Google Git
Sign in
apache / roller / 28e95fa6d156df29d3881f3ab0cb5a8a89533902 / . / app / src / main / java / org / apache / roller / weblogger / ui / core / security / CustomUserRegistry.java
blob: e36a97f8962cb47e96e0d3da939d4fcaddff68b2 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. The ASF licenses this file to You
* under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License. For additional information regarding
* copyright in this work, please see the NOTICE file in the top level
* directory of this distribution.
*/
package org.apache.roller.weblogger.ui.core.security;
import java.util.Locale;
import java.util.Set;
import java.util.TimeZone;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.servlet.http.HttpServletRequest;
import org.apache.roller.weblogger.config.AuthMethod;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.roller.weblogger.config.WebloggerConfig;
import org.apache.roller.weblogger.pojos.User;
/**
* @author Elias Torres (<a href="mailto:eliast@us.ibm.com">eliast@us.ibm.com</a>)
*
*/
public class CustomUserRegistry {
private static final Log LOG = LogFactory.getLog(CustomUserRegistry.class);
private static final String DEFAULT_SNAME_LDAP_ATTRIBUTE = "screenname";
private static final String DEFAULT_UID_LDAP_ATTRIBUTE = "uid";
private static final String DEFAULT_NAME_LDAP_ATTRIBUTE = "cn";
private static final String DEFAULT_EMAIL_LDAP_ATTRIBUTE = "mail";
private static final String DEFAULT_LOCALE_LDAP_ATTRIBUTE = "locale";
private static final String DEFAULT_TIMEZONE_LDAP_ATTRIBUTE = "timezone";
private static final String SNAME_LDAP_PROPERTY = "users.ldap.registry.attributes.screenname";
private static final String UID_LDAP_PROPERTY = "users.ldap.registry.attributes.uid";
private static final String NAME_LDAP_PROPERTY = "users.ldap.registry.attributes.name";
private static final String EMAIL_LDAP_PROPERTY = "users.ldap.registry.attributes.email";
private static final String LOCALE_LDAP_PROPERTY = "users.ldap.registry.attributes.locale";
private static final String TIMEZONE_LDAP_PROPERTY = "users.ldap.registry.attributes.timezone";
public static User getUserDetailsFromAuthentication(HttpServletRequest request) {
boolean usingLDAP = WebloggerConfig.getAuthMethod() == AuthMethod.LDAP;
if (!usingLDAP) {
LOG.info("LDAP is not enabled. Skipping CustomUserRegistry functionality.");
return null;
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
User ud = new User();
// setting default
ud.setId(null);
ud.setLocale(Locale.getDefault().toString());
ud.setTimeZone(TimeZone.getDefault().getID());
ud.setDateCreated(new java.util.Date());
String userName;
String unusedPassword;
String fullName = null;
String email = null;
String screenName = null;
String locale = null;
String timezone = null;
boolean enabled;
if(authentication == null) {
// Try to get SSO data from HttpServletRequest
userName = getRequestAttribute(request, WebloggerConfig.getProperty(UID_LDAP_PROPERTY, DEFAULT_UID_LDAP_ATTRIBUTE));
screenName = getRequestAttribute(request, WebloggerConfig.getProperty(SNAME_LDAP_PROPERTY, DEFAULT_SNAME_LDAP_ATTRIBUTE));
fullName = getRequestAttribute(request, WebloggerConfig.getProperty(NAME_LDAP_PROPERTY, DEFAULT_NAME_LDAP_ATTRIBUTE));
email = getRequestAttribute(request, WebloggerConfig.getProperty(EMAIL_LDAP_PROPERTY, DEFAULT_EMAIL_LDAP_ATTRIBUTE));
locale = getRequestAttribute(request, WebloggerConfig.getProperty(LOCALE_LDAP_PROPERTY, DEFAULT_LOCALE_LDAP_ATTRIBUTE));
