mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-07 01:54:22 +00:00
Merge pull request #286 from abollini/DS-1622
DS-1622 Porting of the Login As feature to JSPUI
This commit is contained in:
Andrea Bollini
@@ -1564,3 +1564,9 @@ jsp.dspace-admin.eperson-main.ResetPassword.submit = Reset password
|
||||
jsp.dspace-admin.eperson-main.ResetPassword.success_notice = An email message has been sent to the user containing a token that may be used to choose a new password.
|
||||
jsp.dspace-admin.eperson-main.ResetPassword-error.errormsg = Sorry, an error has occurred when the system try to send email with instructions.
|
||||
jsp.dspace-admin.eperson-main.ResetPassword.returntoedit = Return to the Administer EPeople page
|
||||
|
||||
# login as
|
||||
jsp.dspace-admin.eperson-main.LoginAs.submit = Login As
|
||||
jsp.dspace-admin.eperson-main.loginAs.authorize.errormsg = Reason: you may not assume the login as another administrator.
|
||||
jsp.dspace-admin.eperson-main.loginAs.authorize.title = Authorization Error
|
||||
jsp.dspace-admin.eperson-main.loginAs.backtoeditpeople = Back to E-people Admin page
|
||||
|
||||
@@ -40,6 +40,14 @@ public class LogoutServlet extends DSpaceServlet
|
||||
|
||||
Authenticate.loggedOut(context, request);
|
||||
|
||||
// if the user still logged in (i.e. it was a login as)?
|
||||
if (context.getCurrentUser() != null)
|
||||
{
|
||||
// redirect to the admin home page
|
||||
response.sendRedirect(request.getContextPath()+"/dspace-admin/");
|
||||
return;
|
||||
}
|
||||
|
||||
// Display logged out message
|
||||
JSPManager.showJSP(request, response, "/login/logged-out.jsp");
|
||||
}
|
||||
|
||||
@@ -9,21 +9,31 @@ package org.dspace.app.webui.servlet.admin;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.sql.SQLException;
|
||||
import java.util.Locale;
|
||||
|
||||
import javax.mail.MessagingException;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import javax.servlet.jsp.jstl.core.Config;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dspace.app.webui.servlet.DSpaceServlet;
|
||||
import org.dspace.app.webui.util.Authenticate;
|
||||
import org.dspace.app.webui.util.JSPManager;
|
||||
import org.dspace.app.webui.util.UIUtil;
|
||||
import org.dspace.authenticate.AuthenticationManager;
|
||||
import org.dspace.authorize.AuthorizeException;
|
||||
import org.dspace.authorize.AuthorizeManager;
|
||||
import org.dspace.core.ConfigurationManager;
|
||||
import org.dspace.core.Context;
|
||||
import org.dspace.core.I18nUtil;
|
||||
import org.dspace.core.LogManager;
|
||||
import org.dspace.eperson.AccountManager;
|
||||
import org.dspace.eperson.EPerson;
|
||||
import org.dspace.eperson.Group;
|
||||
import org.dspace.eperson.EPersonDeletionException;
|
||||
import org.dspace.eperson.Group;
|
||||
|
||||
/**
|
||||
* Servlet for editing and creating e-people
|
||||
@@ -33,6 +43,10 @@ import org.dspace.eperson.EPersonDeletionException;
|
||||
*/
|
||||
public class EPersonAdminServlet extends DSpaceServlet
|
||||
{
|
||||
|
||||
/** Logger */
|
||||
private static Logger log = Logger.getLogger(EPersonAdminServlet.class);
|
||||
|
||||
protected void doDSGet(Context context, HttpServletRequest request,
|
||||
HttpServletResponse response) throws ServletException, IOException,
|
||||
SQLException, AuthorizeException
|
||||
@@ -276,6 +290,80 @@ public class EPersonAdminServlet extends DSpaceServlet
|
||||
showMain(context, request, response);
|
||||
context.complete();
|
||||
}
|
||||
else if (button.equals("submit_login_as"))
|
||||
{
|
||||
if (!ConfigurationManager.getBooleanProperty("webui.user.assumelogin", false))
|
||||
{
|
||||
throw new AuthorizeException("Turn on webui.user.assumelogin to activate Login As feature");
|
||||
}
|
||||
EPerson e = EPerson.find(context, UIUtil.getIntParameter(request,
|
||||
"eperson_id"));
|
||||
// Check the EPerson exists
|
||||
if (e == null)
|
||||
{
|
||||
request.setAttribute("no_eperson_selected", new Boolean(true));
|
||||
showMain(context, request, response);
|
||||
}
|
||||
// Only super administrators can login as someone else.
