Examples with IPerson org.apereo.portal.security.IPerson used on opensource projects

Example 26 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortalPermissionEvaluator method getAuthorizationPrincipal.

/*
     * Implementation
     */
/** Prepare a uPortal IAuthorizationPrincipal based in the Spring principal */
private IAuthorizationPrincipal getAuthorizationPrincipal(Authentication authentication) {
    String username = // default -- first unauthenticated user
    PersonFactory.GUEST_USERNAMES.get(0);
    Object authPrincipal = authentication.getPrincipal();
    if (authPrincipal instanceof UserDetails) {
        // User is authenticated
        UserDetails userDetails = (UserDetails) authPrincipal;
        username = userDetails.getUsername();
    } else {
        // Which guest user are we?
        final HttpServletRequest req = portalRequestUtils.getCurrentPortalRequest();
        final IPerson person = personManager.getPerson(req);
        username = person.getUserName();
    }
    return authorizationService.newPrincipal(username, IPerson.class);
}

Example 27 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortletRendererImpl method enforceConfigPermission.

/**
     * Enforces config mode access control. If requesting user does not have CONFIG permission, and
     * the PortletWindow specifies config mode, throws AuthorizationException. Otherwise does
     * nothing.
     *
     * @param httpServletRequest the non-null current HttpServletRequest (for determining requesting
     *     user)
     * @param portletWindow a non-null portlet window that might be in config mode
     * @throws AuthorizationException if the user is not permitted to access config mode yet portlet
     *     window specifies config mode
     * @throws java.lang.IllegalArgumentException if the request or window are null
     * @since 4.0.13.1, 4.0.14, 4.1.
     */
protected void enforceConfigPermission(final HttpServletRequest httpServletRequest, final IPortletWindow portletWindow) {
    Validate.notNull(httpServletRequest, "Servlet request must not be null to determine remote user.");
    Validate.notNull(portletWindow, "Portlet window must not be null to determine its mode.");
    final PortletMode portletMode = portletWindow.getPortletMode();
    if (portletMode != null) {
        if (IPortletRenderer.CONFIG.equals(portletMode)) {
            final IPerson person = this.personManager.getPerson(httpServletRequest);
            final EntityIdentifier ei = person.getEntityIdentifier();
            final AuthorizationService authorizationService = AuthorizationService.instance();
            final IAuthorizationPrincipal ap = authorizationService.newPrincipal(ei.getKey(), ei.getType());
            final IPortletEntity portletEntity = portletWindow.getPortletEntity();
            final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
            if (!ap.canConfigure(portletDefinition.getPortletDefinitionId().getStringId())) {
                logger.error("User {} attempted to use portlet {} in {} but lacks permission to use that mode.  " + "THIS MAY BE AN ATTEMPT TO EXPLOIT A HISTORICAL SECURITY FLAW.  " + "You should probably figure out who this user is and why they are trying to access " + "unauthorized portlet modes.", person.getUserName(), portletDefinition.getFName(), portletMode);
                throw new AuthorizationException(person.getUserName() + " does not have permission to render '" + portletDefinition.getFName() + "' in " + portletMode + " PortletMode.");
            }
        }
    }
}

Example 28 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortletMarketplaceController method getLayoutInfo.

@ResourceMapping("layoutInfo")
public String getLayoutInfo(ResourceRequest request, @RequestParam String portletFName, Model model) throws TransformerException {
    Validate.notNull(portletFName, "Please supply a portlet fname");
    final HttpServletRequest servletRequest = this.portalRequestUtils.getPortletHttpRequest(request);
    IUserInstance ui = userInstanceManager.getUserInstance(servletRequest);
    UserPreferencesManager upm = (UserPreferencesManager) ui.getPreferencesManager();
    IUserLayoutManager ulm = upm.getUserLayoutManager();
    IPerson person = ui.getPerson();
    DistributedUserLayout userLayout = userLayoutStore.getUserLayout(person, upm.getUserProfile());
    List<PortletTab> tabs = getPortletTabInfo(userLayout, portletFName);
    boolean isFavorite = isPortletFavorited(ulm.getUserLayout(), portletFName);
    model.addAttribute("favorite", isFavorite);
    model.addAttribute("tabs", tabs);
    return "json";
}

