use of org.structr.core.entity.Principal in project structr by structr.
the class RestAuthenticator method doLogin.
@Override
public Principal doLogin(final HttpServletRequest request, final String emailOrUsername, final String password) throws AuthenticationException, FrameworkException {
final PropertyKey<String> eMailKey = StructrApp.key(Principal.class, "eMail");
final Principal user = AuthHelper.getPrincipalForPassword(eMailKey, emailOrUsername, password);
SessionHelper.clearInvalidSessions(user);
return user;
}
use of org.structr.core.entity.Principal in project structr by structr.
the class RestAuthenticator method initializeAndExamineRequest.
// ~--- methods --------------------------------------------------------
/**
* Examine request and try to find a user.
*
* First, check session id, then try external (OAuth) authentication,
* finally, check standard login by credentials.
*
* @param request
* @param response
* @return security context
* @throws FrameworkException
*/
@Override
public SecurityContext initializeAndExamineRequest(final HttpServletRequest request, final HttpServletResponse response) throws FrameworkException {
SecurityContext securityContext;
Principal user = SessionHelper.checkSessionAuthentication(request);
if (user == null) {
user = getUser(request, true);
}
if (user == null) {
// If no user could be determined, assume frontend access
securityContext = SecurityContext.getInstance(user, request, AccessMode.Frontend);
} else {
if (user instanceof SuperUser) {
securityContext = SecurityContext.getSuperUserInstance(request);
} else {
securityContext = SecurityContext.getInstance(user, request, AccessMode.Backend);
SessionHelper.clearInvalidSessions(user);
}
}
securityContext.setAuthenticator(this);
// Check CORS settings (Cross-origin resource sharing, see http://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
final String origin = request.getHeader("Origin");
if (!StringUtils.isBlank(origin)) {
final Services services = Services.getInstance();
response.setHeader("Access-Control-Allow-Origin", origin);
// allow cross site resource sharing (read only)
final String maxAge = Settings.AccessControlMaxAge.getValue();
if (StringUtils.isNotBlank(maxAge)) {
response.setHeader("Access-Control-MaxAge", maxAge);
}
final String allowMethods = Settings.AccessControlAllowMethods.getValue();
if (StringUtils.isNotBlank(allowMethods)) {
response.setHeader("Access-Control-Allow-Methods", allowMethods);
}
final String allowHeaders = Settings.AccessControlAllowHeaders.getValue();
if (StringUtils.isNotBlank(allowHeaders)) {
response.setHeader("Access-Control-Allow-Headers", allowHeaders);
}
final String allowCredentials = Settings.AccessControlAllowCredentials.getValue();
if (StringUtils.isNotBlank(allowCredentials)) {
response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
}
final String exposeHeaders = Settings.AccessControlExposeHeaders.getValue();
if (StringUtils.isNotBlank(exposeHeaders)) {
response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
}
}
examined = true;
return securityContext;
}
use of org.structr.core.entity.Principal in project structr by structr.
the class SessionHelper method checkSessionAuthentication.
public static synchronized Principal checkSessionAuthentication(final HttpServletRequest request) throws FrameworkException {
String requestedSessionId = request.getRequestedSessionId();
String sessionId = null;
logger.debug("0. Requested session id: " + requestedSessionId + ", request says is valid? " + request.isRequestedSessionIdValid());
HttpSession session = request.getSession(false);
boolean isNotTimedOut = false;
if (requestedSessionId == null) {
logger.debug("1b. Empty requested session id, creating a new one.");
// No session id requested => create new session
SessionHelper.newSession(request);
// Store info in request that session is new => saves us a lookup later
request.setAttribute(SESSION_IS_NEW, true);
// be a user with this session ID, so don't search.
return null;
} else {
requestedSessionId = getShortSessionId(requestedSessionId);
// Existing session id, check if we have an existing session
if (session != null) {
logger.debug("1a. Requested session id without worker id suffix: " + requestedSessionId);
sessionId = session.getId();
logger.debug("2a. Current session id: " + session.getId());
if (sessionId.equals(requestedSessionId)) {
logger.debug("3a. Current session id equals requested session id");
} else {
logger.debug("3b. Current session id does not equal requested session id.");
}
} else {
logger.debug("2b. Current session is null.");
// Try to find session in session cache
session = getSessionBySessionId(requestedSessionId);
if (session == null) {
// Not found, create new
SessionHelper.newSession(request);
logger.debug("3a. Created new session");
// remove session ID without session
SessionHelper.clearSession(requestedSessionId);
logger.debug("4. Cleared unknown session " + requestedSessionId);
// be a user with this session ID, so don't search.
