23 #include "SecurityHandler.h"
25 Logger SecurityHandler::logger;
27 SecurityHandler::SecurityHandler() {
28 logger = Logger::getLogger(
"SecurityHandler");
31 SecurityHandler::~SecurityHandler() {
35 bool SecurityHandler::handle(
string ip_addr,
HttpRequest* req,
HttpResponse& res, map<string, Security> securityObjectMap,
36 long sessionTimeout,
void* dlib, map<string, string> cntMap)
38 bool isContrl =
false;
39 string serverUrl =
"";
40 if(req->getCntxt_name()!=
"default" && cntMap[req->getCntxt_name()]!=
"true")
41 serverUrl +=
"/" + req->getCntxt_name();
42 string actUrl = serverUrl + req->getActUrl();
43 string userRole = req->getSession()->getAttribute(
"_FFEAD_USER_ACCESS_ROLE");
46 userRole =
"ROLE_ANONYMOUS";
49 Security securityObject = securityObjectMap[req->getCntxt_name()];
51 if(securityObject.isLoginConfigured())
55 SecureAspect aspect = securityObject.matchesPath(req->getActUrl());
56 if(securityObject.isLoginConfigured() && ((aspect.path!=
"" && aspect.role!=
"ROLE_ANONYMOUS")
57 || (securityObject.isLoginPage(serverUrl, actUrl) && req->getRequestParam(
"_ffead_security_cntxt_username")!=
"")))
59 logger << (
"Matched secure path " + aspect.path +
", which requires role " + aspect.role) << endl;
60 if(!securityObject.isLoginPage(serverUrl, actUrl) && aspect.role!=userRole)
62 res.setHTTPResponseStatus(HTTPResponseStatus::TempRedirect);
63 res.setLocation(serverUrl+
"/"+securityObject.loginUrl);
66 else if(securityObject.isLoginPage(serverUrl, actUrl) && req->getRequestParam(
"_ffead_security_cntxt_username")!=
"")
68 claz = securityObject.loginProvider;
69 bool validUser =
false;
70 if(claz.find(
"file:")!=string::npos)
72 claz = req->getCntxt_root()+
"/"+claz.substr(claz.find(
":")+1);
73 logger << (
"Auth handled by file " + claz) << endl;
75 if(authc->isInitialized())
77 if(authc->authenticateSecurity(req->getRequestParam(
"_ffead_security_cntxt_username"),
78 req->getRequestParam(
"_ffead_security_cntxt_password")))
80 userRole = authc->getUserRole(req->getRequestParam(
"_ffead_security_cntxt_username"));
81 logger << (
"Valid user " + req->getRequestParam(
"_ffead_security_cntxt_username")
82 +
", role is " + userRole) << endl;
87 logger <<
"Invalid user" << endl;
88 res.setHTTPResponseStatus(HTTPResponseStatus::Unauthorized);
94 logger <<
"Invalid user repo defined" << endl;
98 else if(claz.find(
"class:")!=string::npos)
100 claz = claz.substr(claz.find(
":")+1);
101 claz =
"getReflectionCIFor" + claz;
102 logger << (
"Auth handled by class " + claz) << endl;
105 cerr << dlerror() << endl;
108 void *mkr = dlsym(dlib, claz.c_str());
111 FunPtr f = (FunPtr)mkr;
116 void *_temp = ref.newInstanceGVP(ctor);
118 if(loginc->authenticateSecurity(req->getRequestParam(
"_ffead_security_cntxt_username"),
119 req->getRequestParam(
"_ffead_security_cntxt_password")))
121 userRole = loginc->getUserRole(req->getRequestParam(
"_ffead_security_cntxt_username"));
122 logger << (
"Valid user " + req->getRequestParam(
"_ffead_security_cntxt_username")
123 +
", role is " + userRole) << endl;
128 logger <<
"Invalid user" << endl;
129 res.setHTTPResponseStatus(HTTPResponseStatus::Unauthorized);
132 logger <<
"Login controller called" << endl;
136 if(validUser && (aspect.role==userRole || securityObject.isLoginPage(serverUrl, actUrl)))
138 req->getSession()->setAttribute(
"_FFEAD_USER_ACCESS_ROLE", userRole);
139 res.setHTTPResponseStatus(HTTPResponseStatus::TempRedirect);
140 res.setLocation(serverUrl+
"/"+securityObject.welocmeFile);
141 logger << (
"Valid role " + userRole +
" for path " + req->getActUrl()) << endl;
146 req->getSession()->setAttribute(
"_FFEAD_USER_ACCESS_ROLE",
"ROLE_ANONYMOUS");
147 res.setHTTPResponseStatus(HTTPResponseStatus::Unauthorized);
157 logger = Logger::getLogger(
"Security");
160 Security::~Security()
167 bool pathval =
false;
169 for (
int var = 0; var < (int)secures.size(); ++var) {
171 string pathurl = secureAspect.path;
172 logger << (
"Checking security path " + pathurl +
" against url " + url) << endl;
175 aspect = secureAspect;
178 if(pathurl.find(
"*")==pathurl.length()-1)
180 pathurl = pathurl.substr(0, pathurl.length()-1);
183 if(pathval && url.find(pathurl)!=string::npos)
185 aspect = secureAspect;
187 else if(!pathval && pathurl==url)
189 aspect = secureAspect;