Search in sources :

Example 1 with AuthenticationChain

use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.

the class AuthenticationChainImpl method init.

public void init() {
    List<HierarchicalConfiguration<ImmutableNode>> chainConfig = studioConfiguration.getSubConfigs(CONFIGURATION_AUTHENTICATION_CHAIN_CONFIG);
    authenticationChain = new ArrayList<AuthenticationProvider>();
    chainConfig.forEach(providerConfig -> {
        AuthenticationProvider provider = AuthenticationProviderFactory.getAuthenticationProvider(providerConfig);
        if (provider != null && provider.isEnabled()) {
            authenticationChain.add(provider);
        }
    });
}
Also used : AuthenticationProvider(org.craftercms.studio.api.v2.service.security.AuthenticationProvider) HierarchicalConfiguration(org.apache.commons.configuration2.HierarchicalConfiguration)

Example 2 with AuthenticationChain

use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.

the class BaseAuthenticationProvider method createToken.

/**
 * Create authentication token
 *
 * @param user user to create token for
 * @param authenticationChain authentication chain
 * @return authentication token
 */
protected String createToken(User user, AuthenticationChain authenticationChain) {
    StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
    int timeout = studioConfiguration.getProperty(SECURITY_SESSION_TIMEOUT, Integer.class);
    String token = SessionTokenUtils.createToken(user.getUsername(), timeout);
    return token;
}
Also used : StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration)

Example 3 with AuthenticationChain

use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.

the class DbAuthenticationProvider method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, BadCredentialsException {
    Map<String, Object> params = new HashMap<String, Object>();
    params.put(USER_ID, -1);
    params.put(USERNAME, username);
    User user = null;
    UserDAO userDao = authenticationChain.getUserDao();
    try {
        user = userDao.getUserByIdOrUsername(params);
    } catch (Exception e) {
        logger.debug("Unknown database error", e);
        throw new AuthenticationSystemException("Unknown database error", e);
    }
    if (user != null && !user.isDeleted() && user.isEnabled() && CryptoUtils.matchPassword(user.getPassword(), password)) {
        String token = createToken(user, authenticationChain);
        storeAuthentication(new Authentication(username, token, AuthenticationType.DB));
        return true;
    } else {
        throw new BadCredentialsException();
    }
}
Also used : User(org.craftercms.studio.api.v2.dal.User) UserDAO(org.craftercms.studio.api.v2.dal.UserDAO) HashMap(java.util.HashMap) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException)

Example 4 with AuthenticationChain

use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.

the class HeadersAuthenticationProvider method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, UserNotFoundException {
    if (isEnabled()) {
        logger.debug("Authenticating user using authentication headers.");
        RequestContext requestContext = RequestContext.getCurrent();
        if (requestContext != null) {
            String securekeyHeader = request.getHeader(secureKeyHeader);
            logger.debug("Verifying authentication header secure key.");
            if (StringUtils.equals(securekeyHeader, secureKeyHeaderValue)) {
                String usernameHeaderValue = request.getHeader(usernameHeader);
                String firstName = request.getHeader(firstNameHeader);
                String lastName = request.getHeader(lastNameHeader);
                String email = request.getHeader(emailHeader);
                String groups = request.getHeader(groupsHeader);
                try {
                    UserServiceInternal userServiceInternal = authenticationChain.getUserServiceInternal();
                    AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
                    StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
                    SiteService siteService = authenticationChain.getSiteService();
                    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
                    if (userServiceInternal.userExists(-1, usernameHeaderValue)) {
                        User user = userServiceInternal.getUserByIdOrUsername(-1, usernameHeaderValue);
                        user.setFirstName(firstName);
                        user.setLastName(lastName);
                        user.setEmail(email);
                        if (StringUtils.isNoneEmpty(firstName, lastName, email)) {
                            logger.debug("If user already exists in studio DB, update details.");
                            try {
                                userServiceInternal.updateUser(user);
                                AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                                auditLog.setOperation(OPERATION_UPDATE);
                                auditLog.setActorId(usernameHeaderValue);
                                auditLog.setSiteId(siteFeed.getId());
                                auditLog.setPrimaryTargetId(usernameHeaderValue);
                                auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                                auditLog.setPrimaryTargetValue(user.getUsername());
                                auditServiceInternal.insertAuditLog(auditLog);
                            } catch (Exception e) {
                                logger.debug("Error updating user " + usernameHeaderValue + " with data from authentication headers", e);
                                throw new AuthenticationSystemException("Error updating user " + usernameHeaderValue + " with data from " + "external authentication provider", e);
                            }
                        }
                    } else {
                        logger.debug("User does not exist in studio db. Adding user " + usernameHeader);
                        try {
                            User user = new User();
                            user.setUsername(usernameHeaderValue);
                            user.setPassword(UUID.randomUUID().toString());
                            user.setFirstName(firstName);
                            user.setLastName(lastName);
                            user.setEmail(email);
                            user.setExternallyManaged(true);
                            user.setEnabled(true);
                            userServiceInternal.createUser(user);
                            AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                            auditLog.setOperation(OPERATION_CREATE);
                            auditLog.setSiteId(siteFeed.getId());
                            auditLog.setActorId(usernameHeaderValue);
                            auditLog.setPrimaryTargetId(usernameHeaderValue);
                            auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                            auditLog.setPrimaryTargetValue(user.getUsername());
                            auditServiceInternal.insertAuditLog(auditLog);
                        } catch (UserAlreadyExistsException | ServiceLayerException e) {
                            logger.debug("Error adding user " + usernameHeaderValue + " from authentication " + "headers", e);
                            throw new AuthenticationSystemException("Error adding user " + usernameHeaderValue + " from external " + "authentication provider", e);
                        }
                    }
                } catch (ServiceLayerException e) {
                    logger.debug("Unknown service error", e);
                    throw new AuthenticationSystemException("Unknown service error", e);
                }
                User user = new User();
                user.setUsername(usernameHeaderValue);
                user.setFirstName(firstName);
                user.setLastName(lastName);
                user.setEmail(email);
                user.setGroups(new ArrayList<UserGroup>());
                logger.debug("Update user groups in database.");
                if (StringUtils.isNoneEmpty(groups)) {
                    String[] groupsArray = groups.split(",");
                    for (int i = 0; i < groupsArray.length; i++) {
                        Group g = new Group();
                        try {
                            g.setGroupName(StringUtils.trim(groupsArray[i]));
                            g.setGroupDescription("Externally managed group");
                            g.setOrganization(null);
                            UserGroup ug = new UserGroup();
                            ug.setGroup(g);
                            user.getGroups().add(ug);
                            upsertUserGroup(g.getGroupName(), usernameHeaderValue, authenticationChain);
                        } catch (Exception e) {
                            logger.debug("Error updating user group " + g.getGroupName() + " with data from authentication headers", e);
                        }
                    }
                }
                String token = createToken(user, authenticationChain);
                if (isLogoutEnabled()) {
                    storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS, logoutUrl));
                } else {
                    storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS));
                }
                return true;
            }
        }
        logger.debug("Unable to authenticate user using authentication headers");
        return false;
    } else {
        logger.debug("Authentication using headers disabled");
        return false;
    }
}
Also used : UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) UserServiceInternal(org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) SiteNotFoundException(org.craftercms.studio.api.v1.exception.SiteNotFoundException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration) AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal) SiteService(org.craftercms.studio.api.v1.service.site.SiteService) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) RequestContext(org.craftercms.commons.http.RequestContext)

