List of usage examples for org.apache.shiro.mgt SecurityManager hasRole
boolean hasRole(PrincipalCollection subjectPrincipal, String roleIdentifier);
From source file:au.org.theark.admin.web.menu.AdminTabProviderImpl.java
License:Open Source License
public ITab createTab(String tabName) { return new ArkMainTab(new Model<String>(tabName)) { private static final long serialVersionUID = -5063032622932238615L; @Override/*from ww w. ja v a2 s . c o m*/ public Panel getPanel(String pid) { // The sub menu(s) for Admin return new AdminSubMenuTab(pid); } public boolean isAccessible() { return true; } public boolean isVisible() { boolean flag = false; SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); // Only a Super Administrator can see the Admin tab/menu if (securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_SUPER_ADMINISTATOR)) { flag = currentUser.isAuthenticated(); } else { flag = false; } return flag; } }; }
From source file:au.org.theark.core.web.component.AbstractContainerPanel.java
License:Open Source License
protected void disableUploadersInDemoMode() { SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (!securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_SUPER_ADMINISTATOR) && Constants.YES.equalsIgnoreCase(iArkCommonService.getDemoMode().getPropertyValue())) { ComponentHierarchyIterator iterrator = this.visitChildren(); while (iterrator.hasNext()) { Component component = iterrator.next(); if (FileUploadField.class.isAssignableFrom(component.getClass())) { component.setEnabled(false); }//from w w w . j a v a 2 s .c om } } }
From source file:au.org.theark.lims.web.component.inventory.form.SiteDetailForm.java
License:Open Source License
@SuppressWarnings("unchecked") private void initStudyPalette() { CompoundPropertyModel<LimsVO> cpm = (CompoundPropertyModel<LimsVO>) containerForm.getModel(); List<Study> studyListForUser = new ArrayList<Study>(0); try {// w w w . j av a 2 s .c om Subject currentUser = SecurityUtils.getSubject(); ArkUser arkUser = iArkCommonService.getArkUser(currentUser.getPrincipal().toString()); ArkUserVO arkUserVo = new ArkUserVO(); arkUserVo.setArkUserEntity(arkUser); Long sessionArkModuleId = (Long) SecurityUtils.getSubject().getSession() .getAttribute(au.org.theark.core.Constants.ARK_MODULE_KEY); ArkModule arkModule = null; arkModule = iArkCommonService.getArkModuleById(sessionArkModuleId); studyListForUser = iArkCommonService.getStudyListForUserAndModule(arkUserVo, arkModule); cpm.getObject().setStudyList(studyListForUser); } catch (EntityNotFoundException e) { log.error(e.getMessage()); } IChoiceRenderer<String> renderer = new ChoiceRenderer<String>("name", "name"); PropertyModel<List<Study>> selectedStudies = new PropertyModel<List<Study>>(cpm, "selectedStudies"); PropertyModel<List<Study>> availableStudies = new PropertyModel<List<Study>>(cpm, "studyList"); studyPalette = new ArkPalette("selectedStudies", selectedStudies, availableStudies, renderer, au.org.theark.core.Constants.PALETTE_ROWS, false) { @Override protected Recorder newRecorderComponent() { Recorder rec = super.newRecorderComponent(); rec.setRequired(true).setLabel(new StringResourceModel("error.invSite.studies.required", this, new Model<String>("Studies"))); return rec; } @Override public boolean isVisible() { SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); return securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_SUPER_ADMINISTATOR); } }; }
From source file:au.org.theark.security.CustomAuthorizationStrategy.java
License:Open Source License
private SecurityConstraint checkInvalidInstantiation(Annotation[] annotationList, ShiroAction action) { for (Annotation annotation : annotationList) { if (annotation instanceof SecurityConstraint) { SecurityConstraint constraint = (SecurityConstraint) annotation; //ACTION if (constraint.action() == action) { System.out.println("Constraints match"); //The component in context has this action annotated. //Check if the current user has the rights/access by checking the subjects SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject subject = SecurityUtils.getSubject();//The subject in session maintained by Shiro Security Manager //CONSTRAINT //Checks if the subject has one of the below constraints, if the subject does not then return the constraint that //is violated switch (constraint.constraint()) { case HasRole: { //Check if the Shiro Security Manager if the user has role if (!securityManager.hasRole(subject.getPrincipals(), constraint.value())) { System.out.println("Subject does not have role: " + constraint.value()); return constraint; }/* ww w . ja v a 2 s. co m*/ break; } case HasPermission: { if (!securityManager.isPermitted(subject.getPrincipals(), constraint.value())) { System.out.println("Subject does not have Permission"); return constraint; } break; } case IsAuthenticated: { if (!subject.isAuthenticated()) { System.out.println("Subject is Not Authenticated"); return constraint; } break; } case LoggedIn: { if (subject.getPrincipal() == null) { System.out.println("Subject is not LoggedIn"); return constraint; } break; } } } else { System.out.println("Actions do not match "); } } } return null; }
From source file:au.org.theark.study.web.component.attachments.form.SearchForm.java
License:Open Source License
@Override protected void onBeforeRender() { // TODO Auto-generated method stub super.onBeforeRender(); SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (!securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_SUPER_ADMINISTATOR) && Constants.YES.equalsIgnoreCase(iArkCommonService.getDemoMode().getPropertyValue())) { this.newButton.setEnabled(false); }/* www . j a v a2 s .c o m*/ }
From source file:au.org.theark.study.web.component.managestudy.form.DetailForm.java
License:Open Source License
private void initStudyLogoDelete() { fileNameLbl = new Label(Constants.STUDY_FILENAME); fileNameLbl.setOutputMarkupId(true); ajaxDownload = new AJAXDownload() { @Override/*from ww w . j a va 2 s . c om*/ protected IResourceStream getResourceStream() { Study study = containerForm.getModelObject().getStudy(); File file = null; IResourceStream resStream = null; try { file = iArkCommonService.retriveArkFileAttachmentAsFile(study.getId(), null, Constants.ARK_STUDY_DIR, study.getStudyLogoFileId(), study.getStudyLogoChecksum()); resStream = new FileResourceStream(file); if (resStream == null) { containerForm .error("An unexpected error occurred. Download request could not be fulfilled."); } } catch (ArkSystemException e) { containerForm.error("An unexpected error occurred. Download request could not be fulfilled."); log.error(e.getMessage()); } catch (ArkFileNotFoundException e) { containerForm.error("File not found:" + e.getMessage()); log.error(e.getMessage()); } catch (ArkCheckSumNotSameException e) { containerForm.error("Check sum error:" + e.getMessage()); log.error(e.getMessage()); } return resStream; } @Override protected String getFileName() { return containerForm.getModelObject().getStudy().getFilename(); } }; fileNameLnk = new ArkBusyAjaxLink<String>(Constants.SUBJECT_LOGO_LINK) { @Override public void onClick(AjaxRequestTarget target) { ajaxDownload.initiate(target); processErrors(target); } }; fileNameLnk.add(fileNameLbl); deleteButton = new AjaxButton("deleteButton") { private static final long serialVersionUID = 1L; @Override protected void onSubmit(AjaxRequestTarget target, Form<?> form) { try { //remove existing attachment file id and checksum StudyModelVO studyModel = containerForm.getModelObject(); String checksum = null; checksum = addStudyLogoBlobDetailsToStudyModelFromfile(studyModel, checksum); studyModel.getStudy().setStudyLogoBlob(null); iStudyService.updateStudy(studyModel, checksum); containerForm.info("The file has been successfully deleted."); onSavePostProcess(target, studyCrudVO); target.add(studyCrudVO.getStudyLogoMarkup()); target.add(studyCrudVO.getDetailPanelFormContainer()); } catch (ArkSystemException e) { containerForm.error("System error occure:" + e.getMessage()); } catch (ArkFileNotFoundException e) { containerForm.error("File not found:" + e.getMessage()); } catch (ArkCheckSumNotSameException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (CannotRemoveArkModuleException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } finally { //containerForm.getModelObject().getSubjectFile().setFilename(null); this.setVisible(false); target.add(fileNameLnk); target.add(this); processErrors(target); } } @Override protected void onError(AjaxRequestTarget target, Form<?