IWSlideAuthenticator.java example

Explorer

com.idega.slide-master
- src
  - java
    - com
      - idega
        slide
        IWBundleStarter.java
        SlideConstants.java
        authentication
        AuthenticationBusiness.java
        AuthenticationBusinessBean.java
        AuthenticationBusinessHome.java
        AuthenticationBusinessHomeImpl.java
        IWSlideAuthenticatedRequest.java
        IWSlideAuthenticator.java
        bean
        SlideAction.java
        WorkerInfo.java
        business
        DeleteWorker.java
        FileSystemCopyService.java
        FileSystemCopyServiceBean.java
        FileSystemCopyServiceHome.java
        FileSystemCopyServiceHomeImpl.java
        IWContentEvent.java
        IWSimpleSlideService.java
        IWSimpleSlideServiceImp.java
        IWSlideChangeListener.java
        IWSlideChangeTrigger.java
        IWSlideResourceBundle.java
        IWSlideService.java
        IWSlideServiceBean.java
        IWSlideServiceHome.java
        IWSlideServiceHomeImpl.java
        IWSlideSession.java
        IWSlideSessionBean.java
        IWSlideSessionHome.java
        IWSlideSessionHomeImpl.java
        RepositoryWorker.java
        ResourceHelper.java
        SlideFileSessionBean.java
        SlideFileSystem.java
        SlideFileSystemBean.java
        SlideFileSystemHome.java
        SlideFileSystemHomeImpl.java
        UploadWorker.java
        data
        SlideFile.java
        SlideFileBMPBean.java
        SlideFileHome.java
        SlideFileHomeImpl.java
        event
        IWSlideChangeEventClient.java
        extractor
        ConstantExtractor.java
        ImagePropertyExtractor.java
        jcr
        IteratorHelper.java
        RepositoryTest.java
        SlideContentNode.java
        SlideContentProperty.java
        SlideContentPropertyValue.java
        SlideCredentials.java
        SlideJCRChangeTrigger.java
        SlideJCREvent.java
        SlideNode.java
        SlideNodeType.java
        SlideObservationManager.java
        SlideProperty.java
        SlidePropertyValue.java
        SlideQuery.java
        SlideQueryManager.java
        SlideQueryResult.java
        SlideRepository.java
        SlideSession.java
        SlideTransientProperty.java
        SlideTransientPropertyValue.java
        SlideVersion.java
        SlideVersionHistory.java
        SlideWorkspace.java
        presentation
        IWSlidePropertyHandler.java
        schema
        BindingSchema.java
        BranchSchema.java
        LabelSchema.java
        LinksSchema.java
        LocksSchema.java
        ObjectSchema.java
        ParentBindingSchema.java
        PermissionsSchema.java
        PropertiesSchema.java
        SlidePrimaryKey.java
        SlideSchema.java
        SlideSchemaColumn.java
        SlideSchemaCreator.java
        SlideUniqueKey.java
        UriSchema.java
        VersionContentSchema.java
        VersionHistorySchema.java
        VersionLabelsSchema.java
        VersionPredsSchema.java
        VersionSchema.java
        store
        AbstractSlideStore.java
        IWSlideJDBCStore.java
        IWSlideStore.java
        SlideFileURIHandler.java
        test
        SlideTests.java
        util
        AccessControlEntry.java
        AccessControlList.java
        AcessControlEntryComparator.java
        DirtyUnloader.java
        IWSlideConstants.java
        LocalAclProperty.java
        LocalProperty.java
        LocalResponse.java
        PropertyParser.java
        VersionHelper.java
        WebdavExtendedResource.java
        WebdavLocalResource.java
        WebdavLocalResources.java
        WebdavOutputStream.java
        WebdavResourceVersion.java
        WebdavRootResource.java
        webdavservlet
        DomainConfig.java
        DomainTestConfig.java
        WebdavExtendedServlet.java
    - org
      - apache
        slide
        common
        SlideCommonUtil.java
        extractor
        IWOfficeExtractor.java
        store
        impl
        rdbms
        DerbyRDBMSAdapter.java
        H2RDBMSAdapter.java
        HsqlRDBMSAdapter.java