timezone = getRequestAttribute(request, WebloggerConfig.getProperty(TIMEZONE_LDAP_PROPERTY, DEFAULT_TIMEZONE_LDAP_ATTRIBUTE));
if (userName == null && fullName == null && screenName == null &&
email == null && locale == null && timezone == null) {
LOG.warn("No Authentication found in SecurityContextHolder and HttpServletRequest.");
return null;
} else {
enabled = true;
}
} else {
Object oPrincipal = authentication.getPrincipal();
if(oPrincipal == null) {
LOG.warn("Principal is null. Skipping auto-registration.");
return null;
}
if (!(oPrincipal instanceof UserDetails)) {
LOG.warn("Unsupported Principal type in Authentication. Skipping auto-registration.");
LOG.warn("oPrincipal found of type " + oPrincipal.getClass().getName() + "; needs to be UserDetails");
return null;
}
UserDetails userDetails = (UserDetails) oPrincipal;
userName = userDetails.getUsername();
enabled = userDetails.isEnabled();
if(userDetails instanceof RollerUserDetails) {
RollerUserDetails rollerDetails = (RollerUserDetails) userDetails;
screenName = rollerDetails.getScreenName();
fullName = rollerDetails.getFullName();
email = rollerDetails.getEmailAddress();
locale = rollerDetails.getLocale();
timezone = rollerDetails.getTimeZone();
} /* Deprecated in Spring Security 2.0.x: http://static.springsource.org/spring-security/site/docs/2.0.x/apidocs/
unsure if can be returned in Spring Security 3.1
else if(userDetails instanceof LdapUserDetails) {
LdapUserDetails ldapDetails = (LdapUserDetails) userDetails;
Attributes attributes = ldapDetails.getAttributes();
screenName = getLdapAttribute(attributes, WebloggerConfig.getProperty(SNAME_LDAP_PROPERTY, DEFAULT_SNAME_LDAP_ATTRIBUTE));
fullName = getLdapAttribute(attributes, WebloggerConfig.getProperty(NAME_LDAP_PROPERTY, DEFAULT_NAME_LDAP_ATTRIBUTE));
email = getLdapAttribute(attributes, WebloggerConfig.getProperty(EMAIL_LDAP_PROPERTY, DEFAULT_EMAIL_LDAP_ATTRIBUTE));
locale = getLdapAttribute(attributes, WebloggerConfig.getProperty(LOCALE_LDAP_PROPERTY, DEFAULT_LOCALE_LDAP_ATTRIBUTE));
timezone = getLdapAttribute(attributes, WebloggerConfig.getProperty(TIMEZONE_LDAP_PROPERTY, DEFAULT_TIMEZONE_LDAP_ATTRIBUTE));
} */
}
// for LDAP we don't store its password in the roller_users table,
// just an string indicating external auth method being used.
unusedPassword = WebloggerConfig.getProperty("users.passwords.externalAuthValue","<externalAuth>");
ud.setPassword(unusedPassword);
ud.setEnabled(enabled ? Boolean.TRUE : Boolean.FALSE);
ud.setUserName(userName);
ud.setFullName(fullName);
ud.setEmailAddress(email);
ud.setScreenName(screenName);
if (locale != null) {
ud.setLocale(locale);
}
if (timezone != null) {
ud.setTimeZone(timezone);
}
return ud;
}
private static String getLdapAttribute(Attributes attributes, String name) {
if(attributes == null) {
return null;
}
Attribute attribute = attributes.get(name);
if(attribute == null) {
return null;
}
Object oValue = null;
try {
oValue = attribute.get();
} catch (NamingException e) {
return null;
}
if (oValue == null) {
return null;
}
return oValue.toString();
}
private static String getRequestAttribute(HttpServletRequest request, String attributeName) {
String attr = null;
Object attrObj = request.getAttribute(attributeName);
if (attrObj instanceof String) {
attr = (String)attrObj;
} else if (attrObj instanceof Set) {
Set attrSet = (Set)attrObj;
if (!attrSet.isEmpty()) {
attr = (String)attrSet.iterator().next();
}
}
return attr;
}
}