Example 46 with SiteFeed
use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.
the class AuthenticationChainImpl method doAuthenticate.
@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, String username, String password) throws Exception {
boolean authenticated = false;
Iterator<AuthenticationProvider> iterator = authenticationChain.iterator();
Exception lastError = null;
while (iterator.hasNext()) {
AuthenticationProvider authProvider = iterator.next();
if (authProvider.isEnabled()) {
try {
authenticated = authProvider.doAuthenticate(request, response, this, username, password);
} catch (Exception e) {
lastError = e;
}
if (authenticated)
break;
}
}
String ipAddress = request.getRemoteAddr();
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
if (authenticated) {
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_LOGIN);
auditLog.setActorId(username);
auditLog.setSiteId(siteFeed.getId());
auditLog.setPrimaryTargetId(username);
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(username);
auditServiceInternal.insertAuditLog(auditLog);
logger.info("User " + username + " logged in from IP: " + ipAddress);
} else {
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_LOGIN_FAILED);
auditLog.setActorId(username);
auditLog.setSiteId(siteFeed.getId());
auditLog.setPrimaryTargetId(StringUtils.isEmpty(username) ? StringUtils.EMPTY : username);
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(username);
auditServiceInternal.insertAuditLog(auditLog);
logger.info("Failed to authenticate user " + username + " logging in from IP: " + ipAddress);
if (lastError == null) {
lastError = new AuthenticationSystemException("Unknown service error");
}
throw lastError;
}
return authenticated;
}
Also used :
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)
AuthenticationProvider(org.craftercms.studio.api.v2.service.security.AuthenticationProvider)
AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
Example 47 with SiteFeed
use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.
the class GroupServiceImpl method addGroupMembers.
@Override
@HasPermission(type = DefaultPermission.class, action = "update_groups")
public List<User> addGroupMembers(long groupId, List<Long> userIds, List<String> usernames) throws ServiceLayerException, UserNotFoundException, GroupNotFoundException, AuthenticationException {
List<User> users = groupServiceInternal.addGroupMembers(groupId, userIds, usernames);
Group group = groupServiceInternal.getGroup(groupId);
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
List<AuditLogParameter> parameters = new ArrayList<AuditLogParameter>();
for (User user : users) {
AuditLogParameter parameter = new AuditLogParameter();
parameter.setTargetId(Long.toString(user.getId()));
parameter.setTargetType(TARGET_TYPE_USER);
parameter.setTargetValue(user.getUsername());
parameters.add(parameter);
}
auditLog.setParameters(parameters);
auditLog.setOperation(OPERATION_ADD_MEMBERS);
auditLog.setSiteId(siteFeed.getId());
auditLog.setActorId(userService.getCurrentUser().getUsername());
auditLog.setPrimaryTargetId(Long.toString(groupId));
auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
auditLog.setPrimaryTargetValue(group.getGroupName());
auditServiceInternal.insertAuditLog(auditLog);
return users;
}
Also used :
Group(org.craftercms.studio.api.v2.dal.Group)
User(org.craftercms.studio.api.v2.dal.User)
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
ArrayList(java.util.ArrayList)
AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Example 48 with SiteFeed
use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.
the class GroupServiceImpl method deleteGroup.
