Split rest authentication into two. For web apps integration url is /c/restful/
This commit is contained in:
Paulo Gustavo Veiga
@@ -18,7 +18,11 @@ abstract public class ClientException extends WiseMappingException {
|
||||
String getMsgBundleKey();
|
||||
|
||||
public String getMessage(@NotNull final MessageSource messageSource, final @NotNull Locale locale) {
|
||||
return messageSource.getMessage(this.getMsgBundleKey(), null, locale);
|
||||
return messageSource.getMessage(this.getMsgBundleKey(), this.getMsgBundleArgs(), locale);
|
||||
}
|
||||
|
||||
protected Object[] getMsgBundleArgs(){
|
||||
return null;
|
||||
}
|
||||
|
||||
public Severity getSeverity() {
|
||||
|
||||
@@ -35,4 +35,9 @@ public class MultipleSessionsOpenException
|
||||
protected String getMsgBundleKey() {
|
||||
return MSG_KEY;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Object[] getMsgBundleArgs() {
|
||||
return new String[]{"you"};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,17 +18,15 @@
|
||||
|
||||
package com.wisemapping.exceptions;
|
||||
|
||||
import com.wisemapping.model.Collaborator;
|
||||
import com.wisemapping.model.User;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
|
||||
public class SessionExpiredException
|
||||
extends ClientException {
|
||||
public static final String MSG_KEY = "MINDMAP_TIMESTAMP_OUTDATED";
|
||||
@Nullable
|
||||
private Collaborator lastUpdater;
|
||||
private User lastUpdater;
|
||||
|
||||
public SessionExpiredException(@Nullable Collaborator lastUpdater) {
|
||||
public SessionExpiredException(@NotNull User lastUpdater) {
|
||||
super("Map has been updated by " + (lastUpdater != null ? lastUpdater.getEmail() : ""), Severity.FATAL);
|
||||
this.lastUpdater = lastUpdater;
|
||||
}
|
||||
@@ -38,4 +36,9 @@ public class SessionExpiredException
|
||||
protected String getMsgBundleKey() {
|
||||
return MSG_KEY;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Object[] getMsgBundleArgs() {
|
||||
return new String[]{lastUpdater.getFullName() + "<" + lastUpdater.getEmail() + ">"};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -174,31 +174,30 @@ public class MindmapController extends BaseController {
|
||||
}
|
||||
|
||||
private void verifyLock(@NotNull Mindmap mindmap, @NotNull User user, long session, long timestamp) throws WiseMappingException {
|
||||
throw new SessionExpiredException(user);
|
||||
|
||||
// // The lock was lost, reclaim as the ownership of it.
|
||||
// final LockManager lockManager = mindmapService.getLockManager();
|
||||
// final boolean lockLost = lockManager.isLocked(mindmap);
|
||||
// if (!lockLost) {
|
||||
// lockManager.lock(mindmap, user, session);
|
||||
// }
|
||||
//
|
||||
// final LockInfo lockInfo = lockManager.getLockInfo(mindmap);
|
||||
// if (lockInfo.getCollaborator().equals(user)) {
|
||||
// final boolean outdated = mindmap.getLastModificationTime().getTimeInMillis() > timestamp;
|
||||
// if (lockInfo.getSession() == session) {
|
||||
// // Timestamp might not be returned to the client. This try to cover this case, ignoring the client timestamp check.
|
||||
// final User lastEditor = mindmap.getLastEditor();
|
||||
// if (outdated && (lockInfo.getPreviousTimestamp() != timestamp || lastEditor == null || !lastEditor.equals(user))) {
|
||||
// throw new SessionExpiredException(lastEditor);
|
||||
// }
|
||||
// } else if (outdated) {
|
||||
// throw new MultipleSessionsOpenException("The map has been updated and not by you. Session lost.");
|
||||
// }
|
||||
// } else {
|
||||
// throw new SessionExpiredException(lockInfo.getCollaborator());
|
||||
//
|
||||
// }
|
||||
// The lock was lost, reclaim as the ownership of it.