Example 29 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class ParenTest method testIsApplicable.

public void testIsApplicable() {
    IPerson p = new PersonImpl();
    // Paren.Type.OR...
    Paren orParen = new Paren(Paren.Type.OR);
    orParen.addEvaluator(new AllUsersEvaluatorFactory());
    assertTrue("true should make true", orParen.isApplicable(p));
    orParen.addEvaluator(new NoUsersEvaluatorFactory());
    assertTrue("true + false should make true", orParen.isApplicable(p));
    orParen = new Paren(Paren.Type.OR);
    orParen.addEvaluator(new NoUsersEvaluatorFactory());
    assertFalse("false should make false", orParen.isApplicable(p));
    // Paren.Type.AND...
    Paren andParen = new Paren(Paren.Type.AND);
    andParen.addEvaluator(new AllUsersEvaluatorFactory());
    assertTrue("true should make true", andParen.isApplicable(p));
    andParen.addEvaluator(new NoUsersEvaluatorFactory());
    assertFalse("true + false should make false", andParen.isApplicable(p));
    // Paren.Type.NOT...
    Paren notParen = new Paren(Paren.Type.NOT);
    notParen.addEvaluator(new AllUsersEvaluatorFactory());
    assertFalse("true should make false", notParen.isApplicable(p));
    notParen = new Paren(Paren.Type.NOT);
    notParen.addEvaluator(new NoUsersEvaluatorFactory());
    assertTrue("false should make true", notParen.isApplicable(p));
}

Example 30 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class Authentication method authenticate.

/**
     * Attempts to authenticate a given IPerson based on a set of principals and credentials
     *
     * @param principals
     * @param credentials
     * @param person
     * @exception PortalSecurityException
     */
public void authenticate(HttpServletRequest request, Map<String, String> principals, Map<String, String> credentials, IPerson person) throws PortalSecurityException {
    // Retrieve the security context for the user
    final ISecurityContext securityContext = person.getSecurityContext();
    //Set the principals and credentials for the security context chain
    this.configureSecurityContextChain(principals, credentials, person, securityContext, BASE_CONTEXT_NAME);
    // NOTE: PortalPreAuthenticatedProcessingFilter looks in the security.properties file to
    // determine what tokens to look for that represent the principals and
    // credentials for each context. It then retrieves the values from the request
    // and stores the values in the principals and credentials HashMaps that are
    // passed to the Authentication service.
    // Attempt to authenticate the user
    final long start = System.currentTimeMillis();
    securityContext.authenticate();
    final long elapsed = System.currentTimeMillis() - start;
    // Check to see if the user was authenticated
    if (securityContext.isAuthenticated()) {
        // metric
        lastAuthentication = authenticationTimes.add(elapsed);
        // Add the authenticated username to the person object
        // the login name may have been provided or reset by the security provider
        // so this needs to be done after authentication.
        final String userName = securityContext.getPrincipal().getUID();
        person.setAttribute(IPerson.USERNAME, userName);
        if (log.isDebugEnabled()) {
            log.debug("FINISHED SecurityContext authentication for user '" + userName + "' in " + elapsed + "ms #milestone");
        }
        threadNamingRequestFilter.updateCurrentUsername(userName);
        /*
             * Clear cached group info for this user.
             *
             * There seem to be 2 systems in place for this information:
             *   - The old system based on EntityCachingService
             *   - The new system based on ehcache
             *
             * For uPortal 5, we should work to remove the old system.
             */
        // Old system
        GroupService.finishedSession(person);
        for (IAuthenticationListener authListener : authenticationListeners) {
            // New system
            authListener.userAuthenticated(person);
        }
        //Clear all existing cached data about the person
        this.usernameTaggedCacheEntryPurger.purgeTaggedCacheEntries(userName);
        // Retrieve the additional descriptor from the security context
        final IAdditionalDescriptor addInfo = person.getSecurityContext().getAdditionalDescriptor();
        // Process the additional descriptor if one was created
        if (addInfo != null) {
            //       handled by the PersonManager.
            if (addInfo instanceof IPerson) {
                final IPerson newPerson = (IPerson) addInfo;
                person.setFullName(newPerson.getFullName());
                for (final String attributeName : newPerson.getAttributeMap().keySet()) {
                    person.setAttribute(attributeName, newPerson.getAttribute(attributeName));
                }
                this.resetEntityIdentifier(person, newPerson);
            } else // simply copy all of these additional attributes into the IPerson
            if (addInfo instanceof Map) {
                // Cast the additional descriptor as a Map
                final Map<?, ?> additionalAttributes = (Map<?, ?>) addInfo;
                // Copy each additional attribute into the person object
                for (final Iterator<?> keys = additionalAttributes.keySet().iterator(); keys.hasNext(); ) {
                    // Get a key
                    final String key = (String) keys.next();
                    // Set the attribute
                    person.setAttribute(key, additionalAttributes.get(key));
                }
            } else if (addInfo instanceof ChainingSecurityContext.ChainingAdditionalDescriptor) {
            // do nothing
            } else {
                if (log.isWarnEnabled()) {
                    log.warn("Authentication Service received unknown additional descriptor [" + addInfo + "]");
                }
            }
        }
        // Populate the person object using the PersonDirectory if applicable
        if (PropertiesManager.getPropertyAsBoolean("org.apereo.portal.services.Authentication.usePersonDirectory")) {
            // Retrieve all of the attributes associated with the person logging in
            final String username = person.getUserName();
            final long timestamp = System.currentTimeMillis();
            if (log.isDebugEnabled()) {
                log.debug("STARTING user attribute gathering for user '" + userName + "' #milestone");
            }
            final IPersonAttributes personAttributes = this.personAttributeDao.getPerson(username);
            if (log.isDebugEnabled()) {
                log.debug("FINISHED user attribute gathering for user '" + userName + "' in " + Long.toString(System.currentTimeMillis() - timestamp) + "ms #milestone");
            }
            if (personAttributes != null) {
                // attribs may be null.  IPersonAttributeDao returns null when it does not recognize a user at all, as
                // distinguished from returning an empty Map of attributes when it recognizes a user has having no
                // attributes.
                person.setAttributes(personAttributes.getAttributes());
            }
        }
        // Make sure the the user's fullname is set
        if (person.getFullName() == null) {
            // Use portal display name if one exists
            if (person.getAttribute("portalDisplayName") != null) {
                person.setFullName((String) person.getAttribute("portalDisplayName"));
            } else // If not try the eduPerson displayName
            if (person.getAttribute("displayName") != null) {
                person.setFullName((String) person.getAttribute("displayName"));
            }
            // If still no FullName use an unrecognized string
            if (person.getFullName() == null) {
                person.setFullName("Unrecognized person: " + person.getAttribute(IPerson.USERNAME));
            }
        }
        // Find the uPortal userid for this user or flunk authentication if not found
        // The template username should actually be derived from directory information.
        // The reference implementation sets the uPortalTemplateUserName to the default in
        // the portal.properties file.
        // A more likely template would be staff or faculty or undergraduate.
        final boolean autocreate = PropertiesManager.getPropertyAsBoolean("org.apereo.portal.services.Authentication.autoCreateUsers");
        // If we are going to be auto creating accounts then we must find the default template to use
        if (autocreate && person.getAttribute("uPortalTemplateUserName") == null) {
            final String defaultTemplateUserName = PropertiesManager.getProperty("org.apereo.portal.services.Authentication.defaultTemplateUserName");
            person.setAttribute("uPortalTemplateUserName", defaultTemplateUserName);
        }
        try {
            // Attempt to retrieve the UID
            final int newUID = this.userIdentityStore.getPortalUID(person, autocreate);
            person.setID(newUID);
        } catch (final AuthorizationException ae) {
            log.error("Exception retrieving ID", ae);
            throw new PortalSecurityException("Authentication Service: Exception retrieving UID");
        }
    }
    //Publish a login event for the person
    this.portalEventFactory.publishLoginEvent(request, this, person);
}