use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.
the class RepositoryAuthenticationDao method loadUserByUsername.
@Override
public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException, DataAccessException {
CacheEntry userEntry = getUserEntryOrNull(incomingUserName);
if (userEntry == null) {
throw new UsernameNotFoundException("Could not find user by userName: " + AuthenticationUtil.maskUsername(incomingUserName));
}
UserDetails userDetails = userEntry.userDetails;
if (userEntry.credentialExpiryDate == null || userEntry.credentialExpiryDate.getTime() >= System.currentTimeMillis()) {
return userDetails;
}
if (userDetails instanceof RepositoryAuthenticatedUser) {
RepositoryAuthenticatedUser repoUser = (RepositoryAuthenticatedUser) userDetails;
return new RepositoryAuthenticatedUser(userDetails.getUsername(), userDetails.getPassword(), userDetails.isEnabled(), userDetails.isAccountNonExpired(), false, userDetails.isAccountNonLocked(), userDetails.getAuthorities(), repoUser.getHashIndicator(), repoUser.getSalt());
}
throw new AlfrescoRuntimeException("Unable to retrieve a compatible UserDetails object (requires RepositoryAuthenticatedUser)");
}
use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.
the class AuthenticationComponentImpl method authenticateImpl.
/**
* Authenticate
*/
@Override
protected void authenticateImpl(final String userNameIn, final char[] password) throws AuthenticationException {
if (logger.isTraceEnabled()) {
logger.trace("Authentication for user: " + AuthenticationUtil.maskUsername(userNameIn));
}
try {
Pair<String, String> userTenant = AuthenticationUtil.getUserTenant(userNameIn);
final String userName = userTenant.getFirst();
final String tenantDomain = userTenant.getSecond();
String normalized = getTransactionService().getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<String>() {
public String execute() throws Throwable {
return TenantUtil.runAsSystemTenant(new TenantRunAsWork<String>() {
public String doWork() throws Exception {
String normalized = getPersonService().getUserIdentifier(userName);
String finalUserName = normalized == null ? userName : normalized;
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(finalUserName, new String(password));
authenticationManager.authenticate(authentication);
// check whether the user's password requires re-hashing
UserDetails userDetails = authenticationDao.loadUserByUsername(finalUserName);
if (userDetails instanceof RepositoryAuthenticatedUser) {
List<String> hashIndicator = ((RepositoryAuthenticatedUser) userDetails).getHashIndicator();
if (hashIndicator != null && !hashIndicator.isEmpty()) {
// current encoding is not the preferred encoding then re-generate
if (hashIndicator.size() > 1 || !passwordEncoder.lastEncodingIsPreferred(hashIndicator)) {
// add transaction listener to re-hash the users password
HashPasswordTransactionListener txListener = new HashPasswordTransactionListener(userName, password);
txListener.setTransactionService(getTransactionService());
txListener.setAuthenticationDao(authenticationDao);
AlfrescoTransactionSupport.bindListener(txListener);
if (logger.isDebugEnabled()) {
logger.debug("New hashed password for user '" + AuthenticationUtil.maskUsername(userName) + "' has been requested");
}
}
}
}
return normalized;
}
}, tenantDomain);
}
}, true);
if (normalized == null) {
setCurrentUser(userName, UserNameValidationMode.CHECK_AND_FIX);
} else {
setCurrentUser(normalized, UserNameValidationMode.NONE);
}
TenantContextHolder.setTenantDomain(tenantDomain);
} catch (TenantDisabledException tde) {
throw new AuthenticationException(tde.getMessage(), tde);
} catch (net.sf.acegisecurity.AuthenticationException ae) {
// This is a bit gross, I admit, but when LDAP is
// configured ae, above, is non-serializable and breaks
// remote authentication.
StringWriter sw = new StringWriter();
PrintWriter out = new PrintWriter(sw);
out.println(ae.toString());
ae.printStackTrace(out);
out.close();
throw new AuthenticationException(sw.toString());
}
}
use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.
the class AbstractAuthenticationComponent method setCurrentUserImpl.
/**
* Explicitly set the current user to be authenticated.
*
* @param userName
* String
* @return Authentication
*/
private Authentication setCurrentUserImpl(String userName) throws AuthenticationException {
if (userName == null) {
throw new AuthenticationException("Null user name");
}
if (isSystemUserName(userName)) {
return setSystemUserAsCurrentUser(getUserDomain(userName));
}
try {
UserDetails ud = null;
if (isGuestUserName(userName)) {
String tenantDomain = getUserDomain(userName);
if (logger.isTraceEnabled()) {
logger.trace("Setting the current user to the guest user of tenant domain \"" + tenantDomain + '"');
}
GrantedAuthority[] gas = new GrantedAuthority[0];
ud = new User(userName, "", true, true, true, true, gas);
} else {
if (logger.isTraceEnabled()) {
logger.trace("Setting the current user to \"" + AuthenticationUtil.maskUsername(userName) + '"');
}
ud = getUserDetails(userName);
if (!userName.equals(ud.getUsername())) {
ud = new User(userName, ud.getPassword(), ud.isEnabled(), ud.isAccountNonExpired(), ud.isCredentialsNonExpired(), ud.isAccountNonLocked(), ud.getAuthorities());
}
}
return setUserDetails(ud);
} catch (net.sf.acegisecurity.AuthenticationException ae) {
throw new AuthenticationException(ae.getMessage(), ae);
}
}
use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.
the class AbstractAuthenticationComponent method getUserDetails.
/**
* Default implementation that makes an ACEGI object on the fly
*
* @param userName String
* @return UserDetails
*/
protected UserDetails getUserDetails(String userName) {
GrantedAuthority[] gas = new GrantedAuthority[1];
gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
UserDetails ud = new User(userName, "", true, true, true, true, gas);
return ud;
}
use of net.sf.acegisecurity.UserDetails in project alfresco-repository by Alfresco.
the class AuthenticationTest method testCreateAndyUserAndOtherCRUD.
public void testCreateAndyUserAndOtherCRUD() throws NoSuchAlgorithmException, UnsupportedEncodingException {
RepositoryAuthenticationDao dao = createRepositoryAuthenticationDao();
dao.createUser("Andy", "cabbage".toCharArray());
assertNotNull(dao.getUserOrNull("Andy"));
UserDetails AndyDetails = (UserDetails) dao.loadUserByUsername("Andy");
assertNotNull(AndyDetails);
assertEquals("Andy", AndyDetails.getUsername());
// assertNotNull(dao.getSalt(AndyDetails));
assertTrue(AndyDetails.isAccountNonExpired());
assertTrue(AndyDetails.isAccountNonLocked());
assertTrue(AndyDetails.isCredentialsNonExpired());
assertTrue(AndyDetails.isEnabled());
assertNotSame("cabbage", AndyDetails.getPassword());
assertTrue(compositePasswordEncoder.matches(compositePasswordEncoder.getPreferredEncoding(), "cabbage", AndyDetails.getPassword(), null));
assertEquals(1, AndyDetails.getAuthorities().length);
// Object oldSalt = dao.getSalt(AndyDetails);
dao.updateUser("Andy", "carrot".toCharArray());
UserDetails newDetails = (UserDetails) dao.loadUserByUsername("Andy");
assertNotNull(newDetails);
assertEquals("Andy", newDetails.getUsername());
// assertNotNull(dao.getSalt(newDetails));
assertTrue(newDetails.isAccountNonExpired());
assertTrue(newDetails.isAccountNonLocked());
assertTrue(newDetails.isCredentialsNonExpired());
assertTrue(newDetails.isEnabled());
assertNotSame("carrot", newDetails.getPassword());
assertEquals(1, newDetails.getAuthorities().length);
assertNotSame(AndyDetails.getPassword(), newDetails.getPassword());
RepositoryAuthenticatedUser rau = (RepositoryAuthenticatedUser) newDetails;
assertTrue(compositePasswordEncoder.matchesPassword("carrot", newDetails.getPassword(), null, rau.getHashIndicator()));
// assertNotSame(oldSalt, dao.getSalt(newDetails));
// Update again
dao.updateUser("Andy", "potato".toCharArray());
newDetails = (UserDetails) dao.loadUserByUsername("Andy");
assertNotNull(newDetails);
assertEquals("Andy", newDetails.getUsername());
rau = (RepositoryAuthenticatedUser) newDetails;
assertTrue(compositePasswordEncoder.matchesPassword("potato", newDetails.getPassword(), null, rau.getHashIndicator()));
dao.deleteUser("Andy");
assertFalse("Should not be a cache entry for 'Andy'.", authenticationCache.contains("Andy"));
assertNull("DAO should report that 'Andy' does not exist.", dao.getUserOrNull("Andy"));
}
Aggregations