Search in sources :

Example 1 with AuthenticationComponent

use of org.alfresco.repo.security.authentication.AuthenticationComponent in project alfresco-remote-api by Alfresco.

the class WebDAVMethodTest method setUpApplicationContext.

protected void setUpApplicationContext() {
    ApplicationContext appContext = ApplicationContextHelper.getApplicationContext(new String[] { "classpath:alfresco/application-context.xml", "classpath:alfresco/web-scripts-application-context.xml", "classpath:alfresco/remote-api-context.xml" });
    this.nodeService = (NodeService) appContext.getBean("NodeService");
    this.searchService = (SearchService) appContext.getBean("SearchService");
    this.namespaceService = (NamespaceService) appContext.getBean("NamespaceService");
    this.tenantService = (TenantService) appContext.getBean("tenantService");
    this.transactionService = (TransactionService) appContext.getBean("transactionService");
    this.webDAVHelper = (WebDAVHelper) appContext.getBean("webDAVHelper");
    this.tenantAdminService = (TenantAdminService) appContext.getBean("tenantAdminService");
    // Authenticate as system to create initial test data set
    AuthenticationComponent authenticationComponent = (AuthenticationComponent) appContext.getBean("authenticationComponent");
    authenticationComponent.setSystemUserAsCurrentUser();
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) AuthenticationComponent(org.alfresco.repo.security.authentication.AuthenticationComponent)

Example 2 with AuthenticationComponent

use of org.alfresco.repo.security.authentication.AuthenticationComponent in project acs-community-packaging by Alfresco.

the class AuthenticationHelper method getUser.

/**
 * Attempts to retrieve the User object stored in the current session.
 *
 * @param sc
 *            the servlet context
 * @param httpRequest
 *            The HTTP request
 * @param httpResponse
 *            The HTTP response
 * @return The User object representing the current user or null if it could not be found
 */
public static User getUser(final ServletContext sc, final HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    // If the remote user mapper is configured, we may be able to map in an externally authenticated user
    String userId = getRemoteUser(sc, httpRequest);
    final WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc);
    HttpSession session = httpRequest.getSession();
    User user = null;
    // examine the appropriate session to try and find the User object
    SessionUser sessionUser = Application.getCurrentUser(session);
    // been known to leak in but shouldn't now)
    if (sessionUser != null) {
        if (logger.isDebugEnabled())
            logger.debug("SessionUser is: " + sessionUser.getUserName());
        AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
        try {
            auth.validate(sessionUser.getTicket());
            if (sessionUser instanceof User) {
                user = (User) sessionUser;
                setExternalAuth(session, userId != null);
            } else {
                user = setUser(sc, httpRequest, sessionUser.getUserName(), sessionUser.getTicket(), userId != null);
            }
        } catch (AuthenticationException authErr) {
            if (logger.isDebugEnabled())
                logger.debug("An authentication error occured while setting the session user", authErr);
            session.removeAttribute(AUTHENTICATION_USER);
            if (!Application.inPortalServer()) {
                if (logger.isDebugEnabled())
                    logger.debug("Invalidating the session.");
                session.invalidate();
            }
        }
    }
    // If the remote user mapper is configured, we may be able to map in an externally authenticated user
    if (userId != null) {
        AuthorityService authorityService = (AuthorityService) wc.getBean(AUTHORITY_SERVICE);
        // We have a previously-cached user with the wrong identity - replace them
        if (user != null && !authorityService.isGuestAuthority(user.getUserName()) && !user.getUserName().equals(userId)) {
            if (logger.isDebugEnabled())
                logger.debug("We have a previously-cached user with the wrong identity - replace them");
            session.removeAttribute(AUTHENTICATION_USER);
            if (!Application.inPortalServer()) {
                if (logger.isDebugEnabled())
                    logger.debug("Invalidating session.");
                session.invalidate();
            }
            user = null;
        }
        if (user == null) {
            if (logger.isDebugEnabled())
                logger.debug("There are no previously-cached users.");
            // If we have been authenticated by other means, just propagate through the user identity
            AuthenticationComponent authenticationComponent = (AuthenticationComponent) wc.getBean(AUTHENTICATION_COMPONENT);
            try {
                if (logger.isDebugEnabled())
                    logger.debug("We have been authenticated by other means, authenticating the user: " + userId);
                authenticationComponent.setCurrentUser(userId);
                AuthenticationService authenticationService = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
                user = setUser(sc, httpRequest, userId, authenticationService.getCurrentTicket(), true);
            } catch (AuthenticationException authErr) {
                if (logger.isDebugEnabled())
                    logger.debug("An authentication error occured while setting the session user", authErr);
                // Allow for an invalid external user ID to be indicated
                session.removeAttribute(AUTHENTICATION_USER);
                if (!Application.inPortalServer()) {
                    if (logger.isDebugEnabled())
                        logger.debug("Invalidating the session.");
                    session.invalidate();
                }
            }
        }
    }
    return user;
}
Also used : SessionUser(org.alfresco.repo.SessionUser) SessionUser(org.alfresco.repo.SessionUser) User(org.alfresco.web.bean.repository.User) AuthenticationComponent(org.alfresco.repo.security.authentication.AuthenticationComponent) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) HttpSession(javax.servlet.http.HttpSession) AuthorityService(org.alfresco.service.cmr.security.AuthorityService) AuthenticationService(org.alfresco.service.cmr.security.AuthenticationService) WebApplicationContext(org.springframework.web.context.WebApplicationContext)

