From 5f8a5180f4e0a9532a4549718baf5779f288688e Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 3 Jul 2009 15:37:47 +0000
Subject: [PATCH] Add security

git-svn-id: https://svn.argeo.org/slc/trunk@2687 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 runtime/org.argeo.slc.server/pom.xml          | 17 ++++++
 .../java/org/argeo/slc/web/mvc/JsonView.java  | 52 +++++++++++++++++++
 .../web/mvc/management/GetCredentials.java    | 34 ++++++++++++
 .../web/mvc/result/ListResultsController.java |  2 +-
 4 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/JsonView.java
 create mode 100644 runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/management/GetCredentials.java

diff --git a/runtime/org.argeo.slc.server/pom.xml b/runtime/org.argeo.slc.server/pom.xml
index 2303e9f5d..6f1792043 100644
--- a/runtime/org.argeo.slc.server/pom.xml
+++ b/runtime/org.argeo.slc.server/pom.xml
@@ -106,5 +106,22 @@
 			<groupId>com.lowagie.text</groupId>
 			<artifactId>com.springsource.com.lowagie.text</artifactId>
 		</dependency>
+
+		<!-- Security -->
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>org.springframework.security</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>com.springsource.json</groupId>
+			<artifactId>com.springsource.json</artifactId>
+			<version>1.0.1.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.antlr</groupId>
+			<artifactId>com.springsource.org.antlr</artifactId>
+		</dependency>
+
 	</dependencies>
 </project>
diff --git a/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/JsonView.java b/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/JsonView.java
new file mode 100644
index 000000000..10537ed3f
--- /dev/null
+++ b/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/JsonView.java
@@ -0,0 +1,52 @@
+package org.argeo.slc.web.mvc;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.stream.StreamResult;
+
+import org.argeo.slc.SlcException;
+import org.springframework.oxm.Marshaller;
+import org.springframework.web.servlet.view.AbstractView;
+
+import com.springsource.json.writer.JSONObject;
+
+/** Marshal one of the object of the map to the output. */
+public class JsonView extends AbstractView {
+	private String modelKey = null;
+
+	public JsonView() {
+	}
+
+	@Override
+	@SuppressWarnings(value = { "unchecked" })
+	protected void renderMergedOutputModel(Map model,
+			HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		final Object answer;
+		if (modelKey != null) {
+			if (!model.containsKey(modelKey))
+				throw new SlcException("Key " + modelKey
+						+ " not found in model.");
+			answer = model.get(modelKey);
+		} else {
+			if (model.size() != 1)
+				throw new SlcException(
+						"Model has a size different from 1. Specify a modelKey.");
+			answer = model.values().iterator().next();
+		}
+
+		if (answer instanceof JSONObject) {
+			((JSONObject) answer).write(response.getWriter());
+		} else {
+			JSONObject jsonObject = new JSONObject(answer);
+			jsonObject.write(response.getWriter());
+		}
+	}
+
+	public void setModelKey(String modelKey) {
+		this.modelKey = modelKey;
+	}
+
+}
diff --git a/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/management/GetCredentials.java b/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/management/GetCredentials.java
new file mode 100644
index 000000000..0e68ffe2b
--- /dev/null
+++ b/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/management/GetCredentials.java
@@ -0,0 +1,34 @@
+package org.argeo.slc.web.mvc.management;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.web.HttpRequestHandler;
+
+import com.springsource.json.writer.JSONWriter;
+import com.springsource.json.writer.JSONWriterImpl;
+
+public class GetCredentials implements HttpRequestHandler {
+
+	public void handleRequest(HttpServletRequest request,
+			HttpServletResponse response) throws ServletException, IOException {
+		Authentication authentication = SecurityContextHolder.getContext()
+				.getAuthentication();
+
+		JSONWriter jsonWriter = new JSONWriterImpl(response.getWriter())
+				.object().key("user").value(authentication.getName());
+		jsonWriter.key("roles").array();
+		for (GrantedAuthority ga : authentication.getAuthorities()) {
+			jsonWriter.value(ga.getAuthority());
+		}
+		jsonWriter.endArray();
+		jsonWriter.endObject();
+	}
+
+}
diff --git a/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/result/ListResultsController.java b/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/result/ListResultsController.java
index 1759449f5..d63d5ddb4 100644
--- a/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/result/ListResultsController.java
+++ b/runtime/org.argeo.slc.server/src/main/java/org/argeo/slc/web/mvc/result/ListResultsController.java
@@ -33,7 +33,7 @@ public class ListResultsController extends AbstractServiceController {
 			throws Exception {
 
 		log.debug("userPrincipal=" + request.getUserPrincipal());
-		log.debug("authType= " + request.getAuthType());
+		log.debug("authType=" + request.getAuthType());
 		log.debug("remoteUser=" + request.getRemoteUser());
 		log.debug("cookies=" + request.getCookies());
 		log.debug("requestedSessionId=" + request.getRequestedSessionId());
-- 
2.39.2