com.silverpeas.web
Class UserPriviledgeValidation

java.lang.Object
  extended by com.silverpeas.web.UserPriviledgeValidation

@Named
public class UserPriviledgeValidation
extends Object

It is a decorator of a REST-based web service that provides access to the validation of the authentification and of the authorization for a caller to request the decorated web service. Indeed, the validation mechanisme is encapsulated within the RESTWebService as it requires access to the incoming HTTP request as well to the current user session if any. In order to delegate externally the validation triggering,


Field Summary
static String HTTP_AUTHORIZATION
          The standard HTTP header parameter in an incoming request that carries user credentials information in order to open an authorized connexion with the web service that backs the refered resource.
static String HTTP_SESSIONKEY
          The HTTP header paremeter in an incoming request that carries the user session key.
 
Constructor Summary
UserPriviledgeValidation()
           
 
Method Summary
 UserPriviledgeValidation skipLastUserAccessTimeRegistering(javax.servlet.http.HttpServletRequest request)
          Sets into the request attributes the SKIP_LAST_USER_ACCESS_TIME_REGISTERING attribute to true.
 SessionInfo validateUserAuthentication(javax.servlet.http.HttpServletRequest request)
          Validates the authentication of the user at the origin of a web request.
 void validateUserAuthorizationOnAttachment(javax.servlet.http.HttpServletRequest request, UserDetail user, SimpleDocument doc)
          Validates the authorization of the specified user to access the specified attachment.
 void validateUserAuthorizationOnComponentInstance(UserDetail user, String instanceId)
          Validates the authorization of the specified user to access the component instance with the specified unique identifier.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

HTTP_SESSIONKEY

public static final String HTTP_SESSIONKEY
The HTTP header paremeter in an incoming request that carries the user session key. By the user session key could be passed a user token to perform a HTTP request without opening a session. This parameter isn't mandatory as the session key can be found from an active HTTP session. If neither HTTP session nor session key is available for the incoming request, user credentials must be passed in the standard HTTP header parameter Authorization.

See Also:
Constant Field Values

HTTP_AUTHORIZATION

public static final String HTTP_AUTHORIZATION
The standard HTTP header parameter in an incoming request that carries user credentials information in order to open an authorized connexion with the web service that backs the refered resource. This parameter must be used when requests aren't sent through an opened HTTP session. It should be the prefered way for a REST client to access resources in Silverpeas as it offers better scalability.

See Also:
Constant Field Values
Constructor Detail

UserPriviledgeValidation

public UserPriviledgeValidation()
Method Detail

validateUserAuthentication

public SessionInfo validateUserAuthentication(javax.servlet.http.HttpServletRequest request)
                                       throws javax.ws.rs.WebApplicationException
Validates the authentication of the user at the origin of a web request. The validation checks first the user is already authenticated and then it has a valid opened session in Silverpeas. Otherwise it attempts to open a new session for the user by using its credentials passed through the request (as an HTTP header). Once the authentication succeed, the identification of the user is done and detail about it can then be got. A runtime exception is thrown with an HTTP status code UNAUTHORIZED (401) at validation failure. The validation fails when one of the belowed situation is occuring:

Parameters:
request - the HTTP request from which the authentication of the caller can be done.
Returns:
the opened session of the user at the origin of the specified request.
Throws:
javax.ws.rs.WebApplicationException - exception if the validation failed.

skipLastUserAccessTimeRegistering

public UserPriviledgeValidation skipLastUserAccessTimeRegistering(javax.servlet.http.HttpServletRequest request)
Sets into the request attributes the SKIP_LAST_USER_ACCESS_TIME_REGISTERING attribute to true.

Parameters:
request - the current request performed.
Returns:
itself.

validateUserAuthorizationOnComponentInstance

public void validateUserAuthorizationOnComponentInstance(UserDetail user,
                                                         String instanceId)
                                                  throws javax.ws.rs.WebApplicationException
Validates the authorization of the specified user to access the component instance with the specified unique identifier.

Parameters:
user - the user for whom the authorization has to be validated.
instanceId - the unique identifier of the accessed component instance.
Throws:
javax.ws.rs.WebApplicationException - exception if the validation failed.

validateUserAuthorizationOnAttachment

public void validateUserAuthorizationOnAttachment(javax.servlet.http.HttpServletRequest request,
                                                  UserDetail user,
                                                  SimpleDocument doc)
                                           throws javax.ws.rs.WebApplicationException
Validates the authorization of the specified user to access the specified attachment.

Parameters:
request - the HTTP request from which the authentication of the caller can be done.
user - the user for whom the authorization has to be validated.
doc - the document accessed.
Throws:
javax.ws.rs.WebApplicationException - exception if the validation failed.


Copyright © 2016 Silverpeas. All Rights Reserved.