> form) { containerForm.getModelObject().getStudy().setStudyLogoBlob(null); containerForm.getModelObject().getStudy().setFilename(null); this.setVisible(false); target.add(fileNameLnk); target.add(this); containerForm.error("Error occurred during the file deletion process."); processErrors(target); } @Override public boolean isVisible() { SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (Constants.YES.equalsIgnoreCase(iArkCommonService.getDemoMode().getPropertyValue())) { return (containerForm.getModelObject().getStudy() != null && containerForm.getModelObject().getStudy().getFilename() != null) && !containerForm.getModelObject().getStudy().getFilename().isEmpty() && securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_SUPER_ADMINISTATOR); } else { return (containerForm.getModelObject().getStudy() != null && containerForm.getModelObject().getStudy().getFilename() != null) && !containerForm.getModelObject().getStudy().getFilename().isEmpty(); } } }; deleteButton.add(new AttributeModifier("title", new Model<String>("Remove study logo only"))); deleteButton.setOutputMarkupId(true); }
From source file:au.org.theark.web.menu.LimsSubMenuTab.java
License:Open Source License
public void buildTabs() { List<ITab> moduleSubTabsList = new ArrayList<ITab>(); ArkModule arkModule = iArkCommonService.getArkModuleByName(au.org.theark.core.Constants.ARK_MODULE_LIMS); List<ArkFunction> arkFunctionList = iArkCommonService.getModuleFunction(arkModule);// Gets a list of ArkFunctions for the given Module for (final ArkFunction menuArkFunction : arkFunctionList) { moduleSubTabsList/*from w w w. j ava 2 s . c om*/ .add(new AbstractTab(new StringResourceModel(menuArkFunction.getResourceKey(), this, null)) { /** * */ private static final long serialVersionUID = 1L; @Override public Panel getPanel(String panelId) { return buildPanels(menuArkFunction, panelId); } @Override public boolean isVisible() { boolean flag = true; SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (menuArkFunction.getResourceKey() .equalsIgnoreCase("tab.module.lims.barcodeprinter")) { // Barcode printer redundant flag = false; } else if (menuArkFunction.getResourceKey() .equalsIgnoreCase("tab.module.lims.biospecimenuidtemplate") || menuArkFunction.getResourceKey() .equalsIgnoreCase("tab.module.lims.barcodeprinter") || menuArkFunction.getResourceKey() .equalsIgnoreCase("tab.module.lims.barcodelabel")) { // Only a Super Administrator or LIMS Administrator can see the biospecimenuidtemplate/barcodeprinter/barcodelabel tabs if (securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_SUPER_ADMINISTATOR) || securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_LIMS_ADMINISTATOR)) { flag = currentUser.isAuthenticated(); } else { flag = false; } } return super.isVisible() && flag; } }); } ArkAjaxTabbedPanel moduleTabbedPanel = new ArkAjaxTabbedPanel(Constants.MENU_LIMS_SUBMENU, moduleSubTabsList); add(moduleTabbedPanel); }
From source file:au.org.theark.web.menu.StudySubMenuTab.java
License:Open Source License
/** * Build the list of tabs that represent the sub-menus *//*from w w w .j ava 2 s . c o m*/ public void buildTabs() { ArkModule arkModule = iArkCommonService.getArkModuleByName(Constants.ARK_MODULE_STUDY); List<ArkFunction> arkFunctionList = iArkCommonService.getModuleFunction(arkModule);// Gets a list of ArkFunctions for the given Module /* * Iterate each ArkFunction render the Tabs.When something is clicked it uses the arkFunction and calls processAuthorizationCache to clear * principals of the user and loads the new set of principals.