|
||||
final LockManager lockManager = mindmapService.getLockManager();
|
||||
final boolean lockLost = lockManager.isLocked(mindmap);
|
||||
if (!lockLost) {
|
||||
lockManager.lock(mindmap, user, session);
|
||||
}
|
||||
|
||||
final LockInfo lockInfo = lockManager.getLockInfo(mindmap);
|
||||
if (lockInfo.getUser().equals(user)) {
|
||||
final boolean outdated = mindmap.getLastModificationTime().getTimeInMillis() > timestamp;
|
||||
if (lockInfo.getSession() == session) {
|
||||
// Timestamp might not be returned to the client. This try to cover this case, ignoring the client timestamp check.
|
||||
final User lastEditor = mindmap.getLastEditor();
|
||||
if (outdated && (lockInfo.getPreviousTimestamp() != timestamp || lastEditor == null || !lastEditor.equals(user))) {
|
||||
throw new SessionExpiredException(lastEditor);
|
||||
}
|
||||
} else if (outdated) {
|
||||
throw new MultipleSessionsOpenException("The map has been updated and not by you. Session lost.");
|
||||
}
|
||||
} else {
|
||||
throw new SessionExpiredException(lockInfo.getUser());
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -20,10 +20,8 @@ package com.wisemapping.rest.model;
|
||||
|
||||
|
||||
import com.wisemapping.model.Collaborator;
|
||||
import com.wisemapping.model.User;
|
||||
import com.wisemapping.service.LockInfo;
|
||||
import org.codehaus.jackson.annotate.JsonAutoDetect;
|
||||
import org.codehaus.jackson.annotate.JsonIgnore;
|
||||
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
@@ -31,9 +29,6 @@ import org.jetbrains.annotations.Nullable;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import java.util.Calendar;
|
||||
import java.util.Date;
|
||||
import java.util.Set;
|
||||
|
||||
@XmlRootElement(name = "lock")
|
||||
@XmlAccessorType(XmlAccessType.PROPERTY)
|
||||
@@ -73,7 +68,7 @@ public class RestLockInfo {
|
||||
}
|
||||
|
||||
public boolean isLockedByMe() {
|
||||
return isLocked() && lockInfo != null && lockInfo.getCollaborator().equals(user);
|
||||
return isLocked() && lockInfo != null && lockInfo.getUser().equals(user);
|
||||
}
|
||||
|
||||
public void setLockedByMe(boolean lockedForMe) {
|
||||
|
||||
@@ -0,0 +1,43 @@
|
||||
package com.wisemapping.security;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||
import org.springframework.security.web.savedrequest.RequestCache;
|
||||
import org.springframework.security.web.savedrequest.SavedRequest;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
|
||||
public class AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
|
||||
private RequestCache cache;
|
||||
|
||||
public AuthenticationSuccessHandler() {
|
||||
cache = new HttpSessionRequestCache();
|
||||
this.setRequestCache(cache);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
|
||||
|
||||
SavedRequest savedRequest = cache.getRequest(request, response);
|
||||
if (savedRequest!=null && savedRequest.getRedirectUrl().contains("c/restful")) {
|
||||
cache.removeRequest(request,response);
|
||||
}
|
||||
super.onAuthenticationSuccess(request, response, authentication);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
|
||||
String url = super.determineTargetUrl(request, response);
|
||||
// Prevent redirecting to rest services on login ...
