Examples with UserDetails net.sf.acegisecurity.UserDetails used on opensource projects

Example 1 with UserDetails

use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.

the class RepositoryAuthenticationDao method loadUserByUsername.

@Override
public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException, DataAccessException {
    CacheEntry userEntry = getUserEntryOrNull(incomingUserName);
    if (userEntry == null) {
        throw new UsernameNotFoundException("Could not find user by userName: " + AuthenticationUtil.maskUsername(incomingUserName));
    }
    UserDetails userDetails = userEntry.userDetails;
    if (userEntry.credentialExpiryDate == null || userEntry.credentialExpiryDate.getTime() >= System.currentTimeMillis()) {
        return userDetails;
    }
    if (userDetails instanceof RepositoryAuthenticatedUser) {
        RepositoryAuthenticatedUser repoUser = (RepositoryAuthenticatedUser) userDetails;
        return new RepositoryAuthenticatedUser(userDetails.getUsername(), userDetails.getPassword(), userDetails.isEnabled(), userDetails.isAccountNonExpired(), false, userDetails.isAccountNonLocked(), userDetails.getAuthorities(), repoUser.getHashIndicator(), repoUser.getSalt());
    }
    throw new AlfrescoRuntimeException("Unable to retrieve a compatible UserDetails object (requires RepositoryAuthenticatedUser)");
}

Example 2 with UserDetails

use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.

the class AuthenticationComponentImpl method authenticateImpl.

/**
 * Authenticate
 */
@Override
protected void authenticateImpl(final String userNameIn, final char[] password) throws AuthenticationException {
    if (logger.isTraceEnabled()) {
        logger.trace("Authentication for user: " + AuthenticationUtil.maskUsername(userNameIn));
    }
    try {
        Pair<String, String> userTenant = AuthenticationUtil.getUserTenant(userNameIn);
        final String userName = userTenant.getFirst();
        final String tenantDomain = userTenant.getSecond();
        String normalized = getTransactionService().getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<String>() {

            public String execute() throws Throwable {
                return TenantUtil.runAsSystemTenant(new TenantRunAsWork<String>() {

                    public String doWork() throws Exception {
                        String normalized = getPersonService().getUserIdentifier(userName);
                        String finalUserName = normalized == null ? userName : normalized;
                        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(finalUserName, new String(password));
                        authenticationManager.authenticate(authentication);
                        // check whether the user's password requires re-hashing
                        UserDetails userDetails = authenticationDao.loadUserByUsername(finalUserName);
                        if (userDetails instanceof RepositoryAuthenticatedUser) {
                            List<String> hashIndicator = ((RepositoryAuthenticatedUser) userDetails).getHashIndicator();
                            if (hashIndicator != null && !hashIndicator.isEmpty()) {
                                // current encoding is not the preferred encoding then re-generate
                                if (hashIndicator.size() > 1 || !passwordEncoder.lastEncodingIsPreferred(hashIndicator)) {
                                    // add transaction listener to re-hash the users password
                                    HashPasswordTransactionListener txListener = new HashPasswordTransactionListener(userName, password);
                                    txListener.setTransactionService(getTransactionService());
                                    txListener.setAuthenticationDao(authenticationDao);
                                    AlfrescoTransactionSupport.bindListener(txListener);
                                    if (logger.isDebugEnabled()) {
                                        logger.debug("New hashed password for user '" + AuthenticationUtil.maskUsername(userName) + "' has been requested");
                                    }
                                }
                            }
                        }
                        return normalized;
                    }
                }, tenantDomain);
            }
        }, true);
        if (normalized == null) {
            setCurrentUser(userName, UserNameValidationMode.CHECK_AND_FIX);
        } else {
            setCurrentUser(normalized, UserNameValidationMode.NONE);
        }
        TenantContextHolder.setTenantDomain(tenantDomain);
    } catch (TenantDisabledException tde) {
        throw new AuthenticationException(tde.getMessage(), tde);
    } catch (net.sf.acegisecurity.AuthenticationException ae) {
        // This is a bit gross, I admit, but when LDAP is
        // configured ae, above, is non-serializable and breaks
        // remote authentication.
        StringWriter sw = new StringWriter();
        PrintWriter out = new PrintWriter(sw);
        out.println(ae.toString());
        ae.printStackTrace(out);
        out.close();
        throw new AuthenticationException(sw.toString());
    }
}

Example 3 with UserDetails

use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.

the class AbstractAuthenticationComponent method setCurrentUserImpl.