(permissions) */ for (final ArkFunction arkFunction : arkFunctionList) { moduleSubTabsList .add(new AbstractTab(new StringResourceModel(arkFunction.getResourceKey(), this, null)) { /** * */ private static final long serialVersionUID = -8421399480756599074L; @Override public Panel getPanel(String panelId) { Panel panelToReturn = null;// Set up a common tab that will be accessible for all users // Clear authorisation cache processAuthorizationCache(au.org.theark.core.Constants.ARK_MODULE_STUDY, arkFunction); if (arkFunction.getName() .equalsIgnoreCase(au.org.theark.core.Constants.FUNCTION_KEY_VALUE_STUDY)) { panelToReturn = new StudyContainerPanel(panelId, studyNameMarkup, studyLogoMarkup, arkContextMarkup, mainTabProvider.getModuleTabbedPanel()); } else if (arkFunction.getName().equalsIgnoreCase( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_STUDY_COMPONENT)) { panelToReturn = new StudyComponentContainerPanel(panelId); } else if (arkFunction.getName() .equalsIgnoreCase(au.org.theark.core.Constants.FUNCTION_KEY_VALUE_USER)) { panelToReturn = new UserContainerPanel(panelId); } //Added on 2015-06-22 Categorize the custom field. //Changed the Constant value from "Subject" to "Study" on 2015-08-17. else if (arkFunction.getName().equalsIgnoreCase( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_SUBJECT_CUSTOM_FIELD_CATEGORY)) { panelToReturn = new CustomFieldCategoryContainerPanel(panelId, true, iArkCommonService.getArkFunctionByName( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_SUBJECT_CUSTOM_FIELD_CATEGORY)); } else if (arkFunction.getName().equalsIgnoreCase( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_SUBJECT_CUSTOM_FIELD)) { panelToReturn = new CustomFieldContainerPanel(panelId, true, iArkCommonService.getArkFunctionByName( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_SUBJECT_CUSTOM_FIELD)); } else if (arkFunction.getName().equalsIgnoreCase( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_SUBJECT_CUSTOM_FIELD_UPLOAD)) { panelToReturn = new CustomFieldUploadContainerPanel(panelId, iArkCommonService.getArkFunctionByName( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_SUBJECT_CUSTOM_FIELD_UPLOAD)); } else if (arkFunction.getName().equalsIgnoreCase( au.org.theark.core.Constants.FUNCTION_KEY_VALUE_STUDY_STUDY_DATA_UPLOAD)) { panelToReturn = new SubjectUploadContainerPanel(panelId, arkFunction); } else if (arkFunction.getName() .equalsIgnoreCase(au.org.theark.core.Constants.FUNCTION_KEY_VALUE_CALENDAR)) { panelToReturn = new CalendarContainerPanel(panelId); } else if (arkFunction.getName() .equalsIgnoreCase(Constants.FUNCTION_KEY_VALUE_SETTING)) { panelToReturn = new SettingsContainerPanel(panelId, StudySpecificSetting.class); } return panelToReturn; } @Override public boolean isVisible() { if (arkFunction.getName() .equalsIgnoreCase(au.org.theark.core.Constants.FUNCTION_KEY_VALUE_STUDY)) { // Study function always visible return true; } else { // Other functions require study in context Long sessionStudyId = (Long) SecurityUtils.getSubject().getSession() .getAttribute(au.org.theark.core.Constants.STUDY_CONTEXT_ID); // Subject Upload only visible to parent studies if (arkFunction.getName() .equalsIgnoreCase(au.org.theark.core.Constants.FUNCTION_KEY_VALUE_USER)) { processAuthorizationCache(au.org.theark.core.Constants.ARK_MODULE_STUDY, arkFunction); SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); // In Demo mode ON only a Super Administrator can see the Manage user tab //Refer ARK-1846 if (Constants.YES .equalsIgnoreCase(iArkCommonService.getDemoMode().getPropertyValue())) { return ArkPermissionHelper.hasEditPermission(securityManager, currentUser) && sessionStudyId != null && securityManager.hasRole(currentUser.getPrincipals(), au.org.theark.core.security.RoleConstants.ARK_ROLE_SUPER_ADMINISTATOR); } else { return ArkPermissionHelper.hasEditPermission(securityManager, currentUser) && sessionStudyId != null; } } return sessionStudyId != null; } } }); } ArkAjaxTabbedPanel moduleTabbedPanel = new ArkAjaxTabbedPanel(Constants.MENU_STUDY_SUBMENU, moduleSubTabsList, arkContextMarkup); add(moduleTabbedPanel); }
From source file:com.sonicle.webtop.core.app.RunContext.java
License:Open Source License
private static boolean hasRole(SecurityManager manager, PrincipalCollection principals, String role) { return manager.hasRole(principals, role); }