(PortalContext.USER_ID_ATTR_NAME);
|
||||
long userIdToReturn = -1;
|
||||
try {
|
||||
userIdToReturn = Long.parseLong(userHeaderIdString);
|
||||
} catch (NumberFormatException e) {
|
||||
_log.error("The userId is not a number -> " + userHeaderIdString);
|
||||
}
|
||||
return userIdToReturn;
|
||||
}
|
||||
|
||||
private static String hexStringToStringByAscii(String hexString) {
|
||||
byte[] bytes = new byte[hexString.length() / 2];
|
||||
for (int i = 0; i < hexString.length() / 2; i++) {
|
||||
String oneHexa = hexString.substring(i * 2, i * 2 + 2);
|
||||
bytes[i] = Byte.parseByte(oneHexa, 16);
|
||||
}
|
||||
try {
|
||||
return new String(bytes, "ASCII");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
/**
|
||||
*
|
||||
* @return true if you're running into the portal, false if in development
|
||||
*/
|
||||
private static boolean isWithinPortal() {
|
||||
try {
|
||||
UserLocalServiceUtil.getService();
|
||||
return true;
|
||||
}
|
||||
catch (Exception ex) {
|
||||
_log.trace("Development Mode ON");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -15,6 +15,9 @@ import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
|||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
|
||||
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||
import org.gcube.vomanagement.usermanagement.model.CustomAttributeKeys;
|
||||
|
@ -35,9 +38,12 @@ import com.liferay.portal.util.PortalUtil;
|
|||
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Clients can obtain the single instance of the {@link PortalContext} by invoking its static method {@link #getConfiguration()}.
|
||||
* The first invocation of the method triggers the initialisation of the instance.
|
||||
*
|
||||
* For documentation see the related <a href="https://wiki.gcube-system.org/gcube/Portal_Context">WIKI</a>
|
||||
* </p>
|
||||
* @author Massimiliano Assante (ISTI-CNR)
|
||||
*
|
||||
*/
|
||||
|
@ -75,6 +81,8 @@ public class PortalContext {
|
|||
|
||||
private static PortalContext singleton = new PortalContext();
|
||||
|
||||
private UserManager userManager;
|
||||
|
||||
private String infra;
|
||||
private String vos;
|
||||
|
||||
|
@ -103,6 +111,7 @@ public class PortalContext {
|
|||
props.load( fis);
|
||||
infra = props.getProperty(GCubePortalConstants.INFRASTRUCTURE_NAME);
|
||||
vos = props.getProperty(GCubePortalConstants.SCOPES);
|
||||
userManager = new LiferayUserManager();
|
||||
}
|
||||
catch(IOException e) {
|
||||
infra = DEFAULT_INFRA_NAME;
|
||||
|
@ -128,23 +137,31 @@ public class PortalContext {
|
|||
return this.vos;
|
||||
}
|
||||
/**
|
||||
* <p>
|
||||
* Please note that this method works with AJAX calls only (i.e. XMLHttpRequest to exchange data with a server behind the scenes).
|
||||
* If you use standard http servlet GET or POST to exchange data with a server, you must use Liferay's PortalDelegateServlet feature {@link com.liferay.portal.kernel.servlet.PortalDelegateServlet}.
