Search in sources :

Example 11 with AuthenticationException

use of org.craftercms.studio.api.v1.exception.security.AuthenticationException in project studio by craftercms.

the class LdapAuthenticationProvider method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, BadCredentialsException {
    LdapContextSource lcs = new LdapContextSource();
    lcs.setUrl(ldapUrl);
    lcs.setUserDn(ldapUsername);
    lcs.setPassword(ldapPassword);
    lcs.setBase(ldapBaseContext);
    lcs.setDirObjectFactory(DefaultDirObjectFactory.class);
    lcs.afterPropertiesSet();
    LdapTemplate ldapTemplate = new LdapTemplate(lcs);
    // Mapper for user data if user is successfully authenticated
    AuthenticatedLdapEntryContextMapper<User> mapper = (dirContext, ldapEntryIdentification) -> {
        try {
            // User entry - extract attributes
            DirContextOperations dirContextOperations = (DirContextOperations) dirContext.lookup(ldapEntryIdentification.getRelativeName());
            Attributes attributes = dirContextOperations.getAttributes();
            Attribute emailAttrib = attributes.get(emailLdapAttribute);
            Attribute firstNameAttrib = attributes.get(firstNameLdapAttribute);
            Attribute lastNameAttrib = attributes.get(lastNameLdapAttribute);
            Attribute groupNameAttrib = attributes.get(groupNameLdapAttribute);
            User user = new User();
            user.setEnabled(true);
            user.setExternallyManaged(true);
            user.setUsername(username);
            user.setPassword(UUID.randomUUID().toString());
            if (emailAttrib != null && emailAttrib.get() != null) {
                user.setEmail(emailAttrib.get().toString());
            } else {
                logger.warn("No LDAP attribute " + emailLdapAttribute + " found for username " + username + ". User will not be imported into DB.");
                return null;
            }
            if (firstNameAttrib != null && firstNameAttrib.get() != null) {
                user.setFirstName(firstNameAttrib.get().toString());
            } else {
                logger.warn("No LDAP attribute " + firstNameLdapAttribute + " found for username " + username);
            }
            if (lastNameAttrib != null && lastNameAttrib.get() != null) {
                user.setLastName(lastNameAttrib.get().toString());
            } else {
                logger.warn("No LDAP attribute " + lastNameLdapAttribute + " found for username " + username);
            }
            extractGroupsFromAttribute(user, groupNameLdapAttribute, groupNameAttrib);
            return user;
        } catch (NamingException e) {
            logger.debug("Error getting details from LDAP for username " + username, e);
            return null;
        }
    };
    // Create ldap query to authenticate user
    LdapQuery ldapQuery = query().where(usernameLdapAttribute).is(username);
    User user;
    try {
        user = ldapTemplate.authenticate(ldapQuery, password, mapper);
    } catch (EmptyResultDataAccessException e) {
        logger.debug("User " + username + " not found with external security provider.");
        return false;
    } catch (CommunicationException e) {
        logger.debug("Failed to connect with external security provider", e);
        return false;
    } catch (AuthenticationException e) {
        logger.debug("Authentication failed with the LDAP system (bad credentials)", e);
        throw new BadCredentialsException();
    } catch (Exception e) {
        logger.debug("Unexpected exception when authenticating with the LDAP system", e);
        return false;
    }
    if (user != null) {
        // When user authenticated against LDAP, upsert user data into studio database
        UserServiceInternal userServiceInternal = authenticationChain.getUserServiceInternal();
        AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
        StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
        SiteService siteService = authenticationChain.getSiteService();
        try {
            SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
            if (userServiceInternal.userExists(-1, username)) {
                try {
                    userServiceInternal.updateUser(user);
                } catch (UserNotFoundException e) {
                    // Shouldn't happen
                    throw new IllegalStateException(e);
                }
                AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                auditLog.setOperation(OPERATION_UPDATE);
                auditLog.setSiteId(siteFeed.getId());
                auditLog.setActorId(user.getUsername());
                auditLog.setPrimaryTargetId(user.getUsername());
                auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                auditLog.setPrimaryTargetValue(user.getUsername());
                auditServiceInternal.insertAuditLog(auditLog);
            } else {
                try {
                    userServiceInternal.createUser(user);
                    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                    auditLog.setOperation(OPERATION_CREATE);
                    auditLog.setSiteId(siteFeed.getId());
                    auditLog.setActorId(user.getUsername());
                    auditLog.setPrimaryTargetId(user.getUsername());
                    auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                    auditLog.setPrimaryTargetValue(user.getUsername());
                    auditServiceInternal.insertAuditLog(auditLog);
                } catch (UserAlreadyExistsException e) {
                    logger.debug("Error adding user " + username + " from external authentication provider", e);
