Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

BaseFilters.groovy

Last change on this file was 70, checked in by robert@…, 12 years ago
Installed templates (in order to extend session lifetime to 2 hours) Implemented background worker to do work outside the HTTP request
File size: 9.4 KB

Line
1	/**
2	* Base Filters
3	* @Author Jeroen Wesbeek
4	* @Since 20091026
5	* @see main.gsp
6	* @see http://grails.org/Filters
7	* @Description
8	*
9	* These filters contain generic logic for -every- page request.
10	*
11	* Revision information:
12	* $Rev: 776 $
13	* $Author: duh $
14	* $Date: 2010-08-05 12:15:26 +0200 (Thu, 05 Aug 2010) $
15	*/
16	import grails.converters.*
17	import javax.servlet.http.HttpServletResponse
18
19	import org.apache.catalina.connector.Response;
20	import org.codehaus.groovy.grails.commons.ConfigurationHolder
21
22	import nl.tno.massSequencing.auth.User;
23	import nl.tno.massSequencing.integration.*;
24
25	class BaseFilters {
26	def gscfService
27	def synchronizationService
28
29	// define filters
30	def filters = {
31
32	userCheck(controller:'', action:'') {
33	before = {
34	if( actionName == "notifyStudyChange" ) {
35	return true;
36	}
37
38	// File uploads don't occur in a session, since the flash script can't
39	// continue the session. For that reason, all uploads are allowed.
40	if( actionName == "upload" && controllerName == "file" ) {
41	return true;
42	}
43
44	if( !ConfigurationHolder.config.gscf.baseURL ) {
45	throw new Exception( "No GSCF instance specified. Please check configuration." )
46	return false
47	}
48
49	// We are handling the Rest controller as a special case. The rest calls are made
50	// outside of the users browser session, so it should always contain a session token.
51	// Moreover, it should never redirect the user, but instead send a 403 error
52	if( controllerName == 'rest' ) {
53	if (!params.sessionToken && !session.sessionToken ){
54	response.setStatus( HttpServletResponse.SC_BAD_REQUEST, "No sessiontoken given" );
55	render "No sessiontoken given"
56	return false
57	}
58
59	if( params.sessionToken )
60	session.sessionToken = params.sessionToken
61
62	try {
63	def user = gscfService.getUser( session.sessionToken );
64
65	if( user ) {
66	session.user = User.findByIdentifierAndUsername( user.id, user.username );
67	if( !session.user) {
68	session.user = new User( identifier: user.id, username: user.username, isAdministrator: user.isAdministrator ).save( flush: true );
69	} else if( session.user.isAdministrator != user.isAdministrator ) { // If administrator status has changed, update the user
70	session.user.isAdministrator = user.isAdministrator;
71	session.user.save();
72	}
73	} else {
74	response.setStatus( HttpServletResponse.SC_UNAUTHORIZED, "No user logged in" );
75	render "No user logged in"
76	return false;
77	}
78	} catch( Exception e ) {
79	log.error( "Unable to fetch user from GSCF", e );
80	response.setStatus( HttpServletResponse.SC_BAD_REQUEST, "Unable to fetch user from GSCF" );
81	render "Unable to fetch user from GSCF"
82	return false;
83	}
84
85	return true;
86	}
87
88	// enable to inject a session from the outside...
89	if (params.sessionToken){
90	log.info("Setting SessionToken from params.sessionToken to ${params.sessionToken}")
91	session.sessionToken = params.sessionToken
92
93	log.info("Redirecting to GSCF to login for session from params.sessionToken")
94	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
95	return false
96	}
97
98	// If a user is already logged in, let him continue
99	if( session.user && session.user != null ) {
100	// If we don't refresh the user object, an old hibernate session could still be attached to the object
101	// raising errors later on (Lazy loading errors)
102	try {
103	session.user.refresh();
104	return true;
105	} catch( Exception ex ) {
106	// If an exception occurs, the user is not correctly refreshed. Send the user back to gscf
107	session.user = null;
108	log.info( "User refresh failed" );
109	}
110	}
111
112	// on all pages of the Metagenomics module a user should be present in the session
113	if (session.sessionToken) {
114	log.info("SessionToken found, ask GSCF for User information")
115
116	// try to identify the user with the sessionToken, since the user has logged in before
117	try {
118	// First check if the user is authenticated. If he isn't, he should provide credentials at GSCF
119	def authentication = JSON.parse("${ConfigurationHolder.config.gscf.baseURL}/rest/isUser?consumer=${ConfigurationHolder.config.massSequencing.consumerID}&token=${session.sessionToken}".toURL().text)
120
121	if( !authentication.authenticated ) {
122	log.info "Not authenticated: " + authentication.authenticated
123	if( request.method == "GET" ) {
124	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
125	} else {
126	log.debug "POST request: redirect can't be handled properly";
