Updated Branches: refs/heads/master e19679c6d -> 9a271063a
integrating authorization bits. next step is to route all the requests through router Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/3d728901 Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/3d728901 Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/3d728901 Branch: refs/heads/master Commit: 3d728901ded192f76c358cbcd3a18c5457e868d3 Parents: 8b7ca5c Author: Pradeep Fernando <[email protected]> Authored: Mon Jan 20 09:47:38 2014 +0530 Committer: Pradeep Fernando <[email protected]> Committed: Mon Jan 20 09:47:38 2014 +0530 ---------------------------------------------------------------------- .../console/controllers/acs.jag | 32 ++++++-------------- .../console/controllers/router.jag | 21 ++++++++++--- .../temp-artifacts/sso/scripts/sso.client.js | 4 +-- 3 files changed, 27 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/3d728901/components/org.apache.stratos.manager.console/console/controllers/acs.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/controllers/acs.jag b/components/org.apache.stratos.manager.console/console/controllers/acs.jag index 01f9268..fe6b397 100644 --- a/components/org.apache.stratos.manager.console/console/controllers/acs.jag +++ b/components/org.apache.stratos.manager.console/console/controllers/acs.jag @@ -36,10 +36,12 @@ if (sso.client.validateSignature(samlRespObj, keyStoreProps)) { var sessionObj = sso.client.decodeSAMLLoginResponse(samlRespObj, samlResponse, sessionId); var samlToken = sso.client.getB64EncodedtSAMLAssertion(samlRespObj); + var tenantDomain = sso.client.getTenantDomain(samlRespObj); + var roleArray = sso.client.getRoleList(samlRespObj); log.info("B64 encoded SAML2Token : " + samlToken.b64Encoded); log.info("Logged in user : " + sessionObj.loggedInUser); - log.info("Tenant domain : " + sso.client.getTenantDomain(samlRespObj)); - log.info("Role List of current tenant : "+ sso.client.getRoleList(samlRespObj)[1]); + log.info("Tenant domain : " + tenantDomain); + log.info("Role List of current tenant : "+ roleArray); log.info("B64 encoded SAML2Token : " + samlToken.b64Encoded); var encodedString = sso.client.b64encode("LATjzZ4FvQc2gFEfwcitay78lQQa:LeZD0oN0ZLTLjLmRqphX4Ulrr5wa"); log.info("encoded string : " + encodedString); @@ -47,35 +49,19 @@ log.info(accessToken.data.access_token); session.put("access_token",accessToken.data.access_token); if (sessionObj.sessionIndex != null || sessionObj.sessionIndex != 'undefined') { - session.put("LOGGED_IN_USER", sessionObj.loggedInUser); - //session.put("Logged", "true"); - - //sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId; - - log.debug("session index :: " + sessionObj.sessionIndex); - log.debug("session :: " + sessionObj.sessionId); - - log.debug("real session :: " + session.getId()); - - - //sso_sessions[sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId] = sessionObj.sessionIndex; - + require('console').server.current(session, sessionObj.loggedInUser); + session.put("IS_LOGGED_IN", true); + session.put("TENANT_DOMAIN",tenantDomain); + session.put("ROLE_ARRAY",roleArray); sso_sessions[sessionObj.sessionId] = sessionObj.sessionIndex; response.sendRedirect('/console'); - //var user = require('store').user; - - //if (user.loginWithSAML(sessionObj.loggedInUser)) { - // log.debug('user is set :::' + sessionObj.loggedInUser); - // response.sendRedirect('/publisher'); - //} - } } } } else { session.invalidate(); - response.sendRedirect('/publisher'); + response.sendRedirect('/console'); } } http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/3d728901/components/org.apache.stratos.manager.console/console/controllers/router.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/controllers/router.jag b/components/org.apache.stratos.manager.console/console/controllers/router.jag index 3eb6925..31d5aef 100644 --- a/components/org.apache.stratos.manager.console/console/controllers/router.jag +++ b/components/org.apache.stratos.manager.console/console/controllers/router.jag @@ -2,7 +2,7 @@ (function(){ var config=require('/config/console.json'); - + var log = new Log("controller.router"); var DEFAULT_ROUTER_NAME='/asset.jag'; var EXT_ROUTER_NAME='/pages/asset.jag'; var EXT_PATH=config.paths.ASSET_EXT_PATH; @@ -17,8 +17,20 @@ var sm=securityModule.cached(); //This will short circuit the handling of the requests - //var passed=sm.check(session); - var passed=true; + var passed=sm.check(session); + var tenantDomain = session.get("TENANT_DOMAIN"); + var roleArray = session.get("ROLE_ARRAY"); + + log.info(tenantDomain); + log.info(roleArray); + + // comment out the above and uncomment below code bits for testing. It removes authentication/authorization + // of the app. + + //var passed=true; + //var tenantDomain = "carbon.super"; + //var roleArray = "["admin","Internal/Everyone"]"; + //Stop servicing the request if the check failed if(!passed){ @@ -59,7 +71,6 @@ var theme=params.theme; var type=params.type; - var log = new Log("stratos.router"); log.info("type : "+ params.type); log.info("context :"+ params.cotext); var extLocation ='/'+type; @@ -74,7 +85,7 @@ request.getMappedPath = function() { return path; }; - var permissionObject = acl.authorizationUtil.getPermissionObj("carbon.super",["admin","Internal/Everyone"]); + var permissionObject = acl.authorizationUtil.getPermissionObj(tenantDomain,roleArray); log.info(permissionObject); request.permissions = permissionObject; include(path); http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/3d728901/products/stratos-manager/conf/temp-artifacts/sso/scripts/sso.client.js ---------------------------------------------------------------------- diff --git a/products/stratos-manager/conf/temp-artifacts/sso/scripts/sso.client.js b/products/stratos-manager/conf/temp-artifacts/sso/scripts/sso.client.js index cff6c2c..efa2cab 100755 --- a/products/stratos-manager/conf/temp-artifacts/sso/scripts/sso.client.js +++ b/products/stratos-manager/conf/temp-artifacts/sso/scripts/sso.client.js @@ -159,12 +159,12 @@ var client = {}; }; client.getRoleList = function(samlObj) { - var roleObj = {}; + var roleObj = []; var roleString = Util.getRoles(samlObj); log.info("role string : " + roleString); var roleSplit = roleString.split(","); for(var i=0; i < roleSplit.length;i++){ - roleObj[i] = roleSplit[i].trim(); + roleObj.push(roleSplit[i].trim()); } return roleObj; };