@Override
@HasPermission(type = DefaultPermission.class, action = "delete_groups")
public void deleteGroup(List<Long> groupIds) throws ServiceLayerException, GroupNotFoundException, AuthenticationException {
Group sysAdminGroup;
try {
sysAdminGroup = groupServiceInternal.getGroupByName(SYSTEM_ADMIN_GROUP);
} catch (GroupNotFoundException e) {
throw new ServiceLayerException("The System Admin group is not found", e);
}
if (CollectionUtils.isNotEmpty(groupIds)) {
if (groupIds.contains(sysAdminGroup.getId())) {
throw new ServiceLayerException("Deleting the System Admin group is not allowed.");
}
}
List<Group> groups = groupServiceInternal.getGroups(groupIds);
groupServiceInternal.deleteGroup(groupIds);
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_DELETE);
auditLog.setActorId(userService.getCurrentUser().getUsername());
auditLog.setSiteId(siteFeed.getId());
auditLog.setPrimaryTargetId(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
auditLog.setPrimaryTargetValue(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
for (Group g : groups) {
AuditLogParameter paramter = new AuditLogParameter();
paramter.setTargetId(Long.toString(g.getId()));
paramter.setTargetType(TARGET_TYPE_GROUP);
paramter.setTargetValue(g.getGroupName());
paramters.add(paramter);
}
auditLog.setParameters(paramters);
auditServiceInternal.insertAuditLog(auditLog);
}
Also used :
Group(org.craftercms.studio.api.v2.dal.Group)
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
ArrayList(java.util.ArrayList)
ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException)
GroupNotFoundException(org.craftercms.studio.api.v1.exception.security.GroupNotFoundException)
AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Example 49 with SiteFeed
use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.
the class GroupServiceImpl method createGroup.
@Override
@HasPermission(type = DefaultPermission.class, action = "create_groups")
public Group createGroup(long orgId, String groupName, String groupDescription) throws GroupAlreadyExistsException, ServiceLayerException, AuthenticationException {
Group toRet = groupServiceInternal.createGroup(orgId, groupName, groupDescription);
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_CREATE);
auditLog.setSiteId(siteFeed.getId());
auditLog.setActorId(userService.getCurrentUser().getUsername());
auditLog.setPrimaryTargetId(groupName);
auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
auditLog.setPrimaryTargetValue(groupName);
auditServiceInternal.insertAuditLog(auditLog);
return toRet;
}
Also used :
Group(org.craftercms.studio.api.v2.dal.Group)
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)
Example 50 with SiteFeed
use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.
the class HeadersAuthenticationProvider method doAuthenticate.
@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, UserNotFoundException {
if (isEnabled()) {
logger.debug("Authenticating user using authentication headers.");
RequestContext requestContext = RequestContext.getCurrent();
if (requestContext != null) {
String securekeyHeader = request.getHeader(secureKeyHeader);
logger.debug("Verifying authentication header secure key.");
if (StringUtils.equals(securekeyHeader, secureKeyHeaderValue)) {
String usernameHeaderValue = request.getHeader(usernameHeader);
String firstName = request.getHeader(firstNameHeader);
String lastName = request.getHeader(lastNameHeader);
String email = request.getHeader(emailHeader);
String groups = request.getHeader(groupsHeader);
try {
UserServiceInternal userServiceInternal = authenticationChain.getUserServiceInternal();
AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
SiteService siteService = authenticationChain.getSiteService();
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
if (userServiceInternal.userExists(-1, usernameHeaderValue)) {
User user = userServiceInternal.getUserByIdOrUsername(-1, usernameHeaderValue);
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEmail(email);
if (StringUtils.isNoneEmpty(firstName, lastName, email)) {
logger.debug("If user already exists in studio DB, update details.");
try {
userServiceInternal.updateUser(user);
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_UPDATE);
auditLog.setActorId(usernameHeaderValue);
auditLog.setSiteId(siteFeed.getId());
auditLog.setPrimaryTargetId(usernameHeaderValue);
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(user.getUsername());
auditServiceInternal.insertAuditLog(auditLog);
} catch (Exception e) {
logger.debug("Error updating user " + usernameHeaderValue + " with data from authentication headers", e);
throw new AuthenticationSystemException("Error updating user " + usernameHeaderValue + " with data from " + "external authentication provider", e);
}
}
} else {
