Examples with IPerson org.apereo.portal.security.IPerson used on opensource projects

Example 1 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class SimplePersonManager method getPerson.

/**
     * Retrieve an IPerson object for the incoming request
     *
     * @param request the servlet request object
     * @return the IPerson object for the incoming request
     */
public IPerson getPerson(HttpServletRequest request) throws PortalSecurityException {
    HttpSession session = request.getSession(false);
    IPerson person = null;
    // Return the person object if it exists in the user's session
    if (session != null) {
        person = (IPerson) session.getAttribute(PERSON_SESSION_KEY);
    }
    if (person == null) {
        try {
            // Create a guest person
            person = createGuestPerson(request);
        } catch (Exception e) {
            // Log the exception
            log.error("Exception creating guest person.", e);
        }
        // Add this person object to the user's session
        if (person != null && session != null) {
            session.setAttribute(PERSON_SESSION_KEY, person);
        }
    }
    return person;
}

Example 2 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class AbstractPersonManager method createGuestPerson.

/**
     * Creates a new <i>guest</i> user based on the value of the <code>
     * org.apereo.portal.security.PersonFactory.guest_user_names</code> property in
     * portal.properties and (optionally) any beans that implement {@link IGuestUsernameSelector}.
     * This approach supports pluggable, open-ended strategies for multiple guest users who may have
     * different content.
     *
     * @since 5.0
     */
protected IPerson createGuestPerson(HttpServletRequest request) throws Exception {
    // First we need to know the guest username
    // First item is the default
    String username = PersonFactory.GUEST_USERNAMES.get(0);
    // Pluggable strategy for supporting multiple guest users
    for (IGuestUsernameSelector selector : guestUsernameSelectors) {
        final String s = selector.selectGuestUsername(request);
        if (s != null) {
            username = s;
            break;
        }
    }
    // Sanity check...
    if (!PersonFactory.GUEST_USERNAMES.contains(username)) {
        final String msg = "The specified guest username is not in the configured list:  " + username;
        throw new IllegalStateException(msg);
    }
    Integer guestUserId = guestUserIds.get(username);
    if (guestUserId == null) {
        // Not yet looked up
        loadGuestUserId(username, guestUserIds);
        guestUserId = guestUserIds.get(username);
    }
    final IPerson rslt = PersonFactory.createPerson();
    rslt.setAttribute(IPerson.USERNAME, username);
    rslt.setID(guestUserId);
    rslt.setSecurityContext(InitialSecurityContextFactory.getInitialContext("root"));
    return rslt;
}

Example 3 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class LogoutController method service.

/**
     * Process the incoming request and response.
     *
     * @param request HttpServletRequest object
     * @param response HttpServletResponse object
     * @throws ServletException
     * @throws IOException
     */
@RequestMapping
public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String redirect = this.getRedirectionUrl(request);
    final HttpSession session = request.getSession(false);
    if (session != null) {
        // Record that an authenticated user is requesting to log out
        try {
            final IPerson person = personManager.getPerson(request);
            if (person != null && person.getSecurityContext().isAuthenticated()) {
                this.portalEventFactory.publishLogoutEvent(request, this, person);
            }
        } catch (final Exception e) {
            log.error("Exception recording logout " + "associated with request " + request, e);
        }
        final String originalUid = this.identitySwapperManager.getOriginalUsername(session);
        //Logging out from a swapped user, just redirect to the Login servlet
        if (originalUid != null) {
            redirect = request.getContextPath() + "/Login";
        } else {
            // Clear out the existing session for the user
            try {
                session.invalidate();
            } catch (final IllegalStateException ise) {
                // it need not insist that it be the one to perform the invalidating.
                if (log.isTraceEnabled()) {
                    log.trace("LogoutController encountered IllegalStateException invalidating a presumably already-invalidated session.", ise);
                }
            }
        }
    }
    if (log.isTraceEnabled()) {
        log.trace("Redirecting to " + redirect + " to send the user back to the guest page.");
    }
    final String encodedRedirectURL = response.encodeRedirectURL(redirect);
    response.sendRedirect(encodedRedirectURL);
}

Example 4 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class LogoutController method getRedirectionUrl.

