Search in sources :

Example 1 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWikiAuthServiceImpl method checkAuth.

/**
 * Method to authenticate and set the cookie from a username and password passed as parameters
 *
 * @return null if the user is not authenticated properly
 */
@Override
public XWikiUser checkAuth(String username, String password, String rememberme, XWikiContext context) throws XWikiException {
    HttpServletRequest request = null;
    HttpServletResponse response = context.getResponse();
    if (context.getRequest() != null) {
        request = context.getRequest().getHttpServletRequest();
    }
    if (request == null) {
        return null;
    }
    XWikiAuthenticator auth = getAuthenticator(context);
    SecurityRequestWrapper wrappedRequest = new SecurityRequestWrapper(request, null, null, auth.getAuthMethod());
    try {
        if (!auth.processLogin(username, password, rememberme, wrappedRequest, response, context)) {
            return null;
        }
        Principal principal = wrappedRequest.getUserPrincipal();
        if (LOGGER.isInfoEnabled()) {
            if (principal != null) {
                LOGGER.info("User " + principal.getName() + " is authentified");
            }
        }
        if (principal == null) {
            return null;
        }
        return new XWikiUser(getContextUserName(principal, context));
    } catch (Exception e) {
        LOGGER.error("Failed to authenticate", e);
        return null;
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) XWikiUser(com.xpn.xwiki.user.api.XWikiUser) SecurityRequestWrapper(org.securityfilter.filter.SecurityRequestWrapper) HttpServletResponse(javax.servlet.http.HttpServletResponse) Principal(java.security.Principal) SimplePrincipal(org.securityfilter.realm.SimplePrincipal) XWikiException(com.xpn.xwiki.XWikiException) IOException(java.io.IOException)

Example 2 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWikiRightServiceImpl method checkAccess.

@Override
public boolean checkAccess(String action, XWikiDocument doc, XWikiContext context) throws XWikiException {
    LOGGER.debug("checkAccess for [{}], [{}]", action, doc);
    String username = null;
    XWikiUser user = null;
    boolean needsAuth = false;
    String right = getRight(action);
    if (right.equals("login")) {
        user = context.getWiki().checkAuth(context);
        if (user == null) {
            username = XWikiRightService.GUEST_USER_FULLNAME;
        } else {
            username = user.getUser();
        }
        // Save the user
        context.setUser(username);
        logAllow(username, doc.getFullName(), action, "login/logout pages");
        return true;
    }
    if (right.equals("delete")) {
        user = context.getWiki().checkAuth(context);
        String creator = doc.getCreator();
        if ((user != null) && (user.getUser() != null) && (creator != null)) {
            if (user.getUser().equals(creator)) {
                context.setUser(user.getUser());
                return true;
            }
        }
    }
    // We do not need to authenticate twice
    // This seems to cause a problem in virtual wikis
    user = context.getXWikiUser();
    if (user == null) {
        needsAuth = needsAuth(right, context);
        try {
            if (context.getMode() != XWikiContext.MODE_XMLRPC) {
                user = context.getWiki().checkAuth(context);
            } else {
                user = new XWikiUser(context.getUser());
            }
            if ((user == null) && (needsAuth)) {
                logDeny("unauthentified", doc.getFullName(), action, "Authentication needed");
                if (context.getRequest() != null) {
                    if (!context.getWiki().Param("xwiki.hidelogin", "false").equalsIgnoreCase("true")) {
                        context.getWiki().getAuthService().showLogin(context);
                    }
                }
                return false;
            }
        } catch (XWikiException e) {
            if (needsAuth) {
                throw e;
            }
        }
        if (user == null) {
            username = XWikiRightService.GUEST_USER_FULLNAME;
        } else {
            username = user.getUser();
        }
        // Save the user
        context.setUser(username);
    } else {
        username = user.getUser();
    }
    // Check Rights
    try {
        // Verify access rights and return if ok
        String docname;
        if (context.getWikiId() != null) {
            docname = context.getWikiId() + ":" + doc.getFullName();
            if (username.indexOf(":") == -1) {
                username = context.getWikiId() + ":" + username;
            }
        } else {
            docname = doc.getFullName();
        }
        if (context.getWiki().getRightService().hasAccessLevel(right, username, docname, context)) {
            logAllow(username, docname, action, "access manager granted right");
            return true;
        }
    } catch (Exception e) {
        // This should not happen..
        logDeny(username, doc.getFullName(), action, "access manager exception " + e.getMessage());
        e.printStackTrace();
        return false;
    }
    if (user == null) {
        // Denied Guest need to be authenticated
        logDeny("unauthentified", doc.getFullName(), action, "Guest has been denied");
        if (context.getRequest() != null && !context.getWiki().Param("xwiki.hidelogin", "false").equalsIgnoreCase("true")) {
            context.getWiki().getAuthService().showLogin(context);
        }
        return false;
    } else {
        logDeny(username, doc.getFullName(), action, "access manager denied right");
        return false;
    }
}
Also used : XWikiUser(com.xpn.xwiki.user.api.XWikiUser) XWikiException(com.xpn.xwiki.XWikiException) XWikiException(com.xpn.xwiki.XWikiException) XWikiRightNotFoundException(com.xpn.xwiki.user.api.XWikiRightNotFoundException)

Example 3 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWikiAuthentication method authenticate.

@Override
public boolean authenticate(Request request, Response response) {
    /*
         * Browser authentication resource is a special resource that allows to trigger the authentication dialog box in
         * web browsers
         */
    if (request.getResourceRef().getPath().endsWith(BrowserAuthenticationResource.URI_PATTERN)) {
        return super.authenticate(request, response);
    }
    ComponentManager componentManager = (ComponentManager) getContext().getAttributes().get(Constants.XWIKI_COMPONENT_MANAGER);
    XWikiContext xwikiContext = Utils.getXWikiContext(componentManager);
    XWiki xwiki = Utils.getXWiki(componentManager);
    DocumentReferenceResolver<String> resolver;
    EntityReferenceSerializer<String> serializer;
    try {
        resolver = componentManager.getInstance(DocumentReferenceResolver.TYPE_STRING, "current");
        serializer = componentManager.getInstance(EntityReferenceSerializer.TYPE_STRING);
    } catch (ComponentLookupException e1) {
        return false;
    }
    /* By default set XWiki.Guest as the user that is sending the request. */
    xwikiContext.setUserReference(null);
    /*
         * After performing the authentication we should add headers to the response to allow applications to verify if
         * the authentication is still valid We are also adding the XWiki version at the same moment.
         */
    Series<Header> responseHeaders = (Series<Header>) response.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS);
    if (responseHeaders == null) {
        responseHeaders = new Series<>(Header.class);
        response.getAttributes().put(HeaderConstants.ATTRIBUTE_HEADERS, responseHeaders);
    }
    responseHeaders.add("XWiki-User", serializer.serialize(xwikiContext.getUserReference()));
    responseHeaders.add("XWiki-Version", xwikiContext.getWiki().getVersion());
    // Try with standard XWiki auth
    try {
        XWikiUser xwikiUser = xwiki.checkAuth(xwikiContext);
        if (xwikiUser != null) {
            // Make sure the user is in the context
            xwikiContext.setUserReference(resolver.resolve(xwikiUser.getUser()));
            getLogger().fine(String.format("Authenticated as '%s'.", xwikiUser.getUser()));
            // the user has changed so we need to reset the header
            responseHeaders.set("XWiki-User", serializer.serialize(xwikiContext.getUserReference()));
            return true;
        }
    } catch (XWikiException e) {
        getLogger().log(Level.WARNING, "Exception occurred while authenticating.", e);
    }
    // Falback on restlet auth
    return super.authenticate(request, response);
}
Also used : XWikiContext(com.xpn.xwiki.XWikiContext) XWiki(com.xpn.xwiki.XWiki) ComponentLookupException(org.xwiki.component.manager.ComponentLookupException) Series(org.restlet.util.Series) XWikiUser(com.xpn.xwiki.user.api.XWikiUser) Header(org.restlet.data.Header) ComponentManager(org.xwiki.component.manager.ComponentManager) XWikiException(com.xpn.xwiki.XWikiException)

Example 4 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWikiContextInitializationFilter method initializeXWikiContext.

/**
 * Initializes the XWiki context.
 *
 * @param request the request being processed
 * @param response the response
 * @throws ServletException if the initialization fails
 */
protected void initializeXWikiContext(ServletRequest request, ServletResponse response) throws ServletException {
    try {
        // Not all request types specify an action (e.g. GWT-RPC) so we default to the empty string.
        String action = "";
        XWikiServletContext xwikiEngine = new XWikiServletContext(this.filterConfig.getServletContext());
        XWikiServletRequest xwikiRequest = new XWikiServletRequest((HttpServletRequest) request);
        XWikiServletResponse xwikiResponse = new XWikiServletResponse((HttpServletResponse) response);
        // Create the XWiki context.
        XWikiContext context = Utils.prepareContext(action, xwikiRequest, xwikiResponse, xwikiEngine);
        // parameter is specified.
        if (this.mode >= 0) {
            context.setMode(this.mode);
        }
        // Initialize the Container component which is the new way of transporting the Context in the new component
        // architecture. Further initialization might require the Container component.
        initializeContainerComponent(context);
        // Initialize the XWiki database. XWiki#getXWiki(XWikiContext) calls XWikiContext.setWiki(XWiki).
        XWiki xwiki = XWiki.getXWiki(context);
        // Initialize the URL factory.
        context.setURLFactory(xwiki.getURLFactoryService().createURLFactory(context.getMode(), context));
        // Prepare the localized resources, according to the selected language.
        xwiki.prepareResources(context);
        // Initialize the current user.
        XWikiUser user = context.getWiki().checkAuth(context);
        if (user != null) {
            DocumentReferenceResolver<String> documentReferenceResolver = Utils.getComponent(DocumentReferenceResolver.TYPE_STRING, "explicit");
            SpaceReference defaultUserSpace = new SpaceReference(XWiki.SYSTEM_SPACE, new WikiReference(context.getWikiId()));
            DocumentReference userReference = documentReferenceResolver.resolve(user.getUser(), defaultUserSpace);
            context.setUserReference(XWikiRightService.GUEST_USER.equals(userReference.getName()) ? null : userReference);
        }
    } catch (XWikiException e) {
        throw new ServletException("Failed to initialize the XWiki context.", e);
    }
}
Also used : XWikiServletRequest(com.xpn.xwiki.web.XWikiServletRequest) XWikiServletResponse(com.xpn.xwiki.web.XWikiServletResponse) SpaceReference(org.xwiki.model.reference.SpaceReference) XWikiServletContext(com.xpn.xwiki.web.XWikiServletContext) XWikiContext(com.xpn.xwiki.XWikiContext) XWiki(com.xpn.xwiki.XWiki) ServletException(javax.servlet.ServletException) XWikiUser(com.xpn.xwiki.user.api.XWikiUser) WikiReference(org.xwiki.model.reference.WikiReference) DocumentReference(org.xwiki.model.reference.DocumentReference) XWikiException(com.xpn.xwiki.XWikiException)

Example 5 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWiki method getUser.

public User getUser(String username, XWikiContext context) {
    XWikiUser xwikiUser = new XWikiUser(username);
    User user = new User(xwikiUser, context);
    return user;
}
Also used : XWikiUser(com.xpn.xwiki.user.api.XWikiUser) User(com.xpn.xwiki.api.User) XWikiUser(com.xpn.xwiki.user.api.XWikiUser)

Aggregations

XWikiUser (com.xpn.xwiki.user.api.XWikiUser)14 XWikiException (com.xpn.xwiki.XWikiException)6 DocumentReference (org.xwiki.model.reference.DocumentReference)6 XWikiContext (com.xpn.xwiki.XWikiContext)3 WikiReference (org.xwiki.model.reference.WikiReference)3 XWiki (com.xpn.xwiki.XWiki)2 User (com.xpn.xwiki.api.User)2 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)2 BaseObject (com.xpn.xwiki.objects.BaseObject)2 IOException (java.io.IOException)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 SecurityRequestWrapper (org.securityfilter.filter.SecurityRequestWrapper)2 SpaceReference (org.xwiki.model.reference.SpaceReference)2 BaseClass (com.xpn.xwiki.objects.classes.BaseClass)1 XWikiRightNotFoundException (com.xpn.xwiki.user.api.XWikiRightNotFoundException)1 XWikiServletContext (com.xpn.xwiki.web.XWikiServletContext)1 XWikiServletRequest (com.xpn.xwiki.web.XWikiServletRequest)1 XWikiServletResponse (com.xpn.xwiki.web.XWikiServletResponse)1 Principal (java.security.Principal)1