Search in sources :

Example 1 with Credential

use of org.eclipse.kapua.service.authentication.credential.Credential in project kapua by eclipse.

the class KapuaAuthenticatingRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    // 
    // Extract credentials
    UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
    String tokenUsername = token.getUsername();
    // char[] tokenPassword = token.getPassword();
    // 
    // Get Services
    KapuaLocator locator;
    UserService userService;
    AccountService accountService;
    CredentialService credentialService;
    try {
        locator = KapuaLocator.getInstance();
        userService = locator.getService(UserService.class);
        accountService = locator.getService(AccountService.class);
        credentialService = locator.getService(CredentialService.class);
    } catch (KapuaRuntimeException kre) {
        throw new ShiroException("Error while getting services!", kre);
    }
    // 
    // Get the associated user by name
    final User user;
    try {
        user = KapuaSecurityUtils.doPriviledge(new Callable<User>() {

            @Override
            public User call() throws Exception {
                return userService.findByName(tokenUsername);
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find user!", e);
        }
    }
    // Check existence
    if (user == null) {
        throw new UnknownAccountException();
    }
    // Check disabled
    if (UserStatus.DISABLED.equals(user.getStatus())) {
        throw new DisabledAccountException();
    }
    // 
    // Find account
    final Account account;
    try {
        account = KapuaSecurityUtils.doPriviledge(new Callable<Account>() {

            @Override
            public Account call() throws Exception {
                return accountService.find(user.getScopeId());
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find account!", e);
        }
    }
    // Check existence
    if (account == null) {
        throw new UnknownAccountException();
    }
    // 
    // Find credentials
    // FIXME: manage multiple credentials and multiple credentials type
    Credential credential = null;
    try {
        credential = KapuaSecurityUtils.doPriviledge(new Callable<Credential>() {

            @Override
            public Credential call() throws Exception {
                CredentialListResult credentialList = credentialService.findByUserId(user.getScopeId(), user.getId());
                // TODO may be better to filter by credential type?
                if (credentialList != null && !credentialList.isEmpty()) {
                    return credentialList.getItem(0);
                } else {
                    throw new UnknownAccountException();
                }
            }
        });
    } catch (Exception e) {
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find credentials!", e);
        }
    }
    // 
    // BuildAuthenticationInfo8
    KapuaSimpleAuthenticationInfo info = new KapuaSimpleAuthenticationInfo(user, credential, account, getName());
    return info;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Account(org.eclipse.kapua.service.account.Account) Credential(org.eclipse.kapua.service.authentication.credential.Credential) User(org.eclipse.kapua.service.user.User) UserService(org.eclipse.kapua.service.user.UserService) AuthenticationException(org.apache.shiro.authc.AuthenticationException) KapuaRuntimeException(org.eclipse.kapua.KapuaRuntimeException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Callable(java.util.concurrent.Callable) ShiroException(org.apache.shiro.ShiroException) DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) KapuaRuntimeException(org.eclipse.kapua.KapuaRuntimeException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) KapuaException(org.eclipse.kapua.KapuaException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) ShiroException(org.apache.shiro.ShiroException) KapuaSimpleAuthenticationInfo(org.eclipse.kapua.service.authentication.shiro.credential.KapuaSimpleAuthenticationInfo) CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService) CredentialListResult(org.eclipse.kapua.service.authentication.credential.CredentialListResult) AccountService(org.eclipse.kapua.service.account.AccountService)

Example 2 with Credential

use of org.eclipse.kapua.service.authentication.credential.Credential in project kapua by eclipse.

the class CredentialServiceImpl method update.

@Override
public Credential update(Credential credential) throws KapuaException {
    // 
    // Argument Validation
    ArgumentValidator.notNull(credential, "credentialCreator");
    ArgumentValidator.notNull(credential.getId(), "credentialCreator.id");
    ArgumentValidator.notNull(credential.getScopeId(), "credentialCreator.scopeId");
    ArgumentValidator.notNull(credential.getUserId(), "credentialCreator.userId");
    ArgumentValidator.notNull(credential.getCredentialType(), "credentialCreator.credentialType");
    ArgumentValidator.notEmptyOrNull(credential.getCredentialKey(), "credentialCreator.credentialKey");
    // 
    // Check access
    KapuaLocator locator = KapuaLocator.getInstance();
    AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
    PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
    authorizationService.checkPermission(permissionFactory.newPermission(CredentialDomain.CREDENTIAL, Actions.write, credential.getScopeId()));
    // 
    // Do update
    Credential credentialUpdated = null;
    EntityManager em = AuthenticationEntityManagerFactory.getEntityManager();
    try {
        Credential currentUser = CredentialDAO.find(em, credential.getId());
        if (currentUser == null) {
            throw new KapuaEntityNotFoundException(Credential.TYPE, credential.getId());
        }
        // Passing attributes??
        em.beginTransaction();
        CredentialDAO.update(em, credential);
        em.commit();
        credentialUpdated = CredentialDAO.find(em, credential.getId());
    } catch (Exception pe) {
        em.rollback();
        throw KapuaExceptionUtils.convertPersistenceException(pe);
    } finally {
        em.close();
    }
    return credentialUpdated;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Credential(org.eclipse.kapua.service.authentication.credential.Credential) EntityManager(org.eclipse.kapua.commons.jpa.EntityManager) AuthorizationService(org.eclipse.kapua.service.authorization.AuthorizationService) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) KapuaEntityNotFoundException(org.eclipse.kapua.KapuaEntityNotFoundException) KapuaEntityNotFoundException(org.eclipse.kapua.KapuaEntityNotFoundException) KapuaException(org.eclipse.kapua.KapuaException)

