use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class OrganizationDirectoryServiceImpl method deleted.
@Override
public void deleted(String pid) {
try {
Organization organization = getOrganization(pid);
persistence.deleteOrganization(pid);
cache.invalidate();
fireOrganizationUnregistered(organization);
} catch (NotFoundException e) {
logger.warn("Can't delete organization with id {}, organization not found.", pid);
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class OrganizationFilter method doFilter.
/**
* {@inheritDoc}
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
URL url = new URL(httpRequest.getRequestURL().toString());
Organization org = null;
try {
try {
org = organizationDirectory.getOrganization(url);
} catch (NotFoundException e) {
logger.trace("No organization mapped to {}", url);
List<Organization> orgs = organizationDirectory.getOrganizations();
if (orgs.size() == 1) {
org = orgs.get(0);
logger.trace("Defaulting organization to {}", org);
}
}
// If an organization was found, move on. Otherwise return a 404
if (org == null) {
logger.warn("No organization is mapped to handle {}", url);
httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "No organization is mapped to handle " + url);
return;
}
securityService.setOrganization(org);
// Set the client's IP address
if (StringUtils.isNotBlank(httpRequest.getHeader(X_FORWARDED_FOR))) {
logger.trace("Found '{}' header for client IP '{}'", X_FORWARDED_FOR, httpRequest.getHeader(X_FORWARDED_FOR));
securityService.setUserIP(httpRequest.getHeader(X_FORWARDED_FOR));
} else {
logger.trace("Using client IP from request '{}'", httpRequest.getRemoteAddr());
securityService.setUserIP(httpRequest.getRemoteAddr());
}
chain.doFilter(request, response);
} finally {
securityService.setOrganization(null);
securityService.setUser(null);
securityService.setUserIP(null);
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class SecurityFilter method doFilter.
/**
* {@inheritDoc}
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// Make sure we have an organization
Organization org = securityService.getOrganization();
if (org == null) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
// Get a hold of the security filter for that organization
Filter filter = orgSecurityFilters.get(org.getId());
if (filter == null) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
filter.doFilter(request, response, chain);
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class TrustedHttpClientImpl method execute.
@Override
public HttpResponse execute(HttpUriRequest httpUriRequest, int connectionTimeout, int socketTimeout) throws TrustedHttpClientException {
final HttpClient httpClient = makeHttpClient(connectionTimeout, socketTimeout);
// Add the request header to elicit a digest auth response
httpUriRequest.setHeader(REQUESTED_AUTH_HEADER, DIGEST_AUTH);
httpUriRequest.setHeader(SecurityConstants.AUTHORIZATION_HEADER, "true");
if (serviceRegistry != null && serviceRegistry.getCurrentJob() != null) {
httpUriRequest.setHeader(CURRENT_JOB_HEADER, Long.toString(serviceRegistry.getCurrentJob().getId()));
}
// If a security service has been set, use it to pass the current security context on
logger.debug("Adding security context to request");
final Organization organization = securityService.getOrganization();
if (organization != null) {
httpUriRequest.setHeader(SecurityConstants.ORGANIZATION_HEADER, organization.getId());
final User currentUser = securityService.getUser();
if (currentUser != null) {
httpUriRequest.setHeader(SecurityConstants.USER_HEADER, currentUser.getUsername());
}
}
if ("GET".equalsIgnoreCase(httpUriRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpUriRequest.getMethod())) {
// Set the user/pass
final UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
// Run the request (the http client handles the multiple back-and-forth requests)
try {
Opt<HttpUriRequest> optSignedHttpUriRequest = getSignedUrl(httpUriRequest);
HttpResponse response;
if (optSignedHttpUriRequest.isSome()) {
logger.debug("Adding url signing to request {} so that it is {}", httpUriRequest.getURI().toString(), optSignedHttpUriRequest.get().getURI().toString());
response = new HttpResponseWrapper(httpClient.execute(optSignedHttpUriRequest.get()));
} else {
logger.debug("Not adding url signing to request {}", httpUriRequest.getURI().toString());
response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
}
responseMap.put(response, httpClient);
return response;
} catch (IOException e) {
// close the http connection(s)
httpClient.getConnectionManager().shutdown();
throw new TrustedHttpClientException(e);
}
} else {
// HttpClient doesn't handle the request dynamics for other verbs (especially when sending a streamed multipart
// request), so we need to handle the details of the digest auth back-and-forth manually
manuallyHandleDigestAuthentication(httpUriRequest, httpClient);
HttpResponse response = null;
try {
response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
if (nonceTimeoutRetries > 0 && hadNonceTimeoutResponse(response)) {
httpClient.getConnectionManager().shutdown();
response = retryAuthAndRequestAfterNonceTimeout(httpUriRequest, response);
}
responseMap.put(response, httpClient);
return response;
} catch (Exception e) {
// if we have a response, remove it from the map
if (response != null) {
responseMap.remove(response);
}
// close the http connection(s)
httpClient.getConnectionManager().shutdown();
throw new TrustedHttpClientException(e);
}
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class SecurityServiceSpringImpl method getUser.
/**
* {@inheritDoc}
*
* @see org.opencastproject.security.api.SecurityService#getUser()
*/
@Override
public User getUser() throws IllegalStateException {
Organization org = getOrganization();
if (org == null)
throw new IllegalStateException("No organization is set in security context");
User delegatedUser = delegatedUserHolder.get();
if (delegatedUser != null) {
return delegatedUser;
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(org);
if (auth != null) {
Object principal = auth.getPrincipal();
if ((principal != null) && (principal instanceof UserDetails)) {
UserDetails userDetails = (UserDetails) principal;
User user = null;
// If user exists, fetch it from the userDirectory
if (userDirectory != null) {
user = userDirectory.loadUser(userDetails.getUsername());
if (user == null) {
logger.debug("Authenticated user '{}' could not be found in any of the current UserProviders. Continuing anyway...", userDetails.getUsername());
}
} else {
logger.debug("No UserDirectory was found when trying to search for user '{}'", userDetails.getUsername());
}
// Add the roles (authorities) in the security context
Set<JaxbRole> roles = new HashSet<JaxbRole>();
Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
if (authorities != null) {
for (GrantedAuthority ga : authorities) {
roles.add(new JaxbRole(ga.getAuthority(), jaxbOrganization));
}
}
if (user == null) {
// No user was found. Create one to hold the auth information from the security context
user = new JaxbUser(userDetails.getUsername(), null, jaxbOrganization, roles);
} else {
// Combine the existing user with the roles in the security context
user = JaxbUser.fromUser(user, roles);
}
// Save the user to retrieve it quicker the next time(s) this method is called (by this thread)
delegatedUserHolder.set(user);
return user;
}
}
// Return the anonymous user by default
return SecurityUtil.createAnonymousUser(jaxbOrganization);
}
Aggregations