Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kns.web.struts.action;
017
018import org.apache.commons.lang.StringUtils;
019import org.apache.struts.action.ActionForm;
020import org.apache.struts.action.ActionForward;
021import org.apache.struts.action.ActionMapping;
022import org.kuali.rice.core.api.config.property.ConfigContext;
023import org.kuali.rice.core.api.exception.RiceRuntimeException;
024import org.kuali.rice.coreservice.framework.CoreFrameworkServiceLocator;
025import org.kuali.rice.kew.api.KewApiConstants;
026import org.kuali.rice.kim.api.KimConstants;
027import org.kuali.rice.kim.api.permission.Permission;
028import org.kuali.rice.kim.api.services.KimApiServiceLocator;
029import org.kuali.rice.kns.web.struts.form.BackdoorForm;
030import org.kuali.rice.krad.UserSession;
031import org.kuali.rice.krad.util.GlobalVariables;
032import org.kuali.rice.krad.util.KRADConstants;
033
034import javax.servlet.http.HttpServletRequest;
035import javax.servlet.http.HttpServletResponse;
036import java.util.Collections;
037import java.util.HashMap;
038import java.util.List;
039import java.util.Map;
040
041/**
042 * A Struts Action which permits a user to execute a backdoor login to masquerade
043 * as another user.
044 *
045 * @author Kuali Rice Team (rice.collab@kuali.org)
046 *
047 * @deprecated KNS Struts deprecated, use KRAD and the Spring MVC framework.
048 */
049@Deprecated
050public class BackdoorAction extends KualiAction {
051
052    private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(BackdoorAction.class);
053    private List<Permission> perms;
054
055    @Override
056    public ActionForward execute(ActionMapping mapping, ActionForm form,
057            HttpServletRequest request, HttpServletResponse response)
058            throws Exception {
059        this.initForm(request, form);
060        return super.execute(mapping, form, request, response);
061    }
062
063    public ActionForward menu(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
064        LOG.debug("menu");
065        return mapping.findForward("basic");
066    }
067
068    @Override
069    public ActionForward refresh(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
070        return portal(mapping, form, request, response);
071    }
072    
073    public ActionForward start(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
074        LOG.debug("start");
075        return portal(mapping, form, request, response);
076    }
077
078    public ActionForward portal(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception{
079        LOG.debug("portal started");
080        return mapping.findForward("viewPortal");
081    }
082
083    public ActionForward administration(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
084        LOG.debug("administration");
085        return mapping.findForward("administration");
086    }
087
088    public ActionForward logout(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
089        LOG.debug("logout");
090        
091        String forward = "viewPortal";
092        UserSession uSession = getUserSession(request);
093        
094        if (uSession.isBackdoorInUse()) {
095            uSession.clearBackdoorUser();
096            setFormGroupPermission((BackdoorForm)form, request);
097            //request.setAttribute("reloadPage","true");
098            
099            org.kuali.rice.krad.UserSession KnsUserSession;
100            KnsUserSession = GlobalVariables.getUserSession();
101            KnsUserSession.clearBackdoorUser();
102        }
103        else {
104            forward = "logout";
105        }
106        
107        return mapping.findForward(forward);
108    }
109
110    public ActionForward login(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
111        LOG.debug("login");
112        UserSession uSession = getUserSession(request);
113        BackdoorForm backdoorForm = (BackdoorForm) form;
114
115        uSession.clearObjectMap();
116
117        if (!isBackdoorAuthorized(uSession, request)) {
118            request.setAttribute("backdoorRestriction", "User " + uSession.getActualPerson().getPrincipalName()
119                    + " not permitted to use backdoor functionality inside application: "
120                    + ConfigContext.getCurrentContextConfig().getProperty("app.code") + ".");
121            return logout(mapping, form, request, response);
122        }
123
124        //if backdoor Id is empty or equal to currently logged in user, clear backdoor id
125        if (uSession.isBackdoorInUse() &&
