Examples with SimplePrincipal org.securityfilter.realm.SimplePrincipal used on opensource projects

Example 1 with SimplePrincipal

use of org.securityfilter.realm.SimplePrincipal in project xwiki-platform by xwiki.

the class AbstractXWikiAuthService method authenticateSuperAdmin.

/**
 * @param password the superadmin password to check against the superadmin password located in XWiki's config file
 * @param context the XWiki context object, allowing access to XWiki's config
 * @return a null Principal is the user hasn't been validated as Superadmin or a Super Admin Principal otherwise
 */
protected Principal authenticateSuperAdmin(String password, XWikiContext context) {
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Authenticate superadmin");
    }
    Principal principal;
    // Security check: only decide that the passed user is the super admin if the
    // super admin password is configured in XWiki's configuration.
    String superadminpassword = context.getWiki().Param(SUPERADMIN_PASSWORD_CONFIG);
    if ((superadminpassword != null) && (superadminpassword.equals(password))) {
        if (context.isMainWiki()) {
            principal = new SimplePrincipal(XWikiRightService.SUPERADMIN_USER_FULLNAME);
        } else {
            principal = new SimplePrincipal(context.getMainXWiki() + ":" + XWikiRightService.SUPERADMIN_USER_FULLNAME);
        }
    } else {
        principal = null;
        context.put("message", "invalidcredentials");
    }
    return principal;
}

Example 2 with SimplePrincipal

use of org.securityfilter.realm.SimplePrincipal in project xwiki-platform by xwiki.

the class MyBasicAuthenticator method processLogin.

@Override
public boolean processLogin(String username, String password, String rememberme, SecurityRequestWrapper request, HttpServletResponse response, XWikiContext context) throws Exception {
    Principal principal = authenticate(username, password, context);
    if (principal != null) {
        // login successful
        request.getSession().removeAttribute(LOGIN_ATTEMPTS);
        // make sure the Principal contains wiki name information
        if (!StringUtils.contains(principal.getName(), ':')) {
            principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName());
        }
        request.setUserPrincipal(principal);
        return false;
    } else {
        // login failed
        // show the basic authentication window again.
        showLogin(request.getCurrentRequest(), response);
        return true;
    }
}

Example 3 with SimplePrincipal

use of org.securityfilter.realm.SimplePrincipal in project xwiki-platform by xwiki.

the class MyFormAuthenticator method processLogin.

/**
 * Process any login information passed in parameter (username, password). Returns true if SecurityFilter should
 * abort further processing after the method completes (for example, if a redirect was sent as part of the login
 * processing).
 *
 * @param request
 * @param response
 * @return true if the filter should return after this method ends, false otherwise
 */
@Override
public boolean processLogin(String username, String password, String rememberme, SecurityRequestWrapper request, HttpServletResponse response, XWikiContext context) throws Exception {
    Principal principal = authenticate(username, password, context);
    if (principal != null) {
        // login successful
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("User " + principal.getName() + " has been logged-in");
        }
        // invalidate old session if the user was already authenticated, and they logged in as a different user
        if (request.getUserPrincipal() != null && !username.equals(request.getRemoteUser())) {
            request.getSession().invalidate();
        }
        // manage persistent login info, if persistent login management is enabled
        if (this.persistentLoginManager != null) {
            // did the user request that their login be persistent?
            if (rememberme != null) {
                // remember login
                this.persistentLoginManager.rememberLogin(request, response, username, password);
            } else {
                // forget login
                this.persistentLoginManager.forgetLogin(request, response);
            }
        }
        // make sure the Principal contains wiki name information
        if (!StringUtils.contains(principal.getName(), ':')) {
            principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName());
        }
        request.setUserPrincipal(principal);
        Boolean bAjax = (Boolean) context.get("ajax");
        if ((bAjax == null) || (!bAjax.booleanValue())) {
            String continueToURL = getContinueToURL(request);
            // This is the url that the user was initially accessing before being prompted for login.
            response.sendRedirect(response.encodeRedirectURL(continueToURL));
        }
    } else {
        // set response status and forward to error page
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("User " + username + " login has failed");
        }
        String returnCode = context.getWiki().Param("xwiki.authentication.unauthorized_code");
        int rCode = HttpServletResponse.SC_UNAUTHORIZED;
        if ((returnCode != null) && (!returnCode.equals(""))) {
            try {
                rCode = Integer.parseInt(returnCode);
            } catch (Exception e) {
                rCode = HttpServletResponse.SC_UNAUTHORIZED;
            }
        }
        // TODO: Does this work? (200 in case of error)
        response.setStatus(rCode);
    }
    return true;
}

