Search in sources :

Example 6 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class AlfrescoFacesPortlet method facesRender.

/**
 * @see org.apache.myfaces.portlet.MyFacesGenericPortlet#facesRender(javax.portlet.RenderRequest, javax.portlet.RenderResponse)
 */
protected void facesRender(RenderRequest request, RenderResponse response) throws PortletException, IOException {
    Application.setInPortalServer(true);
    try {
        // Set the current locale
        I18NUtil.setLocale(getLanguage(request.getPortletSession()));
        if (request.getParameter(ERROR_OCCURRED) != null) {
            String errorPage = getErrorPage();
            if (logger.isDebugEnabled())
                logger.debug("An error has occurred, redirecting to error page: " + errorPage);
            response.setContentType("text/html");
            PortletRequestDispatcher dispatcher = getPortletContext().getRequestDispatcher(errorPage);
            dispatcher.include(request, response);
        } else {
            WebApplicationContext ctx = (WebApplicationContext) getPortletContext().getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
            AuthenticationService auth = (AuthenticationService) ctx.getBean("AuthenticationService");
            // if we have no User object in the session then an HTTP Session timeout must have occured
            // use the viewId to check that we are not already on the login page
            PortletSession session = request.getPortletSession();
            String viewId = request.getParameter(VIEW_ID);
            // keep track of last view id so we can use it as return page from multi-part requests
            request.getPortletSession().setAttribute(SESSION_LAST_VIEW_ID, viewId);
            SessionUser sessionUser = (SessionUser) request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER, PortletSession.APPLICATION_SCOPE);
            User user = sessionUser instanceof User ? (User) sessionUser : null;
            if (user == null && (viewId == null || viewId.equals(getLoginPage()) == false)) {
                if (portalGuestAuthenticate(ctx, session, auth) != null) {
                    if (logger.isDebugEnabled())
                        logger.debug("Guest access successful.");
                    // perform the forward to the page processed by the Faces servlet
                    response.setContentType("text/html");
                    request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
                    // get the start location as configured by the web-client config
                    ConfigService configService = (ConfigService) ctx.getBean("webClientConfigService");
                    ClientConfigElement configElement = (ClientConfigElement) configService.getGlobalConfig().getConfigElement("client");
                    if (NavigationBean.LOCATION_MYALFRESCO.equals(configElement.getInitialLocation())) {
                        nonFacesRequest(request, response, "/jsp/dashboards/container.jsp");
                    } else {
                        nonFacesRequest(request, response, FacesHelper.BROWSE_VIEW_ID);
                    }
                } else {
                    if (logger.isDebugEnabled())
                        logger.debug("No valid User login, requesting login page. ViewId: " + viewId);
                    // set last used username as special session value used by the LoginBean
                    session.setAttribute(AuthenticationHelper.SESSION_USERNAME, request.getPreferences().getValue(PREF_ALF_USERNAME, null));
                    // login page is the default portal page
                    response.setContentType("text/html");
                    request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
                    nonFacesRequest(request, response);
                }
            } else {
                if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) != null) {
                    // remove the username preference value as explicit logout was requested by the user
                    if (request.getPreferences().isReadOnly(PREF_ALF_USERNAME) == false) {
                        request.getPreferences().reset(PREF_ALF_USERNAME);
                    }
                    session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
                }
                try {
                    if (user != null) {
                        if (logger.isDebugEnabled())
                            logger.debug("Validating ticket: " + user.getTicket());
                        // setup the authentication context
                        auth.validate(user.getTicket());
                    }
                    // do the normal JSF processing
                    super.facesRender(request, response);
                } catch (AuthenticationException authErr) {
                    // ticket is no longer valid!
                    if (logger.isDebugEnabled())
                        logger.debug("Invalid ticket, requesting login page.");
                    // remove User object as it's now useless
                    session.removeAttribute(AuthenticationHelper.AUTHENTICATION_USER, PortletSession.APPLICATION_SCOPE);
                    // login page is the default portal page
                    response.setContentType("text/html");
                    request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
                    nonFacesRequest(request, response);
                } catch (Throwable e) {
                    if (getErrorPage() != null) {
                        handleError(request, response, e);
                    } else {
                        logger.warn("No error page configured, re-throwing exception");
                        if (e instanceof PortletException) {
                            throw (PortletException) e;
                        } else if (e instanceof IOException) {
                            throw (IOException) e;
                        } else {
                            throw new PortletException(e);
                        }
                    }
                }
            }
        }
    } finally {
        Application.setInPortalServer(false);
    }
}
Also used : User(org.alfresco.web.bean.repository.User) SessionUser(org.alfresco.repo.SessionUser) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) PortletException(javax.portlet.PortletException) IOException(java.io.IOException) ClientConfigElement(org.alfresco.web.config.ClientConfigElement) WebApplicationContext(org.springframework.web.context.WebApplicationContext) PortletRequestDispatcher(javax.portlet.PortletRequestDispatcher) SessionUser(org.alfresco.repo.SessionUser) ConfigService(org.springframework.extensions.config.ConfigService) PortletSession(javax.portlet.PortletSession) AuthenticationService(org.alfresco.service.cmr.security.AuthenticationService)

Example 7 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class AuthenticationHelper method getUser.

/**
 * Attempts to retrieve the User object stored in the current session.
 *
 * @param sc
 *            the servlet context
 * @param httpRequest
 *            The HTTP request
 * @param httpResponse
 *            The HTTP response
 * @return The User object representing the current user or null if it could not be found
 */
public static User getUser(final ServletContext sc, final HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    // If the remote user mapper is configured, we may be able to map in an externally authenticated user
    String userId = getRemoteUser(sc, httpRequest);
    final WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc);
    HttpSession session = httpRequest.getSession();
    User user = null;
    // examine the appropriate session to try and find the User object
    SessionUser sessionUser = Application.getCurrentUser(session);
    // been known to leak in but shouldn't now)
    if (sessionUser != null) {
        if (logger.isDebugEnabled())
            logger.debug("SessionUser is: " + sessionUser.getUserName());
        AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
        try {
            auth.validate(sessionUser.getTicket());
            if (sessionUser instanceof User) {
                user = (User) sessionUser;
                setExternalAuth(session, userId != null);
            } else {
                user = setUser(sc, httpRequest, sessionUser.getUserName(), sessionUser.getTicket(), userId != null);
            }
        } catch (AuthenticationException authErr) {
            if (logger.isDebugEnabled())
                logger.debug("An authentication error occured while setting the session user", authErr);
            session.removeAttribute(AUTHENTICATION_USER);
            if (!Application.inPortalServer()) {
                if (logger.isDebugEnabled())
                    logger.debug("Invalidating the session.");
                session.invalidate();
            }
        }
    }
    // If the remote user mapper is configured, we may be able to map in an externally authenticated user
    if (userId != null) {
        AuthorityService authorityService = (AuthorityService) wc.getBean(AUTHORITY_SERVICE);
        // We have a previously-cached user with the wrong identity - replace them
        if (user != null && !authorityService.isGuestAuthority(user.getUserName()) && !user.getUserName().equals(userId)) {
            if (logger.isDebugEnabled())
                logger.debug("We have a previously-cached user with the wrong identity - replace them");
            session.removeAttribute(AUTHENTICATION_USER);
            if (!Application.inPortalServer()) {
                if (logger.isDebugEnabled())
                    logger.debug("Invalidating session.");
                session.invalidate();
            }
            user = null;
        }
        if (user == null) {
            if (logger.isDebugEnabled())
                logger.debug("There are no previously-cached users.");
            // If we have been authenticated by other means, just propagate through the user identity
            AuthenticationComponent authenticationComponent = (AuthenticationComponent) wc.getBean(AUTHENTICATION_COMPONENT);
            try {
                if (logger.isDebugEnabled())
                    logger.debug("We have been authenticated by other means, authenticating the user: " + userId);
                authenticationComponent.setCurrentUser(userId);
                AuthenticationService authenticationService = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
                user = setUser(sc, httpRequest, userId, authenticationService.getCurrentTicket(), true);
            } catch (AuthenticationException authErr) {
                if (logger.isDebugEnabled())
                    logger.debug("An authentication error occured while setting the session user", authErr);
                // Allow for an invalid external user ID to be indicated
                session.removeAttribute(AUTHENTICATION_USER);
                if (!Application.inPortalServer()) {
                    if (logger.isDebugEnabled())
                        logger.debug("Invalidating the session.");
                    session.invalidate();
                }
            }
        }
    }
    return user;
}
Also used : SessionUser(org.alfresco.repo.SessionUser) SessionUser(org.alfresco.repo.SessionUser) User(org.alfresco.web.bean.repository.User) AuthenticationComponent(org.alfresco.repo.security.authentication.AuthenticationComponent) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) HttpSession(javax.servlet.http.HttpSession) AuthorityService(org.alfresco.service.cmr.security.AuthorityService) AuthenticationService(org.alfresco.service.cmr.security.AuthenticationService) WebApplicationContext(org.springframework.web.context.WebApplicationContext)

Example 8 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class AuthenticationHelper method authenticate.

/**
 * Helper to authenticate the current user using the supplied Ticket value.
 *
 * @return true if authentication successful, false otherwise.
 */
public static AuthenticationStatus authenticate(ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse, String ticket) throws IOException {
    if (logger.isDebugEnabled())
        logger.debug("Authenticate the current user using the supplied Ticket value.");
    // setup the authentication context
    WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
    AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
    HttpSession session = httpRequest.getSession();
    try {
        // If we already have a cached user, make sure it is for the right ticket
        SessionUser user = (SessionUser) session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
        if (user != null && !user.getTicket().equals(ticket)) {
            if (logger.isDebugEnabled())
                logger.debug("Found a previously-cached user with the wrong identity.");
            session.removeAttribute(AUTHENTICATION_USER);
            if (!Application.inPortalServer()) {
                if (logger.isDebugEnabled())
                    logger.debug("The server is not running in a portal, invalidating session.");
                session.invalidate();
                session = httpRequest.getSession();
            }
            user = null;
        }
        // Validate the ticket and associate it with the session
        auth.validate(ticket);
        if (user == null) {
            if (logger.isDebugEnabled())
                logger.debug("Ticket is valid; caching a new user in the session.");
            setUser(context, httpRequest, auth.getCurrentUserName(), ticket, false);
        } else if (logger.isDebugEnabled())
            logger.debug("Ticket is valid; retaining cached user in session.");
    } catch (AuthenticationException authErr) {
        if (logger.isDebugEnabled())
            logger.debug("An AuthenticationException occured: ", authErr);
        session.removeAttribute(AUTHENTICATION_USER);
        if (!Application.inPortalServer()) {
            if (logger.isDebugEnabled())
                logger.debug("The server is not running in a portal, invalidating session.");
            session.invalidate();
        }
        return AuthenticationStatus.Failure;
    } catch (Throwable e) {
        if (logger.isDebugEnabled())
            logger.debug("Authentication failed due to unexpected error", e);
        // Some other kind of serious failure
        AuthenticationService unprotAuthService = (AuthenticationService) wc.getBean(UNPROTECTED_AUTH_SERVICE);
        unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
        unprotAuthService.clearCurrentSecurityContext();
        return AuthenticationStatus.Failure;
    }
    // As we are authenticating via a ticket, establish the session locale using request headers rather than web client preferences
    setupThread(context, httpRequest, httpResponse, false);
    return AuthenticationStatus.Success;
}
Also used : SessionUser(org.alfresco.repo.SessionUser) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) HttpSession(javax.servlet.http.HttpSession) AuthenticationService(org.alfresco.service.cmr.security.AuthenticationService) WebApplicationContext(org.springframework.web.context.WebApplicationContext)

Example 9 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class KerberosAuthenticationFilter method createUserObject.

/* (non-Javadoc)
     * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
     */
@Override
protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef) {
    // Create a web client user object
    User user = new User(userName, ticket, personNode);
    user.setHomeSpaceId(homeSpaceRef.getId());
    return user;
}
Also used : SessionUser(org.alfresco.repo.SessionUser) User(org.alfresco.web.bean.repository.User)

Example 10 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class NTLMAuthenticationFilter method createUserObject.

/* (non-Javadoc)
     * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
     */
@Override
protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef) {
    // Create a web client user object
    User user = new User(userName, ticket, personNode);
    user.setHomeSpaceId(homeSpaceRef.getId());
    return user;
}
Also used : SessionUser(org.alfresco.repo.SessionUser) User(org.alfresco.web.bean.repository.User)

Aggregations

SessionUser (org.alfresco.repo.SessionUser)25 AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)14 HttpSession (javax.servlet.http.HttpSession)9 User (org.alfresco.web.bean.repository.User)9 IOException (java.io.IOException)5 TicketCredentials (org.alfresco.repo.web.auth.TicketCredentials)5 AuthenticationService (org.alfresco.service.cmr.security.AuthenticationService)5 WebApplicationContext (org.springframework.web.context.WebApplicationContext)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 PortletSession (javax.portlet.PortletSession)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Authorization (org.alfresco.repo.security.authentication.Authorization)3 BasicAuthCredentials (org.alfresco.repo.web.auth.BasicAuthCredentials)3 Serializable (java.io.Serializable)2 UnknownHostException (java.net.UnknownHostException)2 CharacterCodingException (java.nio.charset.CharacterCodingException)2 CharsetDecoder (java.nio.charset.CharsetDecoder)2 Date (java.util.Date)2 HashSet (java.util.HashSet)2 LinkedHashSet (java.util.LinkedHashSet)2