/**
 * Explicitly set the current user to be authenticated.
 *
 * @param userName
 *            String
 * @return Authentication
 */
private Authentication setCurrentUserImpl(String userName) throws AuthenticationException {
    if (userName == null) {
        throw new AuthenticationException("Null user name");
    }
    if (isSystemUserName(userName)) {
        return setSystemUserAsCurrentUser(getUserDomain(userName));
    }
    try {
        UserDetails ud = null;
        if (isGuestUserName(userName)) {
            String tenantDomain = getUserDomain(userName);
            if (logger.isTraceEnabled()) {
                logger.trace("Setting the current user to the guest user of tenant domain \"" + tenantDomain + '"');
            }
            GrantedAuthority[] gas = new GrantedAuthority[0];
            ud = new User(userName, "", true, true, true, true, gas);
        } else {
            if (logger.isTraceEnabled()) {
                logger.trace("Setting the current user to \"" + AuthenticationUtil.maskUsername(userName) + '"');
            }
            ud = getUserDetails(userName);
            if (!userName.equals(ud.getUsername())) {
                ud = new User(userName, ud.getPassword(), ud.isEnabled(), ud.isAccountNonExpired(), ud.isCredentialsNonExpired(), ud.isAccountNonLocked(), ud.getAuthorities());
            }
        }
        return setUserDetails(ud);
    } catch (net.sf.acegisecurity.AuthenticationException ae) {
        throw new AuthenticationException(ae.getMessage(), ae);
    }
}

Example 4 with UserDetails

use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.

the class AbstractAuthenticationComponent method getUserDetails.

/**
 * Default implementation that makes an ACEGI object on the fly
 *
 * @param userName String
 * @return UserDetails
 */
protected UserDetails getUserDetails(String userName) {
    GrantedAuthority[] gas = new GrantedAuthority[1];
    gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
    UserDetails ud = new User(userName, "", true, true, true, true, gas);
    return ud;
}

Example 5 with UserDetails

use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.

the class AuthenticationTest method testCreateAndyUserAndOtherCRUD.

public void testCreateAndyUserAndOtherCRUD() throws NoSuchAlgorithmException, UnsupportedEncodingException {
    RepositoryAuthenticationDao dao = createRepositoryAuthenticationDao();
    dao.createUser("Andy", "cabbage".toCharArray());
    assertNotNull(dao.getUserOrNull("Andy"));
    UserDetails AndyDetails = (UserDetails) dao.loadUserByUsername("Andy");
    assertNotNull(AndyDetails);
    assertEquals("Andy", AndyDetails.getUsername());
    // assertNotNull(dao.getSalt(AndyDetails));
    assertTrue(AndyDetails.isAccountNonExpired());
    assertTrue(AndyDetails.isAccountNonLocked());
    assertTrue(AndyDetails.isCredentialsNonExpired());
    assertTrue(AndyDetails.isEnabled());
    assertNotSame("cabbage", AndyDetails.getPassword());
    assertTrue(compositePasswordEncoder.matches(compositePasswordEncoder.getPreferredEncoding(), "cabbage", AndyDetails.getPassword(), null));
    assertEquals(1, AndyDetails.getAuthorities().length);
    // Object oldSalt = dao.getSalt(AndyDetails);
    dao.updateUser("Andy", "carrot".toCharArray());
    UserDetails newDetails = (UserDetails) dao.loadUserByUsername("Andy");
    assertNotNull(newDetails);
    assertEquals("Andy", newDetails.getUsername());
    // assertNotNull(dao.getSalt(newDetails));
    assertTrue(newDetails.isAccountNonExpired());
    assertTrue(newDetails.isAccountNonLocked());
    assertTrue(newDetails.isCredentialsNonExpired());
    assertTrue(newDetails.isEnabled());
    assertNotSame("carrot", newDetails.getPassword());
    assertEquals(1, newDetails.getAuthorities().length);
    assertNotSame(AndyDetails.getPassword(), newDetails.getPassword());
    RepositoryAuthenticatedUser rau = (RepositoryAuthenticatedUser) newDetails;
    assertTrue(compositePasswordEncoder.matchesPassword("carrot", newDetails.getPassword(), null, rau.getHashIndicator()));
    // assertNotSame(oldSalt, dao.getSalt(newDetails));
    // Update again
    dao.updateUser("Andy", "potato".toCharArray());
    newDetails = (UserDetails) dao.loadUserByUsername("Andy");
    assertNotNull(newDetails);
    assertEquals("Andy", newDetails.getUsername());
    rau = (RepositoryAuthenticatedUser) newDetails;
    assertTrue(compositePasswordEncoder.matchesPassword("potato", newDetails.getPassword(), null, rau.getHashIndicator()));
    dao.deleteUser("Andy");
    assertFalse("Should not be a cache entry for 'Andy'.", authenticationCache.contains("Andy"));
    assertNull("DAO should report that 'Andy' does not exist.", dao.getUserOrNull("Andy"));
}