Search in sources :

Example 61 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class OrganizationDirectoryServiceImpl method deleted.

@Override
public void deleted(String pid) {
    try {
        Organization organization = getOrganization(pid);
        persistence.deleteOrganization(pid);
        cache.invalidate();
        fireOrganizationUnregistered(organization);
    } catch (NotFoundException e) {
        logger.warn("Can't delete organization with id {}, organization not found.", pid);
    }
}
Also used : Organization(org.opencastproject.security.api.Organization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization) NotFoundException(org.opencastproject.util.NotFoundException)

Example 62 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class OrganizationFilter method doFilter.

/**
 * {@inheritDoc}
 *
 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
 *      javax.servlet.FilterChain)
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    URL url = new URL(httpRequest.getRequestURL().toString());
    Organization org = null;
    try {
        try {
            org = organizationDirectory.getOrganization(url);
        } catch (NotFoundException e) {
            logger.trace("No organization mapped to {}", url);
            List<Organization> orgs = organizationDirectory.getOrganizations();
            if (orgs.size() == 1) {
                org = orgs.get(0);
                logger.trace("Defaulting organization to {}", org);
            }
        }
        // If an organization was found, move on. Otherwise return a 404
        if (org == null) {
            logger.warn("No organization is mapped to handle {}", url);
            httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "No organization is mapped to handle " + url);
            return;
        }
        securityService.setOrganization(org);
        // Set the client's IP address
        if (StringUtils.isNotBlank(httpRequest.getHeader(X_FORWARDED_FOR))) {
            logger.trace("Found '{}' header for client IP '{}'", X_FORWARDED_FOR, httpRequest.getHeader(X_FORWARDED_FOR));
            securityService.setUserIP(httpRequest.getHeader(X_FORWARDED_FOR));
        } else {
            logger.trace("Using client IP from request '{}'", httpRequest.getRemoteAddr());
            securityService.setUserIP(httpRequest.getRemoteAddr());
        }
        chain.doFilter(request, response);
    } finally {
        securityService.setOrganization(null);
        securityService.setUser(null);
        securityService.setUserIP(null);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Organization(org.opencastproject.security.api.Organization) HttpServletResponse(javax.servlet.http.HttpServletResponse) NotFoundException(org.opencastproject.util.NotFoundException) List(java.util.List) URL(java.net.URL)

Example 63 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SecurityFilter method doFilter.

/**
 * {@inheritDoc}
 *
 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
 *      javax.servlet.FilterChain)
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    // Make sure we have an organization
    Organization org = securityService.getOrganization();
    if (org == null) {
        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }
    // Get a hold of the security filter for that organization
    Filter filter = orgSecurityFilters.get(org.getId());
    if (filter == null) {
        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    filter.doFilter(request, response, chain);
}
Also used : Organization(org.opencastproject.security.api.Organization) Filter(javax.servlet.Filter) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Example 64 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class TrustedHttpClientImpl method execute.

@Override
public HttpResponse execute(HttpUriRequest httpUriRequest, int connectionTimeout, int socketTimeout) throws TrustedHttpClientException {
    final HttpClient httpClient = makeHttpClient(connectionTimeout, socketTimeout);
    // Add the request header to elicit a digest auth response
    httpUriRequest.setHeader(REQUESTED_AUTH_HEADER, DIGEST_AUTH);
    httpUriRequest.setHeader(SecurityConstants.AUTHORIZATION_HEADER, "true");
    if (serviceRegistry != null && serviceRegistry.getCurrentJob() != null) {
        httpUriRequest.setHeader(CURRENT_JOB_HEADER, Long.toString(serviceRegistry.getCurrentJob().getId()));
    }
    // If a security service has been set, use it to pass the current security context on
    logger.debug("Adding security context to request");
    final Organization organization = securityService.getOrganization();
    if (organization != null) {
        httpUriRequest.setHeader(SecurityConstants.ORGANIZATION_HEADER, organization.getId());
        final User currentUser = securityService.getUser();
        if (currentUser != null) {
            httpUriRequest.setHeader(SecurityConstants.USER_HEADER, currentUser.getUsername());
        }
    }
    if ("GET".equalsIgnoreCase(httpUriRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpUriRequest.getMethod())) {
        // Set the user/pass
        final UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
        httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
        // Run the request (the http client handles the multiple back-and-forth requests)
        try {
            Opt<HttpUriRequest> optSignedHttpUriRequest = getSignedUrl(httpUriRequest);
            HttpResponse response;
            if (optSignedHttpUriRequest.isSome()) {
                logger.debug("Adding url signing to request {} so that it is {}", httpUriRequest.getURI().toString(), optSignedHttpUriRequest.get().getURI().toString());
                response = new HttpResponseWrapper(httpClient.execute(optSignedHttpUriRequest.get()));
            } else {
                logger.debug("Not adding url signing to request {}", httpUriRequest.getURI().toString());
                response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
            }
            responseMap.put(response, httpClient);
            return response;
        } catch (IOException e) {
            // close the http connection(s)
            httpClient.getConnectionManager().shutdown();
            throw new TrustedHttpClientException(e);
        }
    } else {
        // HttpClient doesn't handle the request dynamics for other verbs (especially when sending a streamed multipart
        // request), so we need to handle the details of the digest auth back-and-forth manually
        manuallyHandleDigestAuthentication(httpUriRequest, httpClient);
        HttpResponse response = null;
        try {
            response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
            if (nonceTimeoutRetries > 0 && hadNonceTimeoutResponse(response)) {
                httpClient.getConnectionManager().shutdown();
                response = retryAuthAndRequestAfterNonceTimeout(httpUriRequest, response);
            }
            responseMap.put(response, httpClient);
            return response;
        } catch (Exception e) {
            // if we have a response, remove it from the map
            if (response != null) {
                responseMap.remove(response);
            }
            // close the http connection(s)
            httpClient.getConnectionManager().shutdown();
            throw new TrustedHttpClientException(e);
        }
    }
}
Also used : HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) HttpResponseWrapper(org.opencastproject.security.util.HttpResponseWrapper) Organization(org.opencastproject.security.api.Organization) User(org.opencastproject.security.api.User) TrustedHttpClient(org.opencastproject.security.api.TrustedHttpClient) HttpClient(org.opencastproject.kernel.http.api.HttpClient) HttpResponse(org.apache.http.HttpResponse) IOException(java.io.IOException) TrustedHttpClientException(org.opencastproject.security.api.TrustedHttpClientException) ClientProtocolException(org.apache.http.client.ClientProtocolException) UrlSigningException(org.opencastproject.security.urlsigning.exception.UrlSigningException) IOException(java.io.IOException) TrustedHttpClientException(org.opencastproject.security.api.TrustedHttpClientException) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)

