1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.web.security;
35
36 import fr.paris.lutece.plugins.mylutece.service.MyLuteceResourceIdService;
37 import fr.paris.lutece.plugins.mylutece.service.security.AuthenticationFilterService;
38 import fr.paris.lutece.portal.business.rbac.RBAC;
39 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
40 import fr.paris.lutece.portal.service.datastore.DatastoreService;
41 import fr.paris.lutece.portal.service.message.AdminMessage;
42 import fr.paris.lutece.portal.service.message.AdminMessageService;
43 import fr.paris.lutece.portal.service.rbac.RBACService;
44 import fr.paris.lutece.portal.service.security.SecurityService;
45 import fr.paris.lutece.portal.service.template.AppTemplateService;
46 import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
47 import fr.paris.lutece.portal.web.constants.Messages;
48 import fr.paris.lutece.util.ReferenceItem;
49 import fr.paris.lutece.util.html.HtmlTemplate;
50 import fr.paris.lutece.util.url.UrlItem;
51
52 import org.apache.commons.lang3.StringUtils;
53
54 import java.util.Map;
55
56 import javax.servlet.http.HttpServletRequest;
57
58
59
60
61
62
63 public class AuthenticationFilterJspBean extends AdminFeaturesPageJspBean
64 {
65
66
67
68 public static final String RIGHT_MANAGE_AUTHENTICATION_FILTER = "MYLUTECE_MANAGE_AUTHENTICATION_FILTER";
69 private static final long serialVersionUID = -669562727518395523L;
70
71
72 private static final String PARAMETER_CANCEL = "cancel";
73 private static final String PARAMETER_PUBLIC_URL_CODE = "public_url_code";
74 private static final String PARAMETER_PUBLIC_URL_VALUE = "public_url_value";
75
76
77 private static final String JSP_MANAGE_AUTHENTICATION_FILTER = "ManageAuthenticationFilter.jsp";
78 private static final String JSP_DO_REMOVE_PUBLIC_URL = "jsp/admin/plugins/mylutece/security/DoRemovePublicUrl.jsp";
79 private static final String JSP_DO_CHANGE_USER_AUTHENTICATION_REQUIRED = "jsp/admin/plugins/mylutece/security/DoChangeUseAuthenticationRequired.jsp";
80
81
82 private static final String PROPERTY_MANAGE_AUTHENTICATION_FILTER = "mylutece.manage_authentication_filter.pageTitle";
83
84
85 private static final String TEMPLATE_MANAGE_AUTHENTICATION_FILTER = "admin/plugins/mylutece/security/manage_authentication_filter.html";
86
87
88 private static final String MESSAGE_PUBLIC_URL_CODE_ALREADY_EXIST = "mylutece.messagePublicUrlCodeAlreadyExist";
89 private static final String MESSAGE_PUBLIC_URL_CONFIRM_REMOVE = "mylutece.messagePublicUrlConfirmRemove";
90 private static final String MESSAGE_CONFIRM_ENABLE_AUTHENTICATION_REQUIRED = "mylutece.messageConfirmEnableAuthenticationRequired";
91 private static final String MESSAGE_CONFIRM_DISABLE_AUTHENTICATION_REQUIRED = "mylutece.messageConfirmDisableAuthenticationRequired";
92 private static final String CONSTANTE_PORTAL_AUTHENTICATION_REQUIRED = "mylutece.portal.authentication.required";
93
94
95
96
97
98
99
100
101 public String getManageAdvancedParameters( HttpServletRequest request ) throws AccessDeniedException
102 {
103 if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
104 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
105 {
106 throw new AccessDeniedException(
107 "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
108 }
109
110 setPageTitleProperty( PROPERTY_MANAGE_AUTHENTICATION_FILTER );
111
112 Map<String, Object> model = AuthenticationFilterService.getInstance( ).getManageAdvancedParameters( getUser( ), request );
113
114 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_AUTHENTICATION_FILTER, getLocale( ), model );
115
116 return getAdminPage( template.getHtml( ) );
117 }
118
119
120
121
122
123
124
125
126
127
128 public String doCreatePublicUrl( HttpServletRequest request ) throws AccessDeniedException
129 {
130 if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
131 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
132 {
133 throw new AccessDeniedException(
134 "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
135 }
136
137 if ( request.getParameter( PARAMETER_CANCEL ) == null )
138 {
139 ReferenceItem publicUrlData = getPublicUrlData( request );
140 normalizedPublicUrlCode( publicUrlData );
141
142 String strError = StringUtils.EMPTY;
143
144 if ( StringUtils.isBlank( publicUrlData.getCode( ) ) || StringUtils.isBlank( publicUrlData.getName( ) ) )
145 {
146 strError = AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
147 }
148 else
149 if ( DatastoreService.getDataValue( publicUrlData.getCode( ), null ) != null )
150 {
151 strError = AdminMessageService.getMessageUrl( request, MESSAGE_PUBLIC_URL_CODE_ALREADY_EXIST, AdminMessage.TYPE_STOP );
152 }
153
154 if ( !StringUtils.isBlank( strError ) )
155 {
156 return strError;
157 }
158
159
160 DatastoreService.setDataValue( publicUrlData.getCode( ), publicUrlData.getName( ) );
161 }
162
163 return JSP_MANAGE_AUTHENTICATION_FILTER;
164 }
165
166
167
168
169
170
171
172
173
174