|
||||
if (url.contains("c/restful")) {
|
||||
url = this.getDefaultTargetUrl();
|
||||
}
|
||||
return url;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -18,28 +18,28 @@
|
||||
|
||||
package com.wisemapping.service;
|
||||
|
||||
import com.wisemapping.model.Collaborator;
|
||||
import com.wisemapping.model.Mindmap;
|
||||
import com.wisemapping.model.User;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
|
||||
import java.util.Calendar;
|
||||
|
||||
public class LockInfo {
|
||||
final private Collaborator collaborator;
|
||||
final private User user;
|
||||
private Calendar timeout;
|
||||
private long session;
|
||||
private static int EXPIRATION_MIN = 30;
|
||||
private long timestamp = -1;
|
||||
private long previousTimestamp;
|
||||
|
||||
public LockInfo(@NotNull Collaborator collaborator, @NotNull Mindmap mindmap, long session) {
|
||||
this.collaborator = collaborator;
|
||||
public LockInfo(@NotNull User user, @NotNull Mindmap mindmap, long session) {
|
||||
this.user = user;
|
||||
this.updateTimeout();
|
||||
this.updateTimestamp(mindmap);
|
||||
}
|
||||
|
||||
public Collaborator getCollaborator() {
|
||||
return collaborator;
|
||||
public User getUser() {
|
||||
return user;
|
||||
}
|
||||
|
||||
public boolean isExpired() {
|
||||
|
||||
@@ -19,10 +19,8 @@
|
||||
package com.wisemapping.service;
|
||||
|
||||
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
||||
import com.wisemapping.exceptions.ClientException;
|
||||
import com.wisemapping.exceptions.LockException;
|
||||
import com.wisemapping.exceptions.WiseMappingException;
|
||||
import com.wisemapping.model.Collaborator;
|
||||
import com.wisemapping.model.Mindmap;
|
||||
import com.wisemapping.model.User;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
@@ -32,13 +30,13 @@ public interface LockManager {
|
||||
|
||||
LockInfo getLockInfo(@NotNull Mindmap mindmap);
|
||||
|
||||
LockInfo updateExpirationTimeout(@NotNull Mindmap mindmap, @NotNull Collaborator user,long session);
|
||||
LockInfo updateExpirationTimeout(@NotNull Mindmap mindmap, @NotNull User user,long session);
|
||||
|
||||
void unlock(@NotNull Mindmap mindmap, @NotNull Collaborator user) throws LockException, AccessDeniedSecurityException;
|
||||
void unlock(@NotNull Mindmap mindmap, @NotNull User user) throws LockException, AccessDeniedSecurityException;
|
||||
|
||||
boolean isLockedBy(@NotNull Mindmap mindmap, @NotNull Collaborator collaborator);
|
||||
boolean isLockedBy(@NotNull Mindmap mindmap, @NotNull User collaborator);
|
||||
|
||||
LockInfo lock(@NotNull Mindmap mindmap, @NotNull Collaborator user, long session) throws WiseMappingException;
|
||||
LockInfo lock(@NotNull Mindmap mindmap, @NotNull User user, long session) throws WiseMappingException;
|
||||
|
||||
long generateSession();
|
||||
}
|
||||
|
||||
@@ -22,8 +22,8 @@ import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
||||
import com.wisemapping.exceptions.LockException;
|
||||
import com.wisemapping.exceptions.WiseMappingException;
|
||||
import com.wisemapping.model.CollaborationRole;
|
||||
import com.wisemapping.model.Collaborator;
|
||||
import com.wisemapping.model.Mindmap;
|
||||
import com.wisemapping.model.User;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
|
||||
@@ -63,25 +63,25 @@ class LockManagerImpl implements LockManager {
|
||||
}
|
||||
|
||||
@Override
|
||||
public LockInfo updateExpirationTimeout(@NotNull Mindmap mindmap, @NotNull Collaborator user, long session) {
|
||||
public LockInfo updateExpirationTimeout(@NotNull Mindmap mindmap, @NotNull User user, long session) {
|
||||
if (!this.isLocked(mindmap)) {
|
||||
throw new IllegalStateException("Lock lost for map. No update possible.");
|
||||
}
|
||||
|
||||
final LockInfo result = this.getLockInfo(mindmap);
|
||||
if (!result.getCollaborator().equals(user)) {
|
||||
