View Javadoc
1   package org.argeo.cms.e4.addons;
2   
3   import java.security.AccessController;
4   import java.util.Iterator;
5   
6   import javax.annotation.PostConstruct;
7   import javax.security.auth.Subject;
8   import javax.servlet.http.HttpServletRequest;
9   
10  import org.apache.commons.logging.Log;
11  import org.apache.commons.logging.LogFactory;
12  import org.argeo.cms.CmsException;
13  import org.argeo.cms.auth.CurrentUser;
14  import org.eclipse.e4.ui.model.application.MApplication;
15  import org.eclipse.e4.ui.model.application.ui.MElementContainer;
16  import org.eclipse.e4.ui.model.application.ui.MUIElement;
17  import org.eclipse.e4.ui.model.application.ui.basic.MTrimBar;
18  import org.eclipse.e4.ui.model.application.ui.basic.MTrimmedWindow;
19  import org.eclipse.e4.ui.model.application.ui.basic.MWindow;
20  
21  public class AuthAddon {
22  	private final static Log log = LogFactory.getLog(AuthAddon.class);
23  
24  	public final static String AUTH = "auth.";
25  
26  	@PostConstruct
27  	void init(MApplication application) {
28  		Iterator<MWindow> windows = application.getChildren().iterator();
29  		boolean atLeastOneTopLevelWindowVisible = false;
30  		windows: while (windows.hasNext()) {
31  			MWindow window = windows.next();
32  			// main window
33  			boolean windowVisible = process(window);
34  			if (!windowVisible) {
35  //				windows.remove();
36  				continue windows;
37  			}
38  			atLeastOneTopLevelWindowVisible = true;
39  			// trim bars
40  			if (window instanceof MTrimmedWindow) {
41  				Iterator<MTrimBar> trimBars = ((MTrimmedWindow) window).getTrimBars().iterator();
42  				while (trimBars.hasNext()) {
43  					MTrimBar trimBar = trimBars.next();
44  					if (!process(trimBar)) {
45  						trimBars.remove();
46  					}
47  				}
48  			}
49  		}
50  
51  		if (!atLeastOneTopLevelWindowVisible) {
52  			log.warn("No top-level window is authorized for user " + CurrentUser.getUsername() + ", logging out..");
53  			logout();
54  		}
55  	}
56  
57  	protected boolean process(MUIElement element) {
58  		for (String tag : element.getTags()) {
59  			if (tag.startsWith(AUTH)) {
60  				String role = tag.substring(AUTH.length(), tag.length());
61  				if (!CurrentUser.isInRole(role)) {
62  					element.setVisible(false);
63  					element.setToBeRendered(false);
64  					return false;
65  				}
66  			}
67  		}
68  
69  		// children
70  		if (element instanceof MElementContainer) {
71  			@SuppressWarnings("unchecked")
72  			MElementContainer<? extends MUIElement> container = (MElementContainer<? extends MUIElement>) element;
73  			Iterator<? extends MUIElement> children = container.getChildren().iterator();
74  			while (children.hasNext()) {
75  				MUIElement child = children.next();
76  				boolean visible = process(child);
77  				if (!visible)
78  					children.remove();
79  			}
80  
81  			for (Object child : container.getChildren()) {
82  				if (child instanceof MUIElement) {
83  					boolean visible = process((MUIElement) child);
84  					if (!visible)
85  						container.getChildren().remove(child);
86  				}
87  			}
88  		}
89  
90  		return true;
91  	}
92  
93  	protected void logout() {
94  		Subject subject = Subject.getSubject(AccessController.getContext());
95  		try {
96  			CurrentUser.logoutCmsSession(subject);
97  		} catch (Exception e) {
98  			throw new CmsException("Cannot log out", e);
99  		}
100 		HttpServletRequest request = org.argeo.eclipse.ui.specific.UiContext.getHttpRequest();
101 		if (request != null)
102 			request.getSession().setMaxInactiveInterval(0);
103 	}
104 
105 }