Example 3 with AuthenticationComponent

use of org.alfresco.repo.security.authentication.AuthenticationComponent in project alfresco-remote-api by Alfresco.

the class DownloadRestApiTest method setUp.

public void setUp() {
    // Resolve required services
    authenticationService = getServer().getApplicationContext().getBean("AuthenticationService", MutableAuthenticationService.class);
    authenticationComponent = getServer().getApplicationContext().getBean("authenticationComponent", AuthenticationComponent.class);
    contentService = getServer().getApplicationContext().getBean("ContentService", ContentService.class);
    nodeService = getServer().getApplicationContext().getBean("NodeService", NodeService.class);
    personService = getServer().getApplicationContext().getBean("PersonService", PersonService.class);
    // Authenticate as user
    this.authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
    // if user with given user name doesn't already exist then create user
    if (this.authenticationService.authenticationExists(TEST_USERNAME) == false) {
        // create user
        this.authenticationService.createAuthentication(TEST_USERNAME, "password".toCharArray());
        // create person properties
        PropertyMap personProps = new PropertyMap();
        personProps.put(ContentModel.PROP_USERNAME, TEST_USERNAME);
        personProps.put(ContentModel.PROP_FIRSTNAME, "FirstName123");
        personProps.put(ContentModel.PROP_LASTNAME, "LastName123");
        personProps.put(ContentModel.PROP_EMAIL, "FirstName123.LastName123@email.com");
        personProps.put(ContentModel.PROP_JOBTITLE, "JobTitle123");
        personProps.put(ContentModel.PROP_JOBTITLE, "Organisation123");
        // create person node for user
        this.personService.createPerson(personProps);
    }
    Repository repositoryHelper = (Repository) getServer().getApplicationContext().getBean("repositoryHelper");
    NodeRef companyHome = repositoryHelper.getCompanyHome();
    // Create some static test content
    rootFolder = createNode(companyHome, "rootFolder", ContentModel.TYPE_FOLDER, AuthenticationUtil.getAdminUserName());
    rootFile = createNodeWithTextContent(companyHome, "rootFile", ContentModel.TYPE_CONTENT, AuthenticationUtil.getAdminUserName(), "Root file content");
    level1File = createNodeWithTextContent(rootFolder, "level1File", ContentModel.TYPE_CONTENT, AuthenticationUtil.getAdminUserName(), "Level 1 file content");
    level1Folder = createNode(rootFolder, "level1Folder", ContentModel.TYPE_FOLDER, AuthenticationUtil.getAdminUserName());
    level2File = createNodeWithTextContent(level1Folder, "level2File", ContentModel.TYPE_CONTENT, AuthenticationUtil.getAdminUserName(), "Level 2 file content");
}
Also used : NodeRef(org.alfresco.service.cmr.repository.NodeRef) Repository(org.alfresco.repo.model.Repository) PropertyMap(org.alfresco.util.PropertyMap) AuthenticationComponent(org.alfresco.repo.security.authentication.AuthenticationComponent) NodeService(org.alfresco.service.cmr.repository.NodeService) PersonService(org.alfresco.service.cmr.security.PersonService) ContentService(org.alfresco.service.cmr.repository.ContentService) MutableAuthenticationService(org.alfresco.service.cmr.security.MutableAuthenticationService)

Aggregations

AuthenticationComponent (org.alfresco.repo.security.authentication.AuthenticationComponent)3 HttpSession (javax.servlet.http.HttpSession)1 SessionUser (org.alfresco.repo.SessionUser)1 Repository (org.alfresco.repo.model.Repository)1 AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)1 ContentService (org.alfresco.service.cmr.repository.ContentService)1 NodeRef (org.alfresco.service.cmr.repository.NodeRef)1 NodeService (org.alfresco.service.cmr.repository.NodeService)1 AuthenticationService (org.alfresco.service.cmr.security.AuthenticationService)1 AuthorityService (org.alfresco.service.cmr.security.AuthorityService)1 MutableAuthenticationService (org.alfresco.service.cmr.security.MutableAuthenticationService)1 PersonService (org.alfresco.service.cmr.security.PersonService)1 PropertyMap (org.alfresco.util.PropertyMap)1 User (org.alfresco.web.bean.repository.User)1 ApplicationContext (org.springframework.context.ApplicationContext)1 WebApplicationContext (org.springframework.web.context.WebApplicationContext)1