use of org.alfresco.repo.tenant.TenantDisabledException in project alfresco-repository by Alfresco.
the class AuthenticationComponentImpl method authenticateImpl.
/**
* Authenticate
*/
@Override
protected void authenticateImpl(final String userNameIn, final char[] password) throws AuthenticationException {
if (logger.isTraceEnabled()) {
logger.trace("Authentication for user: " + AuthenticationUtil.maskUsername(userNameIn));
}
try {
Pair<String, String> userTenant = AuthenticationUtil.getUserTenant(userNameIn);
final String userName = userTenant.getFirst();
final String tenantDomain = userTenant.getSecond();
String normalized = getTransactionService().getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<String>() {
public String execute() throws Throwable {
return TenantUtil.runAsSystemTenant(new TenantRunAsWork<String>() {
public String doWork() throws Exception {
String normalized = getPersonService().getUserIdentifier(userName);
String finalUserName = normalized == null ? userName : normalized;
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(finalUserName, new String(password));
authenticationManager.authenticate(authentication);
// check whether the user's password requires re-hashing
UserDetails userDetails = authenticationDao.loadUserByUsername(finalUserName);
if (userDetails instanceof RepositoryAuthenticatedUser) {
List<String> hashIndicator = ((RepositoryAuthenticatedUser) userDetails).getHashIndicator();
if (hashIndicator != null && !hashIndicator.isEmpty()) {
// current encoding is not the preferred encoding then re-generate
if (hashIndicator.size() > 1 || !passwordEncoder.lastEncodingIsPreferred(hashIndicator)) {
// add transaction listener to re-hash the users password
HashPasswordTransactionListener txListener = new HashPasswordTransactionListener(userName, password);
txListener.setTransactionService(getTransactionService());
txListener.setAuthenticationDao(authenticationDao);
AlfrescoTransactionSupport.bindListener(txListener);
if (logger.isDebugEnabled()) {
logger.debug("New hashed password for user '" + AuthenticationUtil.maskUsername(userName) + "' has been requested");
}
}
}
}
return normalized;
}
}, tenantDomain);
}
}, true);
if (normalized == null) {
setCurrentUser(userName, UserNameValidationMode.CHECK_AND_FIX);
} else {
setCurrentUser(normalized, UserNameValidationMode.NONE);
}
TenantContextHolder.setTenantDomain(tenantDomain);
} catch (TenantDisabledException tde) {
throw new AuthenticationException(tde.getMessage(), tde);
} catch (net.sf.acegisecurity.AuthenticationException ae) {
// This is a bit gross, I admit, but when LDAP is
// configured ae, above, is non-serializable and breaks
// remote authentication.
StringWriter sw = new StringWriter();
PrintWriter out = new PrintWriter(sw);
out.println(ae.toString());
ae.printStackTrace(out);
out.close();
throw new AuthenticationException(sw.toString());
}
}
use of org.alfresco.repo.tenant.TenantDisabledException in project alfresco-repository by Alfresco.
the class RepositoryAuthenticationDao method getUserFolderLocation.
private NodeRef getUserFolderLocation(String caseSensitiveUserName) {
String userDomain = null;
try {
userDomain = tenantService.getUserDomain(caseSensitiveUserName);
} catch (TenantDisabledException tde) {
// see ACE-4909
// it is normal at this part if the tenant is disabled
}
if (userDomain == null) {
// try to use default domain
userDomain = TenantService.DEFAULT_DOMAIN;
}
NodeRef userNodeRef = singletonCache.get(userDomain + KEY_USERFOLDER_NODEREF);
if (userNodeRef == null) {
QName qnameAssocSystem = QName.createQName("sys", "system", namespacePrefixResolver);
QName qnameAssocUsers = QName.createQName("sys", "people", namespacePrefixResolver);
StoreRef userStoreRef = null;
if (TenantUtil.isCurrentDomainDefault()) {
userStoreRef = tenantService.getName(caseSensitiveUserName, new StoreRef(STOREREF_USERS.getProtocol(), STOREREF_USERS.getIdentifier()));
} else {
userStoreRef = new StoreRef(STOREREF_USERS.getProtocol(), STOREREF_USERS.getIdentifier());
}
// AR-527
NodeRef rootNode = nodeService.getRootNode(userStoreRef);
List<ChildAssociationRef> results = nodeService.getChildAssocs(rootNode, RegexQNamePattern.MATCH_ALL, qnameAssocSystem);
NodeRef sysNodeRef = null;
if (results.size() == 0) {
throw new AlfrescoRuntimeException("Required authority system folder path not found: " + qnameAssocSystem);
} else {
sysNodeRef = results.get(0).getChildRef();
}
results = nodeService.getChildAssocs(sysNodeRef, RegexQNamePattern.MATCH_ALL, qnameAssocUsers);
if (results.size() == 0) {
throw new AlfrescoRuntimeException("Required user folder path not found: " + qnameAssocUsers);
} else {
userNodeRef = tenantService.getName(results.get(0).getChildRef());
}
singletonCache.put((tenantService.getUserDomain(caseSensitiveUserName) + KEY_USERFOLDER_NODEREF), userNodeRef);
}
return userNodeRef;
}
Aggregations