175 public String doModifyPublicUrl( HttpServletRequest request ) throws AccessDeniedException
176 {
177 if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
178 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
179 {
180 throw new AccessDeniedException(
181 "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
182 }
183
184 if ( request.getParameter( PARAMETER_CANCEL ) == null )
185 {
186 ReferenceItem publicUrlData = getPublicUrlData( request );
187 normalizedPublicUrlCode( publicUrlData );
188
189 String strError = StringUtils.EMPTY;
190
191 if ( StringUtils.isBlank( publicUrlData.getCode( ) ) || StringUtils.isBlank( publicUrlData.getName( ) )
192 || ( DatastoreService.getDataValue( publicUrlData.getCode( ), null ) == null ) )
193 {
194 strError = AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
195 }
196
197 if ( !StringUtils.isBlank( strError ) )
198 {
199 return strError;
200 }
201
202
203 DatastoreService.setDataValue( publicUrlData.getCode( ), publicUrlData.getName( ) );
204 }
205
206 return JSP_MANAGE_AUTHENTICATION_FILTER;
207 }
208
209
210
211
212
213
214
215
216
217
218 public String getConfirmChangeUseAuthenticationRequired( HttpServletRequest request ) throws AccessDeniedException
219 {
220 if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
221 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
222 {
223 throw new AccessDeniedException(
224 "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
225 }
226
227 String strMessage = SecurityService.getInstance( ).isPortalAuthenticationRequired( ) ? MESSAGE_CONFIRM_DISABLE_AUTHENTICATION_REQUIRED
228 : MESSAGE_CONFIRM_ENABLE_AUTHENTICATION_REQUIRED;
229 UrlItem url = new UrlItem( JSP_DO_CHANGE_USER_AUTHENTICATION_REQUIRED );
230 url.addParameter( PARAMETER_PUBLIC_URL_CODE, request.getParameter( PARAMETER_PUBLIC_URL_CODE ) );
231
232 return AdminMessageService.getMessageUrl( request, strMessage, url.getUrl( ), AdminMessage.TYPE_CONFIRMATION );
233 }
234
235
236
237
238
239
240
241
242
243
244 public String doChangeUseAuthenticationRequired( HttpServletRequest request ) throws AccessDeniedException
245 {
246 if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
247 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
248 {
249 throw new AccessDeniedException(
250 "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
251 }
252
253 if ( request.getParameter( PARAMETER_CANCEL ) == null )
254 {
255
256 DatastoreService.setDataValue( CONSTANTE_PORTAL_AUTHENTICATION_REQUIRED,
257 new Boolean( !SecurityService.getInstance( ).isPortalAuthenticationRequired( ) ).toString( ) );
258 }
259
260 return JSP_MANAGE_AUTHENTICATION_FILTER;
261 }
262
263
264
265
266
267
268
269
270
271
272 public String doRemovePublicUrl( HttpServletRequest request ) throws AccessDeniedException
273 {
274 if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
275 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
276 {
277 throw new AccessDeniedException(
278 "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
279 }
280
281 ReferenceItem publicUrlData = getPublicUrlData( request );
282
283 if ( publicUrlData != null )
284 {
285 normalizedPublicUrlCode( publicUrlData );
286 DatastoreService.removeData( publicUrlData.getCode( ) );
287 }
288
289 return JSP_MANAGE_AUTHENTICATION_FILTER;
290 }
291
292
293
294
295
296
297
298
299 private ReferenceItem getPublicUrlData( HttpServletRequest request )
300 {
301 ReferenceItem publicUrlData = new ReferenceItem( );
302 String strPublicUrlCode = ( request.getParameter( PARAMETER_PUBLIC_URL_CODE ) != null ) ? request.getParameter( PARAMETER_PUBLIC_URL_CODE ).trim( )
303 : null;
304 String strPublicUrlValue = ( request.getParameter( PARAMETER_PUBLIC_URL_VALUE ) != null ) ? request.getParameter( PARAMETER_PUBLIC_URL_VALUE ).trim( )
305 : null;
306 publicUrlData.setCode( strPublicUrlCode );
307 publicUrlData.setName( strPublicUrlValue );
308
309 return publicUrlData;
310 }
311
312
313
314
315
316
317
318
319
320
321 public String getConfirmRemovePublicUrl( HttpServletRequest request ) throws AccessDeniedException
322 {
323 if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
324 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
325 {
326 throw new AccessDeniedException(
327 "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
328 }
329
330 UrlItem url = new UrlItem( JSP_DO_REMOVE_PUBLIC_URL );
331 url.addParameter( PARAMETER_PUBLIC_URL_CODE, request.getParameter( PARAMETER_PUBLIC_URL_CODE ) );
332
333 return AdminMessageService.getMessageUrl( request, MESSAGE_PUBLIC_URL_CONFIRM_REMOVE, url.getUrl( ), AdminMessage.TYPE_CONFIRMATION );
334 }
335
336
337
338
339
340
341
342 private void normalizedPublicUrlCode( ReferenceItem publicUrl )
343 {
344 if ( !StringUtils.isBlank( publicUrl.getCode( ) ) )
345 {
346 String strCode = publicUrl.getCode( );
347 strCode = strCode.replaceAll( " ", "_" );
348 publicUrl.setCode( AuthenticationFilterService.PUBLIC_URL_PREFIX + strCode );
349 }
350 }
351 }