Example 6 with AuthenticationException
use of org.structr.core.auth.exception.AuthenticationException in project structr by structr.
the class LoginCommand method processMessage.
// ~--- methods --------------------------------------------------------
@Override
public void processMessage(final WebSocketMessage webSocketData) {
final String username = (String) webSocketData.getNodeData().get("username");
final String password = (String) webSocketData.getNodeData().get("password");
Principal user;
if ((username != null) && (password != null)) {
try {
StructrWebSocket socket = this.getWebSocket();
Authenticator auth = socket.getAuthenticator();
user = auth.doLogin(socket.getRequest(), username, password);
if (user != null) {
String sessionId = webSocketData.getSessionId();
if (sessionId == null) {
logger.debug("Unable to login {}: No sessionId found", new Object[] { username, password });
getWebSocket().send(MessageBuilder.status().code(403).build(), true);
return;
}
sessionId = SessionHelper.getShortSessionId(sessionId);
try {
Actions.call(Actions.NOTIFICATION_LOGIN, user);
} catch (UnlicensedException ex) {
ex.log(logger);
}
// Clear possible existing sessions
SessionHelper.clearSession(sessionId);
user.addSessionId(sessionId);
// store token in response data
webSocketData.getNodeData().clear();
webSocketData.setSessionId(sessionId);
webSocketData.getNodeData().put("username", user.getProperty(AbstractNode.name));
// authenticate socket
socket.setAuthenticated(sessionId, user);
// send data..
socket.send(webSocketData, false);
}
} catch (AuthenticationException e) {
logger.info("Unable to login {}, probably wrong password", username);
getWebSocket().send(MessageBuilder.status().code(403).build(), true);
} catch (FrameworkException fex) {
logger.warn("Unable to execute command", fex);
}
}
}
Also used :
UnlicensedException(org.structr.common.error.UnlicensedException)
FrameworkException(org.structr.common.error.FrameworkException)
AuthenticationException(org.structr.core.auth.exception.AuthenticationException)
StructrWebSocket(org.structr.websocket.StructrWebSocket)
Principal(org.structr.core.entity.Principal)
Authenticator(org.structr.core.auth.Authenticator)
Example 7 with AuthenticationException
use of org.structr.core.auth.exception.AuthenticationException in project structr by structr.
the class SSHService method authenticate.
@Override
public boolean authenticate(final String username, final String password, final ServerSession session) {
boolean isValid = false;
Principal principal = null;
try (final Tx tx = StructrApp.getInstance().tx()) {
principal = AuthHelper.getPrincipalForPassword(AbstractNode.name, username, password);
if (principal != null) {
isValid = true;
securityContext = SecurityContext.getInstance(principal, AccessMode.Backend);
}
tx.success();
} catch (AuthenticationException ae) {
logger.warn(ae.getMessage());
isValid = false;
} catch (Throwable t) {
logger.warn("", t);
isValid = false;
}
try {
if (isValid) {
session.setAuthenticated();
}
} catch (IOException ex) {
logger.error("", ex);
}
return isValid;
}
Also used :
Tx(org.structr.core.graph.Tx)
AuthenticationException(org.structr.core.auth.exception.AuthenticationException)
IOException(java.io.IOException)
Principal(org.structr.core.entity.Principal)
Example 8 with AuthenticationException
use of org.structr.core.auth.exception.AuthenticationException in project structr by structr.
the class UploadServlet method doPost.
@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
try {
if (!ServletFileUpload.isMultipartContent(request)) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
response.getOutputStream().write("ERROR (400): Request does not contain multipart content.\n".getBytes("UTF-8"));
return;
}
} catch (IOException ioex) {
logger.warn("Unable to send response", ioex);
}
SecurityContext securityContext = null;
String redirectUrl = null;
boolean appendUuidOnRedirect = false;
String path = null;
// isolate request authentication in a transaction
try (final Tx tx = StructrApp.getInstance().tx()) {
try {
securityContext = getConfig().getAuthenticator().initializeAndExamineRequest(request, response);
} catch (AuthenticationException ae) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getOutputStream().write("ERROR (401): Invalid user or password.\n".getBytes("UTF-8"));
return;
}
tx.success();
} catch (FrameworkException fex) {
logger.warn("Unable to examine request", fex);
} catch (IOException ioex) {
logger.warn("Unable to send response", ioex);
}
// something went wrong, but we don't know what...