Example 4 with SimplePrincipal

use of org.securityfilter.realm.SimplePrincipal in project xwiki-platform by xwiki.

the class MyFormAuthenticator method processLogin.

/**
 * Process any login information that was included in the request, if any. Returns true if SecurityFilter should
 * abort further processing after the method completes (for example, if a redirect was sent as part of the login
 * processing).
 *
 * @param request
 * @param response
 * @return true if the filter should return after this method ends, false otherwise
 */
@Override
public boolean processLogin(SecurityRequestWrapper request, HttpServletResponse response, XWikiContext context) throws Exception {
    try {
        Principal principal = MyBasicAuthenticator.checkLogin(request, response, context);
        if (principal != null) {
            return false;
        }
        if ("1".equals(request.getParameter("basicauth"))) {
            return true;
        }
    } catch (Exception e) {
    // in case of exception we continue on Form Auth.
    // we don't want this to interfere with the most common behavior
    }
    // persistent logins are enabled, and the persistent login info is present in this request
    if (this.persistentLoginManager != null) {
        Principal principal = request.getUserPrincipal();
        // 2) if xwiki.authentication.always is set to 1 in xwiki.cfg file, authenticate
        if (principal == null || context.getWiki().ParamAsLong("xwiki.authentication.always", 0) == 1) {
            String username = convertUsername(this.persistentLoginManager.getRememberedUsername(request, response), context);
            String password = this.persistentLoginManager.getRememberedPassword(request, response);
            principal = authenticate(username, password, context);
            if (principal != null) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("User " + principal.getName() + " has been authentified from cookie");
                }
                // make sure the Principal contains wiki name information
                if (!StringUtils.contains(principal.getName(), ':')) {
                    principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName());
                }
                request.setUserPrincipal(principal);
            } else {
                // Failed to authenticate, better cleanup the user stored in the session
                request.setUserPrincipal(null);
                if (username != null || password != null) {
                    // Failed authentication with remembered login, better forget login now
                    this.persistentLoginManager.forgetLogin(request, response);
                }
            }
        }
    }
    // process login form submittal
    if ((this.loginSubmitPattern != null) && request.getMatchableURL().endsWith(this.loginSubmitPattern)) {
        String username = convertUsername(request.getParameter(FORM_USERNAME), context);
        String password = request.getParameter(FORM_PASSWORD);
        String rememberme = request.getParameter(FORM_REMEMBERME);
        rememberme = (rememberme == null) ? "false" : rememberme;
        return processLogin(username, password, rememberme, request, response, context);
    }
    return false;
}

Example 5 with SimplePrincipal

use of org.securityfilter.realm.SimplePrincipal in project xwiki-platform by xwiki.

the class MyBasicAuthenticator method checkLogin.

public static Principal checkLogin(SecurityRequestWrapper request, HttpServletResponse response, XWikiContext context) throws Exception {
    // Always verify authentication
    String authorizationHeader = request.getHeader("Authorization");
    if (authorizationHeader != null) {
        String decoded = decodeBasicAuthorizationString(authorizationHeader);
        String username = convertUsername(parseUsername(decoded), context);
        String password = parsePassword(decoded);
        Principal principal = authenticate(username, password, context);
        if (principal != null) {
            // login successful
            request.getSession().removeAttribute(LOGIN_ATTEMPTS);
            // make sure the Principal contains wiki name information
            if (!StringUtils.contains(principal.getName(), ':')) {
                principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName());
            }
            request.setUserPrincipal(principal);
            return principal;
        }
    }
    return null;
}