126                (StringUtils.isEmpty(backdoorForm.getBackdoorId())
127                || uSession.getLoggedInUserPrincipalName().equals(backdoorForm.getBackdoorId()))) {
128            return logout(mapping, form, request, response);
129        }
130
131        try {
132                uSession.setBackdoorUser(backdoorForm.getBackdoorId());
133        } catch (RiceRuntimeException e) {
134                LOG.warn("invalid backdoor id " + backdoorForm.getBackdoorId(), e);
135            //Commenting this out since it is not being read anywhere
136            //request.setAttribute("badbackdoor", "Invalid backdoor Id given '" + backdoorForm.getBackdoorId() + "'");
137            return mapping.findForward("invalid_backdoor_portal");
138        }
139
140        setFormGroupPermission(backdoorForm, request);
141        
142        return mapping.findForward("portal");
143    }
144
145    private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest request) {
146        // based on whether or not they have permission to use the fictional "AdministrationAction", kind of a hack for now since I don't have time to
147        // split this single action up and I can't pass the methodToCall to the permission check
148        Map<String, String> permissionDetails = new HashMap<String, String>();
149        permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, KewApiConstants.KEW_NAMESPACE);
150        permissionDetails.put(KimConstants.AttributeConstants.ACTION_CLASS, "org.kuali.rice.kew.web.backdoor.AdministrationAction");
151        boolean isAdmin = KimApiServiceLocator.getPermissionService().isAuthorizedByTemplate(getUserSession(request)
152                .getPrincipalId(), KRADConstants.KNS_NAMESPACE, KimConstants.PermissionTemplateNames.USE_SCREEN,
153                permissionDetails, new HashMap<String, String>());
154        backdoorForm.setIsAdmin(isAdmin);
155    }
156
157    public void initForm(HttpServletRequest request, ActionForm form) throws Exception {
158        BackdoorForm backdoorForm = (BackdoorForm) form;
159
160        Boolean showBackdoorLogin = CoreFrameworkServiceLocator.getParameterService().getParameterValueAsBoolean(KewApiConstants.KEW_NAMESPACE, KRADConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KewApiConstants.SHOW_BACK_DOOR_LOGIN_IND);
161        backdoorForm.setShowBackdoorLogin(showBackdoorLogin);
162        setFormGroupPermission(backdoorForm, request);
163        if (backdoorForm.getGraphic() != null) {
164                request.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
165        }
166    }
167
168    public static UserSession getUserSession(HttpServletRequest request) {
169        return GlobalVariables.getUserSession();
170    }
171
172    public boolean isBackdoorAuthorized(UserSession uSession, HttpServletRequest request) {
173        boolean isAuthorized = true;
174
175        //we should check to see if a kim permission exists for the requested application first
176        Map<String, String> permissionDetails = new HashMap<String, String>();
177        String requestAppCode = ConfigContext.getCurrentContextConfig().getProperty("app.code");
178        permissionDetails.put(KimConstants.AttributeConstants.APP_CODE, requestAppCode);
179        List<Permission> perms = KimApiServiceLocator.getPermissionService().findPermissionsByTemplate(
180                KRADConstants.KUALI_RICE_SYSTEM_NAMESPACE, KimConstants.PermissionTemplateNames.BACKDOOR_RESTRICTION);
181        for (Permission kpi : perms) {
182            if (kpi.getAttributes().values().contains(requestAppCode)) {
183                //if a permission exists, is the user granted permission to use backdoor?
184                isAuthorized = KimApiServiceLocator.getPermissionService().isAuthorizedByTemplate(
185                        uSession.getActualPerson().getPrincipalId(), KRADConstants.KUALI_RICE_SYSTEM_NAMESPACE,
186                        KimConstants.PermissionTemplateNames.BACKDOOR_RESTRICTION, permissionDetails,
187                        Collections.<String, String>emptyMap());
188            }
189        }
190        if (!isAuthorized) {
191            LOG.warn("Attempt to backdoor was made by user: "
192                    + uSession.getPerson().getPrincipalId()
193                    + " into application with app code: "
194                    + requestAppCode
195                    + " but they do not have appropriate permissions. Backdoor processing aborted.");
196        }
197        return isAuthorized;
198    }
199}