|
||||
else if (!AuthorizeManager.isAdmin(context))
|
||||
{
|
||||
throw new AuthorizeException("Only site administrators may assume login as another user.");
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
log.info(LogManager.getHeader(context, "login-as",
|
||||
"current_eperson="
|
||||
+ context.getCurrentUser().getFullName()
|
||||
+ ", id=" + context.getCurrentUser().getID()
|
||||
+ ", as_eperson=" + e.getFullName() + ", id="
|
||||
+ e.getID()));
|
||||
|
||||
// Just to be double be sure, make sure the administrator
|
||||
// is the one who actually authenticated himself.
|
||||
HttpSession session = request.getSession(false);
|
||||
Integer authenticatedID = (Integer) session.getAttribute("dspace.current.user.id");
|
||||
if (context.getCurrentUser().getID() != authenticatedID)
|
||||
{
|
||||
throw new AuthorizeException("Only authenticated users who are administrators may assume the login as another user.");
|
||||
}
|
||||
|
||||
// You may not assume the login of another super administrator
|
||||
Group administrators = Group.find(context,1);
|
||||
if (administrators.isMember(e))
|
||||
{
|
||||
JSPManager.showJSP(request, response,
|
||||
"/dspace-admin/eperson-loginas-error.jsp");
|
||||
return;
|
||||
}
|
||||
|
||||
// store a reference to the authenticated admin
|
||||
session.setAttribute("dspace.previous.user.id", authenticatedID);
|
||||
|
||||
// Logged in OK.
|
||||
Authenticate.loggedIn(context, request, e);
|
||||
|
||||
// Set the Locale according to user preferences
|
||||
Locale epersonLocale = I18nUtil.getEPersonLocale(context
|
||||
.getCurrentUser());
|
||||
context.setCurrentLocale(epersonLocale);
|
||||
Config.set(request.getSession(), Config.FMT_LOCALE,
|
||||
epersonLocale);
|
||||
|
||||
// Set any special groups - invoke the authentication mgr.
|
||||
int[] groupIDs = AuthenticationManager.getSpecialGroups(
|
||||
context, request);
|
||||
|
||||
for (int i = 0; i < groupIDs.length; i++)
|
||||
{
|
||||
context.setSpecialGroup(groupIDs[i]);
|
||||
log.debug("Adding Special Group id="
|
||||
+ String.valueOf(groupIDs[i]));
|
||||
}
|
||||
|
||||
response.sendRedirect(request.getContextPath() + "/mydspace");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Cancel etc. pressed - show list again
|
||||
|
||||
@@ -308,8 +308,9 @@ public class Authenticate
|
||||
* DSpace context
|
||||
* @param request
|
||||
* HTTP request
|
||||
* @throws SQLException
|
||||
*/
|
||||
public static void loggedOut(Context context, HttpServletRequest request)
|
||||
public static void loggedOut(Context context, HttpServletRequest request) throws SQLException
|
||||
{
|
||||
HttpSession session = request.getSession();
|
||||
|
||||
@@ -318,20 +319,29 @@ public class Authenticate
|
||||
request.removeAttribute("dspace.current.user");
|
||||
session.removeAttribute("dspace.current.user.id");
|
||||
|
||||
Integer previousUserID = (Integer) session.getAttribute("dspace.previous.user.id");
|
||||
|
||||
// Keep the user's locale setting if set
|
||||
Locale sessionLocale = UIUtil.getSessionLocale(request);
|
||||
|
||||
// Invalidate session unless dspace.cfg says not to
|
||||
