Author: echatellier Date: 2014-06-12 15:32:28 +0200 (Thu, 12 Jun 2014) New Revision: 197 Url: http://forge.codelutin.com/projects/faxtomail/repository/revisions/197 Log: Autorisation d'acces ?\195?\160 la partie admin suivant le groupe d?\195?\169fini dans la config Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailActionSupport.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailInterceptor.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailSession.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/IndexAction.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/LoginAction.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ConfigurationAction.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ImportAction.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/LdapAction.java trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/UserFolderAction.java trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/index.jsp trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/login-input.jsp trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/decorators/layout.jsp Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java =================================================================== --- trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java 2014-06-12 13:32:28 UTC (rev 197) @@ -255,7 +255,11 @@ public String getLdapBaseDn() { return applicationConfig.getOption(FaxToMailConfigurationOption.LDAP_BASEDN.getKey()); } - + + public String getLdapAdminGroup() { + return applicationConfig.getOption(FaxToMailConfigurationOption.LDAP_ADMIN_GROUP.getKey()); + } + public String getLdapPrincipalDomain() { return applicationConfig.getOption(FaxToMailConfigurationOption.LDAP_PRINCIPAL_DOMAIN.getKey()); } Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java =================================================================== --- trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java 2014-06-12 13:32:28 UTC (rev 197) @@ -107,9 +107,13 @@ "faxtomail.ldap.basedn", "Mot de passe pour la connexion au serveur LDAP", "DC=mac-groupe,DC=net", String.class), + LDAP_ADMIN_GROUP( + "faxtomail.ldap.admin.group", + "DN du groupe ldap ayant les autorisations d'accéder à la partie admin de l'interface web", null, String.class), + LDAP_PRINCIPAL_DOMAIN( "faxtomail.ldap.principal.domain", - "Mot de passe pour la connexion au serveur LDAP", "mac-groupe.net", String.class), + "Domaine des principals utilisés par l'authentification kerberos", "mac-groupe.net", String.class), LDAP_TEST_PRINCIPAL( "faxtomail.ldap.test.principal", Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailActionSupport.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailActionSupport.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailActionSupport.java 2014-06-12 13:32:28 UTC (rev 197) @@ -85,6 +85,10 @@ return session.getAuthenticatedFaxToMailUser() != null; } + public boolean isAdmin() { + return session.isAdmin(); + } + public FaxToMailUser getAuthenticatedUser() { return session.getAuthenticatedFaxToMailUser(); } Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailInterceptor.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailInterceptor.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailInterceptor.java 2014-06-12 13:32:28 UTC (rev 197) @@ -38,6 +38,7 @@ import com.franciaflex.faxtomail.FaxToMailConfiguration; import com.franciaflex.faxtomail.persistence.entities.FaxToMailTopiaPersistenceContext; import com.franciaflex.faxtomail.persistence.entities.FaxToMailUser; +import com.franciaflex.faxtomail.persistence.entities.FaxToMailUserGroup; import com.franciaflex.faxtomail.services.FaxToMailService; import com.franciaflex.faxtomail.services.FaxToMailServiceContext; import com.franciaflex.faxtomail.services.service.LdapService; @@ -63,7 +64,6 @@ @Override public String intercept(ActionInvocation invocation) throws Exception { - Object action = invocation.getAction(); if (action instanceof FaxToMailActionSupport) { @@ -140,8 +140,17 @@ LdapService ldapService = serviceContext.newService(LdapService.class); FaxToMailUser user = ldapService.getUserBean(faxToMailSession.getAuthenticatedUserId()); faxToMailSession.setAuthenticatedFaxToMailUser(user); + + // test si l'utilisateur est admin + String adminGroup = serviceContext.getApplicationConfig().getLdapAdminGroup(); + if (StringUtils.isNotBlank(adminGroup) && user.getUserGroups() != null) { + for (FaxToMailUserGroup group : user.getUserGroups()) { + if (adminGroup.equals(group.getFullPath())) { + faxToMailSession.setAdmin(true); + } + } + } } - } protected void saveLastAction(ActionInvocation invocation) { Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailSession.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailSession.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/FaxToMailSession.java 2014-06-12 13:32:28 UTC (rev 197) @@ -41,6 +41,8 @@ protected String authenticatedUserId; protected transient FaxToMailUser authenticatedFaxToMailUser; + + protected transient boolean admin; public Collection<String> getMessages() { if (messages == null) { @@ -84,4 +86,12 @@ setAuthenticatedUserId(null); setAuthenticatedFaxToMailUser(null); } + + public boolean isAdmin() { + return admin; + } + + public void setAdmin(boolean admin) { + this.admin = admin; + } } Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/IndexAction.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/IndexAction.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/IndexAction.java 2014-06-12 13:32:28 UTC (rev 197) @@ -32,8 +32,9 @@ import org.apache.struts2.convention.annotation.InterceptorRefs; @InterceptorRefs({ + @InterceptorRef("faxToMailInterceptor"), @InterceptorRef("loginInterceptor"), - @InterceptorRef("faxToMailStack") + @InterceptorRef("paramsPrepareParamsStack") }) public class IndexAction extends FaxToMailActionSupport { Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/LoginAction.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/LoginAction.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/LoginAction.java 2014-06-12 13:32:28 UTC (rev 197) @@ -64,7 +64,7 @@ @Override @Action(results = { - @Result(type = "redirectAction", params = {"actionName", "configuration-input", "namespace", "/admin"})}) + @Result(type = "redirectAction", params = {"actionName", "index", "namespace", "/"})}) public String execute() { String result = SUCCESS; Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ConfigurationAction.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ConfigurationAction.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ConfigurationAction.java 2014-06-12 13:32:28 UTC (rev 197) @@ -30,6 +30,7 @@ import java.util.Map; import com.franciaflex.faxtomail.persistence.entities.MailField; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.struts2.convention.annotation.Action; @@ -59,8 +60,9 @@ * @since x.x */ @InterceptorRefs({ + @InterceptorRef("faxToMailInterceptor"), @InterceptorRef("loginInterceptor"), - @InterceptorRef("faxToMailStack") + @InterceptorRef("paramsPrepareParamsStack") }) public class ConfigurationAction extends FaxToMailActionSupport implements Preparable { @@ -94,7 +96,10 @@ @Override public void prepare() throws Exception { - + // check authorization + if (!getSession().isAdmin()) { + throw new RuntimeException("Not authorized"); + } } @Override Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ImportAction.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ImportAction.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/ImportAction.java 2014-06-12 13:32:28 UTC (rev 197) @@ -37,12 +37,14 @@ import com.franciaflex.faxtomail.services.service.ReferentielService; import com.franciaflex.faxtomail.web.FaxToMailActionSupport; +import com.opensymphony.xwork2.Preparable; @InterceptorRefs({ + @InterceptorRef("faxToMailInterceptor"), @InterceptorRef("loginInterceptor"), - @InterceptorRef("faxToMailStack") + @InterceptorRef("paramsPrepareParamsStack") }) -public class ImportAction extends FaxToMailActionSupport { +public class ImportAction extends FaxToMailActionSupport implements Preparable { private static final Log log = LogFactory.getLog(ImportAction.class); @@ -79,6 +81,14 @@ } @Override + public void prepare() throws Exception { + // check authorization + if (!getSession().isAdmin()) { + throw new RuntimeException("Not authorized"); + } + } + + @Override @Action("import-input") public String input() throws Exception { return INPUT; Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/LdapAction.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/LdapAction.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/LdapAction.java 2014-06-12 13:32:28 UTC (rev 197) @@ -33,12 +33,14 @@ import com.franciaflex.faxtomail.services.service.LdapService; import com.franciaflex.faxtomail.web.FaxToMailActionSupport; +import com.opensymphony.xwork2.Preparable; @InterceptorRefs({ + @InterceptorRef("faxToMailInterceptor"), @InterceptorRef("loginInterceptor"), - @InterceptorRef("faxToMailStack") + @InterceptorRef("paramsPrepareParamsStack") }) -public class LdapAction extends FaxToMailActionSupport { +public class LdapAction extends FaxToMailActionSupport implements Preparable { private static final Log log = LogFactory.getLog(LdapAction.class); @@ -49,6 +51,14 @@ } @Override + public void prepare() throws Exception { + // check authorization + if (!getSession().isAdmin()) { + throw new RuntimeException("Not authorized"); + } + } + + @Override @Action("ldap-input") public String input() throws Exception { return INPUT; Modified: trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/UserFolderAction.java =================================================================== --- trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/UserFolderAction.java 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/java/com/franciaflex/faxtomail/web/action/admin/UserFolderAction.java 2014-06-12 13:32:28 UTC (rev 197) @@ -44,10 +44,12 @@ import com.franciaflex.faxtomail.services.service.MailFolderService; import com.franciaflex.faxtomail.web.FaxToMailActionSupport; import com.google.gson.reflect.TypeToken; +import com.opensymphony.xwork2.Preparable; @InterceptorRefs({ + @InterceptorRef("faxToMailInterceptor"), @InterceptorRef("loginInterceptor"), - @InterceptorRef("faxToMailStack") + @InterceptorRef("paramsPrepareParamsStack") }) public class UserFolderAction extends FaxToMailActionSupport { Modified: trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/index.jsp =================================================================== --- trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/index.jsp 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/index.jsp 2014-06-12 13:32:28 UTC (rev 197) @@ -33,12 +33,14 @@ <h1 class="page-header">Administration FaxToMail</h1> <ul> - <li><a href="<s:url action='ldap-input' namespace="/admin" />"> - <span class="fa fa-database"></span> Ldap</a></li> - <li><a href="<s:url action='configuration-input' namespace="/admin" />"> - <span class="fa fa-cog"></span> Configuration</a></li> - <li><a href="<s:url action='import-input' namespace="/admin" />"> - <span class="fa fa-upload"></span> Import</a></li> + <s:if test="admin"> + <li><a href="<s:url action='ldap-input' namespace="/admin" />"> + <span class="fa fa-database"></span> Ldap</a></li> + <li><a href="<s:url action='configuration-input' namespace="/admin" />"> + <span class="fa fa-cog"></span> Configuration</a></li> + <li><a href="<s:url action='import-input' namespace="/admin" />"> + <span class="fa fa-upload"></span> Import</a></li> + </s:if> <li><a href="<s:url action='user-folder-input' namespace="/admin" />"> <span class="fa fa-folder-open"></span> Dossiers utilisateur</a></li> </ul> Modified: trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/login-input.jsp =================================================================== --- trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/login-input.jsp 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/content/login-input.jsp 2014-06-12 13:32:28 UTC (rev 197) @@ -40,7 +40,7 @@ <div class="form-group"> <label for="loginField" class="col-sm-2 control-label">Identifiant LDAP :</label> <div class="col-sm-10"> - <input type="text" name="login" class="form-control" id="loginField" placeholder="nom.prenom@franciaflex.fr" required> + <input type="text" name="login" class="form-control" id="loginField" placeholder="ex: dupont" required> </div> </div> <div class="form-group"> Modified: trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/decorators/layout.jsp =================================================================== --- trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/decorators/layout.jsp 2014-06-12 12:33:22 UTC (rev 196) +++ trunk/faxtomail-ui-web/src/main/webapp/WEB-INF/decorators/layout.jsp 2014-06-12 13:32:28 UTC (rev 197) @@ -55,12 +55,16 @@ <s:if test="authenticated"> <nav class="collapse navbar-collapse" role="navigation"> <ul class="nav navbar-nav"> - <li><a href="<s:url action='ldap-input' namespace="/admin" />"> - <span class="fa fa-database"></span> Ldap</a></li> - <li><a href="<s:url action='configuration-input' namespace="/admin" />"> - <span class="fa fa-cog"></span> Configuration</a></li> - <li><a href="<s:url action='import-input' namespace="/admin" />"> - <span class="fa fa-upload"></span> Import</a></li> + + <s:if test="admin"> + <li><a href="<s:url action='ldap-input' namespace="/admin" />"> + <span class="fa fa-database"></span> Ldap</a></li> + <li><a href="<s:url action='configuration-input' namespace="/admin" />"> + <span class="fa fa-cog"></span> Configuration</a></li> + <li><a href="<s:url action='import-input' namespace="/admin" />"> + <span class="fa fa-upload"></span> Import</a></li> + </s:if> + <li><a href="<s:url action='user-folder-input' namespace="/admin" />"> <span class="fa fa-folder-open"></span> Dossiers utilisateur</a></li> </ul>