/* * * Copyright 2013 Entando S.r.l. (http://www.entando.com) All rights reserved. * * This file is part of Entando software. * Entando is a free software; * You can redistribute it and/or modify it * under the terms of the GNU General Public License (GPL) as published by the Free Software Foundation; version 2. * * See the file License for the specific language governing permissions * and limitations under the License * * * * Copyright 2013 Entando S.r.l. (http://www.entando.com) All rights reserved. * */ package com.agiletec.plugins.jpcasclient.aps.system.services.controller.control; import java.util.logging.Level; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.jasig.cas.client.authentication.AttributePrincipal; import org.jasig.cas.client.validation.Assertion; import com.agiletec.aps.system.ApsSystemUtils; import com.agiletec.aps.system.RequestContext; import com.agiletec.aps.system.SystemConstants; import com.agiletec.aps.system.services.controller.ControllerManager; import com.agiletec.aps.system.services.controller.control.AbstractControlService; import com.agiletec.aps.system.services.user.AbstractUser; import com.agiletec.aps.system.services.user.IUserManager; import com.agiletec.aps.system.services.user.User; import com.agiletec.aps.system.services.user.UserDetails; import com.agiletec.plugins.jpcasclient.CasClientPluginSystemCostants; import com.agiletec.plugins.jpcasclient.aps.system.common.AuthCommon; import com.agiletec.plugins.jpcasclient.aps.system.services.user.CasAuthProviderManager; import java.util.Date; /** * Extension of authentication service for managing CAS protocol * * @author G.Cocco * */ public class CasClientAuthenticatorControlService extends AbstractControlService { @Override public void afterPropertiesSet() throws Exception { this._log.debug(this.getClass().getName() + ": initialized"); } /** * Execution. * * The service method execute the following operations (int the order indicated): * * 1) if in session there's the SAML assertion of CAS it is used for extract * principal information and load matching user in the session. * * 2) if in the request there are parameters user and password the are used * to try to load the matching user; if user is not null it is loaded into the session * * 3) if there is not a user into the session the guest user is loaded into * the session. * * @param reqCtx the request context * @param status the status returned by the preceding service * @return the resulting status */ @Override public int service(RequestContext reqCtx, int status) { String name = null; this._log.trace("Invoked " + this.getClass().getName()); int retStatus = ControllerManager.INVALID_STATUS; if (status == ControllerManager.ERROR) { return status; } try { HttpServletRequest req = reqCtx.getRequest(); //Punto 1 Assertion assertion = (Assertion) req.getSession().getAttribute(CasClientPluginSystemCostants.JPCASCLIENT_CONST_CAS_ASSERTION); this._log.trace(" Assertion " + assertion); if (null != assertion) { AttributePrincipal attributePrincipal = assertion.getPrincipal(); name = attributePrincipal.getName(); this._log.trace(" Princ " + attributePrincipal); this._log.trace(" Princ - Name " + attributePrincipal.getName()); } this._log.trace("jpcasclient: request From User with Principal [CAS tiket validation]: " + name + " - info: AuthType " + req.getAuthType() + " " + req.getProtocol() + " " + req.getRemoteAddr() + " " + req.getRemoteHost()); HttpSession session = req.getSession(); if (null != name) { String username = name; if (getAuthCommon().hasRealmDomainInformation(name)) { username = getAuthCommon().getUsernameFromPrincipal(name); } this._log.trace("Request From User with Username: " + username + " - info: AuthType " + req.getAuthType() + " " + req.getProtocol() + " " + req.getRemoteAddr() + " " + req.getRemoteHost()); if (username != null) { this._log.trace("jpcasclient: user is " + username); UserDetails userOnSession = (UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER); if (userOnSession == null || (userOnSession != null && !username.equals(userOnSession.getUsername()))) { UserDetails user = this.getAuthenticationProvider().getUser(username); if (user != null) { if (!user.isAccountNotExpired()) { req.setAttribute("accountExpired", new Boolean(true)); } else { if (userOnSession != null && !userOnSession.getUsername().equals(SystemConstants.GUEST_USER_NAME)) { ((AbstractUser) user).setPassword(userOnSession.getPassword()); } session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user); this._log.trace("jpcasclient: new user: " + user.getUsername()); } } else { // req.setAttribute("wrongAccountCredential", new Boolean(true)); /* create user on the fly */ user = new User(); ((User) user).setUsername(username); ((User) user).setPassword(CasClientPluginSystemCostants.JPCAS_RUNTIME_USER); ((User) user).setLastAccess(new Date()); /* put in the session */ session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user); this._log.trace("jpcasclient: new user created on the fly: " + user.getUsername()); } } } } //Punto 2 String userName = req.getParameter("username"); String password = req.getParameter("password"); if (userName != null && password != null) { _log.trace("user " + userName + " - password ******** "); UserDetails user = this.getAuthenticationProvider().getUser(userName, password); if (user != null) { if (!user.isAccountNotExpired()) { req.setAttribute("accountExpired", new Boolean(true)); } else { session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user); _log.trace("Nuovo User: " + user.getUsername()); } } else { req.setAttribute("wrongAccountCredential", new Boolean(true)); } } //Punto 3 if (session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER) == null) { UserDetails guestUser = this.getUserManager().getGuestUser(); session.setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, guestUser); } retStatus = ControllerManager.CONTINUE; } catch (Throwable t) { ApsSystemUtils.logThrowable(t, this, "service", "Error in processing the request"); retStatus = ControllerManager.ERROR; } return retStatus; } protected IUserManager getUserManager() { return _userManager; } public void setUserManager(IUserManager userManager) { this._userManager = userManager; } public void setAuthenticationProvider(CasAuthProviderManager authenticationProvider) { this._authenticationProvider = authenticationProvider; } public CasAuthProviderManager getAuthenticationProvider() { return _authenticationProvider; } public void setAuthCommon(AuthCommon kerbAuthCommon) { this._authCommon = kerbAuthCommon; } public AuthCommon getAuthCommon() { return _authCommon; } private AuthCommon _authCommon; private CasAuthProviderManager _authenticationProvider; private IUserManager _userManager; }