/*
 * $Id: IWSlideAuthenticator.java,v 1.29 2009/01/28 16:05:38 eiki Exp $
 * Created on 8.12.2004
 *
 * Copyright (C) 2004 Idega Software hf. All Rights Reserved.
 *
 * This software is the proprietary information of Idega hf.
 * Use is subject to license terms.
 */
package com.idega.slide.authentication;

import java.io.IOException;
import java.rmi.RemoteException;
import java.util.Collections;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.httpclient.HttpException;
import org.apache.slide.webdav.util.WebdavUtils;

import com.idega.business.IBOLookup;
import com.idega.business.IBOLookupException;
import com.idega.core.accesscontrol.business.LoggedOnInfo;
import com.idega.core.accesscontrol.business.LoginBusinessBean;
import com.idega.core.accesscontrol.business.LoginSession;
import com.idega.idegaweb.IWApplicationContext;
import com.idega.idegaweb.IWMainApplication;
import com.idega.idegaweb.IWMainSlideStartedEvent;
import com.idega.presentation.IWContext;
import com.idega.servlet.filter.BaseFilter;
import com.idega.slide.business.IWSlideService;
import com.idega.slide.business.IWSlideSession;
import com.idega.slide.util.AccessControlList;
import com.idega.util.CoreConstants;
import com.idega.util.expression.ELUtil;


/**
 * <p>
 * This filter is mapped before any request to the Slide WebdavServlet to make sure
 * a logged in user from idegaWeb is logged also into the Slide authentication system.
 * </p>
 *  Last modified: $Date: 2009/01/28 16:05:38 $ by $Author: eiki $
 *
 * @author <a href="mailto:gummi@idega.com">Gudmundur Agust Saemundsson</a>
 * @version $Revision: 1.29 $
 */
public class IWSlideAuthenticator extends BaseFilter{

	private static final String SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME = "org.apache.slide.webdav.method.principal";

	private static final String PROPERTY_ENABLED = "slide.authenticator.enable";
	private static final String PROPERTY_UPDATE_ROLES = "slide.updateroles.enable";

	private LoginBusinessBean loginBusiness = new LoginBusinessBean();

	private boolean defaultPermissionsApplied = false;

	/* (non-Javadoc)
	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
	 */
	@Override
	public void init(FilterConfig arg0) throws ServletException {}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException{
		HttpServletRequest hRequest = (HttpServletRequest)request;
		HttpSession session = hRequest.getSession(Boolean.FALSE);

		boolean isEnabled = isEnabled(hRequest);
		if (isEnabled) {
			doAuthentication(request,response,chain);

			if (!defaultPermissionsApplied) {
				defaultPermissionsApplied = true;
				defaultPermissionsApplied = applyDefaultPermissionsToRepository(session);

				//fire slide started action
				IWMainApplication iwma = IWMainApplication.getIWMainApplication(hRequest);
				ELUtil.getInstance().publishEvent(new IWMainSlideStartedEvent(iwma));
			}
		}
		else {
			chain.doFilter(request,response);
		}
	}

	private boolean applyDefaultPermissionsToRepository(HttpSession session) {
		try {
			IWSlideService slideService = IBOLookup.getServiceInstance(IWMainApplication.getDefaultIWApplicationContext(), IWSlideService.class);
			slideService.createAllFoldersInPathAsRoot(CoreConstants.CONTENT_PATH);
			AccessControlList aclCMS = slideService.getAccessControlList(CoreConstants.CONTENT_PATH);
			AccessControlList aclPublic = slideService.getAccessControlList(CoreConstants.PUBLIC_PATH);
			aclCMS = slideService.getAuthenticationBusiness().applyDefaultPermissionsToRepository(aclCMS);
			aclPublic = slideService.getAuthenticationBusiness().applyDefaultPermissionsToRepository(aclPublic);
			slideService.storeAccessControlList(aclCMS);
			slideService.storeAccessControlList(aclPublic);
		} catch(Exception e) {
			e.printStackTrace();
			return false;
		}
		return true;
	}