return null;
} else {
logger.debug("3b. Session with requested id " + requestedSessionId + " found, continuing.");
}
}
sessionId = session.getId();
if (SessionHelper.isSessionTimedOut(session)) {
isNotTimedOut = false;
// invalidate session
SessionHelper.invalidateSession(session);
// remove invalid session ID
SessionHelper.clearSession(sessionId);
logger.debug("4a. Cleared timed-out session " + sessionId);
SessionHelper.newSession(request);
// be a user with this session ID, so don't search.
return null;
} else {
logger.debug("4b. Session " + sessionId + " is not timed-out.");
isNotTimedOut = true;
}
}
if (isNotTimedOut) {
final Principal user = AuthHelper.getPrincipalForSessionId(sessionId);
logger.debug("Valid session found: {}, last accessed {}, authenticated with user {}", new Object[] { session, session.getLastAccessedTime(), user });
return user;
} else {
final Principal user = AuthHelper.getPrincipalForSessionId(sessionId);
if (user != null) {
logger.info("Timed-out session: {}, last accessed {}, authenticated with user {}", new Object[] { session, (session != null ? session.getLastAccessedTime() : ""), user });
logger.debug("Logging out user {}", new Object[] { user });
AuthHelper.doLogout(request, user);
try {
request.logout();
} catch (Throwable t) {
}
}
SessionHelper.newSession(request);
return null;
}
}
use of org.structr.core.entity.Principal in project structr by structr.
the class SessionHelper method clearSession.
/**
* Make sure the given sessionId is not set for any user.
*
* @param sessionId
*/
public static synchronized void clearSession(final String sessionId) {
final App app = StructrApp.getInstance();
final PropertyKey<String[]> sessionIdKey = StructrApp.key(Principal.class, "sessionIds");
final Query<Principal> query = app.nodeQuery(Principal.class).and(sessionIdKey, new String[] { sessionId }).disableSorting();
try {
List<Principal> principals = query.getAsList();
for (final Principal p : principals) {
p.removeSessionId(sessionId);
}
} catch (FrameworkException fex) {
logger.warn("Error while removing sessionId " + sessionId + " from all principals", fex);
}
}
use of org.structr.core.entity.Principal in project structr by structr.
the class DeploymentTest method test22TemplateOwnershipAndGrants.
@Test
public void test22TemplateOwnershipAndGrants() {
Principal user1 = null;
Principal user2 = null;
try (final Tx tx = app.tx()) {
user1 = createTestNode(User.class, new NodeAttribute<>(AbstractNode.name, "user1"));
user2 = createTestNode(User.class, new NodeAttribute<>(AbstractNode.name, "user2"));
tx.success();
} catch (FrameworkException ex) {
fail("Unexpected exception.");
}
Assert.assertNotNull("User was not created, test cannot continue", user1);
Assert.assertNotNull("User was not created, test cannot continue", user2);
// setup
try (final Tx tx = app.tx()) {
// create first page
final Page page1 = Page.createNewPage(securityContext, "test22_1");
final Html html1 = createElement(page1, page1, "html");
final Head head1 = createElement(page1, html1, "head");
createElement(page1, head1, "title", "test22_1");
final Body body1 = createElement(page1, html1, "body");
final Div div1 = createElement(page1, body1, "div");
createElement(page1, div1, "div", "test1");
createElement(page1, div1, "div", "test1");
final Div component = createComponent(div1);
// create second page
final Page page2 = Page.createNewPage(securityContext, "test22_2");
final Html html2 = createElement(page2, page2, "html");
final Head head2 = createElement(page2, html2, "head");
createElement(page2, head2, "title", "test22_2");
final Body body2 = createElement(page2, html2, "body");
final Div div2 = createElement(page2, body2, "div");
// re-use template from above
final Div cloned = cloneComponent(component, div2);
component.grant(Permission.read, user1);
cloned.grant(Permission.read, user2);
tx.success();
} catch (FrameworkException fex) {
fail("Unexpected exception.");
}
// test
doImportExportRoundtrip(true, true, new Function() {
@Override
public Object apply(Object t) {
try (final Tx tx = app.tx()) {
createTestNode(User.class, new NodeAttribute<>(AbstractNode.name, "user1"));
createTestNode(User.class, new NodeAttribute<>(AbstractNode.name, "user2"));
tx.success();
} catch (FrameworkException ex) {
fail("Unexpected exception.");
}
return null;
}
});
}
Aggregations