Example 3 with Credential

use of org.eclipse.kapua.service.authentication.credential.Credential in project kapua by eclipse.

the class GwtUserServiceImpl method update.

public GwtUser update(GwtXSRFToken xsrfToken, GwtUser gwtUser) throws GwtKapuaException {
    checkXSRFToken(xsrfToken);
    GwtUser gwtUserUpdated = null;
    try {
        KapuaLocator locator = KapuaLocator.getInstance();
        UserService userService = locator.getService(UserService.class);
        KapuaId scopeId = KapuaEid.parseShortId(gwtUser.getScopeId());
        KapuaId userId = KapuaEid.parseShortId(gwtUser.getId());
        User user = userService.find(scopeId, userId);
        if (user != null) {
            // 
            // Update user
            user.setName(gwtUser.getUnescapedUsername());
            user.setDisplayName(gwtUser.getUnescapedDisplayName());
            user.setEmail(gwtUser.getUnescapedEmail());
            user.setPhoneNumber(gwtUser.getUnescapedPhoneNumber());
            // status
            user.setStatus(UserStatus.valueOf(gwtUser.getStatus()));
            // 
            // Update permissions
            Set<String> newPermissions = new HashSet<String>();
            if (gwtUser.getPermissions() != null) {
                // build the set of permissions
                newPermissions.addAll(Arrays.asList(gwtUser.getPermissions().split(",")));
            }
            UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
            UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
            PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
            Set<UserPermissionCreator> newUserPermissions = new HashSet<UserPermissionCreator>();
            for (String p : newPermissions) {
                UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
                userPermissionCreator.setUserId(scopeId);
                String[] tokens = p.split(":");
                String domain = null;
                Actions action = null;
                KapuaId targetScopeId = null;
                if (tokens.length > 0) {
                    domain = tokens[0];
                }
                if (tokens.length > 1) {
                    action = Actions.valueOf(tokens[1]);
                }
                if (tokens.length > 2) {
                    targetScopeId = KapuaEid.parseShortId(tokens[2]);
                }
                Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
                userPermissionCreator.setPermission(permission);
                userPermissionService.create(userPermissionCreator);
            }
            userPermissionService.merge(newUserPermissions);
            // Update credentials
            if (gwtUser.getPassword() != null) {
                CredentialService credentialService = locator.getService(CredentialService.class);
                CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
                CredentialListResult credentials = credentialService.findByUserId(scopeId, userId);
                if (!credentials.isEmpty()) {
                    // 
                    // Delete old PASSWORD credential
                    Credential oldCredential = null;
                    for (Credential c : credentials.getItems()) {
                        if (CredentialType.PASSWORD.equals(c.getCredentialType())) {
                            oldCredential = c;
                            break;
                        }
                    }
                    credentialService.delete(oldCredential.getScopeId(), oldCredential.getId());
                    // 
                    // Create new PASSWORD credential
                    CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUser.getPassword());
                    credentialService.create(credentialCreator);
                }
            }
            // optlock
            user.setOptlock(gwtUser.getOptlock());
            // update the user
            userService.update(user);
            // 
            // convert to GwtAccount and return
            // reload the user as we want to load all its permissions
            gwtUserUpdated = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
        }
    } catch (Throwable t) {
        KapuaExceptionHandler.handle(t);
    }
    return gwtUserUpdated;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Credential(org.eclipse.kapua.service.authentication.credential.Credential) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) User(org.eclipse.kapua.service.user.User) GwtUserService(org.eclipse.kapua.app.console.shared.service.GwtUserService) UserService(org.eclipse.kapua.service.user.UserService) Actions(org.eclipse.kapua.service.authorization.permission.Actions) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialFactory(org.eclipse.kapua.service.authentication.credential.CredentialFactory) CredentialCreator(org.eclipse.kapua.service.authentication.credential.CredentialCreator) CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService) Permission(org.eclipse.kapua.service.authorization.permission.Permission) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialListResult(org.eclipse.kapua.service.authentication.credential.CredentialListResult) KapuaId(org.eclipse.kapua.model.id.KapuaId) HashSet(java.util.HashSet) UserPermissionCreator(org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)

Example 4 with Credential

use of org.eclipse.kapua.service.authentication.credential.Credential in project kapua by eclipse.

the class CredentialServiceImpl method find.

