com.idega.slide.authentication.IWSlideAuthenticator.java Source code

Java tutorial

Introduction

Here is the source code for com.idega.slide.authentication.IWSlideAuthenticator.java

Source

/*
 * $Id: IWSlideAuthenticator.java,v 1.29 2009/01/28 16:05:38 eiki Exp $
 * Created on 8.12.2004
 *
 * Copyright (C) 2004 Idega Software hf. All Rights Reserved.
 *
 * This software is the proprietary information of Idega hf.
 * Use is subject to license terms.
 */
package com.idega.slide.authentication;

import java.io.IOException;
import java.rmi.RemoteException;
import java.util.Collections;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.httpclient.HttpException;
import org.apache.slide.webdav.util.WebdavUtils;

import com.idega.business.IBOLookup;
import com.idega.business.IBOLookupException;
import com.idega.core.accesscontrol.business.LoggedOnInfo;
import com.idega.core.accesscontrol.business.LoginBusinessBean;
import com.idega.core.accesscontrol.business.LoginSession;
import com.idega.idegaweb.IWApplicationContext;
import com.idega.idegaweb.IWMainApplication;
import com.idega.idegaweb.IWMainSlideStartedEvent;
import com.idega.presentation.IWContext;
import com.idega.servlet.filter.BaseFilter;
import com.idega.slide.business.IWSlideService;
import com.idega.slide.business.IWSlideSession;
import com.idega.slide.util.AccessControlList;
import com.idega.util.CoreConstants;
import com.idega.util.expression.ELUtil;

/**
 * <p>
 * This filter is mapped before any request to the Slide WebdavServlet to make sure
 * a logged in user from idegaWeb is logged also into the Slide authentication system.
 * </p>
 *  Last modified: $Date: 2009/01/28 16:05:38 $ by $Author: eiki $
 *
 * @author <a href="mailto:gummi@idega.com">Gudmundur Agust Saemundsson</a>
 * @version $Revision: 1.29 $
 */
public class IWSlideAuthenticator extends BaseFilter {

    private static final String SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME = "org.apache.slide.webdav.method.principal";

    private static final String PROPERTY_ENABLED = "slide.authenticator.enable";
    private static final String PROPERTY_UPDATE_ROLES = "slide.updateroles.enable";

    private LoginBusinessBean loginBusiness = new LoginBusinessBean();

    private boolean defaultPermissionsApplied = false;

    /* (non-Javadoc)
     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
     */
    @Override
    public void init(FilterConfig arg0) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest hRequest = (HttpServletRequest) request;
        HttpSession session = hRequest.getSession(Boolean.FALSE);

        boolean isEnabled = isEnabled(hRequest);
        if (isEnabled) {
            doAuthentication(request, response, chain);

            if (!defaultPermissionsApplied) {
                defaultPermissionsApplied = true;
                defaultPermissionsApplied = applyDefaultPermissionsToRepository(session);

                //fire slide started action
                IWMainApplication iwma = IWMainApplication.getIWMainApplication(hRequest);
                ELUtil.getInstance().publishEvent(new IWMainSlideStartedEvent(iwma));
            }
        } else {
            chain.doFilter(request, response);
        }
    }

    private boolean applyDefaultPermissionsToRepository(HttpSession session) {
        try {
            IWSlideService slideService = IBOLookup
                    .getServiceInstance(IWMainApplication.getDefaultIWApplicationContext(), IWSlideService.class);
            slideService.createAllFoldersInPathAsRoot(CoreConstants.CONTENT_PATH);
            AccessControlList aclCMS = slideService.getAccessControlList(CoreConstants.CONTENT_PATH);
            AccessControlList aclPublic = slideService.getAccessControlList(CoreConstants.PUBLIC_PATH);
            aclCMS = slideService.getAuthenticationBusiness().applyDefaultPermissionsToRepository(aclCMS);
            aclPublic = slideService.getAuthenticationBusiness().applyDefaultPermissionsToRepository(aclPublic);
            slideService.storeAccessControlList(aclCMS);
            slideService.storeAccessControlList(aclPublic);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
        return true;
    }