	/**
	 * <p>
	 * TODO tryggvil describe method isEnabled
	 * </p>
	 * @return
	 */
	private boolean isEnabled(HttpServletRequest request) {

		IWMainApplication iwma = getIWMainApplication(request);

		String prop = iwma.getSettings().getProperty(PROPERTY_ENABLED);
		if(prop==null){
			return true;
		}
		else{
			return Boolean.valueOf(prop).booleanValue();
		}
	}


	/* (non-Javadoc)
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
	public void doAuthentication(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {

		HttpServletRequest request = (HttpServletRequest)arg0;
		HttpServletResponse response = (HttpServletResponse)arg1;
		HttpSession session = request.getSession();
		LoginBusinessBean loginBusiness = getLoginBusiness(request);

		try{
			if (loginBusiness.isLoggedOn(request)) {
				LoggedOnInfo lInfo = loginBusiness.getLoggedOnInfo(session);
				if (lInfo == null) {
					setAsUnauthenticatedInSlide(session);
				} else {
					request = setAsAuthenticatedInSlide(request,lInfo.getLogin(),lInfo);
				}
			} else {
				String[] loginAndPassword = loginBusiness.getLoginNameAndPasswordFromBasicAuthenticationRequest(request);
				String loggedInUser = getUserAuthenticatedBySlide(session);
				if(loginAndPassword != null){
					String username = loginAndPassword[0];
					String password = loginAndPassword[1];
					LoggedOnInfo lInfo = loginBusiness.getLoggedOnInfo(session,username);
					if(loggedInUser==null){
						if(isAuthenticated(request,lInfo,username,password)){
							request = setAsAuthenticatedInSlide(request,username,lInfo);
						} else {
							setAsUnauthenticatedInSlide(session);
						}
					} else if(!username.equals(loggedInUser)){
						if(isAuthenticated(request,lInfo,username,password)){
							request = setAsAuthenticatedInSlide(request,username,lInfo);
						} else {
							setAsUnauthenticatedInSlide(session);
						}
					}

				} else if(loggedInUser!=null){
						setAsUnauthenticatedInSlide(session);
				}
			}
		}
		catch (HttpException e) {
			e.printStackTrace();
			response.sendError(e.getReasonCode(),e.getReason());
			return;
		}

		// the slide token is set so that business methods can get it from IWSlideSession.
		// The WebdavUtils#getSlideToken(request) can be expensive since it copies pointers to all attributes from session to the token.
		// This is used e.g. to check for permissions(i.e. to calculate permissions using the ACLSecurityImpl)
		IWSlideSession slideSession = IBOLookup.getSessionInstance(session,IWSlideSession.class);
		slideSession.setSlideToken(WebdavUtils.getSlideToken(request));

		arg2.doFilter(request,response);

		//2005.05.27 - Gummi
		//Workaround to ensure that the response is fully flushed.
		//Needed because of troubles with jakarta-slide.
		//iwc.getWriter().flush();
	}

	/**
	 * @param iwc
	 * @return
	 */
	private String getUserAuthenticatedBySlide(HttpSession session) {
		return (String)session.getAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME);
	}

	/**
	 * @param session
	 * @throws IBOLookupException
	 */
	private void setAsUnauthenticatedInSlide(HttpSession session) throws IBOLookupException {
		session.removeAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME);
	}