/**
     * The redirect is determined based upon the context that passed authentication The
     * LogoutController looks at each authenticated context and determines if a redirect exists for
     * that context in the redirectMap variable (loaded from security.properties file). The redirect
     * is returned for the first authenticated context that has an associated redirect string. If
     * such a context is not found, we use the default DEFAULT_REDIRECT that was originally setup.
     *
     * <p>NOTE: This will work or not work based upon the logic in the root context. At this time,
     * all known security contexts extend the ChainingSecurityContext class. If a context has the
     * variable stopWhenAuthenticated set to false, the user may be logged into multiple security
     * contexts. If this is the case, the logout process currently implemented does not accommodate
     * multiple logouts. As a reference implemention, the current implementation assumes only one
     * security context has been authenticated. Modifications to perform multiple logouts should be
     * considered when a concrete need arises and can be handled by this class or through a change
     * in the ISecurityConext API where a context knows how to perform it's own logout.
     *
     * @param request
     * @return String representing the redirection URL
     */
private String getRedirectionUrl(HttpServletRequest request) {
    String redirect = null;
    final String defaultRedirect = request.getContextPath() + "/";
    IPerson person = null;
    if (this.redirectMap == null) {
        return defaultRedirect;
    }
    try {
        // Get the person object associated with the request
        person = this.personManager.getPerson(request);
        if (person != null) {
            // Retrieve the security context for the user
            final ISecurityContext securityContext = person.getSecurityContext();
            if (securityContext.isAuthenticated()) {
                if (log.isDebugEnabled()) {
                    log.debug("LogoutController::getRedirectionUrl()" + " Looking for redirect string for the root context");
                }
                redirect = this.redirectMap.get("root");
                if (redirect != null && !redirect.equals("")) {
                    return redirect;
                }
            }
            final Enumeration subCtxNames = securityContext.getSubContextNames();
            while (subCtxNames.hasMoreElements()) {
                final String subCtxName = (String) subCtxNames.nextElement();
                if (log.isDebugEnabled()) {
                    log.debug("LogoutController::getRedirectionUrl() " + " subCtxName = " + subCtxName);
                }
                // strip off "root." part of name
                final ISecurityContext sc = securityContext.getSubContext(subCtxName);
                if (log.isDebugEnabled()) {
                    log.debug("LogoutController::getRedirectionUrl()" + " subCtxName isAuth = " + sc.isAuthenticated());
                }
                if (sc.isAuthenticated()) {
                    if (log.isDebugEnabled()) {
                        log.debug("LogoutController::getRedirectionUrl()" + " Looking for redirect string for subCtxName = " + subCtxName);
                    }
                    redirect = this.redirectMap.get(subCtxName);
                    if (redirect != null && !redirect.equals("")) {
                        if (log.isDebugEnabled()) {
                            log.debug("LogoutController::getRedirectionUrl()" + " subCtxName redirect = " + redirect);
                        }
                        break;
                    }
                }
            }
        }
    } catch (final Exception e) {
        // Log the exception
        log.error("LogoutController::getRedirectionUrl() Error:", e);
    }
    if (redirect == null) {
        redirect = defaultRedirect;
    }
    if (log.isDebugEnabled()) {
        log.debug("LogoutController::getRedirectionUrl()" + " redirectionURL = " + redirect);
    }
    return redirect;
}

Example 5 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class BasePersonManager method createGuestPerson.

/**
 * Creates a new <i>guest</i> user based on the value of the <code>
 * org.apereo.portal.security.PersonFactory.guest_user_names</code> property in
 * portal.properties and (optionally) any beans that implement {@link IGuestUsernameSelector}.
 * This approach supports pluggable, open-ended strategies for multiple guest users who may have
 * different content.
 *
 * @since 5.0
 */
protected IPerson createGuestPerson(HttpServletRequest request) throws Exception {
    // First we need to know the guest username
    // First item is the default
    String username = PersonFactory.getGuestUsernames().get(0);
    // Pluggable strategy for supporting multiple guest users
    for (IGuestUsernameSelector selector : guestUsernameSelectors) {
        final String s = selector.selectGuestUsername(request);
        if (s != null) {
            username = s;
            break;
        }
    }
    // Sanity check...
    if (!PersonFactory.getGuestUsernames().contains(username)) {
        final String msg = "The specified guest username is not in the configured list:  " + username;
        throw new IllegalStateException(msg);
    }
    Integer guestUserId = guestUserIds.get(username);
    if (guestUserId == null) {
        // Not yet looked up
        loadGuestUserId(username, guestUserIds);
        guestUserId = guestUserIds.get(username);
    }
    final IPerson rslt = PersonFactory.createPerson();
    rslt.setAttribute(IPerson.USERNAME, username);
    rslt.setID(guestUserId);
    rslt.setSecurityContext(initialSecurityContextFactory.getInitialContext());
    return rslt;
}