    /**
     * <p>
     * TODO tryggvil describe method isEnabled
     * </p>
     * @return
     */
    private boolean isEnabled(HttpServletRequest request) {

        IWMainApplication iwma = getIWMainApplication(request);

        String prop = iwma.getSettings().getProperty(PROPERTY_ENABLED);
        if (prop == null) {
            return true;
        } else {
            return Boolean.valueOf(prop).booleanValue();
        }
    }

    /* (non-Javadoc)
     * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
     */
    public void doAuthentication(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
            throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) arg0;
        HttpServletResponse response = (HttpServletResponse) arg1;
        HttpSession session = request.getSession();
        LoginBusinessBean loginBusiness = getLoginBusiness(request);

        try {
            if (loginBusiness.isLoggedOn(request)) {
                LoggedOnInfo lInfo = loginBusiness.getLoggedOnInfo(session);
                if (lInfo == null) {
                    setAsUnauthenticatedInSlide(session);
                } else {
                    request = setAsAuthenticatedInSlide(request, lInfo.getLogin(), lInfo);
                }
            } else {
                String[] loginAndPassword = loginBusiness
                        .getLoginNameAndPasswordFromBasicAuthenticationRequest(request);
                String loggedInUser = getUserAuthenticatedBySlide(session);
                if (loginAndPassword != null) {
                    String username = loginAndPassword[0];
                    String password = loginAndPassword[1];
                    LoggedOnInfo lInfo = loginBusiness.getLoggedOnInfo(session, username);
                    if (loggedInUser == null) {
                        if (isAuthenticated(request, lInfo, username, password)) {
                            request = setAsAuthenticatedInSlide(request, username, lInfo);
                        } else {
                            setAsUnauthenticatedInSlide(session);
                        }
                    } else if (!username.equals(loggedInUser)) {
                        if (isAuthenticated(request, lInfo, username, password)) {
                            request = setAsAuthenticatedInSlide(request, username, lInfo);
                        } else {
                            setAsUnauthenticatedInSlide(session);
                        }
                    }

                } else if (loggedInUser != null) {
                    setAsUnauthenticatedInSlide(session);
                }
            }
        } catch (HttpException e) {
            e.printStackTrace();
            response.sendError(e.getReasonCode(), e.getReason());
            return;
        }

        // the slide token is set so that business methods can get it from IWSlideSession.
        // The WebdavUtils#getSlideToken(request) can be expensive since it copies pointers to all attributes from session to the token.
        // This is used e.g. to check for permissions(i.e. to calculate permissions using the ACLSecurityImpl)
        IWSlideSession slideSession = IBOLookup.getSessionInstance(session, IWSlideSession.class);
        slideSession.setSlideToken(WebdavUtils.getSlideToken(request));

        arg2.doFilter(request, response);

        //2005.05.27 - Gummi
        //Workaround to ensure that the response is fully flushed.
        //Needed because of troubles with jakarta-slide.
        //iwc.getWriter().flush();
    }

    /**
     * @param iwc
     * @return
     */
    private String getUserAuthenticatedBySlide(HttpSession session) {
        return (String) session.getAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME);
    }

    /**
     * @param session
     * @throws IBOLookupException
     */
    private void setAsUnauthenticatedInSlide(HttpSession session) throws IBOLookupException {
        session.removeAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME);
    }