logger.debug("User does not exist in studio db. Adding user " + usernameHeader);
try {
User user = new User();
user.setUsername(usernameHeaderValue);
user.setPassword(UUID.randomUUID().toString());
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEmail(email);
user.setExternallyManaged(true);
user.setEnabled(true);
userServiceInternal.createUser(user);
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_CREATE);
auditLog.setSiteId(siteFeed.getId());
auditLog.setActorId(usernameHeaderValue);
auditLog.setPrimaryTargetId(usernameHeaderValue);
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(user.getUsername());
auditServiceInternal.insertAuditLog(auditLog);
} catch (UserAlreadyExistsException | ServiceLayerException e) {
logger.debug("Error adding user " + usernameHeaderValue + " from authentication " + "headers", e);
throw new AuthenticationSystemException("Error adding user " + usernameHeaderValue + " from external " + "authentication provider", e);
}
}
} catch (ServiceLayerException e) {
logger.debug("Unknown service error", e);
throw new AuthenticationSystemException("Unknown service error", e);
}
User user = new User();
user.setUsername(usernameHeaderValue);
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEmail(email);
user.setGroups(new ArrayList<UserGroup>());
logger.debug("Update user groups in database.");
if (StringUtils.isNoneEmpty(groups)) {
String[] groupsArray = groups.split(",");
for (int i = 0; i < groupsArray.length; i++) {
Group g = new Group();
try {
g.setGroupName(StringUtils.trim(groupsArray[i]));
g.setGroupDescription("Externally managed group");
g.setOrganization(null);
UserGroup ug = new UserGroup();
ug.setGroup(g);
user.getGroups().add(ug);
upsertUserGroup(g.getGroupName(), usernameHeaderValue, authenticationChain);
} catch (Exception e) {
logger.debug("Error updating user group " + g.getGroupName() + " with data from authentication headers", e);
}
}
}
String token = createToken(user, authenticationChain);
if (isLogoutEnabled()) {
storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS, logoutUrl));
} else {
storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS));
}
return true;
}
}
logger.debug("Unable to authenticate user using authentication headers");
return false;
} else {
logger.debug("Authentication using headers disabled");
return false;
}
}
Also used :
UserGroup(org.craftercms.studio.api.v2.dal.UserGroup)
Group(org.craftercms.studio.api.v2.dal.Group)
User(org.craftercms.studio.api.v2.dal.User)
UserServiceInternal(org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal)
AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)
ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException)
UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException)
AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)
UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException)
UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException)
AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)
SiteNotFoundException(org.craftercms.studio.api.v1.exception.SiteNotFoundException)
ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException)
UserGroup(org.craftercms.studio.api.v2.dal.UserGroup)
StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration)
AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal)
SiteService(org.craftercms.studio.api.v1.service.site.SiteService)
SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed)
RequestContext(org.craftercms.commons.http.RequestContext)
Aggregations
SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)58
AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)39
ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)21
SiteNotFoundException (org.craftercms.studio.api.v1.exception.SiteNotFoundException)18
ArrayList (java.util.ArrayList)16
HashMap (java.util.HashMap)15
AuditLogParameter (org.craftercms.studio.api.v2.dal.AuditLogParameter)12
Group (org.craftercms.studio.api.v2.dal.Group)12
HasPermission (org.craftercms.commons.security.permissions.annotations.HasPermission)11
UserNotFoundException (org.craftercms.studio.api.v1.exception.security.UserNotFoundException)11
User (org.craftercms.studio.api.v2.dal.User)10
IOException (java.io.IOException)9
ClusterMember (org.craftercms.studio.api.v2.dal.ClusterMember)9
CryptoException (org.craftercms.commons.crypto.CryptoException)8
ValidateParams (org.craftercms.commons.validation.annotations.param.ValidateParams)8
EntitlementException (org.craftercms.commons.entitlements.exception.EntitlementException)6
ZonedDateTime (java.time.ZonedDateTime)5
AuthenticationSystemException (org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)5
UserAlreadyExistsException (org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException)5
SiteService (org.craftercms.studio.api.v1.service.site.SiteService)5
