Example 11 with XWikiUser
use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.
the class XWikiCachingRightService method authenticateUser.
/**
* Ensure user authentication if needed.
*
* @param context Current XWikiContext
*/
private void authenticateUser(XWikiContext context) {
DocumentReference contextUserReference = context.getUserReference();
DocumentReference userReference = contextUserReference;
if (userReference == null && context.getMode() != XWikiContext.MODE_XMLRPC) {
try {
XWikiUser user = context.getWiki().checkAuth(context);
if (user != null) {
userReference = resolveUserName(user.getUser(), new WikiReference(context.getWikiId()));
}
} catch (XWikiException e) {
LOGGER.error("Caught exception while authenticating user.", e);
}
}
if (userReference != null && XWikiConstants.GUEST_USER.equals(userReference.getName())) {
// Public users (not logged in) should be passed as null in the new API. It may happen that badly
// design code, and poorly written API does not take care, so we prevent security issue here.
userReference = null;
}
if (userReference != contextUserReference && (userReference == null || !userReference.equals(contextUserReference))) {
context.setUserReference(userReference);
}
}
Also used :
XWikiUser(com.xpn.xwiki.user.api.XWikiUser)
WikiReference(org.xwiki.model.reference.WikiReference)
DocumentReference(org.xwiki.model.reference.DocumentReference)
XWikiException(com.xpn.xwiki.XWikiException)
Example 12 with XWikiUser
use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.
the class XWikiAuthServiceImpl method checkAuth.
@Override
public XWikiUser checkAuth(XWikiContext context) throws XWikiException {
// Debug time taken.
long time = System.currentTimeMillis();
HttpServletRequest request = null;
HttpServletResponse response = context.getResponse();
if (context.getRequest() != null) {
request = context.getRequest().getHttpServletRequest();
}
if (request == null) {
return null;
}
XWikiAuthenticator auth = getAuthenticator(context);
SecurityRequestWrapper wrappedRequest = new SecurityRequestWrapper(request, null, null, auth.getAuthMethod());
try {
if (auth.processLogin(wrappedRequest, response, context)) {
return null;
}
// Process logout (this only works with Forms)
if (auth.processLogout(wrappedRequest, response, new URLPatternMatcher())) {
if (LOGGER.isInfoEnabled()) {
LOGGER.info("User " + context.getUser() + " has been logged-out");
}
wrappedRequest.setUserPrincipal(null);
return null;
}
final String userName = getContextUserName(wrappedRequest.getUserPrincipal(), context);
if (LOGGER.isInfoEnabled()) {
if (userName != null) {
LOGGER.info("User " + userName + " is authentified");
}
}
if (userName == null) {
return null;
}
return new XWikiUser(userName);
} catch (Exception e) {
LOGGER.error("Failed to authenticate", e);
return null;
} finally {
LOGGER.debug("XWikiAuthServiceImpl.checkAuth(XWikiContext) took " + (System.currentTimeMillis() - time) + " milliseconds to run.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
URLPatternMatcher(org.securityfilter.filter.URLPatternMatcher)
XWikiUser(com.xpn.xwiki.user.api.XWikiUser)
SecurityRequestWrapper(org.securityfilter.filter.SecurityRequestWrapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
XWikiException(com.xpn.xwiki.XWikiException)
IOException(java.io.IOException)
Example 13 with XWikiUser
use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.
the class XWiki method getUser.
public User getUser(XWikiContext context) {
XWikiUser xwikiUser = context.getXWikiUser();
User user = new User(xwikiUser, context);
return user;
}Example 14 with XWikiUser
use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.
the class XWikiContext method setUserReference.
public void setUserReference(DocumentReference userReference) {
if (userReference == null) {
this.userReference = null;
remove(USER_KEY);
remove(USERREFERENCE_KEY);
} else {
this.userReference = new DocumentReference(userReference);
boolean ismain = isMainWiki(this.userReference.getWikiReference().getName());
put(USER_KEY, new XWikiUser(getUser(), ismain));
put(USERREFERENCE_KEY, this.userReference);
// Log this since it's probably a mistake so that we find who is doing bad things
if (this.userReference.getName().equals(XWikiRightService.GUEST_USER)) {
LOGGER.warn("A reference to XWikiGuest user has been set instead of null. This is probably a mistake.", new Exception("See stack trace"));
}
}
}
Also used :
XWikiUser(com.xpn.xwiki.user.api.XWikiUser)
DocumentReference(org.xwiki.model.reference.DocumentReference)
Aggregations
XWikiUser (com.xpn.xwiki.user.api.XWikiUser)14
XWikiException (com.xpn.xwiki.XWikiException)6
DocumentReference (org.xwiki.model.reference.DocumentReference)6
XWikiContext (com.xpn.xwiki.XWikiContext)3
WikiReference (org.xwiki.model.reference.WikiReference)3
XWiki (com.xpn.xwiki.XWiki)2
User (com.xpn.xwiki.api.User)2
XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)2
BaseObject (com.xpn.xwiki.objects.BaseObject)2
IOException (java.io.IOException)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
SecurityRequestWrapper (org.securityfilter.filter.SecurityRequestWrapper)2
SpaceReference (org.xwiki.model.reference.SpaceReference)2
BaseClass (com.xpn.xwiki.objects.classes.BaseClass)1
XWikiRightNotFoundException (com.xpn.xwiki.user.api.XWikiRightNotFoundException)1
XWikiServletContext (com.xpn.xwiki.web.XWikiServletContext)1
XWikiServletRequest (com.xpn.xwiki.web.XWikiServletRequest)1
XWikiServletResponse (com.xpn.xwiki.web.XWikiServletResponse)1
Principal (java.security.Principal)1