|
||||
*
|
||||
* @param httpServletRequest the httpServletRequest object
|
||||
* @return the instance of the current user
|
||||
* @see GCubeUser
|
||||
* For documentation on PortalDelegateServlet @see <a href="https://wiki.gcube-system.org/gcube/Portal_Context#Liferay.27s_PortalDelegateServlet_.28Custom_servlets_running_in_the_ROOT_context.29">gCube WIKI PortalDelegateServlet page</a>
|
||||
* </p>
|
||||
*
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the current user, or <code>null</code> if a current user could not be found
|
||||
* @see {@link GCubeUser}
|
||||
*/
|
||||
public GCubeUser getCurrentUser(HttpServletRequest httpServletRequest) {
|
||||
Long userIdNo = ContextUserUtil.getCurrentUserId(httpServletRequest);
|
||||
String userIdNo = httpServletRequest.getHeader(USER_ID_ATTR_NAME);
|
||||
if (userIdNo != null) {
|
||||
long userId = -1;
|
||||
try {
|
||||
return new LiferayUserManager().getUserById(userIdNo);
|
||||
} catch (Exception e) {
|
||||
_log.error("The userId does not belong to any user -> " + userIdNo);
|
||||
userId = Long.parseLong(userIdNo);
|
||||
return userManager.getUserById(userId);
|
||||
} catch (NumberFormatException e) {
|
||||
_log.error("The userId is not a number -> " + userId);
|
||||
} catch (Exception e) {
|
||||
_log.error("Could not read the current userid, either session expired or user not logged in, exception: " + e.getMessage());
|
||||
}
|
||||
} else {
|
||||
if (isWithinPortal()) {
|
||||
_log.warn("Could not read the current userid, either session expired or user not logged in");
|
||||
} else {
|
||||
if (!isWithinPortal()) {
|
||||
GCubeUser toReturn = readUserFromPropertyFile();
|
||||
_log.debug("getCurrentUser devMode into IDE detected, returning testing user: " + toReturn.toString());
|
||||
return toReturn;
|
||||
|
@ -153,7 +170,6 @@ public class PortalContext {
|
|||
return null;
|
||||
}
|
||||
/**
|
||||
*
|
||||
* @param scopeGroupId the liferay groupid number (as String) of the VRE/VO
|
||||
* @return the scope (context)
|
||||
*/
|
||||
|
@ -183,19 +199,28 @@ public class PortalContext {
|
|||
return null;
|
||||
}
|
||||
/**
|
||||
* <p>
|
||||
* Please note that this method works with AJAX calls only (i.e. XMLHttpRequest to exchange data with a server behind the scenes).
|
||||
* If you use standard http servlet GET or POST to exchange data with a server, you must you must handle the infrastructure context information differently.
|
||||
* Please see the following page for further information @see <a href="https://wiki.gcube-system.org/gcube/ClientContextLibrary">ClientContextLibrary WIKI</a>
|
||||
* </p>
|
||||
*
|
||||
* @param httpServletRequest the httpServletRequest object
|
||||
* @return the scope (context)
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the infrastructure context (scope)
|
||||
*/
|
||||
public String getCurrentScope(HttpServletRequest httpServletRequest) {
|
||||
String scopeGroupId = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
|
||||
return getCurrentScope(scopeGroupId);
|
||||
}
|
||||
/**
|
||||
* <p>
|
||||
* Please note that this method works with AJAX calls only (i.e. XMLHttpRequest to exchange data with a server behind the scenes).
|
||||
* If you use standard http servlet GET or POST to exchange data with a server, you must you must handle the infrastructure context information differently.
|
||||
* Please see the following page for further information @see <a href="https://wiki.gcube-system.org/gcube/ClientContextLibrary">ClientContextLibrary WIKI</a>
|
||||
* </p>
|
||||
*
|
||||
* @param httpServletRequest the httpServletRequest object
|
||||
* @return the instance of the user
|
||||
* @see GCubeUser
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the current group name (e.g. devVRE, BioDiversityLab, RStudioLab etc. )
|
||||
*/
|
||||
public String getCurrentGroupName(HttpServletRequest httpServletRequest) {
|
||||
String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
|
||||
|
@ -221,10 +246,14 @@ public class PortalContext {
|
|||
return null;
|
||||
}
|
||||
/**
|
||||
* <p>
|
||||
* Please note that this method works with AJAX calls only (i.e. XMLHttpRequest to exchange data with a server behind the scenes).
|
||||
* If you use standard http servlet GET or POST to exchange data with a server, you must you must handle the infrastructure context information differently.