if (securityContext == null) {
logger.warn("No SecurityContext, aborting.");
return;
}
try {
if (securityContext.getUser(false) == null && !Settings.UploadAllowAnonymous.getValue()) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getOutputStream().write("ERROR (401): Anonymous uploads forbidden.\n".getBytes("UTF-8"));
return;
}
// Ensure access mode is frontend
securityContext.setAccessMode(AccessMode.Frontend);
request.setCharacterEncoding("UTF-8");
// Important: Set character encoding before calling response.getWriter() !!, see Servlet Spec 5.4
response.setCharacterEncoding("UTF-8");
// don't continue on redirects
if (response.getStatus() == 302) {
return;
}
final String pathInfo = request.getPathInfo();
String type = null;
if (StringUtils.isNotBlank(pathInfo)) {
type = SchemaHelper.normalizeEntityName(StringUtils.stripStart(pathInfo.trim(), "/"));
}
uploader.setFileSizeMax((long) MEGABYTE * Settings.UploadMaxFileSize.getValue());
uploader.setSizeMax((long) MEGABYTE * Settings.UploadMaxRequestSize.getValue());
response.setContentType("text/html");
FileItemIterator fileItemsIterator = uploader.getItemIterator(request);
final Map<String, Object> params = new HashMap<>();
while (fileItemsIterator.hasNext()) {
final FileItemStream item = fileItemsIterator.next();
if (item.isFormField()) {
final String fieldName = item.getFieldName();
final String fieldValue = IOUtils.toString(item.openStream(), "UTF-8");
if (REDIRECT_AFTER_UPLOAD_PARAMETER.equals(fieldName)) {
redirectUrl = fieldValue;
} else if (APPEND_UUID_ON_REDIRECT_PARAMETER.equals(fieldName)) {
appendUuidOnRedirect = "true".equalsIgnoreCase(fieldValue);
} else if (UPLOAD_FOLDER_PATH_PARAMETER.equals(fieldName)) {
path = fieldValue;
} else {
params.put(fieldName, fieldValue);
}
} else {
try {
final String contentType = item.getContentType();
boolean isImage = (contentType != null && contentType.startsWith("image"));
boolean isVideo = (contentType != null && contentType.startsWith("video"));
// Override type from path info
if (params.containsKey(NodeInterface.type.jsonName())) {
type = (String) params.get(NodeInterface.type.jsonName());
}
Class cls = null;
if (type != null) {
cls = SchemaHelper.getEntityClassForRawType(type);
}
if (cls == null) {
if (isImage) {
cls = Image.class;
} else if (isVideo) {
cls = SchemaHelper.getEntityClassForRawType("VideoFile");
if (cls == null) {
logger.warn("Unable to create entity of type VideoFile, class is not defined.");
}
} else {
cls = File.class;
}
}
if (cls != null) {
type = cls.getSimpleName();
}
final String name = item.getName().replaceAll("\\\\", "/");
File newFile = null;
String uuid = null;
boolean retry = true;
while (retry) {
retry = false;
Folder uploadFolder = null;
final String defaultUploadFolderConfigValue = Settings.DefaultUploadFolder.getValue();
// If a path attribute was sent, create all folders on the fly.
if (path != null) {
uploadFolder = getOrCreateFolderPath(securityContext, path);
} else if (StringUtils.isNotBlank(defaultUploadFolderConfigValue)) {
uploadFolder = getOrCreateFolderPath(SecurityContext.getSuperUserInstance(), defaultUploadFolderConfigValue);
}
try (final Tx tx = StructrApp.getInstance(securityContext).tx()) {
try (final InputStream is = item.openStream()) {
newFile = FileHelper.createFile(securityContext, is, contentType, cls, name, uploadFolder);
AbstractFile.validateAndRenameFileOnce(newFile, securityContext, null);
final PropertyMap changedProperties = new PropertyMap();
changedProperties.putAll(PropertyMap.inputTypeToJavaType(securityContext, cls, params));
// Update type as it could have changed
changedProperties.put(AbstractNode.type, type);
newFile.unlockSystemPropertiesOnce();
newFile.setProperties(securityContext, changedProperties);
uuid = newFile.getUuid();
}
tx.success();
} catch (RetryException rex) {
retry = true;
}
}
// only the actual existing file creates a UUID output
if (newFile != null) {
// upload trigger
newFile.notifyUploadCompletion();
// send redirect to allow form-based file upload without JavaScript..
if (StringUtils.isNotBlank(redirectUrl)) {
if (appendUuidOnRedirect) {
response.sendRedirect(redirectUrl + uuid);
} else {
response.sendRedirect(redirectUrl);
}
} else {
// Just write out the uuids of the new files
response.getWriter().write(uuid);
}
}
} catch (IOException ex) {
logger.warn("Could not upload file", ex);
}
}
}
} catch (Throwable t) {
final String content;
if (t instanceof FrameworkException) {
final FrameworkException fex = (FrameworkException) t;
logger.error(fex.toString());
content = errorPage(fex);
} else {
logger.error("Exception while processing upload request", t);
content = errorPage(t);
}
try {
final ServletOutputStream out = response.getOutputStream();
IOUtils.write(content, out);
} catch (IOException ex) {
logger.error("Could not write to response", ex);
}
}
}
Also used :
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
AuthenticationException(org.structr.core.auth.exception.AuthenticationException)
HashMap(java.util.HashMap)
ServletOutputStream(javax.servlet.ServletOutputStream)
InputStream(java.io.InputStream)
IOException(java.io.IOException)
Folder(org.structr.web.entity.Folder)
RetryException(org.structr.api.RetryException)
PropertyMap(org.structr.core.property.PropertyMap)
FileItemStream(org.apache.commons.fileupload.FileItemStream)
SecurityContext(org.structr.common.SecurityContext)
GraphObject(org.structr.core.GraphObject)
FileItemIterator(org.apache.commons.fileupload.FileItemIterator)
AbstractFile(org.structr.web.entity.AbstractFile)
File(org.structr.web.entity.File)
Aggregations
AuthenticationException (org.structr.core.auth.exception.AuthenticationException)8
FrameworkException (org.structr.common.error.FrameworkException)6
Principal (org.structr.core.entity.Principal)6
Tx (org.structr.core.graph.Tx)5
IOException (java.io.IOException)4
SecurityContext (org.structr.common.SecurityContext)4
HashMap (java.util.HashMap)2
ServletOutputStream (javax.servlet.ServletOutputStream)2
App (org.structr.core.app.App)2
StructrApp (org.structr.core.app.StructrApp)2
Authenticator (org.structr.core.auth.Authenticator)2
SuperUser (org.structr.core.entity.SuperUser)2
AbstractFile (org.structr.web.entity.AbstractFile)2
File (org.structr.web.entity.File)2
File (java.io.File)1
InputStream (java.io.InputStream)1
Queue (java.util.Queue)1
AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1
Matcher (java.util.regex.Matcher)1
ZipFile (java.util.zip.ZipFile)1