    private HttpServletRequest setAsAuthenticatedInSlide(HttpServletRequest request, String loginName,
            LoggedOnInfo lInfo) throws HttpException, RemoteException, IOException {
        String slidePrincipal = loginName;
        //HttpServletRequest returnRequest = request;
        HttpSession session = request.getSession();
        LoginBusinessBean loginBusiness = getLoginBusiness(request);
        if (loginBusiness.isLoggedOn(request)) {
            LoginSession loginSession = ELUtil.getInstance().getBean(LoginSession.class);
            if (loginSession.isSuperAdmin()) {
                String rootUserName = getAuthenticationBusiness(request).getRootUserCredentials().getUserName();
                //iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),rootUserName,Collections.singleton(rootUserName)));
                request = new IWSlideAuthenticatedRequest(request, rootUserName,
                        Collections.singleton(rootUserName));
                slidePrincipal = rootUserName;
            } else {
                if (request.getUserPrincipal() == null && lInfo != null) {
                    //if(iwc.getUserPrincipal()==null && lInfo != null){
                    //iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),loginName,lInfo.getUserRoles()));
                    request = new IWSlideAuthenticatedRequest(request, loginName, lInfo.getUserRoles());
                }
                updateRolesForUser(request, lInfo);
            }
        } else {
            String rootUserName = getAuthenticationBusiness(request).getRootUserCredentials().getUserName();
            if (loginName.equals(rootUserName)) {
                //iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),loginName,Collections.singleton(rootUserName)));
                request = new IWSlideAuthenticatedRequest(request, rootUserName,
                        Collections.singleton(rootUserName));
            } else {
                //iwc.setRequest(new IWSlideAuthenticatedRequest(iwc.getRequest(),loginName,lInfo.getUserRoles()));
                request = new IWSlideAuthenticatedRequest(request, loginName, lInfo.getUserRoles());
                updateRolesForUser(request, lInfo);
            }
        }
        //iwc.setSessionAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME,slidePrincipal);
        session.setAttribute(SLIDE_USER_PRINCIPAL_ATTRIBUTE_NAME, slidePrincipal);
        return request;
    }

    /**
     * @param lInfo
     * @throws IOException
     * @throws RemoteException
     * @throws HttpException
     */
    private void updateRolesForUser(HttpServletRequest request, LoggedOnInfo lInfo)
            throws HttpException, RemoteException, IOException {
        IWMainApplication iwma = getIWMainApplication(request);
        boolean doUpdateRoles = iwma.getSettings().getBoolean(PROPERTY_UPDATE_ROLES, Boolean.TRUE);
        if (doUpdateRoles && lInfo != null && lInfo.getAttribute("iw_slide_roles_updated") == null) {
            //   Folders for user always should be generated -> Moved inside if statement, causing huge overhead on servers with multiple accounts...
            generateUserFolders(request);

            AuthenticationBusiness business = getAuthenticationBusiness(request);
            business.updateRoleMembershipForUser(lInfo.getLogin(), lInfo.getUserRoles(), null);
            lInfo.setAttribute("iw_slide_roles_updated", Boolean.TRUE);
        }
    }

    private void generateUserFolders(HttpServletRequest request)
            throws HttpException, RemoteException, IOException {
        IWApplicationContext iwac = getIWMainApplication(request).getIWApplicationContext();
        IWSlideService slideService = IBOLookup.getServiceInstance(iwac, IWSlideService.class);
        slideService.generateUserFolders(request.getRemoteUser());
    }

    private boolean isAuthenticated(HttpServletRequest request, LoggedOnInfo info, String login, String password)
            throws IBOLookupException, RemoteException {
        LoginBusinessBean loginBusiness = getLoginBusiness(request);
        if (loginBusiness.isLoggedOn(request)) {
            return true;
        } else {
            if (getAuthenticationBusiness(request).isRootUser(request)) {
                return true;
            }
            if (info != null) {
                String slidePassword = (String) info.getAttribute("iw_slide_password");
                if (slidePassword != null) {
                    return slidePassword.equals(password);
                }
            }
        }
        return false;
    }

    protected LoginBusinessBean getLoginBusiness(IWContext iwc) {
        return this.loginBusiness;
    }

    protected AuthenticationBusiness getAuthenticationBusiness(HttpServletRequest request)
            throws IBOLookupException {
        IWApplicationContext iwac = getIWMainApplication(request).getIWApplicationContext();
        return IBOLookup.getServiceInstance(iwac, AuthenticationBusiness.class);
    }

    /* (non-Javadoc)
     * @see javax.servlet.Filter#destroy()
     */
    @Override
    public void destroy() {
    }

}