Search in sources :

Example 11 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWikiCachingRightService method authenticateUser.

/**
 * Ensure user authentication if needed.
 *
 * @param context Current XWikiContext
 */
private void authenticateUser(XWikiContext context) {
    DocumentReference contextUserReference = context.getUserReference();
    DocumentReference userReference = contextUserReference;
    if (userReference == null && context.getMode() != XWikiContext.MODE_XMLRPC) {
        try {
            XWikiUser user = context.getWiki().checkAuth(context);
            if (user != null) {
                userReference = resolveUserName(user.getUser(), new WikiReference(context.getWikiId()));
            }
        } catch (XWikiException e) {
            LOGGER.error("Caught exception while authenticating user.", e);
        }
    }
    if (userReference != null && XWikiConstants.GUEST_USER.equals(userReference.getName())) {
        // Public users (not logged in) should be passed as null in the new API. It may happen that badly
        // design code, and poorly written API does not take care, so we prevent security issue here.
        userReference = null;
    }
    if (userReference != contextUserReference && (userReference == null || !userReference.equals(contextUserReference))) {
        context.setUserReference(userReference);
    }
}
Also used : XWikiUser(com.xpn.xwiki.user.api.XWikiUser) WikiReference(org.xwiki.model.reference.WikiReference) DocumentReference(org.xwiki.model.reference.DocumentReference) XWikiException(com.xpn.xwiki.XWikiException)

Example 12 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWikiAuthServiceImpl method checkAuth.

@Override
public XWikiUser checkAuth(XWikiContext context) throws XWikiException {
    // Debug time taken.
    long time = System.currentTimeMillis();
    HttpServletRequest request = null;
    HttpServletResponse response = context.getResponse();
    if (context.getRequest() != null) {
        request = context.getRequest().getHttpServletRequest();
    }
    if (request == null) {
        return null;
    }
    XWikiAuthenticator auth = getAuthenticator(context);
    SecurityRequestWrapper wrappedRequest = new SecurityRequestWrapper(request, null, null, auth.getAuthMethod());
    try {
        if (auth.processLogin(wrappedRequest, response, context)) {
            return null;
        }
        // Process logout (this only works with Forms)
        if (auth.processLogout(wrappedRequest, response, new URLPatternMatcher())) {
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("User " + context.getUser() + " has been logged-out");
            }
            wrappedRequest.setUserPrincipal(null);
            return null;
        }
        final String userName = getContextUserName(wrappedRequest.getUserPrincipal(), context);
        if (LOGGER.isInfoEnabled()) {
            if (userName != null) {
                LOGGER.info("User " + userName + " is authentified");
            }
        }
        if (userName == null) {
            return null;
        }
        return new XWikiUser(userName);
    } catch (Exception e) {
        LOGGER.error("Failed to authenticate", e);
        return null;
    } finally {
        LOGGER.debug("XWikiAuthServiceImpl.checkAuth(XWikiContext) took " + (System.currentTimeMillis() - time) + " milliseconds to run.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) URLPatternMatcher(org.securityfilter.filter.URLPatternMatcher) XWikiUser(com.xpn.xwiki.user.api.XWikiUser) SecurityRequestWrapper(org.securityfilter.filter.SecurityRequestWrapper) HttpServletResponse(javax.servlet.http.HttpServletResponse) XWikiException(com.xpn.xwiki.XWikiException) IOException(java.io.IOException)

Example 13 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWiki method getUser.

public User getUser(XWikiContext context) {
    XWikiUser xwikiUser = context.getXWikiUser();
    User user = new User(xwikiUser, context);
    return user;
}
Also used : XWikiUser(com.xpn.xwiki.user.api.XWikiUser) User(com.xpn.xwiki.api.User) XWikiUser(com.xpn.xwiki.user.api.XWikiUser)

Example 14 with XWikiUser

use of com.xpn.xwiki.user.api.XWikiUser in project xwiki-platform by xwiki.

the class XWikiContext method setUserReference.

public void setUserReference(DocumentReference userReference) {
    if (userReference == null) {
        this.userReference = null;
        remove(USER_KEY);
        remove(USERREFERENCE_KEY);
    } else {
        this.userReference = new DocumentReference(userReference);
        boolean ismain = isMainWiki(this.userReference.getWikiReference().getName());
        put(USER_KEY, new XWikiUser(getUser(), ismain));
        put(USERREFERENCE_KEY, this.userReference);
        // Log this since it's probably a mistake so that we find who is doing bad things
        if (this.userReference.getName().equals(XWikiRightService.GUEST_USER)) {
            LOGGER.warn("A reference to XWikiGuest user has been set instead of null. This is probably a mistake.", new Exception("See stack trace"));
        }
    }
}
Also used : XWikiUser(com.xpn.xwiki.user.api.XWikiUser) DocumentReference(org.xwiki.model.reference.DocumentReference)

Aggregations

XWikiUser (com.xpn.xwiki.user.api.XWikiUser)14 XWikiException (com.xpn.xwiki.XWikiException)6 DocumentReference (org.xwiki.model.reference.DocumentReference)6 XWikiContext (com.xpn.xwiki.XWikiContext)3 WikiReference (org.xwiki.model.reference.WikiReference)3 XWiki (com.xpn.xwiki.XWiki)2 User (com.xpn.xwiki.api.User)2 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)2 BaseObject (com.xpn.xwiki.objects.BaseObject)2 IOException (java.io.IOException)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 SecurityRequestWrapper (org.securityfilter.filter.SecurityRequestWrapper)2 SpaceReference (org.xwiki.model.reference.SpaceReference)2 BaseClass (com.xpn.xwiki.objects.classes.BaseClass)1 XWikiRightNotFoundException (com.xpn.xwiki.user.api.XWikiRightNotFoundException)1 XWikiServletContext (com.xpn.xwiki.web.XWikiServletContext)1 XWikiServletRequest (com.xpn.xwiki.web.XWikiServletRequest)1 XWikiServletResponse (com.xpn.xwiki.web.XWikiServletResponse)1 Principal (java.security.Principal)1