use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.
the class AuthenticationChainImpl method init.
public void init() {
List<HierarchicalConfiguration<ImmutableNode>> chainConfig = studioConfiguration.getSubConfigs(CONFIGURATION_AUTHENTICATION_CHAIN_CONFIG);
authenticationChain = new ArrayList<AuthenticationProvider>();
chainConfig.forEach(providerConfig -> {
AuthenticationProvider provider = AuthenticationProviderFactory.getAuthenticationProvider(providerConfig);
if (provider != null && provider.isEnabled()) {
authenticationChain.add(provider);
}
});
}
use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.
the class BaseAuthenticationProvider method createToken.
/**
* Create authentication token
*
* @param user user to create token for
* @param authenticationChain authentication chain
* @return authentication token
*/
protected String createToken(User user, AuthenticationChain authenticationChain) {
StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
int timeout = studioConfiguration.getProperty(SECURITY_SESSION_TIMEOUT, Integer.class);
String token = SessionTokenUtils.createToken(user.getUsername(), timeout);
return token;
}
use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.
the class DbAuthenticationProvider method doAuthenticate.
@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, BadCredentialsException {
Map<String, Object> params = new HashMap<String, Object>();
params.put(USER_ID, -1);
params.put(USERNAME, username);
User user = null;
UserDAO userDao = authenticationChain.getUserDao();
try {
user = userDao.getUserByIdOrUsername(params);
} catch (Exception e) {
logger.debug("Unknown database error", e);
throw new AuthenticationSystemException("Unknown database error", e);
}
if (user != null && !user.isDeleted() && user.isEnabled() && CryptoUtils.matchPassword(user.getPassword(), password)) {
String token = createToken(user, authenticationChain);
storeAuthentication(new Authentication(username, token, AuthenticationType.DB));
return true;
} else {
throw new BadCredentialsException();
}
}
use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.
the class HeadersAuthenticationProvider method doAuthenticate.
@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, UserNotFoundException {
if (isEnabled()) {
logger.debug("Authenticating user using authentication headers.");
RequestContext requestContext = RequestContext.getCurrent();
if (requestContext != null) {
String securekeyHeader = request.getHeader(secureKeyHeader);
logger.debug("Verifying authentication header secure key.");
if (StringUtils.equals(securekeyHeader, secureKeyHeaderValue)) {
String usernameHeaderValue = request.getHeader(usernameHeader);
String firstName = request.getHeader(firstNameHeader);
String lastName = request.getHeader(lastNameHeader);
String email = request.getHeader(emailHeader);
String groups = request.getHeader(groupsHeader);
try {
UserServiceInternal userServiceInternal = authenticationChain.getUserServiceInternal();
AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
SiteService siteService = authenticationChain.getSiteService();
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
if (userServiceInternal.userExists(-1, usernameHeaderValue)) {
User user = userServiceInternal.getUserByIdOrUsername(-1, usernameHeaderValue);
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEmail(email);
if (StringUtils.isNoneEmpty(firstName, lastName, email)) {
logger.debug("If user already exists in studio DB, update details.");
try {
userServiceInternal.updateUser(user);
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_UPDATE);
auditLog.setActorId(usernameHeaderValue);
auditLog.setSiteId(siteFeed.getId());
auditLog.setPrimaryTargetId(usernameHeaderValue);
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(user.getUsername());
auditServiceInternal.insertAuditLog(auditLog);
} catch (Exception e) {
logger.debug("Error updating user " + usernameHeaderValue + " with data from authentication headers", e);
throw new AuthenticationSystemException("Error updating user " + usernameHeaderValue + " with data from " + "external authentication provider", e);
}
}
} else {
logger.debug("User does not exist in studio db. Adding user " + usernameHeader);
try {
User user = new User();
user.setUsername(usernameHeaderValue);
user.setPassword(UUID.randomUUID().toString());
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEmail(email);
user.setExternallyManaged(true);
user.setEnabled(true);
userServiceInternal.createUser(user);
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_CREATE);
auditLog.setSiteId(siteFeed.getId());
auditLog.setActorId(usernameHeaderValue);
auditLog.setPrimaryTargetId(usernameHeaderValue);
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(user.getUsername());
auditServiceInternal.insertAuditLog(auditLog);
} catch (UserAlreadyExistsException | ServiceLayerException e) {
logger.debug("Error adding user " + usernameHeaderValue + " from authentication " + "headers", e);
throw new AuthenticationSystemException("Error adding user " + usernameHeaderValue + " from external " + "authentication provider", e);
}
}
} catch (ServiceLayerException e) {
logger.debug("Unknown service error", e);
throw new AuthenticationSystemException("Unknown service error", e);
}
User user = new User();
user.setUsername(usernameHeaderValue);
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEmail(email);
user.setGroups(new ArrayList<UserGroup>());
logger.debug("Update user groups in database.");
if (StringUtils.isNoneEmpty(groups)) {
String[] groupsArray = groups.split(",");
for (int i = 0; i < groupsArray.length; i++) {
Group g = new Group();
try {
g.setGroupName(StringUtils.trim(groupsArray[i]));
g.setGroupDescription("Externally managed group");
g.setOrganization(null);
UserGroup ug = new UserGroup();
ug.setGroup(g);
user.getGroups().add(ug);
upsertUserGroup(g.getGroupName(), usernameHeaderValue, authenticationChain);
} catch (Exception e) {
logger.debug("Error updating user group " + g.getGroupName() + " with data from authentication headers", e);
}
}
}
String token = createToken(user, authenticationChain);
if (isLogoutEnabled()) {
storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS, logoutUrl));
} else {
storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS));
}
return true;
}
}
logger.debug("Unable to authenticate user using authentication headers");
return false;
} else {
logger.debug("Authentication using headers disabled");
return false;
}
}
use of org.craftercms.studio.api.v2.service.security.AuthenticationChain in project studio by craftercms.
the class HeadersAuthenticationProvider method upsertUserGroup.
protected boolean upsertUserGroup(String groupName, String username, AuthenticationChain authenticationChain) throws SiteNotFoundException {
GroupDAO groupDao = authenticationChain.getGroupDao();
UserDAO userDao = authenticationChain.getUserDao();
AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
SiteService siteService = authenticationChain.getSiteService();
StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
try {
Map<String, Object> params = new HashMap<>();
params.put(ORG_ID, DEFAULT_ORGANIZATION_ID);
params.put(GROUP_NAME, groupName);
params.put(GROUP_DESCRIPTION, "Externally managed group - " + groupName);
groupDao.createGroup(params);
} catch (Exception e) {
logger.debug("Error creating group", e);
}
Map<String, Object> params = new HashMap<String, Object>();
params.put(GROUP_NAME, groupName);
Group group = groupDao.getGroupByName(params);
if (group != null) {
List<String> usernames = new ArrayList<String>();
params = new HashMap<>();
params.put(USER_ID, -1);
params.put(USERNAME, username);
User user = userDao.getUserByIdOrUsername(params);
List<Long> users = new ArrayList<Long>();
users.add(user.getId());
params = new HashMap<>();
params.put(USER_IDS, users);
params.put(GROUP_ID, group.getId());
try {
groupDao.addGroupMembers(params);
AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
auditLog.setOperation(OPERATION_ADD_MEMBERS);
auditLog.setSiteId(siteFeed.getId());
auditLog.setActorId(username);
auditLog.setPrimaryTargetId(group.getGroupName() + ":" + user.getUsername());
auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
auditLog.setPrimaryTargetValue(user.getUsername());
auditServiceInternal.insertAuditLog(auditLog);
} catch (Exception e) {
logger.debug("Unknown database error", e);
}
}
return true;
}
Aggregations