throw new IllegalStateException("Could not update map lock timeout if you are not the locking user. User:" + result.getCollaborator() + ", " + user);
|
||||
if (!result.getUser().equals(user)) {
|
||||
throw new IllegalStateException("Could not update map lock timeout if you are not the locking user. User:" + result.getUser() + ", " + user);
|
||||
}
|
||||
|
||||
result.updateTimeout();
|
||||
result.setSession(session);
|
||||
result.updateTimestamp(mindmap);
|
||||
logger.debug("Timeout updated for:" + mindmap.getId());
|
||||
// logger.debug("Timeout updated for:" + mindmap.getId());
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void unlock(@NotNull Mindmap mindmap, @NotNull Collaborator user) throws LockException, AccessDeniedSecurityException {
|
||||
public void unlock(@NotNull Mindmap mindmap, @NotNull User user) throws LockException, AccessDeniedSecurityException {
|
||||
if (isLocked(mindmap) && !isLockedBy(mindmap, user)) {
|
||||
throw new LockException("Lock can be only revoked by the locker.");
|
||||
}
|
||||
@@ -99,10 +99,10 @@ class LockManagerImpl implements LockManager {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isLockedBy(@NotNull Mindmap mindmap, @NotNull Collaborator collaborator) {
|
||||
public boolean isLockedBy(@NotNull Mindmap mindmap, @NotNull User collaborator) {
|
||||
boolean result = false;
|
||||
final LockInfo lockInfo = this.getLockInfo(mindmap);
|
||||
if (lockInfo != null && lockInfo.getCollaborator().equals(collaborator)) {
|
||||
if (lockInfo != null && lockInfo.getUser().equals(collaborator)) {
|
||||
result = true;
|
||||
}
|
||||
return result;
|
||||
@@ -110,7 +110,7 @@ class LockManagerImpl implements LockManager {
|
||||
|
||||
@Override
|
||||
@NotNull
|
||||
public LockInfo lock(@NotNull Mindmap mindmap, @NotNull Collaborator user, long session) throws WiseMappingException {
|
||||
public LockInfo lock(@NotNull Mindmap mindmap, @NotNull User user, long session) throws WiseMappingException {
|
||||
if (isLocked(mindmap) && !isLockedBy(mindmap, user)) {
|
||||
throw new LockException("Invalid lock, this should not happen");
|
||||
}
|
||||
|
||||
@@ -16,9 +16,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package com.wisemapping.ncontroller;
|
||||
package com.wisemapping.webmvc;
|
||||
|
||||
import com.wisemapping.model.Mindmap;
|
||||
import com.wisemapping.service.MindmapService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
@@ -26,8 +25,6 @@ import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@Controller
|
||||
public class ExtensionsController {
|
||||
@Qualifier("mindmapService")
|
||||
@@ -16,7 +16,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package com.wisemapping.ncontroller;
|
||||
package com.wisemapping.webmvc;
|
||||
|
||||
import com.wisemapping.model.User;
|
||||
import com.wisemapping.security.Utils;
|
||||
@@ -26,8 +26,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
@Controller
|
||||
public class LoginController {
|
||||
|
||||
@@ -16,11 +16,9 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package com.wisemapping.ncontroller;
|
||||
package com.wisemapping.webmvc;
|
||||
|
||||
|
||||
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
||||
import com.wisemapping.exceptions.LockException;
|
||||
import com.wisemapping.exceptions.WiseMappingException;
|
||||
import com.wisemapping.model.CollaborationRole;
|
||||
import com.wisemapping.model.Mindmap;
|
||||
@@ -16,7 +16,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package com.wisemapping.ncontroller;
|
||||
package com.wisemapping.webmvc;
|
||||
|
||||
import com.wisemapping.service.MindmapService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -16,7 +16,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package com.wisemapping.ncontroller;
|
||||
package com.wisemapping.webmvc;
|
||||
|
||||
|
||||
import com.wisemapping.validator.Messages;
|
||||
Reference in New Issue
Block a user