/*
*
* Copyright 2013 Entando S.r.l. (http://www.entando.com) All rights reserved.
*
* This file is part of Entando software.
* Entando is a free software;
* You can redistribute it and/or modify it
* under the terms of the GNU General Public License (GPL) as published by the Free Software Foundation; version 2.
*
* See the file License for the specific language governing permissions
* and limitations under the License
*
*
*
* Copyright 2013 Entando S.r.l. (http://www.entando.com) All rights reserved.
*
*/
package com.agiletec.plugins.jpcasclient.aps.system.services.controller.control;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import com.agiletec.aps.system.ApsSystemUtils;
import com.agiletec.aps.system.RequestContext;
import com.agiletec.aps.system.SystemConstants;
import com.agiletec.aps.system.services.controller.ControllerManager;
import com.agiletec.aps.system.services.controller.control.AbstractControlService;
import com.agiletec.aps.system.services.user.AbstractUser;
import com.agiletec.aps.system.services.user.IUserManager;
import com.agiletec.aps.system.services.user.User;
import com.agiletec.aps.system.services.user.UserDetails;
import com.agiletec.plugins.jpcasclient.CasClientPluginSystemCostants;
import com.agiletec.plugins.jpcasclient.aps.system.common.AuthCommon;
import com.agiletec.plugins.jpcasclient.aps.system.services.user.CasAuthProviderManager;
import java.util.Date;
/**
* Extension of authentication service for managing CAS protocol
*
* @author G.Cocco
* */
public class CasClientAuthenticatorControlService extends AbstractControlService {
@Override
public void afterPropertiesSet() throws Exception {
this._log.debug(this.getClass().getName() + ": initialized");
}
/**
* Execution.
*
* The service method execute the following operations (int the order indicated):
*
* 1) if in session there's the SAML assertion of CAS it is used for extract
* principal information and load matching user in the session.
*
* 2) if in the request there are parameters user and password the are used
* to try to load the matching user; if user is not null it is loaded into the session
*
* 3) if there is not a user into the session the guest user is loaded into
* the session.
*
* @param reqCtx the request context
* @param status the status returned by the preceding service
* @return the resulting status
*/
@Override
public int service(RequestContext reqCtx, int status) {
String name = null;
this._log.trace("Invoked " + this.getClass().getName());
int retStatus = ControllerManager.INVALID_STATUS;
if (status == ControllerManager.ERROR) {
return status;
}
try {
HttpServletRequest req = reqCtx.getRequest();
//Punto 1
Assertion assertion = (Assertion) req.getSession().getAttribute(CasClientPluginSystemCostants.JPCASCLIENT_CONST_CAS_ASSERTION);
this._log.trace(" Assertion " + assertion);
if (null != assertion) {
AttributePrincipal attributePrincipal = assertion.getPrincipal();
name = attributePrincipal.getName();
this._log.trace(" Princ " + attributePrincipal);
this._log.trace(" Princ - Name " + attributePrincipal.getName());
}
this._log.trace("jpcasclient: request From User with Principal [CAS tiket validation]: " + name + " - info: AuthType " + req.getAuthType() + " " + req.getProtocol() + " " + req.getRemoteAddr() + " " + req.getRemoteHost());
HttpSession session = req.getSession();
if (null != name) {
String username = name;
if (getAuthCommon().hasRealmDomainInformation(name)) {
username = getAuthCommon().getUsernameFromPrincipal(name);
}
this._log.trace("Request From User with Username: " + username + " - info: AuthType " + req.getAuthType() + " " + req.getProtocol() + " " + req.getRemoteAddr() + " " + req.getRemoteHost());
if (username != null) {
this._log.trace("jpcasclient: user is " + username);
UserDetails userOnSession = (UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
if (userOnSession == null || (userOnSession != null && !username.equals(userOnSession.getUsername()))) {
UserDetails user = this.getAuthenticationProvider().getUser(username);
if (user != null) {
if (!user.isAccountNotExpired()) {
req.setAttribute("accountExpired", new Boolean(true));
} else {
if (userOnSession != null && !userOnSession.getUsername().equals(SystemConstants.GUEST_USER_NAME)) {
((AbstractUser) user).setPassword(userOnSession.getPassword());
}
session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
this._log.trace("jpcasclient: new user: " + user.getUsername());
}
} else {
// req.setAttribute("wrongAccountCredential", new Boolean(true));
/* create user on the fly */
user = new User();
((User) user).setUsername(username);
((User) user).setPassword(CasClientPluginSystemCostants.JPCAS_RUNTIME_USER);
((User) user).setLastAccess(new Date());
/* put in the session */
session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
this._log.trace("jpcasclient: new user created on the fly: " + user.getUsername());
}
}
}
}
//Punto 2
String userName = req.getParameter("username");
String password = req.getParameter("password");
if (userName != null && password != null) {
_log.trace("user " + userName + " - password ******** ");
UserDetails user = this.getAuthenticationProvider().getUser(userName, password);
if (user != null) {
if (!user.isAccountNotExpired()) {
req.setAttribute("accountExpired", new Boolean(true));
} else {
session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
_log.trace("Nuovo User: " + user.getUsername());
}
} else {
req.setAttribute("wrongAccountCredential", new Boolean(true));
}
}
//Punto 3
if (session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER) == null) {
UserDetails guestUser = this.getUserManager().getGuestUser();
session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, guestUser);
}
retStatus = ControllerManager.CONTINUE;
} catch (Throwable t) {
ApsSystemUtils.logThrowable(t, this, "service", "Error in processing the request");
retStatus = ControllerManager.ERROR;
}
return retStatus;
}
protected IUserManager getUserManager() {
return _userManager;
}
public void setUserManager(IUserManager userManager) {
this._userManager = userManager;
}
public void setAuthenticationProvider(CasAuthProviderManager authenticationProvider) {
this._authenticationProvider = authenticationProvider;
}
public CasAuthProviderManager getAuthenticationProvider() {
return _authenticationProvider;
}
public void setAuthCommon(AuthCommon kerbAuthCommon) {
this._authCommon = kerbAuthCommon;
}
public AuthCommon getAuthCommon() {
return _authCommon;
}
private AuthCommon _authCommon;
private CasAuthProviderManager _authenticationProvider;
private IUserManager _userManager;
}