Example 65 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SecurityServiceSpringImpl method getUser.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.security.api.SecurityService#getUser()
 */
@Override
public User getUser() throws IllegalStateException {
    Organization org = getOrganization();
    if (org == null)
        throw new IllegalStateException("No organization is set in security context");
    User delegatedUser = delegatedUserHolder.get();
    if (delegatedUser != null) {
        return delegatedUser;
    }
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(org);
    if (auth != null) {
        Object principal = auth.getPrincipal();
        if ((principal != null) && (principal instanceof UserDetails)) {
            UserDetails userDetails = (UserDetails) principal;
            User user = null;
            // If user exists, fetch it from the userDirectory
            if (userDirectory != null) {
                user = userDirectory.loadUser(userDetails.getUsername());
                if (user == null) {
                    logger.debug("Authenticated user '{}' could not be found in any of the current UserProviders. Continuing anyway...", userDetails.getUsername());
                }
            } else {
                logger.debug("No UserDirectory was found when trying to search for user '{}'", userDetails.getUsername());
            }
            // Add the roles (authorities) in the security context
            Set<JaxbRole> roles = new HashSet<JaxbRole>();
            Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
            if (authorities != null) {
                for (GrantedAuthority ga : authorities) {
                    roles.add(new JaxbRole(ga.getAuthority(), jaxbOrganization));
                }
            }
            if (user == null) {
                // No user was found. Create one to hold the auth information from the security context
                user = new JaxbUser(userDetails.getUsername(), null, jaxbOrganization, roles);
            } else {
                // Combine the existing user with the roles in the security context
                user = JaxbUser.fromUser(user, roles);
            }
            // Save the user to retrieve it quicker the next time(s) this method is called (by this thread)
            delegatedUserHolder.set(user);
            return user;
        }
    }
    // Return the anonymous user by default
    return SecurityUtil.createAnonymousUser(jaxbOrganization);
}
Also used : JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) Organization(org.opencastproject.security.api.Organization) User(org.opencastproject.security.api.User) JaxbUser(org.opencastproject.security.api.JaxbUser) GrantedAuthority(org.springframework.security.core.GrantedAuthority) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) JaxbUser(org.opencastproject.security.api.JaxbUser) UserDetails(org.springframework.security.core.userdetails.UserDetails) JaxbRole(org.opencastproject.security.api.JaxbRole) Authentication(org.springframework.security.core.Authentication) HashSet(java.util.HashSet)

Aggregations

Organization (org.opencastproject.security.api.Organization)135 User (org.opencastproject.security.api.User)60 DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)46 NotFoundException (org.opencastproject.util.NotFoundException)43 JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)29 SecurityService (org.opencastproject.security.api.SecurityService)29 IOException (java.io.IOException)24 Before (org.junit.Before)24 ArrayList (java.util.ArrayList)23 AccessControlList (org.opencastproject.security.api.AccessControlList)22 OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)22 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)22 JaxbRole (org.opencastproject.security.api.JaxbRole)21 MediaPackage (org.opencastproject.mediapackage.MediaPackage)20 JaxbUser (org.opencastproject.security.api.JaxbUser)20 UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)19 File (java.io.File)18 HashMap (java.util.HashMap)17 WorkflowInstance (org.opencastproject.workflow.api.WorkflowInstance)17 Test (org.junit.Test)15