Example 1 with UserPrincipal
use of org.apache.jackrabbit.core.security.UserPrincipal in project pentaho-platform by pentaho.
the class SpringSecurityPrincipalProvider method getPrincipal.
/**
* {@inheritDoc}
* <p/>
* <p> Attempts to load user using given {@code principalName} using a Pentaho {@code UserDetailsService}. If it fails
* to find user, it returns a {@link Group} which will be caught by {@code SpringSecurityLoginModule}. </p>
*/
public synchronized Principal getPrincipal(final String principalName) {
if (logger.isDebugEnabled()) {
logger.debug("principalName: [" + principalName + "]");
}
checkInitialized();
Assert.notNull(principalName);
// specially
if (AclMetadataPrincipal.isAclMetadataPrincipal(principalName)) {
return new AclMetadataPrincipal(principalName);
} else if (adminId.equals(principalName)) {
return adminPrincipal;
} else if (anonymousId.equals(principalName)) {
return anonymousPrincipal;
} else if (EveryonePrincipal.getInstance().getName().equals(principalName)) {
return EveryonePrincipal.getInstance();
} else {
if (JcrTenantUtils.isTenantedUser(principalName)) {
// 1. then try the user cache
if (cacheManager != null) {
Principal userFromUserCache = (Principal) cacheManager.getFromRegionCache(USER_CACHE_REGION, JcrTenantUtils.getTenantedUser(principalName));
if (userFromUserCache != null) {
if (logger.isTraceEnabled()) {
// $NON-NLS-1$ //$NON-NLS-2$
logger.trace("user " + principalName + " found in cache");
}
return userFromUserCache;
} else {
if (logger.isTraceEnabled()) {
// $NON-NLS-1$ //$NON-NLS-2$
logger.trace("user " + principalName + " not found in cache");
}
}
} else {
if (logger.isTraceEnabled()) {
logger.trace(" Cache is not available. Will create a principal for user [" + principalName + ']');
}
}
// it may not be necessary to get user's details to emit principal,
if (skipUserVerification || internalGetUserDetails(principalName) != null) {
final Principal user = new UserPrincipal(principalName);
if (cacheManager != null) {
cacheManager.putInRegionCache(USER_CACHE_REGION, principalName, user);
}
return user;
}
} else if (JcrTenantUtils.isTenatedRole(principalName)) {
// 1. first try the role cache
if (cacheManager != null) {
Principal roleFromCache = (Principal) cacheManager.getFromRegionCache(ROLE_CACHE_REGION, JcrTenantUtils.getTenantedRole(principalName));
if (roleFromCache != null) {
if (logger.isTraceEnabled()) {
// $NON-NLS-1$ //$NON-NLS-2$
logger.trace("role " + principalName + " found in cache");
}
return roleFromCache;
} else {
if (logger.isTraceEnabled()) {
// $NON-NLS-1$ //$NON-NLS-2$
logger.trace("role " + principalName + " not found in cache");
}
}
} else {
if (logger.isTraceEnabled()) {
logger.trace(" Cache is not available. Will create a principal for role [" + principalName + ']');
}
}
// 2. finally just assume role; this assumption serves two purposes:
// (1) avoid any role search config by the user
// and (2) performance (if we don't care that a role is not
// present--why look it up); finally, a Group returned
// by this class will be caught in
// SpringSecurityLoginModule.getPrincipal and the login will fail
final Principal roleToCache = createSpringSecurityRolePrincipal(principalName);
if (cacheManager != null) {
cacheManager.putInRegionCache(ROLE_CACHE_REGION, principalName, roleToCache);
}
if (logger.isTraceEnabled()) {
// $NON-NLS-1$ //$NON-NLS-2$
logger.trace("assuming " + principalName + " is a role");
}
return roleToCache;
}
return null;
}
}
Also used :
AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal)
UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal)
AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal)
AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal)
Principal(java.security.Principal)
UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal)
Example 2 with UserPrincipal
use of org.apache.jackrabbit.core.security.UserPrincipal in project pentaho-platform by pentaho.
the class TestPrincipalProvider method getGroupMembership.
/**
* {@inheritDoc}
*
* <p>
* Called from {@code AbstractLoginModule.getPrincipals()}
* </p>
*/
@Override
public PrincipalIterator getGroupMembership(Principal principal) {
if (principal instanceof EveryonePrincipal) {
return PrincipalIteratorAdapter.EMPTY;
}
if (principal instanceof AclMetadataPrincipal) {
return PrincipalIteratorAdapter.EMPTY;
}
Set<Principal> principals = new HashSet<Principal>(roleAssignments.containsKey(principal.getName()) ? roleAssignments.get(principal.getName()) : new HashSet<Principal>());
principals.add(EveryonePrincipal.getInstance());
if (principal instanceof AdminPrincipal) {
principals.add(adminRolePrincipal);
} else if (principal instanceof UserPrincipal) {
if (userRoleDao != null) {
List<IPentahoRole> roles;
try {
roles = userRoleDao.getUserRoles(null, principal.getName());
for (IPentahoRole role : roles) {
principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(role.getTenant(), role.getName())));
}
} catch (Exception e) {
roles = userRoleDao.getUserRoles(null, principal.getName());
for (IPentahoRole role : roles) {
principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(role.getTenant(), role.getName())));
}
}
} else {
if (principal.getName() != null && (principal.getName().startsWith("admin") || principal.getName().startsWith("suzy") || principal.getName().startsWith("tiffany"))) {
ITenant tenant = tenantedUserNameUtils.getTenant(principal.getName());
principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(tenant, "Authenticated")));
}
if (principal.getName() != null && principal.getName().startsWith("admin")) {
ITenant tenant = tenantedUserNameUtils.getTenant(principal.getName());
principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(tenant, "TenantAdmin")));
}
if (principal.getName() != null && principal.getName().startsWith("super")) {
ITenant tenant = tenantedUserNameUtils.getTenant(principal.getName());
principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(tenant, "SysAdmin")));
}
}
}
return new PrincipalIteratorAdapter(principals);
}
Also used :
PrincipalIteratorAdapter(org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter)
UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal)
NoSuchWorkspaceException(javax.jcr.NoSuchWorkspaceException)
RepositoryException(javax.jcr.RepositoryException)
LoginException(javax.jcr.LoginException)
AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal)
AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal)
ITenant(org.pentaho.platform.api.mt.ITenant)
ArrayList(java.util.ArrayList)
List(java.util.List)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal)
UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal)
AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal)
AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Aggregations
Principal (java.security.Principal)2
AnonymousPrincipal (org.apache.jackrabbit.core.security.AnonymousPrincipal)2
UserPrincipal (org.apache.jackrabbit.core.security.UserPrincipal)2
AdminPrincipal (org.apache.jackrabbit.core.security.principal.AdminPrincipal)2
EveryonePrincipal (org.apache.jackrabbit.core.security.principal.EveryonePrincipal)2
AclMetadataPrincipal (org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
List (java.util.List)1
LoginException (javax.jcr.LoginException)1
NoSuchWorkspaceException (javax.jcr.NoSuchWorkspaceException)1
RepositoryException (javax.jcr.RepositoryException)1
PrincipalIteratorAdapter (org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter)1
IPentahoRole (org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)1
ITenant (org.pentaho.platform.api.mt.ITenant)1