@Override
public Credential find(KapuaId scopeId, KapuaId credentialId) throws KapuaException {
    // Validation of the fields
    ArgumentValidator.notNull(scopeId, "scopeId");
    ArgumentValidator.notNull(credentialId, "credentialId");
    // 
    // Check Access
    KapuaLocator locator = KapuaLocator.getInstance();
    AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
    PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
    authorizationService.checkPermission(permissionFactory.newPermission(CredentialDomain.CREDENTIAL, Actions.read, scopeId));
    // 
    // Do find
    Credential credential = null;
    EntityManager em = AuthenticationEntityManagerFactory.getEntityManager();
    try {
        credential = CredentialDAO.find(em, credentialId);
    } catch (Exception pe) {
        throw KapuaExceptionUtils.convertPersistenceException(pe);
    } finally {
        em.close();
    }
    return credential;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Credential(org.eclipse.kapua.service.authentication.credential.Credential) EntityManager(org.eclipse.kapua.commons.jpa.EntityManager) AuthorizationService(org.eclipse.kapua.service.authorization.AuthorizationService) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) KapuaEntityNotFoundException(org.eclipse.kapua.KapuaEntityNotFoundException) KapuaException(org.eclipse.kapua.KapuaException)

Example 5 with Credential

use of org.eclipse.kapua.service.authentication.credential.Credential in project kapua by eclipse.

the class CredentialServiceImpl method create.

@Override
public Credential create(CredentialCreator credentialCreator) throws KapuaException {
    // 
    // Argument Validation
    ArgumentValidator.notNull(credentialCreator, "credentialCreator");
    ArgumentValidator.notNull(credentialCreator.getScopeId(), "credentialCreator.scopeId");
    ArgumentValidator.notNull(credentialCreator.getUserId(), "credentialCreator.userId");
    ArgumentValidator.notNull(credentialCreator.getCredentialType(), "credentialCreator.credentialType");
    ArgumentValidator.notEmptyOrNull(credentialCreator.getCredentialPlainKey(), "credentialCreator.credentialKey");
    // 
    // Check access
    KapuaLocator locator = KapuaLocator.getInstance();
    AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
    PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
    authorizationService.checkPermission(permissionFactory.newPermission(CredentialDomain.CREDENTIAL, Actions.write, credentialCreator.getScopeId()));
    // 
    // Do create
    Credential credential = null;
    EntityManager em = AuthenticationEntityManagerFactory.getEntityManager();
    try {
        em.beginTransaction();
        credential = CredentialDAO.create(em, credentialCreator);
        credential = CredentialDAO.find(em, credential.getId());
        em.commit();
    } catch (Exception pe) {
        em.rollback();
        throw KapuaExceptionUtils.convertPersistenceException(pe);
    } finally {
        em.close();
    }
    return credential;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Credential(org.eclipse.kapua.service.authentication.credential.Credential) EntityManager(org.eclipse.kapua.commons.jpa.EntityManager) AuthorizationService(org.eclipse.kapua.service.authorization.AuthorizationService) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) KapuaEntityNotFoundException(org.eclipse.kapua.KapuaEntityNotFoundException) KapuaException(org.eclipse.kapua.KapuaException)

Aggregations

KapuaLocator (org.eclipse.kapua.locator.KapuaLocator)5 Credential (org.eclipse.kapua.service.authentication.credential.Credential)5 KapuaException (org.eclipse.kapua.KapuaException)4 PermissionFactory (org.eclipse.kapua.service.authorization.permission.PermissionFactory)4 KapuaEntityNotFoundException (org.eclipse.kapua.KapuaEntityNotFoundException)3 EntityManager (org.eclipse.kapua.commons.jpa.EntityManager)3 AuthorizationService (org.eclipse.kapua.service.authorization.AuthorizationService)3 CredentialListResult (org.eclipse.kapua.service.authentication.credential.CredentialListResult)2 CredentialService (org.eclipse.kapua.service.authentication.credential.CredentialService)2 User (org.eclipse.kapua.service.user.User)2 UserService (org.eclipse.kapua.service.user.UserService)2 HashSet (java.util.HashSet)1 Callable (java.util.concurrent.Callable)1 ShiroException (org.apache.shiro.ShiroException)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)1 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1 KapuaRuntimeException (org.eclipse.kapua.KapuaRuntimeException)1 GwtUser (org.eclipse.kapua.app.console.shared.model.GwtUser)1