|
||||
* Please see the following page for further information @see <a href="https://wiki.gcube-system.org/gcube/ClientContextLibrary">ClientContextLibrary WIKI</a>
|
||||
* </p>
|
||||
*
|
||||
* @param httpServletRequest the httpServletRequest object
|
||||
* @return the instance of the user
|
||||
* @see GCubeUser
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the current group identifier as long
|
||||
*/
|
||||
public long getCurrentGroupId(HttpServletRequest httpServletRequest) {
|
||||
String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
|
||||
|
@ -248,13 +277,73 @@ public class PortalContext {
|
|||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @deprecated use only with AJAX Calls
|
||||
* @param httpServletRequest the httpServletRequest object
|
||||
* @return the instance of the user
|
||||
* @see GCubeUser
|
||||
* <p>
|
||||
* Returns the gCube authorisation token for the given user
|
||||
* </p>
|
||||
* @param scope infrastrucure context (scope)
|
||||
* @param userId the GCubeUser user identifier (userId) @see {@link GCubeUser}
|
||||
* @return the Token for the user in the context, or <code>null</code> if a token for this user could not be found
|
||||
*/
|
||||
public String getCurrentUserToken(String scope, long userId) {
|
||||
if (isWithinPortal()) {
|
||||
try {
|
||||
String username = userManager.getUserById(userId).getUsername();
|
||||
return getCurrentUserToken(scope, username);
|
||||
} catch (UserManagementSystemException | UserRetrievalFault e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
else {
|
||||
String toReturn = readTokenPropertyFile();
|
||||
_log.debug("getCurrentToken devMode into IDE detected, returning scope: " + toReturn.toString());
|
||||
_log.debug("The PortalBeanLocatorUtil stacktrace (java.lang.Exception) is acceptable in dev");
|
||||
return toReturn;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
/**
|
||||
* <p>
|
||||
* Returns the gCube authorisation token for the given user
|
||||
* </p>
|
||||
* @param scope infrastrucure context (scope)
|
||||
* @param username the GCubeUser username @see {@link GCubeUser}
|
||||
* @return the Token for the user in the context, or <code>null</code> if a token for this user could not be found
|
||||
*/
|
||||
public String getCurrentUserToken(String scope, String username) {
|
||||
String userToken = null;
|
||||
if (isWithinPortal()) {
|
||||
try {
|
||||
ScopeProvider.instance.set(scope);
|
||||
userToken = authorizationService().resolveTokenByUserAndContext(username, scope);
|
||||
SecurityTokenProvider.instance.set(userToken);
|
||||
}
|
||||
catch (ObjectNotFound ex) {
|
||||
userToken = generateAuthorizationToken(username, scope);
|
||||
SecurityTokenProvider.instance.set(userToken);
|
||||
_log.debug("generateAuthorizationToken OK for " + username + " in scope " + scope);
|
||||
}
|
||||
catch (Exception e) {
|
||||
_log.error("Error while trying to generate token for user " + username + "in scope " + scope);
|
||||
e.printStackTrace();
|
||||
return null;
|
||||
}
|
||||
} else {
|
||||
String toReturn = readTokenPropertyFile();
|
||||
_log.debug("getCurrentToken devMode into IDE detected, returning scope: " + toReturn.toString());
|
||||
_log.debug("The PortalBeanLocatorUtil stacktrace (java.lang.Exception) is acceptable in dev");
|
||||
return toReturn;
|
||||
}
|
||||
return userToken;
|
||||
}
|
||||
/**
|
||||
* @deprecated please use getCurrentUserToken(String scope, String username) or getCurrentUserToken(String scope, long userId)
|
||||
* <p>
|
||||
* Please note that this method works with AJAX calls only (i.e. XMLHttpRequest to exchange data with a server behind the scenes).
|
||||
* </p>
|
||||
*
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the Token for the user in the context, or <code>null</code> if a token for this user could not be found
|
||||
*/
|
||||
public String getCurrentUserToken(HttpServletRequest httpServletRequest) {
|
||||
String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
|
||||
|
@ -289,73 +378,6 @@ public class PortalContext {
|
|||
}
|
||||
return userToken;
|
||||
}
|
||||
/**
|
||||
* @param httpServletRequest the httpServletRequest object
|
||||
* @param scope the infrastructure scope
|
||||
* @return the instance of the user
|
||||
* @see GCubeUser
|
||||
*/
|
||||
public String getCurrentUserToken(String scope, HttpServletRequest httpServletRequest) {
|
||||
String userToken = null;
|
||||
if (isWithinPortal()) {
|
||||
String username = getCurrentUser(httpServletRequest).getUsername();
|
||||
try {
|
||||
ScopeProvider.instance.set(scope);
|
||||
userToken = authorizationService().resolveTokenByUserAndContext(username, scope);
