private static IPentahoSession getAdminSession() {
IUserDetailsRoleListService userDetailsRoleListService =
PentahoSystem.getUserDetailsRoleListService();
UserSession session = new UserSession("admin", null, false, null);
GrantedAuthority[] auths =
userDetailsRoleListService.getUserRoleListService().getAllAuthorities();
Authentication auth =
new AnonymousAuthenticationToken("admin", SecurityHelper.SESSION_PRINCIPAL, auths);
session.setAttribute(SecurityHelper.SESSION_PRINCIPAL, auth);
session.doStartupActions(null);
return session;
}
/**
* Looks in the provided session to get the Spring Security Authentication object out. Optionally
* returns an "anonymous" Authentication if desired.
*
* @param session Users' IPentahoSession object
* @param allowAnonymous If true, will return an anonymous Authentication object.
* @return the Authentication object from the session
*/
public static Authentication getAuthentication(
final IPentahoSession session, final boolean allowAnonymous) {
Principal principal = (Principal) session.getAttribute(SecurityHelper.SESSION_PRINCIPAL);
if (SecurityHelper.logger.isDebugEnabled()) {
SecurityHelper.logger.debug("principal from IPentahoSession: " + principal); // $NON-NLS-1$
if (null != principal) {
SecurityHelper.logger.debug(
"principal class: " + principal.getClass().getName()); // $NON-NLS-1$
}
}
if (principal instanceof Authentication) {
if (SecurityHelper.logger.isDebugEnabled()) {
SecurityHelper.logger.debug("principal is an instance of Authentication"); // $NON-NLS-1$
}
return (Authentication) principal;
} else if (principal != null) {
if (SecurityHelper.logger.isDebugEnabled()) {
SecurityHelper.logger.debug(
"principal is not an instance of Authentication"); //$NON-NLS-1$
SecurityHelper.logger.debug("attempting role fetch with username"); // $NON-NLS-1$
}
// OK - Not Spring Security somehow.
// However, since the principal interface doesn't specify the
// roles a user is in, we need to dispatch a call to the
// UserRoleListProvider to get that information from there.
IUserDetailsRoleListService roleListService = PentahoSystem.getUserDetailsRoleListService();
List roles = roleListService.getRolesForUser(principal.getName());
if (SecurityHelper.logger.isDebugEnabled()) {
SecurityHelper.logger.debug("rolesForUser from roleListService:" + roles); // $NON-NLS-1$
}
if (!roles.isEmpty()) {
GrantedAuthority[] grantedAuthorities = new GrantedAuthority[roles.size()];
for (int i = 0; i < roles.size(); i++) {
grantedAuthorities[i] = new GrantedAuthorityImpl((String) roles.get(i));
}
Authentication auth =
new UsernamePasswordAuthenticationToken(principal.getName(), null, grantedAuthorities);
return auth;
}
}
if (SecurityHelper.logger.isDebugEnabled()) {
SecurityHelper.logger.debug("either principal is null or user has no roles"); // $NON-NLS-1$
}
if (allowAnonymous) {
if (SecurityHelper.logger.isDebugEnabled()) {
SecurityHelper.logger.debug("there is no principal in IPentahoSession"); // $NON-NLS-1$
SecurityHelper.logger.debug(
"creating token with username anonymous and role Anonymous"); //$NON-NLS-1$
}
// Hmmm - at this point, we're being asked for an authentication on
// an un-authenticated user. For now, we'll default to returning
// an authentication that has the user as anonymous.
Authentication auth =
new UsernamePasswordAuthenticationToken(
SecurityHelper.DefaultAnonymousUser,
null,
new GrantedAuthorityImpl[] {
new GrantedAuthorityImpl(SecurityHelper.DefaultAnonymousRole)
});
return auth;
} else {
if (SecurityHelper.logger.isDebugEnabled()) {
SecurityHelper.logger.debug("there is no principal in IPentahoSession"); // $NON-NLS-1$
SecurityHelper.logger.debug("and allowAnonymous is false"); // $NON-NLS-1$
}
// If we're here - we require a properly authenticated user and
// there's nothing
// else we can do aside from returning null.
return null;
}
}
