Search in sources :

Example 16 with SessionUser

use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.

the class PropFindMethod method generateAllPropertiesResponse.

/**
 * Generates the XML response for a PROPFIND request that asks for all known
 * properties
 *
 * @param xml XMLWriter
 * @param nodeInfo FileInfo
 * @param isDir boolean
 */
protected void generateAllPropertiesResponse(XMLWriter xml, FileInfo nodeInfo, boolean isDir) throws Exception {
    // Get the properties for the node
    Map<QName, Serializable> props = nodeInfo.getProperties();
    // Output the start of the properties element
    Attributes nullAttr = getDAVHelper().getNullAttributes();
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT, nullAttr);
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP, nullAttr);
    // Generate a lock status report, if locked
    generateLockDiscoveryResponse(xml, nodeInfo, isDir);
    // Output the supported lock types
    writeLockTypes(xml);
    // If the node is a folder then return as a collection type
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_RESOURCE_TYPE, WebDAV.XML_NS_RESOURCE_TYPE, nullAttr);
    if (isDir)
        xml.write(DocumentHelper.createElement(WebDAV.XML_NS_COLLECTION));
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_RESOURCE_TYPE, WebDAV.XML_NS_RESOURCE_TYPE);
    // Get the node name
    Object davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_DISPLAYNAME);
    TypeConverter typeConv = DefaultTypeConverter.INSTANCE;
    // Output the node name
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_DISPLAYNAME, WebDAV.XML_NS_DISPLAYNAME, nullAttr);
    if (davValue != null) {
        String name = typeConv.convert(String.class, davValue);
        if (name == null || name.length() == 0) {
            logger.error("WebDAV name is null, value=" + davValue.getClass().getName() + ", node=" + nodeInfo.getNodeRef());
        }
        xml.write(name);
    }
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_DISPLAYNAME, WebDAV.XML_NS_DISPLAYNAME);
    // Output the source
    // 
    // NOTE: source is always a no content element in our implementation
    xml.write(DocumentHelper.createElement(WebDAV.XML_NS_SOURCE));
    // Get the creation date
    davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_CREATION_DATE);
    // Output the creation date
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_CREATION_DATE, WebDAV.XML_NS_CREATION_DATE, nullAttr);
    if (davValue != null)
        xml.write(WebDAV.formatCreationDate(typeConv.convert(Date.class, davValue)));
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_CREATION_DATE, WebDAV.XML_NS_CREATION_DATE);
    // Get the modifed date/time
    davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_GET_LAST_MODIFIED);
    // Output the last modified date of the node
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_LAST_MODIFIED, WebDAV.XML_NS_GET_LAST_MODIFIED, nullAttr);
    if (davValue != null)
        xml.write(WebDAV.formatModifiedDate(typeConv.convert(Date.class, davValue)));
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_LAST_MODIFIED, WebDAV.XML_NS_GET_LAST_MODIFIED);
    if (isDir == false) {
        // Get the content language
        // TODO:
        // Output the content language
        xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LANGUAGE, WebDAV.XML_NS_GET_CONTENT_LANGUAGE, nullAttr);
        // TODO:
        xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LANGUAGE, WebDAV.XML_NS_GET_CONTENT_LANGUAGE);
        // Get the content type
        davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_GET_CONTENT_TYPE);
        // Output the content type
        xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_TYPE, WebDAV.XML_NS_GET_CONTENT_TYPE, nullAttr);
        if (davValue != null)
            xml.write(typeConv.convert(String.class, davValue));
        xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_TYPE, WebDAV.XML_NS_GET_CONTENT_TYPE);
        // Output the etag
        xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_ETAG, WebDAV.XML_NS_GET_ETAG, nullAttr);
        xml.write(getDAVHelper().makeETag(nodeInfo));
        xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_ETAG, WebDAV.XML_NS_GET_ETAG);
    }
    // Get the content length, if it's not a folder
    long len = 0;
    if (isDir == false) {
        ContentData contentData = (ContentData) props.get(ContentModel.PROP_CONTENT);
        if (contentData != null)
            len = contentData.getSize();
    }
    // Output the content length
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LENGTH, WebDAV.XML_NS_GET_CONTENT_LENGTH, nullAttr);
    xml.write("" + len);
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LENGTH, WebDAV.XML_NS_GET_CONTENT_LENGTH);
    // Print out all the custom properties
    SessionUser davUser = (SessionUser) m_request.getSession().getAttribute(AuthenticationFilter.AUTHENTICATION_USER);
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_ALF_AUTHTICKET, WebDAV.XML_NS_ALF_AUTHTICKET, nullAttr);
    if (davUser != null)
        xml.write(davUser.getTicket());
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_ALF_AUTHTICKET, WebDAV.XML_NS_ALF_AUTHTICKET);
    // Close off the response
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP);
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS, nullAttr);
    xml.write(WebDAV.HTTP1_1 + " " + HttpServletResponse.SC_OK + " " + WebDAV.SC_OK_DESC);
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS);
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT);
}
Also used : DefaultTypeConverter(org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter) TypeConverter(org.alfresco.service.cmr.repository.datatype.TypeConverter) Serializable(java.io.Serializable) SessionUser(org.alfresco.repo.SessionUser) ContentData(org.alfresco.service.cmr.repository.ContentData) QName(org.alfresco.service.namespace.QName) Attributes(org.xml.sax.Attributes) Date(java.util.Date)

Example 17 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class Application method logOut.

/**
 * Invalidate Alfresco ticket and Web/Portlet session and clear the Security context for this thread.
 * @param context
 */
public static void logOut(FacesContext context) {
    String ticket = null;
    if (Application.inPortalServer()) {
        ticket = AlfrescoFacesPortlet.onLogOut(context.getExternalContext().getRequest());
    } else {
        SessionUser user = getCurrentUser(context);
        if (user != null) {
            ticket = user.getTicket();
        }
        HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }
    // Explicitly invalidate the Alfresco ticket. This no longer happens on session expiry to allow for ticket
    // 'sharing'
    WebApplicationContext wc = FacesContextUtils.getRequiredWebApplicationContext(context);
    AuthenticationService unprotAuthService = (AuthenticationService) wc.getBean(BEAN_UNPROTECTED_AUTH_SERVICE);
    if (ticket != null) {
        unprotAuthService.invalidateTicket(ticket);
    }
    unprotAuthService.clearCurrentSecurityContext();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SessionUser(org.alfresco.repo.SessionUser) HttpSession(javax.servlet.http.HttpSession) AuthenticationService(org.alfresco.service.cmr.security.AuthenticationService) WebApplicationContext(org.springframework.web.context.WebApplicationContext)

Example 18 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class AlfrescoFacesPortlet method onLogOut.

public static String onLogOut(Object req) {
    PortletRequest portletReq = null;
    if (req instanceof ServletRequest) {
        portletReq = (PortletRequest) ((ServletRequest) req).getAttribute("javax.portlet.request");
    } else if (req instanceof PortletRequest) {
        portletReq = (PortletRequest) req;
    }
    if (portletReq == null) {
        return null;
    }
    // remove all objects from our session by hand
    // we do this as invalidating the Portal session would invalidate all other portlets!
    PortletSession session = portletReq.getPortletSession();
    SessionUser user = (SessionUser) session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER, PortletSession.APPLICATION_SCOPE);
    Enumeration<String> i = session.getAttributeNames();
    while (i.hasMoreElements()) {
        session.removeAttribute(i.nextElement());
    }
    session.setAttribute(AuthenticationHelper.SESSION_INVALIDATED, true);
    return user == null ? null : user.getTicket();
}
Also used : ServletRequest(javax.servlet.ServletRequest) SessionUser(org.alfresco.repo.SessionUser) PortletRequest(javax.portlet.PortletRequest) PortletSession(javax.portlet.PortletSession)

Example 19 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class AlfrescoFacesPortlet method processAction.

/**
 * Called by the portlet container to allow the portlet to process an action request.
 */
public void processAction(ActionRequest request, ActionResponse response) throws PortletException, IOException {
    Application.setInPortalServer(true);
    try {
        // Set the current locale
        I18NUtil.setLocale(getLanguage(request.getPortletSession()));
        boolean isMultipart = PortletFileUpload.isMultipartContent(request);
        if (isMultipart) {
            if (logger.isDebugEnabled())
                logger.debug("Handling multipart request...");
            PortletSession session = request.getPortletSession();
            // get the file from the request and put it in the session
            DiskFileItemFactory factory = new DiskFileItemFactory();
            PortletFileUpload upload = new PortletFileUpload(factory);
            List<FileItem> fileItems = upload.parseRequest(request);
            Iterator<FileItem> iter = fileItems.iterator();
            FileUploadBean bean = new FileUploadBean();
            while (iter.hasNext()) {
                FileItem item = iter.next();
                String filename = item.getName();
                if (item.isFormField() == false) {
                    if (logger.isDebugEnabled())
                        logger.debug("Processing uploaded file: " + filename);
                    // workaround a bug in IE where the full path is returned
                    // IE is only available for Windows so only check for the Windows path separator
                    int idx = filename.lastIndexOf('\\');
                    if (idx == -1) {
                        // if there is no windows path separator check for *nix
                        idx = filename.lastIndexOf('/');
                    }
                    if (idx != -1) {
                        filename = filename.substring(idx + File.separator.length());
                    }
                    File tempFile = TempFileProvider.createTempFile("alfresco", ".upload");
                    item.write(tempFile);
                    bean.setFile(tempFile);
                    bean.setFileName(filename);
                    bean.setFilePath(tempFile.getAbsolutePath());
                    session.setAttribute(FileUploadBean.FILE_UPLOAD_BEAN_NAME, bean, PortletSession.PORTLET_SCOPE);
                }
            }
            // Set the VIEW_ID parameter to tell the faces portlet bridge to treat the request
            // as a JSF request, this will send us back to the previous page we came from.
            String lastViewId = (String) request.getPortletSession().getAttribute(SESSION_LAST_VIEW_ID);
            if (lastViewId != null) {
                response.setRenderParameter(VIEW_ID, lastViewId);
            }
        } else {
            SessionUser sessionUser = (SessionUser) request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER, PortletSession.APPLICATION_SCOPE);
            User user = sessionUser instanceof User ? (User) sessionUser : null;
            if (user != null) {
                // setup the authentication context
                try {
                    WebApplicationContext ctx = (WebApplicationContext) getPortletContext().getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
                    AuthenticationService auth = (AuthenticationService) ctx.getBean("AuthenticationService");
                    auth.validate(user.getTicket());
                    // save last username into portlet preferences, get from LoginBean state
                    LoginBean loginBean = (LoginBean) request.getPortletSession().getAttribute(AuthenticationHelper.LOGIN_BEAN);
                    if (loginBean != null) {
                        // TODO: Need to login to the Portal to get a user here to store prefs against
                        // so not really a suitable solution as they get thrown away at present!
                        // Also would need to store prefs PER user - so auto login for each...?
                        String oldValue = request.getPreferences().getValue(PREF_ALF_USERNAME, null);
                        if (oldValue == null || oldValue.equals(loginBean.getUsernameInternal()) == false) {
                            if (request.getPreferences().isReadOnly(PREF_ALF_USERNAME) == false) {
                                request.getPreferences().setValue(PREF_ALF_USERNAME, loginBean.getUsernameInternal());
                                request.getPreferences().store();
                            }
                        }
                    }
                    // do the normal JSF processing
                    super.processAction(request, response);
                } catch (AuthenticationException authErr) {
                    // remove User object as it's now useless
                    request.getPortletSession().removeAttribute(AuthenticationHelper.AUTHENTICATION_USER, PortletSession.APPLICATION_SCOPE);
                }
            } else {
                // do the normal JSF processing as we may be on the login page
                super.processAction(request, response);
            }
        }
    } catch (Throwable e) {
        if (getErrorPage() != null) {
            handleError(request, response, e);
        } else {
            logger.warn("No error page configured, re-throwing exception");
            if (e instanceof PortletException) {
                throw (PortletException) e;
            } else if (e instanceof IOException) {
                throw (IOException) e;
            } else {
                throw new PortletException(e);
            }
        }
    } finally {
        Application.setInPortalServer(false);
    }
}
Also used : User(org.alfresco.web.bean.repository.User) SessionUser(org.alfresco.repo.SessionUser) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) PortletException(javax.portlet.PortletException) IOException(java.io.IOException) DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory) WebApplicationContext(org.springframework.web.context.WebApplicationContext) FileItem(org.apache.commons.fileupload.FileItem) SessionUser(org.alfresco.repo.SessionUser) PortletSession(javax.portlet.PortletSession) FileUploadBean(org.alfresco.web.bean.FileUploadBean) LoginBean(org.alfresco.web.bean.LoginBean) PortletFileUpload(org.apache.commons.fileupload.portlet.PortletFileUpload) File(java.io.File) AuthenticationService(org.alfresco.service.cmr.security.AuthenticationService)

Example 20 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class WebscriptCookieAuthenticationFilter method createUserObject.

@Override
protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef) {
    // Create a web client user object
    User user = new User(userName, ticket, personNode);
    user.setHomeSpaceId(homeSpaceRef.getId());
    return user;
}
Also used : SessionUser(org.alfresco.repo.SessionUser) User(org.alfresco.web.bean.repository.User)

Aggregations

SessionUser (org.alfresco.repo.SessionUser)25 AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)14 HttpSession (javax.servlet.http.HttpSession)9 User (org.alfresco.web.bean.repository.User)9 IOException (java.io.IOException)5 TicketCredentials (org.alfresco.repo.web.auth.TicketCredentials)5 AuthenticationService (org.alfresco.service.cmr.security.AuthenticationService)5 WebApplicationContext (org.springframework.web.context.WebApplicationContext)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 PortletSession (javax.portlet.PortletSession)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Authorization (org.alfresco.repo.security.authentication.Authorization)3 BasicAuthCredentials (org.alfresco.repo.web.auth.BasicAuthCredentials)3 Serializable (java.io.Serializable)2 UnknownHostException (java.net.UnknownHostException)2 CharacterCodingException (java.nio.charset.CharacterCodingException)2 CharsetDecoder (java.nio.charset.CharsetDecoder)2 Date (java.util.Date)2 HashSet (java.util.HashSet)2 LinkedHashSet (java.util.LinkedHashSet)2