|
||||
SecurityTokenProvider.instance.set(userToken);
|
||||
}
|
||||
catch (ObjectNotFound ex) {
|
||||
userToken = generateAuthorizationToken(username, scope);
|
||||
SecurityTokenProvider.instance.set(userToken);
|
||||
_log.debug("generateAuthorizationToken OK for " + username + " in scope " + scope);
|
||||
}
|
||||
catch (Exception e) {
|
||||
_log.error("Error while trying to generate token for user " + username + "in scope " + scope);
|
||||
e.printStackTrace();
|
||||
return null;
|
||||
}
|
||||
} else {
|
||||
String toReturn = readTokenPropertyFile();
|
||||
_log.debug("getCurrentToken devMode into IDE detected, returning scope: " + toReturn.toString());
|
||||
_log.debug("The PortalBeanLocatorUtil stacktrace (java.lang.Exception) is acceptable in dev");
|
||||
return toReturn;
|
||||
}
|
||||
return userToken;
|
||||
}
|
||||
/**
|
||||
* Another way to retrieve the user token
|
||||
* @param scope the current scope
|
||||
* @param userId the Liferay's user id
|
||||
* @return the Token for the user in scope
|
||||
*/
|
||||
public String getCurrentUserToken(String scope, long userId) {
|
||||
String userToken = null;
|
||||
if (isWithinPortal()) {
|
||||
String username = null;
|
||||
try {
|
||||
ScopeProvider.instance.set(scope);
|
||||
username = new LiferayUserManager().getUserById(userId).getUsername();
|
||||
userToken = authorizationService().resolveTokenByUserAndContext(username, scope);
|
||||
SecurityTokenProvider.instance.set(userToken);
|
||||
}
|
||||
catch (ObjectNotFound ex) {
|
||||
userToken = generateAuthorizationToken(username, scope);
|
||||
SecurityTokenProvider.instance.set(userToken);
|
||||
_log.debug("generateAuthorizationToken OK for " + username + " in scope " + scope);
|
||||
}
|
||||
catch (Exception e) {
|
||||
_log.error("Error while trying to generate token for user " + username + "in scope " + scope);
|
||||
e.printStackTrace();
|
||||
return null;
|
||||
}
|
||||
} else {
|
||||
String toReturn = readTokenPropertyFile();
|
||||
_log.debug("getCurrentToken devMode into IDE detected, returning scope: " + toReturn.toString());
|
||||
_log.debug("The PortalBeanLocatorUtil stacktrace (java.lang.Exception) is acceptable in dev");
|
||||
return toReturn;
|
||||
}
|
||||
return userToken;
|
||||
}
|
||||
/**
|
||||
*
|
||||
* @param username
|
||||
|
@ -414,7 +436,7 @@ public class PortalContext {
|
|||
}
|
||||
/**
|
||||
*
|
||||
* @param httpServletRequest
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the gateway URL until the first slash, e.g. http(s)://mynode.d4science.org:8080, if the URL uses standard http(s) port like 80 or 443 the port is not returned.
|
||||
*/
|
||||
public String getGatewayURL(HttpServletRequest httpServletRequest) {
|
||||
|
@ -458,7 +480,7 @@ public class PortalContext {
|
|||
}
|
||||
/**
|
||||
*
|
||||
* @param request
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the landing page path of the current Site e.g. "/group/i-marine"
|
||||
*/
|
||||
public String getSiteLandingPagePath(final HttpServletRequest request) {
|
||||
|
@ -498,7 +520,7 @@ public class PortalContext {
|
|||
}
|
||||
/**
|
||||
*
|
||||
* @param request
|
||||
* @param request the {@link HttpServletRequest} object
|
||||
* @return the current Group instance based on the request
|
||||
*/
|
||||
private Group getSiteFromServletRequest(final HttpServletRequest request) throws Exception {
|
||||
|
@ -540,11 +562,8 @@ public class PortalContext {
|
|||
return null;
|
||||
}
|
||||
/**
|
||||
* @param request
|
||||
* @param currentGroup
|
||||
* @param isPrivate
|
||||
* @param isUser
|
||||
* @return
|
||||
* @return Returns the friendly u r l of this group.
|
||||
*/
|
||||
private static String getGroupFriendlyURL(final Group currentGroup) throws Exception {
|
||||
String friendlyURL = GCubePortalConstants.PREFIX_GROUP_URL;
|
||||
|
@ -570,7 +589,7 @@ public class PortalContext {
|
|||
}
|
||||
/**
|
||||
*
|
||||
* @param request the HttpServletRequest instance of your servlet
|
||||
* @param httpServletRequest the {@link HttpServletRequest} object
|
||||
* @return the current Site Name based on the request
|
||||
*/
|
||||
public String getGatewayName(HttpServletRequest request) {
|
||||
|
@ -613,7 +632,7 @@ public class PortalContext {
|
|||
}
|
||||
/**
|
||||
*
|
||||
* @param request the HttpServletRequest instance of your servlet
|
||||
* @param request the {@link HttpServletRequest} object
|
||||
* @return the sender (from) email address for the current Site based on the request
|
||||
*/
|
||||
public String getSenderEmail(HttpServletRequest request) {
|
||||
|
|
Loading…
Reference in New Issue