Example 5 with AuthenticationChain

use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.

the class HeadersAuthenticationProvider method upsertUserGroup.

protected boolean upsertUserGroup(String groupName, String username, AuthenticationChain authenticationChain) throws SiteNotFoundException {
    GroupDAO groupDao = authenticationChain.getGroupDao();
    UserDAO userDao = authenticationChain.getUserDao();
    AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
    SiteService siteService = authenticationChain.getSiteService();
    StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    try {
        Map<String, Object> params = new HashMap<>();
        params.put(ORG_ID, DEFAULT_ORGANIZATION_ID);
        params.put(GROUP_NAME, groupName);
        params.put(GROUP_DESCRIPTION, "Externally managed group - " + groupName);
        groupDao.createGroup(params);
    } catch (Exception e) {
        logger.debug("Error creating group", e);
    }
    Map<String, Object> params = new HashMap<String, Object>();
    params.put(GROUP_NAME, groupName);
    Group group = groupDao.getGroupByName(params);
    if (group != null) {
        List<String> usernames = new ArrayList<String>();
        params = new HashMap<>();
        params.put(USER_ID, -1);
        params.put(USERNAME, username);
        User user = userDao.getUserByIdOrUsername(params);
        List<Long> users = new ArrayList<Long>();
        users.add(user.getId());
        params = new HashMap<>();
        params.put(USER_IDS, users);
        params.put(GROUP_ID, group.getId());
        try {
            groupDao.addGroupMembers(params);
            AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
            auditLog.setOperation(OPERATION_ADD_MEMBERS);
            auditLog.setSiteId(siteFeed.getId());
            auditLog.setActorId(username);
            auditLog.setPrimaryTargetId(group.getGroupName() + ":" + user.getUsername());
            auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
            auditLog.setPrimaryTargetValue(user.getUsername());
            auditServiceInternal.insertAuditLog(auditLog);
        } catch (Exception e) {
            logger.debug("Unknown database error", e);
        }
    }
    return true;
}
Also used : UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) SiteNotFoundException(org.craftercms.studio.api.v1.exception.SiteNotFoundException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration) AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal) UserDAO(org.craftercms.studio.api.v2.dal.UserDAO) SiteService(org.craftercms.studio.api.v1.service.site.SiteService) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) GroupDAO(org.craftercms.studio.api.v2.dal.GroupDAO)

Aggregations

AuthenticationSystemException (org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)5 User (org.craftercms.studio.api.v2.dal.User)5 StudioConfiguration (org.craftercms.studio.api.v2.utils.StudioConfiguration)5 HashMap (java.util.HashMap)4 SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)4 ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)4 UserAlreadyExistsException (org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException)4 UserNotFoundException (org.craftercms.studio.api.v1.exception.security.UserNotFoundException)4 SiteService (org.craftercms.studio.api.v1.service.site.SiteService)4 AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)4 Group (org.craftercms.studio.api.v2.dal.Group)4 UserDAO (org.craftercms.studio.api.v2.dal.UserDAO)4 UserGroup (org.craftercms.studio.api.v2.dal.UserGroup)4 AuditServiceInternal (org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal)4 ArrayList (java.util.ArrayList)3 BadCredentialsException (org.craftercms.studio.api.v1.exception.security.BadCredentialsException)3 GroupDAO (org.craftercms.studio.api.v2.dal.GroupDAO)3 NamingException (javax.naming.NamingException)2 SiteNotFoundException (org.craftercms.studio.api.v1.exception.SiteNotFoundException)2 UserServiceInternal (org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal)2