[Nuiton-web-commits] r256 - in trunk/nuiton-security/src/main: java/org/nuiton/web/security resources resources/WEB-INF/security

Author: echatellier Date: 2013-03-19 18:14:04 +0100 (Tue, 19 Mar 2013) New Revision: 256 Url: http://nuiton.org/projects/nuiton-web/repository/revisions/256 Log: Correction de l'?\195?\169tat 'connect?\195?\169' de l'utilisateur annonyme. Added: trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaWebSubject.java Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp trunk/nuiton-security/src/main/resources/struts.xml Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2012 CodeLutin, Chatellier Eric + * Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as @@ -52,6 +52,11 @@ import org.nuiton.util.config.ApplicationConfig; import org.nuiton.web.SecurityDAOHelper; +/** + * Servlet filter used to filter requested url. + * + * @author Eric Chatellier + */ public class SecurityShiroFilter extends AbstractShiroFilter { private static final Log log = LogFactory.getLog(SecurityShiroFilter.class); @@ -151,6 +156,19 @@ log.debug("User is permitted to access " + perm); } + // on peu demander explicitement la page de login + // dans ca cas, il faut sauvegarder la page d'avant comme url + // de retour (seulement s'il n'y a pas deja une valeur de retour) + Session session = subjectUser.getSession(); + if (uri.equals(config.getOption("topia.security.loginurl"))) { + if (session.getAttribute(SESSION_SAVED_URL) == null) { + String referrer = httpServletRequest.getHeader("referer"); + session.setAttribute(SESSION_SAVED_URL, referrer); + } + } else { + session.removeAttribute(SESSION_SAVED_URL); + } + // on devrait appeler simplement super.doFilterInternal(servletRequest, servletResponse, chain); // mais on ne peut pas car il recreer un nouveau Subject // et n'utilise pas le notre :( Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecuritySubjectFactory.java 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2012 CodeLutin, Chatellier Eric + * Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as @@ -34,8 +34,12 @@ import org.apache.shiro.subject.SubjectContext; import org.apache.shiro.web.mgt.DefaultWebSubjectFactory; import org.apache.shiro.web.subject.WebSubjectContext; -import org.apache.shiro.web.subject.support.WebDelegatingSubject; +/** + * Redefine subject factory method to instanciate {@link TopiaWebSubject}. + * + * @author Eric Chatellier + */ public class SecuritySubjectFactory extends DefaultWebSubjectFactory { @Override @@ -50,16 +54,11 @@ PrincipalCollection principals = wsc.resolvePrincipals(); boolean authenticated = wsc.resolveAuthenticated(); - // dans le cas du module securité, on va dire que non - if (authenticated && SecurityShiroFilter.ANON_LOGIN.equals(principals.getPrimaryPrincipal())) { - authenticated = false; - } - String host = wsc.resolveHost(); ServletRequest request = wsc.resolveServletRequest(); ServletResponse response = wsc.resolveServletResponse(); - return new WebDelegatingSubject(principals, authenticated, host, session, sessionEnabled, + return new TopiaWebSubject(principals, authenticated, host, session, sessionEnabled, request, response, securityManager); } } Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2012 CodeLutin, Chatellier Eric + * Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as @@ -24,6 +24,11 @@ package org.nuiton.web.security; +/** + * Security related utils method. + * + * @author Eric Chatellier + */ public class SecurityUtil { /** Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2012 CodeLutin, Chatellier Eric + * Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as @@ -46,6 +46,11 @@ import org.nuiton.util.StringUtil; import org.nuiton.web.SecurityDAOHelper; +/** + * Topia shiro realm finding user in database. + * + * @author Eric Chatellier + */ public class TopiaSecurityRealm extends AuthorizingRealm implements CredentialsMatcher { private static final Log log = LogFactory.getLog(TopiaSecurityRealm.class); Added: trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaWebSubject.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaWebSubject.java (rev 0) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaWebSubject.java 2013-03-19 17:14:04 UTC (rev 256) @@ -0,0 +1,54 @@ +/* + * #%L + * Nuiton Web :: Nuiton Security + * $Id$ + * $HeadURL$ + * %% + * Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + */ +package org.nuiton.web.security; + +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + +import org.apache.shiro.mgt.SecurityManager; +import org.apache.shiro.session.Session; +import org.apache.shiro.subject.PrincipalCollection; +import org.apache.shiro.web.subject.support.WebDelegatingSubject; + +/** + * Classe redefinie pour surcharger la methode {@code isAuthenticated()} + * car la methode login() la passe obligatoirement a {@code true}. + * + * @author Eric Chatellier + */ +public class TopiaWebSubject extends WebDelegatingSubject { + + public TopiaWebSubject(PrincipalCollection principals, boolean authenticated, + String host, Session session, boolean sessionEnabled, + ServletRequest request, ServletResponse response, + SecurityManager securityManager) { + super(principals, authenticated, host, session, sessionEnabled, request, response, securityManager); + } + + @Override + public boolean isAuthenticated() { + boolean result = super.isAuthenticated() && !SecurityShiroFilter.ANON_LOGIN.equals(principals.getPrimaryPrincipal()); + return result; + } +} Property changes on: trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaWebSubject.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision HeadURL Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/login.jsp 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric %% This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/role-permissions.jsp 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric %% This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as @@ -42,21 +42,23 @@ <input type="hidden" name="roleIds" value="<s:property value="topiaId" />" /> </s:iterator> <table class="security-table"> - <tr> - <td class="security-empty" /> - <s:iterator value="roles"> - <td><a href="<s:url action='role!input' namespace='/security'> - <s:param name="roleId"><s:property value="topiaId" /></s:param> - </s:url>"> - <s:property value="name" /> - </a></td> - </s:iterator> - </tr> <s:iterator value="categories.keys" var="category"> <s:set name="categoryName" value="categories.get(#category)" /> <tr> <th colspan="<s:property value="roles.size() + 1" />"><s:property value="#categoryName" /></th> </tr> + + <tr class="security-roles"> + <td class="security-empty" /> + <s:iterator value="roles"> + <td><a href="<s:url action='role!input' namespace='/security'> + <s:param name="roleId"><s:property value="topiaId" /></s:param> + </s:url>"> + <s:property value="name" /> + </a></td> + </s:iterator> + </tr> + <s:iterator value="categoryPermissions.get(#category)" var="categoryPermission"> <s:set name="permissionName" value="permissions.get(#categoryPermission)" /> <tr> Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/role.jsp 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric %% This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/user-roles.jsp 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric %% This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as @@ -39,13 +39,13 @@ <form action="<s:url action="user-roles" namespace="/security" />" method="post" class="security-form"> <table class="security-table"> <tr> - <td colspan="2" class="security-empty"/> + <td class="security-empty"/> <s:if test="!roles.empty"> <th colspan="<s:property value="roles.size()" />">Rôles</th> </s:if> </tr> <tr> - <td colspan="2" class="security-empty"/> + <th class="vertical">Utilisateurs</th> <s:iterator value="roles"> <td> <a href="<s:url action='role!input' namespace='/security'> @@ -59,9 +59,6 @@ <s:iterator value="users" var="user" status="userStatus"> <input type="hidden" name="userIds" value="<s:property value="topiaId" />" /> <tr> - <s:if test="#userStatus.first"> - <th rowspan="<s:property value="users.size()" />" class="vertical">Utilisateurs</th> - </s:if> <td> <s:if test="login == @org.nuiton.web.security.SecurityShiroFilter@ANON_LOGIN"> <s:property value="login" /> Modified: trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp =================================================================== --- trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/resources/WEB-INF/security/user.jsp 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric %% This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as Modified: trunk/nuiton-security/src/main/resources/struts.xml =================================================================== --- trunk/nuiton-security/src/main/resources/struts.xml 2013-03-18 10:55:58 UTC (rev 255) +++ trunk/nuiton-security/src/main/resources/struts.xml 2013-03-19 17:14:04 UTC (rev 256) @@ -4,7 +4,7 @@ $Id:$ $HeadURL:$ %% - Copyright (C) 2012 CodeLutin, Chatellier Eric + Copyright (C) 2012, 2013 CodeLutin, Chatellier Eric %% This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as @@ -27,7 +27,7 @@ <struts> <package name="org.nuiton.web.secu.actions" namespace="/security" extends="struts-default"> - <default-action-ref name="user-roles"/> + <default-action-ref name="user-roles"/> <action name="user-roles" class="org.nuiton.web.security.actions.UserRolesAction"> <result name="input">/WEB-INF/security/user-roles.jsp</result>