if(ConfigurationManager.getBooleanProperty("webui.session.invalidate", true))
|
||||
// Invalidate session unless dspace.cfg says not to (or it is a loggedOut from a loginAs)
|
||||
if(ConfigurationManager.getBooleanProperty("webui.session.invalidate", true)
|
||||
&& previousUserID != null)
|
||||
{
|
||||
session.invalidate();
|
||||
}
|
||||
|
||||
|
||||
// Restore the session locale
|
||||
if (sessionLocale != null)
|
||||
{
|
||||
Config.set(request.getSession(), Config.FMT_LOCALE, sessionLocale);
|
||||
}
|
||||
|
||||
if (previousUserID != null)
|
||||
{
|
||||
session.removeAttribute("dspace.previous.user.id");
|
||||
EPerson ePerson = EPerson.find(context, previousUserID);
|
||||
loggedIn(context, request, ePerson);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
<%--
|
||||
|
||||
The contents of this file are subject to the license and copyright
|
||||
detailed in the LICENSE and NOTICE files at the root of the source
|
||||
tree and available online at
|
||||
|
||||
http://www.dspace.org/license/
|
||||
|
||||
--%>
|
||||
<%--
|
||||
- Page representing an eperson loginas error
|
||||
|
||||
--%>
|
||||
|
||||
<%@ page contentType="text/html;charset=UTF-8" %>
|
||||
|
||||
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt"
|
||||
prefix="fmt" %>
|
||||
|
||||
<%@ taglib uri="http://www.dspace.org/dspace-tags.tld" prefix="dspace" %>
|
||||
|
||||
<dspace:layout titlekey="jsp.dspace-admin.eperson-main.loginAs.authorize.title">
|
||||
|
||||
<%-- <h1>Authorization Required</h1> --%>
|
||||
<h1><fmt:message key="jsp.dspace-admin.eperson-main.loginAs.authorize.title"/></h1>
|
||||
|
||||
|
||||
<p><fmt:message key="jsp.dspace-admin.eperson-main.loginAs.authorize.errormsg"/></p>
|
||||
|
||||
|
||||
<p align="center">
|
||||
<a href="<%= request.getContextPath() %>/dspace-admin/edit-epeople"><fmt:message key="jsp.dspace-admin.eperson-main.loginAs.backtoeditpeople" /></a>
|
||||
</p>
|
||||
|
||||
</dspace:layout>
|
||||
|
||||
@@ -29,12 +29,14 @@
|
||||
prefix="fmt" %>
|
||||
|
||||
<%@ page import="javax.servlet.jsp.jstl.fmt.LocaleSupport" %>
|
||||
<%@ page import="org.dspace.core.ConfigurationManager" %>
|
||||
|
||||
<%@ taglib uri="http://www.dspace.org/dspace-tags.tld" prefix="dspace" %>
|
||||
|
||||
<%
|
||||
boolean noEPersonSelected = (request.getAttribute("no_eperson_selected") != null);
|
||||
boolean resetPassword = (request.getAttribute("reset_password") != null);
|
||||
boolean loginAs = ConfigurationManager.getBooleanProperty("webui.user.assumelogin", false);
|
||||
%>
|
||||
|
||||
<dspace:layout titlekey="jsp.dspace-admin.eperson-main.title"
|
||||
@@ -87,7 +89,8 @@
|
||||
</td>
|
||||
<td>
|
||||
<%-- then <input type="submit" name="submit_edit" value="Edit..." onclick="javascript:finishEPerson();"> --%>
|
||||
<fmt:message key="jsp.dspace-admin.eperson-main.then"/> <input type="submit" name="submit_edit" value="<fmt:message key="jsp.dspace-admin.general.edit"/>" onclick="javascript:finishEPerson();"/>
|
||||
<fmt:message key="jsp.dspace-admin.eperson-main.then"/> <input type="submit" name="submit_edit" value="<fmt:message key="jsp.dspace-admin.general.edit"/>" onclick="javascript:finishEPerson();"/>
|
||||
