Examples with Organization org.opencastproject.security.api.Organization used on opensource projects
Example 61 with Organization
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class OrganizationDirectoryServiceImpl method deleted.
@Override
public void deleted(String pid) {
try {
Organization organization = getOrganization(pid);
persistence.deleteOrganization(pid);
cache.invalidate();
fireOrganizationUnregistered(organization);
} catch (NotFoundException e) {
logger.warn("Can't delete organization with id {}, organization not found.", pid);
}
}
Also used :
Organization(org.opencastproject.security.api.Organization)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization)
NotFoundException(org.opencastproject.util.NotFoundException)
Example 62 with Organization
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class OrganizationFilter method doFilter.
/**
* {@inheritDoc}
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
URL url = new URL(httpRequest.getRequestURL().toString());
Organization org = null;
try {
try {
org = organizationDirectory.getOrganization(url);
} catch (NotFoundException e) {
logger.trace("No organization mapped to {}", url);
List<Organization> orgs = organizationDirectory.getOrganizations();
if (orgs.size() == 1) {
org = orgs.get(0);
logger.trace("Defaulting organization to {}", org);
}
}
// If an organization was found, move on. Otherwise return a 404
if (org == null) {
logger.warn("No organization is mapped to handle {}", url);
httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND, "No organization is mapped to handle " + url);
return;
}
securityService.setOrganization(org);
// Set the client's IP address
if (StringUtils.isNotBlank(httpRequest.getHeader(X_FORWARDED_FOR))) {
logger.trace("Found '{}' header for client IP '{}'", X_FORWARDED_FOR, httpRequest.getHeader(X_FORWARDED_FOR));
securityService.setUserIP(httpRequest.getHeader(X_FORWARDED_FOR));
} else {
logger.trace("Using client IP from request '{}'", httpRequest.getRemoteAddr());
securityService.setUserIP(httpRequest.getRemoteAddr());
}
chain.doFilter(request, response);
} finally {
securityService.setOrganization(null);
securityService.setUser(null);
securityService.setUserIP(null);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Organization(org.opencastproject.security.api.Organization)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
NotFoundException(org.opencastproject.util.NotFoundException)
List(java.util.List)
URL(java.net.URL)
Example 63 with Organization
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class SecurityFilter method doFilter.
/**
* {@inheritDoc}
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// Make sure we have an organization
Organization org = securityService.getOrganization();
if (org == null) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
// Get a hold of the security filter for that organization
Filter filter = orgSecurityFilters.get(org.getId());
if (filter == null) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
filter.doFilter(request, response, chain);
}
Also used :
Organization(org.opencastproject.security.api.Organization)
Filter(javax.servlet.Filter)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 64 with Organization
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class TrustedHttpClientImpl method execute.
@Override
public HttpResponse execute(HttpUriRequest httpUriRequest, int connectionTimeout, int socketTimeout) throws TrustedHttpClientException {
final HttpClient httpClient = makeHttpClient(connectionTimeout, socketTimeout);
// Add the request header to elicit a digest auth response
httpUriRequest.setHeader(REQUESTED_AUTH_HEADER, DIGEST_AUTH);
httpUriRequest.setHeader(SecurityConstants.AUTHORIZATION_HEADER, "true");
if (serviceRegistry != null && serviceRegistry.getCurrentJob() != null) {
httpUriRequest.setHeader(CURRENT_JOB_HEADER, Long.toString(serviceRegistry.getCurrentJob().getId()));
}
// If a security service has been set, use it to pass the current security context on
logger.debug("Adding security context to request");
final Organization organization = securityService.getOrganization();
if (organization != null) {
httpUriRequest.setHeader(SecurityConstants.ORGANIZATION_HEADER, organization.getId());
final User currentUser = securityService.getUser();
if (currentUser != null) {
httpUriRequest.setHeader(SecurityConstants.USER_HEADER, currentUser.getUsername());
}
}
if ("GET".equalsIgnoreCase(httpUriRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpUriRequest.getMethod())) {
// Set the user/pass
final UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
// Run the request (the http client handles the multiple back-and-forth requests)
try {
Opt<HttpUriRequest> optSignedHttpUriRequest = getSignedUrl(httpUriRequest);
HttpResponse response;
if (optSignedHttpUriRequest.isSome()) {
logger.debug("Adding url signing to request {} so that it is {}", httpUriRequest.getURI().toString(), optSignedHttpUriRequest.get().getURI().toString());
response = new HttpResponseWrapper(httpClient.execute(optSignedHttpUriRequest.get()));
} else {
logger.debug("Not adding url signing to request {}", httpUriRequest.getURI().toString());
response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
}
responseMap.put(response, httpClient);
return response;
} catch (IOException e) {
// close the http connection(s)
httpClient.getConnectionManager().shutdown();
throw new TrustedHttpClientException(e);
}
} else {
// HttpClient doesn't handle the request dynamics for other verbs (especially when sending a streamed multipart
// request), so we need to handle the details of the digest auth back-and-forth manually
manuallyHandleDigestAuthentication(httpUriRequest, httpClient);
HttpResponse response = null;
try {
response = new HttpResponseWrapper(httpClient.execute(httpUriRequest));
if (nonceTimeoutRetries > 0 && hadNonceTimeoutResponse(response)) {
httpClient.getConnectionManager().shutdown();
response = retryAuthAndRequestAfterNonceTimeout(httpUriRequest, response);
}
responseMap.put(response, httpClient);
return response;
} catch (Exception e) {
// if we have a response, remove it from the map
if (response != null) {
responseMap.remove(response);
}
// close the http connection(s)
httpClient.getConnectionManager().shutdown();
throw new TrustedHttpClientException(e);
}
}
}
Also used :
HttpUriRequest(org.apache.http.client.methods.HttpUriRequest)
HttpResponseWrapper(org.opencastproject.security.util.HttpResponseWrapper)
Organization(org.opencastproject.security.api.Organization)
User(org.opencastproject.security.api.User)
TrustedHttpClient(org.opencastproject.security.api.TrustedHttpClient)
HttpClient(org.opencastproject.kernel.http.api.HttpClient)
HttpResponse(org.apache.http.HttpResponse)
IOException(java.io.IOException)
TrustedHttpClientException(org.opencastproject.security.api.TrustedHttpClientException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
UrlSigningException(org.opencastproject.security.urlsigning.exception.UrlSigningException)
IOException(java.io.IOException)
TrustedHttpClientException(org.opencastproject.security.api.TrustedHttpClientException)
UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)
Example 65 with Organization
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class SecurityServiceSpringImpl method getUser.
/**
* {@inheritDoc}
*
* @see org.opencastproject.security.api.SecurityService#getUser()
*/
@Override
public User getUser() throws IllegalStateException {
Organization org = getOrganization();
if (org == null)
throw new IllegalStateException("No organization is set in security context");
User delegatedUser = delegatedUserHolder.get();
if (delegatedUser != null) {
return delegatedUser;
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(org);
if (auth != null) {
Object principal = auth.getPrincipal();
if ((principal != null) && (principal instanceof UserDetails)) {
UserDetails userDetails = (UserDetails) principal;
User user = null;
// If user exists, fetch it from the userDirectory
if (userDirectory != null) {
user = userDirectory.loadUser(userDetails.getUsername());
if (user == null) {
logger.debug("Authenticated user '{}' could not be found in any of the current UserProviders. Continuing anyway...", userDetails.getUsername());
}
} else {
logger.debug("No UserDirectory was found when trying to search for user '{}'", userDetails.getUsername());
}
// Add the roles (authorities) in the security context
Set<JaxbRole> roles = new HashSet<JaxbRole>();
Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
if (authorities != null) {
for (GrantedAuthority ga : authorities) {
roles.add(new JaxbRole(ga.getAuthority(), jaxbOrganization));
}
}
if (user == null) {
// No user was found. Create one to hold the auth information from the security context
user = new JaxbUser(userDetails.getUsername(), null, jaxbOrganization, roles);
} else {
// Combine the existing user with the roles in the security context
user = JaxbUser.fromUser(user, roles);
}
// Save the user to retrieve it quicker the next time(s) this method is called (by this thread)
delegatedUserHolder.set(user);
return user;
}
}
// Return the anonymous user by default
return SecurityUtil.createAnonymousUser(jaxbOrganization);
}
Also used :
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
Organization(org.opencastproject.security.api.Organization)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
JaxbRole(org.opencastproject.security.api.JaxbRole)
Authentication(org.springframework.security.core.Authentication)
HashSet(java.util.HashSet)
Aggregations
Organization (org.opencastproject.security.api.Organization)135
User (org.opencastproject.security.api.User)60
DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)46
NotFoundException (org.opencastproject.util.NotFoundException)43
JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)29
SecurityService (org.opencastproject.security.api.SecurityService)29
IOException (java.io.IOException)24
Before (org.junit.Before)24
ArrayList (java.util.ArrayList)23
AccessControlList (org.opencastproject.security.api.AccessControlList)22
OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)22
UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)22
JaxbRole (org.opencastproject.security.api.JaxbRole)21
MediaPackage (org.opencastproject.mediapackage.MediaPackage)20
JaxbUser (org.opencastproject.security.api.JaxbUser)20
UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)19
File (java.io.File)18
HashMap (java.util.HashMap)17
WorkflowInstance (org.opencastproject.workflow.api.WorkflowInstance)17
Test (org.junit.Test)15