	private HttpServletRequest setAsAuthenticatedInSlide(HttpServletRequest request,String loginName, LoggedOnInfo lInfo) throws HttpException, RemoteException, IOException{
		String slidePrincipal = loginName;
		//HttpServletRequest returnRequest = request;
		HttpSession session = request.getSession();
		LoginBusinessBean loginBusiness = getLoginBusiness(request);
		if(loginBusiness.isLoggedOn(request)){
			LoginSession loginSession = ELUtil.getInstance().getBean(LoginSession.class);
			if(loginSession.isSuperAdmin()){
				String rootUserName = getAuthenticationBusiness(request).getRootUserCredentials().getUserName();
				//iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),rootUserName,Collections.singleton(rootUserName)));
				request = new IWSlideAuthenticatedRequest(request,rootUserName,Collections.singleton(rootUserName));
				slidePrincipal=rootUserName;
			} else {
				if(request.getUserPrincipal()==null && lInfo != null){
				//if(iwc.getUserPrincipal()==null && lInfo != null){
					//iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),loginName,lInfo.getUserRoles()));
					request = new IWSlideAuthenticatedRequest(request,loginName,lInfo.getUserRoles());
				}
				updateRolesForUser(request, lInfo);
			}
		} else {
			String rootUserName = getAuthenticationBusiness(request).getRootUserCredentials().getUserName();
			if(loginName.equals(rootUserName)){
				//iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),loginName,Collections.singleton(rootUserName)));
				request = new IWSlideAuthenticatedRequest(request,rootUserName,Collections.singleton(rootUserName));
			} else {
				//iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),loginName,lInfo.getUserRoles()));
				request = new IWSlideAuthenticatedRequest(request,loginName,lInfo.getUserRoles());
				updateRolesForUser(request,lInfo);
			}
		}
		//iwc.setSessionAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME,slidePrincipal);
		session.setAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME,slidePrincipal);
		return request;
	}

	/**
	 * @param lInfo
	 * @throws IOException
	 * @throws RemoteException
	 * @throws HttpException
	 */
	private void updateRolesForUser(HttpServletRequest request, LoggedOnInfo lInfo) throws HttpException, RemoteException, IOException {
		IWMainApplication iwma = getIWMainApplication(request);
		boolean doUpdateRoles = iwma.getSettings().getBoolean(PROPERTY_UPDATE_ROLES, Boolean.TRUE);
		if (doUpdateRoles && lInfo != null && lInfo.getAttribute("iw_slide_roles_updated") == null) {
			//	Folders for user always should be generated -> Moved inside if statement, causing huge overhead on servers with multiple accounts...
			generateUserFolders(request);

			AuthenticationBusiness business = getAuthenticationBusiness(request);
			business.updateRoleMembershipForUser(lInfo.getLogin(), lInfo.getUserRoles(), null);
			lInfo.setAttribute("iw_slide_roles_updated", Boolean.TRUE);
		}
	}

	private void generateUserFolders(HttpServletRequest request) throws HttpException, RemoteException, IOException{
		IWApplicationContext iwac = getIWMainApplication(request).getIWApplicationContext();
		IWSlideService slideService = IBOLookup.getServiceInstance(iwac, IWSlideService.class);
		slideService.generateUserFolders(request.getRemoteUser());
	}

	private boolean isAuthenticated(HttpServletRequest request, LoggedOnInfo info, String login, String password) throws IBOLookupException, RemoteException{
		LoginBusinessBean loginBusiness = getLoginBusiness(request);
		if(loginBusiness.isLoggedOn(request)){
			return true;
		} else {
			if(getAuthenticationBusiness(request).isRootUser(request)){
				return true;
			}
			if(info != null){
				String slidePassword = (String)info.getAttribute("iw_slide_password");
				if(slidePassword!=null){
					return slidePassword.equals(password);
				}
			}
		}
		return false;
	}

	protected LoginBusinessBean getLoginBusiness(IWContext iwc){
		return this.loginBusiness;
	}

	protected AuthenticationBusiness getAuthenticationBusiness(HttpServletRequest request) throws IBOLookupException {
		IWApplicationContext iwac = getIWMainApplication(request).getIWApplicationContext();
		return IBOLookup.getServiceInstance(iwac,AuthenticationBusiness.class);
	}

	/* (non-Javadoc)
	 * @see javax.servlet.Filter#destroy()
	 */
	@Override
	public void destroy() {
	}

}