From b5a41958a2640a640a51b571f6b56915d19a8330 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garcia=20Nu=C3=B1ez?= Date: Sun, 15 Dec 2019 12:28:56 +0100 Subject: [PATCH] Implementada seguridad por URL para cada tipo de usuario. --- .../common/AuthorizationFilter.java | 105 +++++++++++++++++- .../src/managedbean/common/SessionUtils.java | 7 +- 2 files changed, 106 insertions(+), 6 deletions(-) diff --git a/1.sources/MyHealth/src/managedbean/common/AuthorizationFilter.java b/1.sources/MyHealth/src/managedbean/common/AuthorizationFilter.java index 84c85f8..95c971b 100644 --- a/1.sources/MyHealth/src/managedbean/common/AuthorizationFilter.java +++ b/1.sources/MyHealth/src/managedbean/common/AuthorizationFilter.java @@ -2,6 +2,9 @@ package managedbean.common; import java.io.IOException; +import java.util.ArrayList; +import java.util.Dictionary; +import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -14,6 +17,11 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.primefaces.model.menu.DefaultSeparator; +import org.primefaces.model.menu.DefaultSubMenu; + +import common.UserType; + @WebFilter(filterName = "AuthFilter", urlPatterns = { "*.xhtml" }) public class AuthorizationFilter implements Filter { @@ -34,11 +42,100 @@ public class AuthorizationFilter implements Filter { HttpSession ses = req.getSession(false); String reqURI = req.getRequestURI(); - if (reqURI.indexOf("/login.xhtml") >= 0 || reqURI.indexOf("/RegisterUser.xhtml") >= 0 || reqURI.indexOf("/home.xhtml") >= 0 || reqURI.indexOf("/public/") >= 0 - || reqURI.contains("javax.faces.resource") || SessionUtils.isLogedIn(ses) == true) + + // Para recursos publicos permitimos el acceso + if (reqURI.indexOf("/login.xhtml") >= 0 || reqURI.indexOf("/profile/RegisterUser.xhtml") >= 0 || reqURI.indexOf("/home.xhtml") >= 0 + || reqURI.indexOf("/error.xhtml") >= 0 || reqURI.indexOf("/public/") >= 0 || reqURI.contains("javax.faces.resource")) { chain.doFilter(request, response); - else - resp.sendRedirect(req.getContextPath() + "/login.xhtml"); + return; + } + + // Si el usuario está logeado comprobamos si está autorizado a ver la página + // solicitada. + if (SessionUtils.isLogedIn(ses) == true) { + UserType tipoUsuario = SessionUtils.getUserType(ses); + boolean authorized = false; + + switch (tipoUsuario) { + case ADMINISTRATOR: + if (reqURI.indexOf("/systemAdmin/ManageSpecialties") > 0) + authorized = true; + if (reqURI.indexOf("/systemAdmin/ManageHealthCareCenters") > 0) + authorized = true; + if (reqURI.indexOf("/systemAdmin/ListDoctorsByCenter") > 0) + authorized = true; + if (reqURI.indexOf("/visit/VisitView") > 0) + authorized = true; + if (reqURI.indexOf("/visit/UpdateVisit") > 0) + authorized = true; + break; + case PATIENT: + if (reqURI.indexOf("/visit/VisitView") > 0) + authorized = true; + if (reqURI.indexOf("/visit/AddVisit") > 0) + authorized = true; + if (reqURI.indexOf("/visit/UpdateVisit") > 0) + authorized = true; + if (reqURI.indexOf("/visit/CancelVisit") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/AddQuestion") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/MedicalTests") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/SearchSpecialistBySpecialty") > 0) + authorized = true; + if (reqURI.indexOf("/profile/UpdateProfile") > 0) + authorized = true; + if (reqURI.indexOf("/profile/ChangeFamilyDoctor") > 0) + authorized = true; + break; + case FAMILY_DOCTOR: + if (reqURI.indexOf("/visit/VisitView") > 0) + authorized = true; + if (reqURI.indexOf("/visit/VisitAddResult") > 0) + authorized = true; + if (reqURI.indexOf("/visit/VisitViewSchedules") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/MedicalTests") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/AnswerQuestion") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/PendingQuestions") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0) + authorized = true; + if (reqURI.indexOf("/profile/UpdateProfile") > 0) + authorized = true; + if (reqURI.indexOf("/profile/ChangePrimaryHealthCareCenter") > 0) + authorized = true; + break; + case SPECIALIST_DOCTOR: + if (reqURI.indexOf("/medicaltest/MedicalTests") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/AddMedicalTest") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/ViewMedicalTest") > 0) + authorized = true; + if (reqURI.indexOf("/medicaltest/AddImageToMedicalTest") > 0) + authorized = true; + if (reqURI.indexOf("/profile/UpdateProfile") > 0) + authorized = true; + break; + } + + if (authorized == true) { + chain.doFilter(request, response); + return; + } else { + resp.sendRedirect(req.getContextPath() + "/error.xhtml"); + return; + } + + } + + resp.sendRedirect(req.getContextPath() + "/login.xhtml"); } catch (Exception e) { System.out.println(e.getMessage()); } diff --git a/1.sources/MyHealth/src/managedbean/common/SessionUtils.java b/1.sources/MyHealth/src/managedbean/common/SessionUtils.java index 80f5eb3..2b3bb97 100644 --- a/1.sources/MyHealth/src/managedbean/common/SessionUtils.java +++ b/1.sources/MyHealth/src/managedbean/common/SessionUtils.java @@ -70,9 +70,12 @@ public class SessionUtils { else return ""; } - + public static UserType getUserType() { - HttpSession session = getSession(); + return getUserType(getSession()); + } + + public static UserType getUserType(HttpSession session) { if (session != null && session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE) != null) return UserType.class.cast(session.getAttribute(SessionUtils.SESSION_VAR_USERTYPE)); else