Context Navigation

source: trunk/grails-app/conf/BaseFilters.groovy @ 9

Last change on this file since 9 was 9, checked in by robert@…, 13 years ago

File size: 5.8 KB

Line
1	/**
2	* Base Filters
3	* @Author Jeroen Wesbeek
4	* @Since 20091026
5	* @see main.gsp
6	* @see http://grails.org/Filters
7	* @Description
8	*
9	* These filters contain generic logic for -every- page request.
10	*
11	* Revision information:
12	* $Rev: 776 $
13	* $Author: duh $
14	* $Date: 2010-08-05 12:15:26 +0200 (Thu, 05 Aug 2010) $
15	*/
16	import grails.converters.*
17	import javax.servlet.http.HttpServletResponse
18	import org.codehaus.groovy.grails.commons.ConfigurationHolder
19
20	import nl.tno.metagenomics.auth.User;
21
22	class BaseFilters {
23	def gscfService
24	def synchronizationService
25
26	// define filters
27	def filters = {
28
29	userCheck(controller:'', action:'') {
30	before = {
31	if( actionName == "notifyStudyChange" && controllerName == "rest" ) {
32	return true;
33	}
34
35	if( !ConfigurationHolder.config.gscf.baseURL ) {
36	throw new Exception( "No GSCF instance specified. Please check configuration." )
37	return false
38	}
39
40
41	// We are handling the Rest controller as a special case. The rest calls are made
42	// outside of the users browser session, so it should always contain a session token.
43	// Moreover, it should never redirect the user, but instead send a 403 error
44	if( controllerName == 'rest' ) {
45	if (!params.sessionToken && !session.sessionToken ){
46	response.setStatus( HttpServletResponse.SC_BAD_REQUEST, "No sessiontoken given" );
47	render "No sessiontoken given"
48	return false
49	}
50
51	if( params.sessionToken )
52	session.sessionToken = params.sessionToken
53
54	try {
55	def user = gscfService.getUser( session.sessionToken );
56
57	if( user ) {
58	session.user = User.findByIdentifierAndUsername( user.id, user.username );
59	if( !session.user) {
60	session.user = new User( identifier: user.id, username: user.username ).save( flush: true );
61	}
62	} else {
63	response.setStatus( HttpServletResponse.SC_UNAUTHORIZED, "No user logged in" );
64	render "No user logged in"
65	return false;
66	}
67	} catch( Exception e ) {
68	log.error( "Unable to fetch user from GSCF", e );
69	response.setStatus( HttpServletResponse.SC_BAD_REQUEST, "Unable to fetch user from GSCF" );
70	render "Unable to fetch user from GSCF"
71	return false;
72	}
73
74	return true;
75	}
76
77	// enable to inject a session from the outside...
78	if (params.sessionToken){
79	log.info("Setting SessionToken from params.sessionToken to ${params.sessionToken}")
80	session.sessionToken = params.sessionToken
81
82	log.info("Redirecting to GSCF to login for session from params.sessionToken")
83	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
84	return false
85	}
86
87	// If a user is already logged in, let him continue
88	if( session.user && session.user != null ) {
89	// If we don't refresh the user object, an old hiberante session could still be attached to the object
90	// raising errors later on (Lazy loading errors)
91	session.user.refresh();
92
93	return true;
94	}
95
96	// on all pages of the Metagenomics module a user should be present in the session
97	if (session.sessionToken) {
98	log.info("SessionToken found, ask GSCF for User information")
99
100	// try to identify the user with the sessionToken, since the user has logged in before
101	try {
102	def user = [:]
103
104	// First check if the user is authenticated. If he isn't, he should provide credentials at GSCF
105	def authentication = JSON.parse("${ConfigurationHolder.config.gscf.baseURL}/rest/isUser?consumer=${ConfigurationHolder.config.metagenomics.consumerID}&token=${session.sessionToken}".toURL().text)
106
107	if( !authentication.authenticated ) {
108	log.info "Not authenticated: " + authentication.authenticated
109	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
110	return false
111	}
112
113	// Now find the user data
114	JSON.parse("${ConfigurationHolder.config.gscf.baseURL}/rest/getUser?consumer=${ConfigurationHolder.config.metagenomics.consumerID}&token=${session.sessionToken}".toURL().text).each { userProperty ->
115	user["${userProperty.key}"] = "${userProperty.value}"
116	}
117
118	// Locate user in database or create a new user
119	session.user = User.findByIdentifierAndUsername(user.id, user.username)
120	if (!session.user){ // when not found, create a new user
121	session.user = new User(identifier: user.id, username: user.username).save(flush: true)
122	}
123	} catch(Exception e) {
124	log.error("Unable to fetch user from GSCF", e)
125	throw new Exception( "GSCF instance at " + ConfigurationHolder.config.gscf.baseURL + " could not be reached. Please check configuration.", e )
126	}
127	} else {
128	session.sessionToken = "${UUID.randomUUID()}"
129	log.info("SessionToken created, redirectiong to GSCF to let the user login! (SessionToken: ${session.sessionToken}")
130
131	redirect( url: gscfService.urlAuthRemote(params, session.sessionToken) )
132	return false
133	}
134	}
135	}
136
137	fullSynchronization(controller:'', action:'') {
138	before = {
139	// Never perform full synchronization on rest call when the synchronize controller is used
140	if( controllerName == "rest" \|\| controllerName == "synchronize" \|\| controllerName == "dbUtil" ) {
141	return true;
142	}
143
144	// Never perform synchronization on a POST request
145	if( request.method == "POST" )
146	return true;
147
148	if( synchronizationService.timeForFullSynchronization() ) {
149	redirect( url: synchronizationService.urlForFullSynchronization( params ) );
150	return false
151	}
152
153	return true
154
155	}
156	}
157
158	defineStyle(controller: '', action: '') {
159	// before every execution
160	before = {
161	// set the default style in the session
162	if (!session.style) {
163	session.style = 'metagenomics'
164	}
165
166	// set session lifetime to 1 week
167	session.setMaxInactiveInterval(604800)
168	}
169	}
170	}
171
172	}
173

Note: See TracBrowser for help on using the repository browser.

Download in other formats: