Example 1 with Transactional
use of com.liferay.portal.kernel.transaction.Transactional in project liferay-ide by liferay.
the class UserLocalServiceImpl method authenticateForDigest.
/**
* Attempts to authenticate the user using HTTP digest access
* authentication, without using the AuthPipeline. Primarily used for
* authenticating users of <code>tunnel-web</code>.
*
* @param companyId the primary key of the user's company
* @param username either the user's email address, screen name, or primary
* key
* @param realm unused
* @param nonce the number used once
* @param method the request method
* @param uri the request URI
* @param response the authentication response hash
* @return the user's primary key if authentication is succesful;
* <code>0</code> otherwise
* @throws PortalException if a portal exception occurred
* @throws SystemException if a system exception occurred
*/
@Override
@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
public long authenticateForDigest(long companyId, String username, String realm, String nonce, String method, String uri, String response) throws PortalException, SystemException {
if (PropsValues.AUTH_LOGIN_DISABLED) {
return 0;
}
// Get User
User user = fetchUserByEmailAddress(companyId, username);
if (user == null) {
user = fetchUserByScreenName(companyId, username);
}
if (user == null) {
user = userPersistence.fetchByPrimaryKey(GetterUtil.getLong(username));
}
if (user == null) {
return 0;
}
if (user.isDefaultUser()) {
if (_log.isInfoEnabled()) {
_log.info("Digest authentication is disabled for the default user");
}
return 0;
} else if (!user.isActive()) {
if (_log.isInfoEnabled()) {
_log.info("Digest authentication is disabled for inactive user " + user.getUserId());
}
return 0;
}
// Verify digest
String digest = user.getDigest();
if (Validator.isNull(digest)) {
_log.error("User must first login through the portal " + user.getUserId());
return 0;
}
String[] digestArray = StringUtil.split(user.getDigest());
for (String ha1 : digestArray) {
String ha2 = DigesterUtil.digestHex(Digester.MD5, method, uri);
String curResponse = DigesterUtil.digestHex(Digester.MD5, ha1, nonce, ha2);
if (response.equals(curResponse)) {
return user.getUserId();
}
}
return 0;
}
Also used :
User(com.liferay.portal.model.User)
Transactional(com.liferay.portal.kernel.transaction.Transactional)
Example 2 with Transactional
use of com.liferay.portal.kernel.transaction.Transactional in project liferay-ide by liferay.
the class UserLocalServiceImpl method authenticateForBasic.
/**
* Attempts to authenticate the user using HTTP basic access authentication,
* without using the AuthPipeline. Primarily used for authenticating users
* of <code>tunnel-web</code>.
*
* <p>
* Authentication type specifies what <code>login</code> contains.The valid
* values are:
* </p>
*
* <ul>
* <li>
* <code>CompanyConstants.AUTH_TYPE_EA</code> - <code>login</code> is the
* user's email address
* </li>
* <li>
* <code>CompanyConstants.AUTH_TYPE_SN</code> - <code>login</code> is the
* user's screen name
* </li>
* <li>
* <code>CompanyConstants.AUTH_TYPE_ID</code> - <code>login</code> is the
* user's primary key
* </li>
* </ul>
*
* @param companyId the primary key of the user's company
* @param authType the type of authentication to perform
* @param login either the user's email address, screen name, or primary
* key depending on the value of <code>authType</code>
* @param password the user's password
* @return the authentication status. This can be {@link
* com.liferay.portal.security.auth.Authenticator#FAILURE}
* indicating that the user's credentials are invalid, {@link
* com.liferay.portal.security.auth.Authenticator#SUCCESS}
* indicating a successful login, or {@link
* com.liferay.portal.security.auth.Authenticator#DNE} indicating
* that a user with that login does not exist.
* @throws PortalException if a portal exception occurred
* @throws SystemException if a system exception occurred
*/
@Override
@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
public long authenticateForBasic(long companyId, String authType, String login, String password) throws PortalException, SystemException {
if (PropsValues.AUTH_LOGIN_DISABLED) {
return 0;
}
User user = null;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
user = fetchUserByEmailAddress(companyId, login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
user = fetchUserByScreenName(companyId, login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
user = userPersistence.fetchByPrimaryKey(GetterUtil.getLong(login));
}
if (user == null) {
return 0;
}
if (user.isDefaultUser()) {
if (_log.isInfoEnabled()) {
_log.info("Basic authentication is disabled for the default " + "user");
}
return 0;
} else if (!user.isActive()) {
if (_log.isInfoEnabled()) {
_log.info("Basic authentication is disabled for inactive user " + user.getUserId());
}
return 0;
}
if (!PropsValues.BASIC_AUTH_PASSWORD_REQUIRED) {
return user.getUserId();
}
String userPassword = user.getPassword();
if (!user.isPasswordEncrypted()) {
userPassword = PasswordEncryptorUtil.encrypt(userPassword);
}
String encPassword = PasswordEncryptorUtil.encrypt(password, userPassword);
if (userPassword.equals(password) || userPassword.equals(encPassword)) {
return user.getUserId();
}
return 0;
}
Also used :
User(com.liferay.portal.model.User)
Transactional(com.liferay.portal.kernel.transaction.Transactional)
Example 3 with Transactional
use of com.liferay.portal.kernel.transaction.Transactional in project liferay-ide by liferay.
the class UserLocalServiceImpl method authenticateForJAAS.
/**
* Attempts to authenticate the user using JAAS credentials, without using
* the AuthPipeline.
*
* @param userId the primary key of the user
* @param encPassword the encrypted password
* @return <code>true</code> if authentication is successful;
* <code>false</code> otherwise
*/
@Override
@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
public boolean authenticateForJAAS(long userId, String encPassword) {
if (PropsValues.AUTH_LOGIN_DISABLED) {
return false;
}
try {
User user = userPersistence.findByPrimaryKey(userId);
if (user.isDefaultUser()) {
if (_log.isInfoEnabled()) {
_log.info("JAAS authentication is disabled for the default user");
}
return false;
} else if (!user.isActive()) {
if (_log.isInfoEnabled()) {
_log.info("JAAS authentication is disabled for inactive user " + userId);
}
return false;
}
String userPassword = user.getPassword();
if (user.isPasswordEncrypted()) {
if (userPassword.equals(encPassword)) {
return true;
}
if (!PropsValues.PORTAL_JAAS_STRICT_PASSWORD) {
encPassword = PasswordEncryptorUtil.encrypt(encPassword, userPassword);
if (userPassword.equals(encPassword)) {
return true;
}
}
} else {
if (!PropsValues.PORTAL_JAAS_STRICT_PASSWORD) {
if (userPassword.equals(encPassword)) {
return true;
}
}
userPassword = PasswordEncryptorUtil.encrypt(userPassword, encPassword);
if (userPassword.equals(encPassword)) {
return true;
}
}
} catch (Exception e) {
_log.error(e);
}
return false;
}
Also used :
User(com.liferay.portal.model.User)
ContactFirstNameException(com.liferay.portal.ContactFirstNameException)
ModelListenerException(com.liferay.portal.ModelListenerException)
NoSuchImageException(com.liferay.portal.NoSuchImageException)
GroupFriendlyURLException(com.liferay.portal.GroupFriendlyURLException)
DuplicateOpenIdException(com.liferay.portal.DuplicateOpenIdException)
ImageSizeException(com.liferay.portlet.documentlibrary.ImageSizeException)
PasswordExpiredException(com.liferay.portal.PasswordExpiredException)
UserPasswordException(com.liferay.portal.UserPasswordException)
NoSuchUserException(com.liferay.portal.NoSuchUserException)
UserSmsException(com.liferay.portal.UserSmsException)
NoSuchRoleException(com.liferay.portal.NoSuchRoleException)
PortalException(com.liferay.portal.kernel.exception.PortalException)
UserIdException(com.liferay.portal.UserIdException)
UserPortraitTypeException(com.liferay.portal.UserPortraitTypeException)
RequiredUserException(com.liferay.portal.RequiredUserException)
ReservedUserScreenNameException(com.liferay.portal.ReservedUserScreenNameException)
IOException(java.io.IOException)
ContactBirthdayException(com.liferay.portal.ContactBirthdayException)
UserReminderQueryException(com.liferay.portal.UserReminderQueryException)
DuplicateUserScreenNameException(com.liferay.portal.DuplicateUserScreenNameException)
UserEmailAddressException(com.liferay.portal.UserEmailAddressException)
ContactFullNameException(com.liferay.portal.ContactFullNameException)
EncryptorException(com.liferay.util.EncryptorException)
CompanyMaxUsersException(com.liferay.portal.CompanyMaxUsersException)
NoSuchTicketException(com.liferay.portal.NoSuchTicketException)
UserScreenNameException(com.liferay.portal.UserScreenNameException)
ContactLastNameException(com.liferay.portal.ContactLastNameException)
ReservedUserEmailAddressException(com.liferay.portal.ReservedUserEmailAddressException)
DuplicateUserEmailAddressException(com.liferay.portal.DuplicateUserEmailAddressException)
NoSuchUserGroupException(com.liferay.portal.NoSuchUserGroupException)
PrincipalException(com.liferay.portal.security.auth.PrincipalException)
SystemException(com.liferay.portal.kernel.exception.SystemException)
NoSuchOrganizationException(com.liferay.portal.NoSuchOrganizationException)
UserLockoutException(com.liferay.portal.UserLockoutException)
UserPortraitSizeException(com.liferay.portal.UserPortraitSizeException)
Transactional(com.liferay.portal.kernel.transaction.Transactional)
Example 4 with Transactional
use of com.liferay.portal.kernel.transaction.Transactional in project liferay-ide by liferay.
the class UserLocalServiceImpl method encryptUserId.
/**
* Encrypts the primary key of the user. Used when encrypting the user's
* credentials for storage in an automatic login cookie.
*
* @param name the primary key of the user
* @return the user's encrypted primary key
* @throws PortalException if a user with the primary key could not be found
* @throws SystemException if a system exception occurred
*/
@Override
@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
public String encryptUserId(String name) throws PortalException, SystemException {
long userId = GetterUtil.getLong(name);
User user = userPersistence.findByPrimaryKey(userId);
Company company = companyPersistence.findByPrimaryKey(user.getCompanyId());
try {
return Encryptor.encrypt(company.getKeyObj(), name);
} catch (EncryptorException ee) {
throw new SystemException(ee);
}
}
Also used :
Company(com.liferay.portal.model.Company)
User(com.liferay.portal.model.User)
EncryptorException(com.liferay.util.EncryptorException)
SystemException(com.liferay.portal.kernel.exception.SystemException)
Transactional(com.liferay.portal.kernel.transaction.Transactional)
Aggregations
Transactional (com.liferay.portal.kernel.transaction.Transactional)4
User (com.liferay.portal.model.User)4
SystemException (com.liferay.portal.kernel.exception.SystemException)2
EncryptorException (com.liferay.util.EncryptorException)2
CompanyMaxUsersException (com.liferay.portal.CompanyMaxUsersException)1
ContactBirthdayException (com.liferay.portal.ContactBirthdayException)1
ContactFirstNameException (com.liferay.portal.ContactFirstNameException)1
ContactFullNameException (com.liferay.portal.ContactFullNameException)1
ContactLastNameException (com.liferay.portal.ContactLastNameException)1
DuplicateOpenIdException (com.liferay.portal.DuplicateOpenIdException)1
DuplicateUserEmailAddressException (com.liferay.portal.DuplicateUserEmailAddressException)1
DuplicateUserScreenNameException (com.liferay.portal.DuplicateUserScreenNameException)1
GroupFriendlyURLException (com.liferay.portal.GroupFriendlyURLException)1
ModelListenerException (com.liferay.portal.ModelListenerException)1
NoSuchImageException (com.liferay.portal.NoSuchImageException)1
NoSuchOrganizationException (com.liferay.portal.NoSuchOrganizationException)1
NoSuchRoleException (com.liferay.portal.NoSuchRoleException)1
NoSuchTicketException (com.liferay.portal.NoSuchTicketException)1
NoSuchUserException (com.liferay.portal.NoSuchUserException)1
NoSuchUserGroupException (com.liferay.portal.NoSuchUserGroupException)1
