Example 1 with PortalSecurityException
use of org.apereo.portal.security.PortalSecurityException in project uPortal by Jasig.
the class SimplePersonManager method getPerson.
/**
* Retrieve an IPerson object for the incoming request
*
* @param request the servlet request object
* @return the IPerson object for the incoming request
*/
public IPerson getPerson(HttpServletRequest request) throws PortalSecurityException {
HttpSession session = request.getSession(false);
IPerson person = null;
// Return the person object if it exists in the user's session
if (session != null) {
person = (IPerson) session.getAttribute(PERSON_SESSION_KEY);
}
if (person == null) {
try {
// Create a guest person
person = createGuestPerson(request);
} catch (Exception e) {
// Log the exception
log.error("Exception creating guest person.", e);
}
// Add this person object to the user's session
if (person != null && session != null) {
session.setAttribute(PERSON_SESSION_KEY, person);
}
}
return person;
}
Also used :
IPerson(org.apereo.portal.security.IPerson)
HttpSession(javax.servlet.http.HttpSession)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
Example 2 with PortalSecurityException
use of org.apereo.portal.security.PortalSecurityException in project uPortal by Jasig.
the class ExtendedPersonManager method getPerson.
/**
* Retrieve an IPerson object for the incoming request
*
* @param request the servlet request object
* @return the IPerson object for the incoming request
* @throws PortalSecurityException
*/
@Override
public IPerson getPerson(HttpServletRequest request) throws PortalSecurityException {
HttpSession session = request.getSession(false);
IPerson person = null;
// Return the person object if it exists in the user's session
if (session != null)
person = (IPerson) session.getAttribute(PERSON_SESSION_KEY);
if (person == null) {
try {
// Create a guest person
person = createGuestPerson(request);
merger.mergeAttributes(person.getAttributeMap(), descriptors.getAttributes());
} catch (Exception e) {
// Log the exception
log.error("Exception creating guest person.", e);
}
// Add this person object to the user's session
if (person != null && session != null)
session.setAttribute(PERSON_SESSION_KEY, person);
}
return person;
}
Also used :
IPerson(org.apereo.portal.security.IPerson)
HttpSession(javax.servlet.http.HttpSession)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
Example 3 with PortalSecurityException
use of org.apereo.portal.security.PortalSecurityException in project uPortal by Jasig.
the class RemoteUserPersonManager method getPerson.
/**
* Retrieve an IPerson object for the incoming request
*
* @param request The current HttpServletRequest
* @return IPerson object for the incoming request
* @exception PortalSecurityException Description of the Exception
*/
@Override
public IPerson getPerson(HttpServletRequest request) throws PortalSecurityException {
/*
* This method overrides the implementation of getPerson() in BasePersonManager, but we only
* want the RemoteUser behavior here if we're using RemoteUser AuthN.
*/
if (!remoteUserSecurityContextFactory.isEnabled()) {
return super.getPerson(request);
}
// Return the person object if it exists in the user's session
final HttpSession session = request.getSession(false);
IPerson person = null;
if (session != null) {
person = (IPerson) session.getAttribute(PERSON_SESSION_KEY);
if (person != null) {
return person;
}
}
try {
// Create a new instance of a person
person = createPersonForRequest(request);
// If the user has authenticated with the server which has implemented web
// authentication,
// the REMOTE_USER environment variable will be set.
String remoteUser = request.getRemoteUser();
// We don't want to ignore the security contexts which are already configured in
// security.properties, so we
// retrieve the existing security contexts. If one of the existing security contexts is
// a RemoteUserSecurityContext,
// we set the REMOTE_USER field of the existing RemoteUserSecurityContext context.
//
// If a RemoteUserSecurityContext does not already exist, we create one and populate the
// REMOTE_USER field.
ISecurityContext context;
Enumeration subContexts = null;
boolean remoteUserSecurityContextExists = false;
// Retrieve existing security contexts.
context = person.getSecurityContext();
if (context != null)
subContexts = context.getSubContexts();
if (subContexts != null) {
while (subContexts.hasMoreElements()) {
ISecurityContext ctx = (ISecurityContext) subContexts.nextElement();
// REMOTE_USER
if (ctx instanceof RemoteUserSecurityContext) {
RemoteUserSecurityContext remoteuserctx = (RemoteUserSecurityContext) ctx;
remoteuserctx.setRemoteUser(remoteUser);
remoteUserSecurityContextExists = true;
}
}
}
// This preserves the default behavior of this class.
if (!remoteUserSecurityContextExists) {
RemoteUserSecurityContext remoteuserctx = new RemoteUserSecurityContext(remoteUser);
person.setSecurityContext(remoteuserctx);
}
} catch (Exception e) {
// Log the exception
logger.error("Exception creating person for request: {}", request, e);
}
if (session != null) {
// Add this person object to the user's session
session.setAttribute(PERSON_SESSION_KEY, person);
}
// Return the new person object
return (person);
}
Also used :
IPerson(org.apereo.portal.security.IPerson)
Enumeration(java.util.Enumeration)
HttpSession(javax.servlet.http.HttpSession)
ISecurityContext(org.apereo.portal.security.ISecurityContext)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
Example 4 with PortalSecurityException
use of org.apereo.portal.security.PortalSecurityException in project uPortal by Jasig.
the class Authentication method authenticate.
/**
* Attempts to authenticate a given IPerson based on a set of principals and credentials
*
* @param principals
* @param credentials
* @param person
* @exception PortalSecurityException
*/
public void authenticate(HttpServletRequest request, Map<String, String> principals, Map<String, String> credentials, IPerson person) throws PortalSecurityException {
// Retrieve the security context for the user
final ISecurityContext securityContext = person.getSecurityContext();
// Set the principals and credentials for the security context chain
this.configureSecurityContextChain(principals, credentials, securityContext, BASE_CONTEXT_NAME);
// NOTE: PortalPreAuthenticatedProcessingFilter looks in the security.properties file to
// determine what tokens to look for that represent the principals and
// credentials for each context. It then retrieves the values from the request
// and stores the values in the principals and credentials HashMaps that are
// passed to the Authentication service.
// Attempt to authenticate the user
final long start = System.currentTimeMillis();
securityContext.authenticate();
final long elapsed = System.currentTimeMillis() - start;
// Check to see if the user was authenticated
if (securityContext.isAuthenticated()) {
// metric
lastAuthentication = authenticationTimes.add(elapsed);
// Add the authenticated username to the person object
// the login name may have been provided or reset by the security provider
// so this needs to be done after authentication.
final String userName = securityContext.getPrincipal().getUID();
person.setAttribute(IPerson.USERNAME, userName);
if (log.isDebugEnabled()) {
log.debug("FINISHED SecurityContext authentication for user '" + userName + "' in " + elapsed + "ms #milestone");
}
threadNamingRequestFilter.updateCurrentUsername(userName);
/*
* Clear cached group info for this user.
*
* There seem to be 2 systems in place for this information:
* - The old system based on EntityCachingService
* - The new system based on ehcache
*
* For uPortal 5, we should work to remove the old system.
*/
// Old system
GroupService.finishedSession(person);
for (IAuthenticationListener authListener : authenticationListeners) {
// New system
authListener.userAuthenticated(person);
}
// Clear all existing cached data about the person
this.usernameTaggedCacheEntryPurger.purgeTaggedCacheEntries(userName);
// Retrieve the additional descriptor from the security context
final IAdditionalDescriptor addInfo = person.getSecurityContext().getAdditionalDescriptor();
// Process the additional descriptor if one was created
if (addInfo != null) {
// handled by the PersonManager.
if (addInfo instanceof IPerson) {
final IPerson newPerson = (IPerson) addInfo;
person.setFullName(newPerson.getFullName());
for (final String attributeName : newPerson.getAttributeMap().keySet()) {
person.setAttribute(attributeName, newPerson.getAttribute(attributeName));
}
} else // simply copy all of these additional attributes into the IPerson
if (addInfo instanceof Map) {
// Cast the additional descriptor as a Map
final Map<?, ?> additionalAttributes = (Map<?, ?>) addInfo;
// Copy each additional attribute into the person object
for (final Iterator<?> keys = additionalAttributes.keySet().iterator(); keys.hasNext(); ) {
// Get a key
final String key = (String) keys.next();
// Set the attribute
person.setAttribute(key, additionalAttributes.get(key));
}
} else if (addInfo instanceof ChainingSecurityContext.ChainingAdditionalDescriptor) {
// do nothing
} else {
if (log.isWarnEnabled()) {
log.warn("Authentication Service received unknown additional descriptor [" + addInfo + "]");
}
}
}
// Populate the person object using the PersonDirectory if applicable
if (PropertiesManager.getPropertyAsBoolean("org.apereo.portal.services.Authentication.usePersonDirectory")) {
// Retrieve all of the attributes associated with the person logging in
final String username = person.getUserName();
final long timestamp = System.currentTimeMillis();
if (log.isDebugEnabled()) {
log.debug("STARTING user attribute gathering for user '" + userName + "' #milestone");
}
final IPersonAttributes personAttributes = this.personAttributeDao.getPerson(username);
if (log.isDebugEnabled()) {
log.debug("FINISHED user attribute gathering for user '" + userName + "' in " + Long.toString(System.currentTimeMillis() - timestamp) + "ms #milestone");
}
if (personAttributes != null) {
// attribs may be null. IPersonAttributeDao returns null when it does not
// recognize a user at all, as
// distinguished from returning an empty Map of attributes when it recognizes a
// user has having no
// attributes.
person.setAttributes(personAttributes.getAttributes());
}
}
// Call extensions if present
if (authenticationExt != null) {
authenticationExt.postAttributeResolution(request, person);
}
// Make sure the the user's fullname is set
if (person.getFullName() == null) {
// Use portal display name if one exists
if (person.getAttribute("portalDisplayName") != null) {
person.setFullName((String) person.getAttribute("portalDisplayName"));
} else // If not try the eduPerson displayName
if (person.getAttribute("displayName") != null) {
person.setFullName((String) person.getAttribute("displayName"));
}
// If still no FullName use an unrecognized string
if (person.getFullName() == null) {
person.setFullName("Unrecognized person: " + person.getAttribute(IPerson.USERNAME));
}
}
// Find the uPortal userid for this user or flunk authentication if not found.
final boolean autocreate = PropertiesManager.getPropertyAsBoolean("org.apereo.portal.services.Authentication.autoCreateUsers");
try {
// Attempt to retrieve the UID
final int newUID = this.userIdentityStore.getPortalUID(person, autocreate);
person.setID(newUID);
} catch (final AuthorizationException ae) {
log.error("Exception retrieving ID", ae);
throw new PortalSecurityException("Authentication Service: Exception retrieving UID");
}
}
// Publish a login event for the person
this.portalEventFactory.publishLoginEvent(request, this, person);
}
Also used :
IAdditionalDescriptor(org.apereo.portal.security.IAdditionalDescriptor)
AuthorizationException(org.apereo.portal.AuthorizationException)
ISecurityContext(org.apereo.portal.security.ISecurityContext)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
IPerson(org.apereo.portal.security.IPerson)
IPersonAttributes(org.apereo.services.persondir.IPersonAttributes)
Iterator(java.util.Iterator)
Map(java.util.Map)
Example 5 with PortalSecurityException
use of org.apereo.portal.security.PortalSecurityException in project uPortal by Jasig.
the class SimpleSecurityContext method authenticate.
/**
* Authenticate user.
*
* @exception PortalSecurityException
*/
@Override
public synchronized void authenticate() throws PortalSecurityException {
this.isauth = false;
if (this.myPrincipal.UID != null && this.myOpaqueCredentials.credentialstring != null) {
// Logs if an attempt is made to log into a local account
if (log.isWarnEnabled())
log.warn("An attempt to log into the local login has occurred. user=" + this.myPrincipal.UID);
try {
ILocalAccountDao accountStore = LocalAccountDaoLocator.getLocalAccountDao();
IPortalPasswordService passwordService = PortalPasswordServiceLocator.getPortalPasswordService();
// retrieve the account from the local user store
ILocalAccountPerson account = accountStore.getPerson(this.myPrincipal.UID);
if (account != null) {
// get the account password as an ASCII string
String loginPassword = new String(this.myOpaqueCredentials.credentialstring, UTF_8);
// account password, authenticate the user
if (passwordService.validatePassword(loginPassword, account.getPassword())) {
// set the full name for this user
String fullName = (String) account.getAttributeValue("displayName");
this.myPrincipal.FullName = fullName;
if (log.isInfoEnabled())
log.info("User " + this.myPrincipal.UID + " is authenticated");
this.isauth = true;
} else {
log.info("Password Invalid");
}
} else {
if (log.isInfoEnabled())
log.info("No such user: " + this.myPrincipal.UID);
}
} catch (Exception e) {
log.error("Error authenticating user", e);
throw new RuntimeException("Error authenticating user", e);
}
} else // If the principal and/or credential are missing, the context authentication
// simply fails. It should not be construed that this is an error. It happens for guest
// access.
{
log.info("Principal or OpaqueCredentials not initialized prior to authenticate");
}
// Ok...we are now ready to authenticate all of our subcontexts.
super.authenticate();
return;
}
Also used :
IPortalPasswordService(org.apereo.portal.security.IPortalPasswordService)
ILocalAccountDao(org.apereo.portal.persondir.ILocalAccountDao)
ILocalAccountPerson(org.apereo.portal.persondir.ILocalAccountPerson)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
Aggregations
PortalSecurityException (org.apereo.portal.security.PortalSecurityException)12
IPerson (org.apereo.portal.security.IPerson)6
HttpSession (javax.servlet.http.HttpSession)5
ISecurityContext (org.apereo.portal.security.ISecurityContext)3
Enumeration (java.util.Enumeration)2
AuthorizationException (org.apereo.portal.AuthorizationException)2
ILocalAccountDao (org.apereo.portal.persondir.ILocalAccountDao)2
ILocalAccountPerson (org.apereo.portal.persondir.ILocalAccountPerson)2
IOException (java.io.IOException)1
Iterator (java.util.Iterator)1
Map (java.util.Map)1
Properties (java.util.Properties)1
AuthenticationException (javax.naming.AuthenticationException)1
NamingEnumeration (javax.naming.NamingEnumeration)1
NamingException (javax.naming.NamingException)1
Attributes (javax.naming.directory.Attributes)1
DirContext (javax.naming.directory.DirContext)1
SearchControls (javax.naming.directory.SearchControls)1
SearchResult (javax.naming.directory.SearchResult)1
IUserProfile (org.apereo.portal.IUserProfile)1