<% if(loginAs) { %> <input type="submit" name="submit_login_as" value="<fmt:message key="jsp.dspace-admin.eperson-main.LoginAs.submit"/>" onclick="javascript:finishEPerson();"/> <% } %>
|
||||
</td>
|
||||
<td>
|
||||
<%-- <input type="submit" name="submit_delete" value="Delete..." onclick="javascript:finishEPerson();"> --%>
|
||||
|
||||
@@ -310,7 +310,7 @@ public class EditEPersonForm extends AbstractDSpaceTransformer
|
||||
|
||||
Button submitLoginAs = special.addButton("submit_login_as");
|
||||
submitLoginAs.setValue(T_submit_login_as);
|
||||
if (!ConfigurationManager.getBooleanProperty("xmlui.user.assumelogin", false))
|
||||
if (!ConfigurationManager.getBooleanProperty("webui.user.assumelogin", false))
|
||||
{
|
||||
submitLoginAs.setDisabled();
|
||||
}
|
||||
|
||||
@@ -306,7 +306,7 @@ public class AuthenticationUtil
|
||||
throws SQLException, AuthorizeException
|
||||
{
|
||||
// Only allow loginAs if the administrator has allowed it.
|
||||
if (!ConfigurationManager.getBooleanProperty("xmlui.user.assumelogin", false))
|
||||
if (!ConfigurationManager.getBooleanProperty("webui.user.assumelogin", false))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -740,6 +740,12 @@ org.dspace.app.itemexport.max.size = 200
|
||||
# except where explicitly stated otherwise. #
|
||||
#---------------------------------------------------------------#
|
||||
|
||||
# Determine if super administrators (those whom are in the Administrators group)
|
||||
# can login as another user from the "edit eperson" page. This is useful for
|
||||
# debugging problems in a running dspace instance, especially in the workflow
|
||||
# process. The default value is false, i.e. no one may assume the login of another user.
|
||||
#webui.user.assumelogin = true
|
||||
|
||||
# whether to display the contents of the licence bundle (often just the deposit
|
||||
# licence in standard DSpace installation
|
||||
webui.licence_bundle.show = false
|
||||
@@ -1719,7 +1725,7 @@ webui.suggest.enable = false
|
||||
# _uacct = "UA-XXXXXXX-X"
|
||||
# Take this key (just the UA-XXXXXX-X part) and place it here in this parameter.
|
||||
# jspui.google.analytics.key=UA-XXXXXX-X
|
||||
|
||||
|
||||
|
||||
#---------------------------------------------------------------#
|
||||
#--------------XMLUI SPECIFIC CONFIGURATIONS--------------------#
|
||||
@@ -1748,13 +1754,6 @@ webui.suggest.enable = false
|
||||
#xmlui.user.registration=true
|
||||
#xmlui.user.editmetadata=true
|
||||
|
||||
|
||||
# Determine if super administrators (those whom are in the Administrators group)
|
||||
# can login as another user from the "edit eperson" page. This is useful for
|
||||
# debugging problems in a running dspace instance, especially in the workflow
|
||||
# process. The default value is false, i.e. no one may assume the login of another user.
|
||||
#xmlui.user.assumelogin = true
|
||||
|
||||
# Check if the user has a consistent ip address from the start of the login process
|
||||
# to the end of the login process. Disabling this check is not recommended unless
|
||||
# absolutely necessary as the ip check can be helpful for preventing session
|
||||
|
||||
Reference in New Issue
Block a user