Context Navigation

source: trunk/grails-app/conf/BaseFilters.groovy @ 14

Last change on this file since 14 was 14, checked in by robert@…, 12 years ago
Implemented improved authorization (#16) Built in select all checkboxes (#25)
File size: 7.4 KB

Line
1	/**
2	* Base Filters
3	* @Author Jeroen Wesbeek
4	* @Since 20091026
5	* @see main.gsp
6	* @see http://grails.org/Filters
7	* @Description
8	*
9	* These filters contain generic logic for -every- page request.
10	*
11	* Revision information:
12	* $Rev: 776 $
13	* $Author: duh $
14	* $Date: 2010-08-05 12:15:26 +0200 (Thu, 05 Aug 2010) $
15	*/
16	import grails.converters.*
17	import javax.servlet.http.HttpServletResponse
18
19	import org.apache.catalina.connector.Response;
20	import org.codehaus.groovy.grails.commons.ConfigurationHolder
21
22	import nl.tno.metagenomics.auth.User;
23	import nl.tno.metagenomics.integration.*;
24
25	class BaseFilters {
26	def gscfService
27	def synchronizationService
28
29	// define filters
30	def filters = {
31
32	userCheck(controller:'', action:'') {
33	before = {
34	if( actionName == "notifyStudyChange" && controllerName == "rest" ) {
35	return true;
36	}
37
38	if( !ConfigurationHolder.config.gscf.baseURL ) {
39	throw new Exception( "No GSCF instance specified. Please check configuration." )
40	return false
41	}
42
43
44	// We are handling the Rest controller as a special case. The rest calls are made
45	// outside of the users browser session, so it should always contain a session token.
46	// Moreover, it should never redirect the user, but instead send a 403 error
47	if( controllerName == 'rest' ) {
48	if (!params.sessionToken && !session.sessionToken ){
49	response.setStatus( HttpServletResponse.SC_BAD_REQUEST, "No sessiontoken given" );
50	render "No sessiontoken given"
51	return false
52	}
53
54	if( params.sessionToken )
55	session.sessionToken = params.sessionToken
56
57	try {
58	def user = gscfService.getUser( session.sessionToken );
59
60	if( user ) {
61	session.user = User.findByIdentifierAndUsername( user.id, user.username );
62	if( !session.user) {
63	session.user = new User( identifier: user.id, username: user.username ).save( flush: true );
64	}
65	} else {
66	response.setStatus( HttpServletResponse.SC_UNAUTHORIZED, "No user logged in" );
67	render "No user logged in"
68	return false;
69	}
70	} catch( Exception e ) {
71	log.error( "Unable to fetch user from GSCF", e );
72	response.setStatus( HttpServletResponse.SC_BAD_REQUEST, "Unable to fetch user from GSCF" );
73	render "Unable to fetch user from GSCF"
74	return false;
75	}
76
77	return true;
78	}
79
80	// enable to inject a session from the outside...
81	if (params.sessionToken){
82	log.info("Setting SessionToken from params.sessionToken to ${params.sessionToken}")
83	session.sessionToken = params.sessionToken
84
85	log.info("Redirecting to GSCF to login for session from params.sessionToken")
86	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
87	return false
88	}
89
90	// If a user is already logged in, let him continue
91	if( session.user && session.user != null ) {
92	// If we don't refresh the user object, an old hiberante session could still be attached to the object
93	// raising errors later on (Lazy loading errors)
94	session.user.refresh();
95
96	return true;
97	}
98
99	// on all pages of the Metagenomics module a user should be present in the session
100	if (session.sessionToken) {
101	log.info("SessionToken found, ask GSCF for User information")
102
103	// try to identify the user with the sessionToken, since the user has logged in before
104	try {
105	def user = [:]
106
107	// First check if the user is authenticated. If he isn't, he should provide credentials at GSCF
108	def authentication = JSON.parse("${ConfigurationHolder.config.gscf.baseURL}/rest/isUser?consumer=${ConfigurationHolder.config.metagenomics.consumerID}&token=${session.sessionToken}".toURL().text)
109
110	if( !authentication.authenticated ) {
111	log.info "Not authenticated: " + authentication.authenticated
112	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
113	return false
114	}
115
116	// Now find the user data
117	JSON.parse("${ConfigurationHolder.config.gscf.baseURL}/rest/getUser?consumer=${ConfigurationHolder.config.metagenomics.consumerID}&token=${session.sessionToken}".toURL().text).each { userProperty ->
118	user["${userProperty.key}"] = "${userProperty.value}"
119	}
120
121	// Locate user in database or create a new user
122	session.user = User.findByIdentifierAndUsername(user.id, user.username)
123	if (!session.user){ // when not found, create a new user
124	session.user = new User(identifier: user.id, username: user.username).save(flush: true)
125	}
126
127	return true;
128	} catch(Exception e) {
129	log.error("Unable to fetch user from GSCF", e)
130	throw new Exception( "GSCF instance at " + ConfigurationHolder.config.gscf.baseURL + " could not be reached. Please check configuration.", e )
131	}
132	} else {
133	session.sessionToken = "${UUID.randomUUID()}"
134	log.info("SessionToken created, redirectiong to GSCF to let the user login! (SessionToken: ${session.sessionToken}")
135
136	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
137	return false
138	}
139	}
140	}
141	restSynchronization(controller:'rest', action:'*') {
142	before = {
143	// Synchronize studies normally, but never issue a redirect
144	synchronizationService.sessionToken = session.sessionToken
145	synchronizationService.user = session.user
146
147	try {
148	synchronizationService.synchronizeStudies()
149	} catch( NotAuthenticatedException e ) {
150	// Something went wrong in authentication. Redirect the user to GSCF to authenticate again
151	log.info "User is not authenticated during synchronizatino. Returning 401 status"
152	response.setStatus( Response.SC_UNAUTHORIZED, "User is not authorized" )
153	return false;
154	} catch( Exception e ) {
155	// Synchronization fails. Log error and continue; don't bother the user with it
156	log.error e.getMessage()
157	}
158	return true;
159	}
160	}
161	synchronization(controller:'', action:'') {
162	before = {
163	// Never perform full synchronization on rest call or when the synchronize controller is used
164	if( controllerName == "rest" \|\| controllerName == "synchronize" \|\| controllerName == "dbUtil" ) {
165	return true;
166	}
167
168	// Never perform synchronization on a POST request
169	if( request.method == "POST" )
170	return true;
171
172	if( synchronizationService.timeForFullSynchronization() ) {
173	redirect( url: synchronizationService.urlForFullSynchronization( params ) );
174	return false
175	} else {
176	// Synchronize studies normally
177	synchronizationService.sessionToken = session.sessionToken
178	synchronizationService.user = session.user
179
180	try {
181	synchronizationService.synchronizeStudies()
182	} catch( NotAuthenticatedException e ) {
183	// Something went wrong in authentication. Redirect the user to GSCF to authenticate again
184	log.info "User is not authenticated during synchronizatino. Redirecting to GSCF."
185	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
186	return false;
187	} catch( Exception e ) {
188	// Synchronization fails. Log error and continue; don't bother the user with it
189	log.error e.getMessage()
190	}
191	}
192
193	return true
194
195	}
196	}
197
198	defineStyle(controller: '', action: '') {
199	// before every execution
200	before = {
201	// set the default style in the session
202	if (!session.style) {
203	session.style = 'metagenomics'
204	}
205
206	// set session lifetime to 1 week
207	session.setMaxInactiveInterval(604800)
208	}
209	}
210	}
211
212	}
213

Note: See TracBrowser for help on using the repository browser.

Download in other formats: