use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.
the class KerberosAuthenticationHandler method createUserObject.
/* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
*/
@Override
protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef) {
// Create a web client user object
User user = new User(userName, ticket, personNode);
user.setHomeSpaceId(homeSpaceRef.getId());
return user;
}
use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.
the class PropFindMethod method generateNamedPropertiesResponse.
/**
* Generates the XML response for a PROPFIND request that asks for a
* specific set of properties
*
* @param xml XMLWriter
* @param nodeInfo FileInfo
* @param isDir boolean
*/
private void generateNamedPropertiesResponse(XMLWriter xml, FileInfo nodeInfo, boolean isDir) throws Exception {
// Get the properties for the node
Map<QName, Serializable> props = nodeInfo.getProperties();
Map<QName, String> deadProperties = null;
// Output the start of the properties element
Attributes nullAttr = getDAVHelper().getNullAttributes();
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT, nullAttr);
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP, nullAttr);
ArrayList<WebDAVProperty> propertiesNotFound = new ArrayList<WebDAVProperty>();
TypeConverter typeConv = DefaultTypeConverter.INSTANCE;
// Loop through the requested property list
for (WebDAVProperty property : m_properties) {
// Get the requested property details
String propName = property.getName();
String propNamespaceUri = property.getNamespaceUri();
// Check if the property is a standard WebDAV property
Object davValue = null;
if (WebDAV.DEFAULT_NAMESPACE_URI.equals(propNamespaceUri)) {
// Check if the client is requesting lock information
if (// && metaData.isLocked())
propName.equals(WebDAV.XML_LOCK_DISCOVERY)) {
generateLockDiscoveryResponse(xml, nodeInfo, isDir);
} else if (propName.equals(WebDAV.XML_SUPPORTED_LOCK)) {
// Output the supported lock types
writeLockTypes(xml);
} else if (propName.equals(WebDAV.XML_RESOURCE_TYPE)) {
// If the node is a folder then return as a collection type
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_RESOURCE_TYPE, WebDAV.XML_NS_RESOURCE_TYPE, nullAttr);
if (isDir) {
xml.write(DocumentHelper.createElement(WebDAV.XML_NS_COLLECTION));
}
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_RESOURCE_TYPE, WebDAV.XML_NS_RESOURCE_TYPE);
} else if (propName.equals(WebDAV.XML_DISPLAYNAME)) {
// Get the node name
if (getRootNodeRef().equals(nodeInfo.getNodeRef())) {
// Output an empty name for the root node
xml.write(DocumentHelper.createElement(WebDAV.XML_NS_SOURCE));
} else {
// Get the node name
davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_DISPLAYNAME);
// Output the node name
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_DISPLAYNAME, WebDAV.XML_NS_DISPLAYNAME, nullAttr);
if (davValue != null) {
String name = typeConv.convert(String.class, davValue);
if (name == null || name.length() == 0) {
logger.error("WebDAV name is null, value=" + davValue.getClass().getName() + ", node=" + nodeInfo.getNodeRef());
}
xml.write(name);
}
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_DISPLAYNAME, WebDAV.XML_NS_DISPLAYNAME);
}
} else if (propName.equals(WebDAV.XML_SOURCE)) {
// NOTE: source is always a no content element in our
// implementation
xml.write(DocumentHelper.createElement(WebDAV.XML_NS_SOURCE));
} else if (propName.equals(WebDAV.XML_GET_LAST_MODIFIED)) {
// Get the modifed date/time
davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_GET_LAST_MODIFIED);
// Output the last modified date of the node
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_LAST_MODIFIED, WebDAV.XML_NS_GET_LAST_MODIFIED, nullAttr);
if (davValue != null)
xml.write(WebDAV.formatModifiedDate(typeConv.convert(Date.class, davValue)));
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_LAST_MODIFIED, WebDAV.XML_NS_GET_LAST_MODIFIED);
} else if (propName.equals(WebDAV.XML_GET_CONTENT_LANGUAGE) && !isDir) {
// Get the content language
// TODO:
// Output the content language
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LANGUAGE, WebDAV.XML_NS_GET_CONTENT_LANGUAGE, nullAttr);
// TODO:
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LANGUAGE, WebDAV.XML_NS_GET_CONTENT_LANGUAGE);
} else if (propName.equals(WebDAV.XML_GET_CONTENT_TYPE) && !isDir) {
// Get the content type
davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_GET_CONTENT_TYPE);
// Output the content type
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_TYPE, WebDAV.XML_NS_GET_CONTENT_TYPE, nullAttr);
if (davValue != null)
xml.write(typeConv.convert(String.class, davValue));
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_TYPE, WebDAV.XML_NS_GET_CONTENT_TYPE);
} else if (propName.equals(WebDAV.XML_GET_ETAG) && !isDir) {
// Output the etag
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_ETAG, WebDAV.XML_NS_GET_ETAG, nullAttr);
xml.write(getDAVHelper().makeETag(nodeInfo));
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_ETAG, WebDAV.XML_NS_GET_ETAG);
} else if (propName.equals(WebDAV.XML_GET_CONTENT_LENGTH)) {
// Get the content length, if it's not a folder
long len = 0;
if (!isDir) {
ContentData contentData = (ContentData) props.get(ContentModel.PROP_CONTENT);
if (contentData != null)
len = contentData.getSize();
}
// Output the content length
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LENGTH, WebDAV.XML_NS_GET_CONTENT_LENGTH, nullAttr);
xml.write("" + len);
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LENGTH, WebDAV.XML_NS_GET_CONTENT_LENGTH);
} else if (propName.equals(WebDAV.XML_CREATION_DATE)) {
// Get the creation date
davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_CREATION_DATE);
// Output the creation date
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_CREATION_DATE, WebDAV.XML_NS_CREATION_DATE, nullAttr);
if (davValue != null)
xml.write(WebDAV.formatCreationDate(typeConv.convert(Date.class, davValue)));
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_CREATION_DATE, WebDAV.XML_NS_CREATION_DATE);
} else if (propName.equals(WebDAV.XML_ALF_AUTHTICKET)) {
// Get the users authentication ticket
SessionUser davUser = (SessionUser) m_request.getSession().getAttribute(AuthenticationFilter.AUTHENTICATION_USER);
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_ALF_AUTHTICKET, WebDAV.XML_NS_ALF_AUTHTICKET, nullAttr);
if (davUser != null)
xml.write(davUser.getTicket());
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_ALF_AUTHTICKET, WebDAV.XML_NS_ALF_AUTHTICKET);
} else {
// Could not map the requested property to an Alfresco property
if (property.getName().equals(WebDAV.XML_HREF) == false)
propertiesNotFound.add(property);
}
} else {
// Look in the custom properties
// String qualifiedName = propNamespaceUri + WebDAV.NAMESPACE_SEPARATOR + propName;
String value = (String) nodeInfo.getProperties().get(property.createQName());
if (value == null) {
if (deadProperties == null) {
deadProperties = loadDeadProperties(nodeInfo.getNodeRef());
}
value = deadProperties.get(property.createQName());
}
if (value == null) {
propertiesNotFound.add(property);
} else {
if (property.hasNamespaceName()) {
xml.startElement(property.getNamespaceName(), property.getName(), property.getNamespaceName() + WebDAV.NAMESPACE_SEPARATOR + property.getName(), nullAttr);
xml.write(value);
xml.endElement(property.getNamespaceName(), property.getName(), property.getNamespaceName() + WebDAV.NAMESPACE_SEPARATOR + property.getName());
} else {
xml.startElement("", property.getName(), property.getName(), nullAttr);
xml.write(value);
xml.endElement("", property.getName(), property.getName());
}
}
}
}
// Close off the successful part of the response
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP);
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS, nullAttr);
xml.write(WebDAV.HTTP1_1 + " " + HttpServletResponse.SC_OK + " " + WebDAV.SC_OK_DESC);
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS);
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT);
if (propertiesNotFound.size() > 0) {
// Start the second status section
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT, nullAttr);
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP, nullAttr);
for (WebDAVProperty property : propertiesNotFound) {
// Output the property not found status block
String propName = property.getName();
String propNamespaceName = property.getNamespaceName();
String propQName = propName;
if (propNamespaceName != null && propNamespaceName.length() > 0)
propQName = propNamespaceName + ":" + propName;
xml.write(DocumentHelper.createElement(propQName));
}
// Close the unsuccessful part of the response
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP);
xml.startElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS, nullAttr);
xml.write(WebDAV.HTTP1_1 + " " + HttpServletResponse.SC_NOT_FOUND + " " + WebDAV.SC_NOT_FOUND_DESC);
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS);
xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT);
}
}
use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.
the class BaseAuthenticationFilter method createUserEnvironment.
/**
* Callback to create the User environment as appropriate for a filter impl.
*
* @param session
* HttpSession
* @param userName
* String
* @param ticket
* the ticket
* @param externalAuth
* has the user been authenticated by SSO?
* @return SessionUser
* @throws IOException
* Signals that an I/O exception has occurred.
* @throws ServletException
* the servlet exception
*/
protected SessionUser createUserEnvironment(HttpSession session, final String userName, final String ticket, boolean externalAuth) throws IOException, ServletException {
if (getLogger().isTraceEnabled()) {
getLogger().trace("Create the User environment for: " + AuthenticationUtil.maskUsername(userName));
}
SessionUser user = doInSystemTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<SessionUser>() {
public SessionUser execute() throws Throwable {
// Setup User object and Home space ID etc.
final NodeRef personNodeRef = personService.getPerson(userName);
String name = (String) nodeService.getProperty(personNodeRef, ContentModel.PROP_USERNAME);
NodeRef homeSpaceRef = (NodeRef) nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
return createUserObject(name, ticket, personNodeRef, homeSpaceRef);
}
});
// Store the user on the session
session.setAttribute(getUserAttributeName(), user);
setExternalAuth(session, externalAuth);
return user;
}
use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.
the class BaseSSOAuthenticationFilter method checkForTicketParameter.
/**
* Check if the request has specified a ticket parameter to bypass the standard authentication.
*
* @param servletContext
* the servlet context
* @param req
* the request
* @param resp
* the response
* @return boolean
*/
protected boolean checkForTicketParameter(ServletContext servletContext, HttpServletRequest req, HttpServletResponse resp) {
// Check if the request includes an authentication ticket
boolean ticketValid = false;
String ticket = req.getParameter(ARG_TICKET);
if (ticket != null && ticket.length() != 0) {
if (getLogger().isTraceEnabled()) {
getLogger().trace("Logon via ticket from " + req.getRemoteHost() + " (" + req.getRemoteAddr() + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);
}
UserTransaction tx = null;
try {
// Get a cached user with a valid ticket
SessionUser user = getSessionUser(servletContext, req, resp, true);
// If this isn't the same ticket, invalidate the session
if (user != null && !ticket.equals(user.getTicket())) {
if (getLogger().isDebugEnabled()) {
getLogger().debug("The ticket doesn't match, invalidate the session.");
}
invalidateSession(req);
user = null;
}
// If we don't yet have a valid cached user, validate the ticket and create one
if (user == null) {
if (getLogger().isDebugEnabled()) {
getLogger().debug("There is no valid cached user, validate the ticket and create one.");
}
authenticationService.validate(ticket);
user = createUserEnvironment(req.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), true);
}
// Indicate the ticket parameter was specified, and valid
ticketValid = true;
} catch (AuthenticationException authErr) {
if (getLogger().isDebugEnabled()) {
getLogger().debug("Failed to authenticate user ticket: " + authErr.getMessage(), authErr);
}
} catch (Throwable e) {
if (getLogger().isDebugEnabled()) {
getLogger().debug("Error during ticket validation and user creation: " + e.getMessage(), e);
}
} finally {
try {
if (tx != null) {
tx.rollback();
}
} catch (Exception tex) {
}
}
}
return ticketValid;
}
use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.
the class BaseKerberosAuthenticationFilter method doKerberosLogon.
/**
* Perform a Kerberos login and return an SPNEGO response
*
* @param negToken NegTokenInit
* @param req HttpServletRequest
* @param resp HttpServletResponse
* @param httpSess HttpSession
* @return NegTokenTarg
*/
private final NegTokenTarg doKerberosLogon(NegTokenInit negToken, HttpServletRequest req, HttpServletResponse resp, HttpSession httpSess) {
// Authenticate the user
KerberosDetails krbDetails = null;
String userName = null;
NegTokenTarg negTokenTarg = null;
try {
// Run the session setup as a privileged action
SessionSetupPrivilegedAction sessSetupAction = new SessionSetupPrivilegedAction(m_accountName, negToken.getMechtoken());
Object result = Subject.doAs(m_loginContext.getSubject(), sessSetupAction);
if (result != null) {
// Access the Kerberos response
krbDetails = (KerberosDetails) result;
userName = m_stripKerberosUsernameSuffix ? krbDetails.getUserName() : krbDetails.getSourceName();
// Create the NegTokenTarg response blob
negTokenTarg = new NegTokenTarg(SPNEGO.AcceptCompleted, OID.KERBEROS5, krbDetails.getResponseToken());
if (negTokenTarg != null) {
// Create and store the user authentication context
SessionUser user = createUserEnvironment(httpSess, userName);
if (getLogger().isTraceEnabled()) {
getLogger().trace("User " + AuthenticationUtil.maskUsername(user.getUserName()) + " logged on via Kerberos");
}
}
} else {
if (getLogger().isDebugEnabled()) {
getLogger().debug("No SPNEGO response, Kerberos logon failed");
}
}
} catch (AuthenticationException ex) {
// Pass on validation failures
if (getLogger().isDebugEnabled()) {
getLogger().debug("Failed to validate user " + AuthenticationUtil.maskUsername(userName), ex);
}
throw ex;
} catch (Exception ex) {
// Log the error
if (getLogger().isDebugEnabled()) {
getLogger().debug("Kerberos logon error", ex);
}
}
return negTokenTarg;
}
Aggregations