Added SSO authorisation to access AdminPortal.

cmsWebApp/src/performa/sso/ClientAuthToken.java

+package performa.sso;
+
+import oneit.objstore.*;
+import oneit.security.AuthorisationToken;
+import oneit.security.SecUser;
+import oneit.utils.BaseObject;
+import oneit.utils.Debug;
+
+
+public class ClientAuthToken extends BaseObject implements AuthorisationToken
+{
+    public static final String  ROLE_TL_CLIENT  = "TL_Client";
+    
+    SecUser     client;
+    
+    public ClientAuthToken(String userName, ObjectTransaction objTran) 
+    {
+        client = SecUser.searchNAME(objTran, userName);
+        
+        Debug.assertion(client != null, "No Client matches:", userName);
+    }
+    
+    
+    public boolean isAuthorised(String priv) 
+    {   
+        return client!=null && client.hasRole(ROLE_TL_CLIENT);
+    }
+    
+    
+    public SecUser getLoggedInClient ()
+    {
+        return client;
+    }
+
+    @Override
+    public String getIdentification() {
+        return client.getDescription();
+    }
+
+    @Override
+    public String getDescription() {
+        return "";
+    }
+}

cmsWebApp/webroot/extensions/performa/upgrades/20170619_Sec_Roles.xml

+<?xml version="1.0"?>
+<!-- @AutoRun -->
+<OBJECTS name="">
+    <NODE name="Script" factory="Vector">
+        <NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation">
+            <tableName factory="String">oneit_sec_role</tableName>
+            <value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
+            <value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
+            <value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
+            <value name='name' factory='String'>TL_Client</value>
+            <value name='description' factory='String'>Client of Talentology</value>
+        </NODE>
+        <NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation">
+            <tableName factory="String">oneit_sec_role</tableName>
+            <value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
+            <value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
+            <value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
+            <value name='name' factory='String'>TL_Applicant</value>
+            <value name='description' factory='String'>Applicant user</value>
+        </NODE>
+    </NODE>
+</OBJECTS>
\ No newline at end of file

cmsWebApp/webroot/testsso.jsp

+<%@page import="oneit.utils.*,oneit.logging.*"%>
+<%@page import="oneit.security.*, oneit.servlets.security.SessionSecUserDecorator"%>
+<%@page import="java.util.Date"%>
+<%@page import="oneit.objstore.services.TransactionServicesFactory"%>
+<%@page import="performa.sso.*, oneit.objstore.*, oneit.appservices.config.*" %>
+
+<%
+    SecUser pageUser    = (SecUser)(session.getAttribute(SecUser.SEC_USER_ID));
+    String  userName    = request.getParameter("userName");
+
+    if (userName != null)
+    {
+        TransactionServicesFactory  tsf     = (TransactionServicesFactory)ConfigMgr.getConfigObject(ConfigMgr.GLOBAL_CONFIG_SYSTEM, "TransactionServices");
+        ObjectTransaction           objTran = new ObjectTransaction (tsf);
+
+        try
+        {
+            ClientAuthToken   authToken = new ClientAuthToken(userName, objTran);
+            
+            if(authToken.isAuthorised(null))
+            {
+                request.getSession().invalidate();
+                request.getSession().setAttribute (AuthorisationToken.AUTH_TOKEN_ID, authToken);
+
+                request.getSession ().setAttribute (SecUser.SEC_USER_ID, authToken.getLoggedInClient());
+
+                // This is only to help with the tomcat manager, so you can see which user belongs to which session
+                request.getSession ().setAttribute (SecUser.SEC_USER_ID+".desc", authToken.getDescription());
+                request.getSession ().setAttribute (SecUser.SEC_USER_ID+".loggedin", ""+new Date());
+                request.getSession ().setAttribute (SessionSecUserDecorator.REFRESH_SECURITY, Boolean.TRUE);
+
+                objTran.commit();
+                objTran.commitResources();
+
+                response.sendRedirect("AdminPortal-Home.htm");
+            }
+        }
+        finally
+        {
+            objTran.releaseResources();
+        }        
+    }
+    
+%>
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+        <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
+    </head>
+    <body>
+        <form method="POST">
+            <input name="userName" value="">
+            <input type="submit" name="Go" value="Submit">
+        </form>
+    </body>
+</html>