                    throw new AuthenticationSystemException("Error adding user " + username + " from external authentication provider", e);
                }
            }
        } catch (ServiceLayerException e) {
            logger.debug("Unknown service error", e);
            throw new AuthenticationSystemException("Unknown service error", e);
        }
        for (UserGroup userGroup : user.getGroups()) {
            upsertUserGroup(userGroup.getGroup().getGroupName(), user.getUsername(), authenticationChain);
        }
        String token = createToken(user, authenticationChain);
        storeAuthentication(new Authentication(username, token, AuthenticationType.LDAP));
        return true;
    } else {
        logger.debug("Failed to retrieve LDAP user details");
        throw new AuthenticationSystemException("Failed to retrieve LDAP user details");
    }
}
Also used : DEFAULT_ORGANIZATION_ID(org.craftercms.studio.api.v1.constant.StudioConstants.DEFAULT_ORGANIZATION_ID) UserServiceInternal(org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal) GROUP_NAME(org.craftercms.studio.api.v2.dal.QueryParameterNames.GROUP_NAME) LdapTemplate(org.springframework.ldap.core.LdapTemplate) NamingException(javax.naming.NamingException) StringUtils(org.apache.commons.lang3.StringUtils) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) User(org.craftercms.studio.api.v2.dal.User) Attribute(javax.naming.directory.Attribute) Matcher(java.util.regex.Matcher) GROUP_DESCRIPTION(org.craftercms.studio.api.v2.dal.QueryParameterNames.GROUP_DESCRIPTION) AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal) Map(java.util.Map) BaseAuthenticationProvider(org.craftercms.studio.api.v2.service.security.BaseAuthenticationProvider) UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) USERNAME(org.craftercms.studio.api.v2.dal.QueryParameterNames.USERNAME) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) SiteService(org.craftercms.studio.api.v1.service.site.SiteService) CONFIGURATION_GLOBAL_SYSTEM_SITE(org.craftercms.studio.api.v2.utils.StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE) UUID(java.util.UUID) List(java.util.List) StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration) GROUP_ID(org.craftercms.studio.api.v2.dal.QueryParameterNames.GROUP_ID) LdapQueryBuilder.query(org.springframework.ldap.query.LdapQueryBuilder.query) Attributes(javax.naming.directory.Attributes) NamingEnumeration(javax.naming.NamingEnumeration) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) OPERATION_CREATE(org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_CREATE) Pattern(java.util.regex.Pattern) DirContextOperations(org.springframework.ldap.core.DirContextOperations) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) TARGET_TYPE_USER(org.craftercms.studio.api.v2.dal.AuditLogConstants.TARGET_TYPE_USER) USER_ID(org.craftercms.studio.api.v2.dal.QueryParameterNames.USER_ID) AuthenticationException(org.springframework.ldap.AuthenticationException) USER_IDS(org.craftercms.studio.api.v2.dal.QueryParameterNames.USER_IDS) Logger(org.craftercms.studio.api.v1.log.Logger) GroupDAO(org.craftercms.studio.api.v2.dal.GroupDAO) AuthenticationType(org.craftercms.studio.model.AuthenticationType) HashMap(java.util.HashMap) AuthenticationChain(org.craftercms.studio.api.v2.service.security.AuthenticationChain) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) LoggerFactory(org.craftercms.studio.api.v1.log.LoggerFactory) CommunicationException(org.springframework.ldap.CommunicationException) OPERATION_ADD_MEMBERS(org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_ADD_MEMBERS) OPERATION_UPDATE(org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_UPDATE) LdapQuery(org.springframework.ldap.query.LdapQuery) DefaultDirObjectFactory(org.springframework.ldap.core.support.DefaultDirObjectFactory) UserDAO(org.craftercms.studio.api.v2.dal.UserDAO) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) HttpServletResponse(javax.servlet.http.HttpServletResponse) ORG_ID(org.craftercms.studio.api.v2.dal.QueryParameterNames.ORG_ID) Group(org.craftercms.studio.api.v2.dal.Group) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) AuthenticatedLdapEntryContextMapper(org.springframework.ldap.core.AuthenticatedLdapEntryContextMapper) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) User(org.craftercms.studio.api.v2.dal.User) Attribute(javax.naming.directory.Attribute) AuthenticationException(org.springframework.ldap.AuthenticationException) Attributes(javax.naming.directory.Attributes) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) LdapQuery(org.springframework.ldap.query.LdapQuery) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) LdapTemplate(org.springframework.ldap.core.LdapTemplate) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration) SiteService(org.craftercms.studio.api.v1.service.site.SiteService) NamingException(javax.naming.NamingException) CommunicationException(org.springframework.ldap.CommunicationException) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) UserServiceInternal(org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) NamingException(javax.naming.NamingException) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) AuthenticationException(org.springframework.ldap.AuthenticationException) CommunicationException(org.springframework.ldap.CommunicationException) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal) DirContextOperations(org.springframework.ldap.core.DirContextOperations) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException)

Example 12 with AuthenticationException

use of org.craftercms.studio.api.v1.exception.security.AuthenticationException in project studio by craftercms.

the class UserServiceImpl method enableUsers.