127	flash.message = "Unfortunately, your request could not be completed, because the system had to log you in first. Please try again."
128
129	redirect( url: gscfService.urlAuthRemote(null, session.sessionToken) )
130	}
131	return false
132	}
133
134	// Now find the user data
135	def user = gscfService.getUser( session.sessionToken );
136
137	if( !user ) {
138	throw new Exception( "User should be authenticated with GSCF, according to the isUser call, but is not when asked for details." );
139	}
140
141	// Locate user in database or create a new user
142	session.user = User.findByIdentifierAndUsername(user.id, user.username)
143	if (!session.user){ // when not found, create a new user
144	session.user = new User(identifier: user.id, username: user.username, isAdministrator: user.isAdministrator).save(flush: true)
145	} else if( session.user.isAdministrator != user.isAdministrator ) { // If administrator status has changed, update the user
146	session.user.isAdministrator = user.isAdministrator;
147	session.user.save();
148	}
149
150	return true;
151	} catch(Exception e) {
152	log.error("Unable to fetch user from GSCF", e)
153	throw new Exception( "GSCF instance at " + ConfigurationHolder.config.gscf.baseURL + " could not be reached. Please check configuration.", e )
154	}
155	} else {
156	session.sessionToken = "${UUID.randomUUID()}"
157	log.info("SessionToken created, redirecting to GSCF to let the user login! (SessionToken: ${session.sessionToken})")
158
159	if( request.method == "GET" ) {
160	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
161	} else {
162	log.debug "POST request: redirect can't be handled properly";
163	flash.message = "Unfortunately, your request could not be completed, because the system had to log you in first. Please try again."
164	redirect( url: gscfService.urlAuthRemote(null, session.sessionToken) )
165	}
166
167	return false
168	}
169	}
170	}
171	restSynchronization(controller:'rest', action:'*') {
172	before = {
173	// Synchronize studies normally, but never issue a redirect
174	synchronizationService.sessionToken = session.sessionToken
175	synchronizationService.user = session.user
176
177	try {
178	synchronizationService.synchronizeStudies()
179	} catch( NotAuthenticatedException e ) {
180	// Something went wrong in authentication. Redirect the user to GSCF to authenticate again
181	log.info "User is not authenticated during synchronizatino. Returning 401 status"
182	response.setStatus( Response.SC_UNAUTHORIZED, "User is not authorized" )
183	return false;
184	} catch( Exception e ) {
185	// Synchronization fails. Log error and continue; don't bother the user with it
186	log.error e.getMessage()
187	}
188	return true;
189	}
190	}
191	synchronization(controller:'', action:'') {
192	before = {
193	// Never perform full synchronization on rest call or when the synchronize controller is used
194	if( controllerName == "rest" \|\| controllerName == "synchronize" \|\| controllerName == "dbUtil" ) {
195	return true;
196	}
197
198	// Also never perform synchronization when files are uploaded. That could lead to concurrent modification
199	// errors, since the progress of the upload is retrieved many times, while the processing is still busy
200	if( controllerName == "import" \|\| controllerName == "export" \|\| controllerName == "worker" ) {
201	return true;
202	}
203
204	// Never perform synchronization on a POST request
205	if( request.method == "POST" )
206	return true;
207
208	if( !synchronizationService.performSynchronization() )
209	return true;
210
211	if( synchronizationService.timeForFullSynchronization() ) {
212	redirect( url: synchronizationService.urlForFullSynchronization( params ) );
213	return false
214	} else {
215	// Synchronize studies normally
216	synchronizationService.sessionToken = session.sessionToken
217	synchronizationService.user = session.user
218
219	try {
220	synchronizationService.synchronizeStudies()
221	} catch( NotAuthenticatedException e ) {
222	// Something went wrong in authentication. Redirect the user to GSCF to authenticate again
223	log.info "User is not authenticated during synchronizatino. Redirecting to GSCF."
224	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
225	return false;
226	} catch( Exception e ) {
227	// Synchronization fails. Log error and continue; don't bother the user with it
228	e.printStackTrace()
229	log.error e.getMessage()
230	}
231	}
232
233	return true
234
235	}
236	}
237
238	defineStyle(controller: '', action: '') {
239	// before every execution
240	before = {
241	// set the default style in the session
242	if (!session.style) {
243	session.style = 'metagenomics'
244	}
245
246	// set session lifetime to 1 week
247	session.setMaxInactiveInterval(604800)
248	}
249	}
250	}
251
252	}
253

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/grails-app/conf/BaseFilters.groovy

Download in other formats: