Search in sources :

Example 21 with SessionUser

use of org.alfresco.repo.SessionUser in project acs-community-packaging by Alfresco.

the class KerberosAuthenticationHandler method createUserObject.

/* (non-Javadoc)
     * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
     */
@Override
protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef) {
    // Create a web client user object
    User user = new User(userName, ticket, personNode);
    user.setHomeSpaceId(homeSpaceRef.getId());
    return user;
}
Also used : SessionUser(org.alfresco.repo.SessionUser) User(org.alfresco.web.bean.repository.User)

Example 22 with SessionUser

use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.

the class PropFindMethod method generateNamedPropertiesResponse.

/**
 * Generates the XML response for a PROPFIND request that asks for a
 * specific set of properties
 *
 * @param xml XMLWriter
 * @param nodeInfo FileInfo
 * @param isDir boolean
 */
private void generateNamedPropertiesResponse(XMLWriter xml, FileInfo nodeInfo, boolean isDir) throws Exception {
    // Get the properties for the node
    Map<QName, Serializable> props = nodeInfo.getProperties();
    Map<QName, String> deadProperties = null;
    // Output the start of the properties element
    Attributes nullAttr = getDAVHelper().getNullAttributes();
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT, nullAttr);
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP, nullAttr);
    ArrayList<WebDAVProperty> propertiesNotFound = new ArrayList<WebDAVProperty>();
    TypeConverter typeConv = DefaultTypeConverter.INSTANCE;
    // Loop through the requested property list
    for (WebDAVProperty property : m_properties) {
        // Get the requested property details
        String propName = property.getName();
        String propNamespaceUri = property.getNamespaceUri();
        // Check if the property is a standard WebDAV property
        Object davValue = null;
        if (WebDAV.DEFAULT_NAMESPACE_URI.equals(propNamespaceUri)) {
            // Check if the client is requesting lock information
            if (// && metaData.isLocked())
            propName.equals(WebDAV.XML_LOCK_DISCOVERY)) {
                generateLockDiscoveryResponse(xml, nodeInfo, isDir);
            } else if (propName.equals(WebDAV.XML_SUPPORTED_LOCK)) {
                // Output the supported lock types
                writeLockTypes(xml);
            } else if (propName.equals(WebDAV.XML_RESOURCE_TYPE)) {
                // If the node is a folder then return as a collection type
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_RESOURCE_TYPE, WebDAV.XML_NS_RESOURCE_TYPE, nullAttr);
                if (isDir) {
                    xml.write(DocumentHelper.createElement(WebDAV.XML_NS_COLLECTION));
                }
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_RESOURCE_TYPE, WebDAV.XML_NS_RESOURCE_TYPE);
            } else if (propName.equals(WebDAV.XML_DISPLAYNAME)) {
                // Get the node name
                if (getRootNodeRef().equals(nodeInfo.getNodeRef())) {
                    // Output an empty name for the root node
                    xml.write(DocumentHelper.createElement(WebDAV.XML_NS_SOURCE));
                } else {
                    // Get the node name
                    davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_DISPLAYNAME);
                    // Output the node name
                    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_DISPLAYNAME, WebDAV.XML_NS_DISPLAYNAME, nullAttr);
                    if (davValue != null) {
                        String name = typeConv.convert(String.class, davValue);
                        if (name == null || name.length() == 0) {
                            logger.error("WebDAV name is null, value=" + davValue.getClass().getName() + ", node=" + nodeInfo.getNodeRef());
                        }
                        xml.write(name);
                    }
                    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_DISPLAYNAME, WebDAV.XML_NS_DISPLAYNAME);
                }
            } else if (propName.equals(WebDAV.XML_SOURCE)) {
                // NOTE: source is always a no content element in our
                // implementation
                xml.write(DocumentHelper.createElement(WebDAV.XML_NS_SOURCE));
            } else if (propName.equals(WebDAV.XML_GET_LAST_MODIFIED)) {
                // Get the modifed date/time
                davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_GET_LAST_MODIFIED);
                // Output the last modified date of the node
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_LAST_MODIFIED, WebDAV.XML_NS_GET_LAST_MODIFIED, nullAttr);
                if (davValue != null)
                    xml.write(WebDAV.formatModifiedDate(typeConv.convert(Date.class, davValue)));
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_LAST_MODIFIED, WebDAV.XML_NS_GET_LAST_MODIFIED);
            } else if (propName.equals(WebDAV.XML_GET_CONTENT_LANGUAGE) && !isDir) {
                // Get the content language
                // TODO:
                // Output the content language
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LANGUAGE, WebDAV.XML_NS_GET_CONTENT_LANGUAGE, nullAttr);
                // TODO:
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LANGUAGE, WebDAV.XML_NS_GET_CONTENT_LANGUAGE);
            } else if (propName.equals(WebDAV.XML_GET_CONTENT_TYPE) && !isDir) {
                // Get the content type
                davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_GET_CONTENT_TYPE);
                // Output the content type
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_TYPE, WebDAV.XML_NS_GET_CONTENT_TYPE, nullAttr);
                if (davValue != null)
                    xml.write(typeConv.convert(String.class, davValue));
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_TYPE, WebDAV.XML_NS_GET_CONTENT_TYPE);
            } else if (propName.equals(WebDAV.XML_GET_ETAG) && !isDir) {
                // Output the etag
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_ETAG, WebDAV.XML_NS_GET_ETAG, nullAttr);
                xml.write(getDAVHelper().makeETag(nodeInfo));
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_ETAG, WebDAV.XML_NS_GET_ETAG);
            } else if (propName.equals(WebDAV.XML_GET_CONTENT_LENGTH)) {
                // Get the content length, if it's not a folder
                long len = 0;
                if (!isDir) {
                    ContentData contentData = (ContentData) props.get(ContentModel.PROP_CONTENT);
                    if (contentData != null)
                        len = contentData.getSize();
                }
                // Output the content length
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LENGTH, WebDAV.XML_NS_GET_CONTENT_LENGTH, nullAttr);
                xml.write("" + len);
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_GET_CONTENT_LENGTH, WebDAV.XML_NS_GET_CONTENT_LENGTH);
            } else if (propName.equals(WebDAV.XML_CREATION_DATE)) {
                // Get the creation date
                davValue = WebDAV.getDAVPropertyValue(props, WebDAV.XML_CREATION_DATE);
                // Output the creation date
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_CREATION_DATE, WebDAV.XML_NS_CREATION_DATE, nullAttr);
                if (davValue != null)
                    xml.write(WebDAV.formatCreationDate(typeConv.convert(Date.class, davValue)));
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_CREATION_DATE, WebDAV.XML_NS_CREATION_DATE);
            } else if (propName.equals(WebDAV.XML_ALF_AUTHTICKET)) {
                // Get the users authentication ticket
                SessionUser davUser = (SessionUser) m_request.getSession().getAttribute(AuthenticationFilter.AUTHENTICATION_USER);
                xml.startElement(WebDAV.DAV_NS, WebDAV.XML_ALF_AUTHTICKET, WebDAV.XML_NS_ALF_AUTHTICKET, nullAttr);
                if (davUser != null)
                    xml.write(davUser.getTicket());
                xml.endElement(WebDAV.DAV_NS, WebDAV.XML_ALF_AUTHTICKET, WebDAV.XML_NS_ALF_AUTHTICKET);
            } else {
                // Could not map the requested property to an Alfresco property
                if (property.getName().equals(WebDAV.XML_HREF) == false)
                    propertiesNotFound.add(property);
            }
        } else {
            // Look in the custom properties
            // String qualifiedName = propNamespaceUri + WebDAV.NAMESPACE_SEPARATOR + propName;
            String value = (String) nodeInfo.getProperties().get(property.createQName());
            if (value == null) {
                if (deadProperties == null) {
                    deadProperties = loadDeadProperties(nodeInfo.getNodeRef());
                }
                value = deadProperties.get(property.createQName());
            }
            if (value == null) {
                propertiesNotFound.add(property);
            } else {
                if (property.hasNamespaceName()) {
                    xml.startElement(property.getNamespaceName(), property.getName(), property.getNamespaceName() + WebDAV.NAMESPACE_SEPARATOR + property.getName(), nullAttr);
                    xml.write(value);
                    xml.endElement(property.getNamespaceName(), property.getName(), property.getNamespaceName() + WebDAV.NAMESPACE_SEPARATOR + property.getName());
                } else {
                    xml.startElement("", property.getName(), property.getName(), nullAttr);
                    xml.write(value);
                    xml.endElement("", property.getName(), property.getName());
                }
            }
        }
    }
    // Close off the successful part of the response
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP);
    xml.startElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS, nullAttr);
    xml.write(WebDAV.HTTP1_1 + " " + HttpServletResponse.SC_OK + " " + WebDAV.SC_OK_DESC);
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS);
    xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT);
    if (propertiesNotFound.size() > 0) {
        // Start the second status section
        xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT, nullAttr);
        xml.startElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP, nullAttr);
        for (WebDAVProperty property : propertiesNotFound) {
            // Output the property not found status block
            String propName = property.getName();
            String propNamespaceName = property.getNamespaceName();
            String propQName = propName;
            if (propNamespaceName != null && propNamespaceName.length() > 0)
                propQName = propNamespaceName + ":" + propName;
            xml.write(DocumentHelper.createElement(propQName));
        }
        // Close the unsuccessful part of the response
        xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROP, WebDAV.XML_NS_PROP);
        xml.startElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS, nullAttr);
        xml.write(WebDAV.HTTP1_1 + " " + HttpServletResponse.SC_NOT_FOUND + " " + WebDAV.SC_NOT_FOUND_DESC);
        xml.endElement(WebDAV.DAV_NS, WebDAV.XML_STATUS, WebDAV.XML_NS_STATUS);
        xml.endElement(WebDAV.DAV_NS, WebDAV.XML_PROPSTAT, WebDAV.XML_NS_PROPSTAT);
    }
}
Also used : Serializable(java.io.Serializable) QName(org.alfresco.service.namespace.QName) Attributes(org.xml.sax.Attributes) ArrayList(java.util.ArrayList) Date(java.util.Date) DefaultTypeConverter(org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter) TypeConverter(org.alfresco.service.cmr.repository.datatype.TypeConverter) SessionUser(org.alfresco.repo.SessionUser) ContentData(org.alfresco.service.cmr.repository.ContentData)

Example 23 with SessionUser

use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.

the class BaseAuthenticationFilter method createUserEnvironment.

/**
 * Callback to create the User environment as appropriate for a filter impl.
 *
 * @param session
 *            HttpSession
 * @param userName
 *            String
 * @param ticket
 *            the ticket
 * @param externalAuth
 *            has the user been authenticated by SSO?
 * @return SessionUser
 * @throws IOException
 *             Signals that an I/O exception has occurred.
 * @throws ServletException
 *             the servlet exception
 */
protected SessionUser createUserEnvironment(HttpSession session, final String userName, final String ticket, boolean externalAuth) throws IOException, ServletException {
    if (getLogger().isTraceEnabled()) {
        getLogger().trace("Create the User environment for: " + AuthenticationUtil.maskUsername(userName));
    }
    SessionUser user = doInSystemTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<SessionUser>() {

        public SessionUser execute() throws Throwable {
            // Setup User object and Home space ID etc.
            final NodeRef personNodeRef = personService.getPerson(userName);
            String name = (String) nodeService.getProperty(personNodeRef, ContentModel.PROP_USERNAME);
            NodeRef homeSpaceRef = (NodeRef) nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
            return createUserObject(name, ticket, personNodeRef, homeSpaceRef);
        }
    });
    // Store the user on the session
    session.setAttribute(getUserAttributeName(), user);
    setExternalAuth(session, externalAuth);
    return user;
}
Also used : NodeRef(org.alfresco.service.cmr.repository.NodeRef) SessionUser(org.alfresco.repo.SessionUser) RetryingTransactionHelper(org.alfresco.repo.transaction.RetryingTransactionHelper)

Example 24 with SessionUser

use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.

the class BaseSSOAuthenticationFilter method checkForTicketParameter.

/**
 * Check if the request has specified a ticket parameter to bypass the standard authentication.
 *
 * @param servletContext
 *            the servlet context
 * @param req
 *            the request
 * @param resp
 *            the response
 * @return boolean
 */
protected boolean checkForTicketParameter(ServletContext servletContext, HttpServletRequest req, HttpServletResponse resp) {
    // Check if the request includes an authentication ticket
    boolean ticketValid = false;
    String ticket = req.getParameter(ARG_TICKET);
    if (ticket != null && ticket.length() != 0) {
        if (getLogger().isTraceEnabled()) {
            getLogger().trace("Logon via ticket from " + req.getRemoteHost() + " (" + req.getRemoteAddr() + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);
        }
        UserTransaction tx = null;
        try {
            // Get a cached user with a valid ticket
            SessionUser user = getSessionUser(servletContext, req, resp, true);
            // If this isn't the same ticket, invalidate the session
            if (user != null && !ticket.equals(user.getTicket())) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("The ticket doesn't match, invalidate the session.");
                }
                invalidateSession(req);
                user = null;
            }
            // If we don't yet have a valid cached user, validate the ticket and create one
            if (user == null) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("There is no valid cached user, validate the ticket and create one.");
                }
                authenticationService.validate(ticket);
                user = createUserEnvironment(req.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), true);
            }
            // Indicate the ticket parameter was specified, and valid
            ticketValid = true;
        } catch (AuthenticationException authErr) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Failed to authenticate user ticket: " + authErr.getMessage(), authErr);
            }
        } catch (Throwable e) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Error during ticket validation and user creation: " + e.getMessage(), e);
            }
        } finally {
            try {
                if (tx != null) {
                    tx.rollback();
                }
            } catch (Exception tex) {
            }
        }
    }
    return ticketValid;
}
Also used : UserTransaction(javax.transaction.UserTransaction) SessionUser(org.alfresco.repo.SessionUser) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) ServletException(javax.servlet.ServletException) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) IOException(java.io.IOException) AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException) UnknownHostException(java.net.UnknownHostException) NotFoundException(org.alfresco.rest.framework.core.exceptions.NotFoundException)

Example 25 with SessionUser

use of org.alfresco.repo.SessionUser in project alfresco-remote-api by Alfresco.

the class BaseKerberosAuthenticationFilter method doKerberosLogon.

/**
 * Perform a Kerberos login and return an SPNEGO response
 *
 * @param negToken NegTokenInit
 * @param req HttpServletRequest
 * @param resp HttpServletResponse
 * @param httpSess HttpSession
 * @return NegTokenTarg
 */
private final NegTokenTarg doKerberosLogon(NegTokenInit negToken, HttpServletRequest req, HttpServletResponse resp, HttpSession httpSess) {
    // Authenticate the user
    KerberosDetails krbDetails = null;
    String userName = null;
    NegTokenTarg negTokenTarg = null;
    try {
        // Run the session setup as a privileged action
        SessionSetupPrivilegedAction sessSetupAction = new SessionSetupPrivilegedAction(m_accountName, negToken.getMechtoken());
        Object result = Subject.doAs(m_loginContext.getSubject(), sessSetupAction);
        if (result != null) {
            // Access the Kerberos response
            krbDetails = (KerberosDetails) result;
            userName = m_stripKerberosUsernameSuffix ? krbDetails.getUserName() : krbDetails.getSourceName();
            // Create the NegTokenTarg response blob
            negTokenTarg = new NegTokenTarg(SPNEGO.AcceptCompleted, OID.KERBEROS5, krbDetails.getResponseToken());
            if (negTokenTarg != null) {
                // Create and store the user authentication context
                SessionUser user = createUserEnvironment(httpSess, userName);
                if (getLogger().isTraceEnabled()) {
                    getLogger().trace("User " + AuthenticationUtil.maskUsername(user.getUserName()) + " logged on via Kerberos");
                }
            }
        } else {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("No SPNEGO response, Kerberos logon failed");
            }
        }
    } catch (AuthenticationException ex) {
        // Pass on validation failures
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Failed to validate user " + AuthenticationUtil.maskUsername(userName), ex);
        }
        throw ex;
    } catch (Exception ex) {
        // Log the error
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Kerberos logon error", ex);
        }
    }
    return negTokenTarg;
}
Also used : KerberosDetails(org.alfresco.jlan.server.auth.kerberos.KerberosDetails) SessionUser(org.alfresco.repo.SessionUser) NegTokenTarg(org.alfresco.jlan.server.auth.spnego.NegTokenTarg) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) SessionSetupPrivilegedAction(org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction) LoginException(javax.security.auth.login.LoginException) ServletException(javax.servlet.ServletException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Aggregations

SessionUser (org.alfresco.repo.SessionUser)25 AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)14 HttpSession (javax.servlet.http.HttpSession)9 User (org.alfresco.web.bean.repository.User)9 IOException (java.io.IOException)5 TicketCredentials (org.alfresco.repo.web.auth.TicketCredentials)5 AuthenticationService (org.alfresco.service.cmr.security.AuthenticationService)5 WebApplicationContext (org.springframework.web.context.WebApplicationContext)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 PortletSession (javax.portlet.PortletSession)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Authorization (org.alfresco.repo.security.authentication.Authorization)3 BasicAuthCredentials (org.alfresco.repo.web.auth.BasicAuthCredentials)3 Serializable (java.io.Serializable)2 UnknownHostException (java.net.UnknownHostException)2 CharacterCodingException (java.nio.charset.CharacterCodingException)2 CharsetDecoder (java.nio.charset.CharsetDecoder)2 Date (java.util.Date)2 HashSet (java.util.HashSet)2 LinkedHashSet (java.util.LinkedHashSet)2