@Override
@HasPermission(type = DefaultPermission.class, action = "update_users")
public List<User> enableUsers(List<Long> userIds, List<String> usernames, boolean enabled) throws ServiceLayerException, UserNotFoundException, AuthenticationException {
    List<User> users = userServiceInternal.enableUsers(userIds, usernames, enabled);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setSiteId(siteFeed.getId());
    if (enabled) {
        auditLog.setOperation(OPERATION_ENABLE);
    } else {
        auditLog.setOperation(OPERATION_DISABLE);
    }
    auditLog.setActorId(getCurrentUser().getUsername());
    auditLog.setPrimaryTargetId(siteFeed.getSiteId());
    auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
    auditLog.setPrimaryTargetValue(siteFeed.getName());
    List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
    for (User u : users) {
        AuditLogParameter paramter = new AuditLogParameter();
        paramter.setTargetId(Long.toString(u.getId()));
        paramter.setTargetType(TARGET_TYPE_USER);
        paramter.setTargetValue(u.getUsername());
        paramters.add(paramter);
    }
    auditLog.setParameters(paramters);
    auditServiceInternal.insertAuditLog(auditLog);
    return users;
}
Also used : User(org.craftercms.studio.api.v2.dal.User) AuthenticatedUser(org.craftercms.studio.model.AuthenticatedUser) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 13 with AuthenticationException

use of org.craftercms.studio.api.v1.exception.security.AuthenticationException in project studio by craftercms.

the class UserServiceImpl method getCurrentUser.

@Override
public AuthenticatedUser getCurrentUser() throws AuthenticationException, ServiceLayerException {
    Authentication authentication = securityService.getAuthentication();
    if (authentication != null) {
        String username = authentication.getUsername();
        User user;
        try {
            user = userServiceInternal.getUserByIdOrUsername(0, username);
        } catch (UserNotFoundException e) {
            throw new ServiceLayerException("Current authenticated user '" + username + "' wasn't found in repository", e);
        }
        if (user != null) {
            AuthenticatedUser authUser = new AuthenticatedUser(user);
            authUser.setAuthenticationType(authentication.getAuthenticationType());
            return authUser;
        } else {
            throw new ServiceLayerException("Current authenticated user '" + username + "' wasn't found in repository");
        }
    } else {
        throw new AuthenticationException("User should be authenticated");
    }
}
Also used : UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) User(org.craftercms.studio.api.v2.dal.User) AuthenticatedUser(org.craftercms.studio.model.AuthenticatedUser) AuthenticationException(org.craftercms.studio.api.v1.exception.security.AuthenticationException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) AuthenticatedUser(org.craftercms.studio.model.AuthenticatedUser)

Example 14 with AuthenticationException

use of org.craftercms.studio.api.v1.exception.security.AuthenticationException in project studio by craftercms.

the class UserServiceImpl method updateUser.

@Override
@HasPermission(type = DefaultPermission.class, action = "update_users")
public void updateUser(User user) throws ServiceLayerException, UserNotFoundException, AuthenticationException {
    userServiceInternal.updateUser(user);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setOperation(OPERATION_UPDATE);
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setActorId(getCurrentUser().getUsername());
    auditLog.setPrimaryTargetId(user.getUsername());
    auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
    auditLog.setPrimaryTargetValue(user.getUsername());
    auditServiceInternal.insertAuditLog(auditLog);
}
Also used : SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Aggregations

SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)13 AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)13 HasPermission (org.craftercms.commons.security.permissions.annotations.HasPermission)9 Group (org.craftercms.studio.api.v2.dal.Group)7 User (org.craftercms.studio.api.v2.dal.User)7 ArrayList (java.util.ArrayList)6 ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)6 AuditLogParameter (org.craftercms.studio.api.v2.dal.AuditLogParameter)5 AuthenticatedUser (org.craftercms.studio.model.AuthenticatedUser)4 SiteNotFoundException (org.craftercms.studio.api.v1.exception.SiteNotFoundException)3 AuthenticationException (org.craftercms.studio.api.v1.exception.security.AuthenticationException)2 GroupNotFoundException (org.craftercms.studio.api.v1.exception.security.GroupNotFoundException)2 UserNotFoundException (org.craftercms.studio.api.v1.exception.security.UserNotFoundException)2 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 UUID (java.util.UUID)1 Matcher (java.util.regex.Matcher)1 Pattern (java.util.regex.Pattern)1 NamingEnumeration (javax.naming.NamingEnumeration)1