public void handleMessage(Message message) throws Fault {
SecurityContext context = message.get(SecurityContext.class);
if (context == null) {
return;
}
Principal principal = context.getUserPrincipal();
UsernameToken usernameToken = (UsernameToken) message.get(SecurityToken.class);
if (principal == null
|| usernameToken == null
|| !principal.getName().equals(usernameToken.getName())) {
return;
}
// Read the user from Syncope and get the roles
WebClient client =
WebClient.create(address, Collections.singletonList(new JacksonJsonProvider()));
String authorizationHeader =
"Basic "
+ Base64Utility.encode(
(usernameToken.getName() + ":" + usernameToken.getPassword()).getBytes());
client.header("Authorization", authorizationHeader);
client = client.path("users/self");
UserTO user = null;
try {
user = client.get(UserTO.class);
if (user == null) {
Exception exception = new Exception("Authentication failed");
throw new Fault(exception);
}
} catch (RuntimeException ex) {
if (log.isDebugEnabled()) {
log.debug(ex.getMessage(), ex);
}
throw new Fault(ex);
}
// Now get the roles
List<MembershipTO> membershipList = user.getMemberships();
Subject subject = new Subject();
subject.getPrincipals().add(principal);
for (MembershipTO membership : membershipList) {
String roleName = membership.getRoleName();
subject.getPrincipals().add(new SimpleGroup(roleName, usernameToken.getName()));
}
subject.setReadOnly();
message.put(SecurityContext.class, new DefaultSecurityContext(principal, subject));
}
/**
* Put user into realm.
*
* @param userName The user to add
* @param credential The users Credentials
* @param roles The users roles
* @return UserIdentity
*/
public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles) {
Principal userPrincipal = new KnownUser(userName, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
if (roles != null)
for (String role : roles) subject.getPrincipals().add(new RolePrincipal(role));
subject.setReadOnly();
UserIdentity identity = _identityService.newUserIdentity(subject, userPrincipal, roles);
_users.put(userName, identity);
return identity;
}
/**
* Create a subject for a username and a series of groups.
*
* @param username
* @param groups (optional)
* @return subject
*/
private Subject createSubject(String username, String... groups) {
if (username == null) throw new IllegalArgumentException("Username cannot be null.");
if (groups == null) {
groups = new String[0];
}
Subject subject = new Subject();
subject.getPrincipals().add(new Username(username));
for (String group : groups) {
if (group == null || group.length() <= 0)
throw new IllegalArgumentException("Group null or zero length.");
subject.getPrincipals().add(new Group(group));
}
subject.setReadOnly();
return subject;
}
/**
* Put user into realm. Called by implementations to put the user data loaded from file/db etc
* into the user structure.
*
* @param userName User name
* @param info a UserIdentity instance, or a String password or Credential instance
* @return User instance
*/
protected synchronized UserIdentity putUser(String userName, Object info) {
final UserIdentity identity;
if (info instanceof UserIdentity) identity = (UserIdentity) info;
else {
Credential credential =
(info instanceof Credential)
? (Credential) info
: Credential.getCredential(info.toString());
Principal userPrincipal = new KnownUser(userName, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
subject.setReadOnly();
identity = _identityService.newUserIdentity(subject, userPrincipal, IdentityService.NO_ROLES);
}
_users.put(userName, identity);
return identity;
}
public Object run() {
_s.setReadOnly();
return null; // nothing to return
}
public UserIdentity login(String userName, Object credential) {
// AuthFactory supports both a bare username, as well as user@domain. However, UserManager only
// accepts the bare
// username. If the provided value includes a domain, use only the node-part (after verifying
// that it's actually
// a user of our domain).
final String[] parts = userName.split("@", 2);
if (parts.length > 1) {
if (XMPPServer.getInstance().getServerInfo().getXMPPDomain().equals(parts[1])) {
userName = parts[0];
} else {
Log.error("access denied, unknown domain" + userName);
return null;
}
}
UserIdentity identity = null;
if (identities.containsKey(userName)) {
identity = identities.get(userName);
if (authTokens.containsKey(userName) == false) {
Log.debug("UserIdentity login " + userName + " ");
try {
AuthToken authToken = AuthFactory.authenticate(userName, (String) credential);
authTokens.put(userName, authToken);
} catch (UnauthorizedException e) {
Log.error("access denied, bad password " + userName);
return null;
} catch (Exception e) {
Log.error("access denied " + userName);
return null;
}
}
} else {
Log.debug("UserIdentity login " + userName + " ");
try {
userManager.getUser(userName);
} catch (UserNotFoundException e) {
Log.error("user not found " + userName, e);
return null;
}
try {
AuthToken authToken = AuthFactory.authenticate(userName, (String) credential);
authTokens.put(userName, authToken);
} catch (UnauthorizedException e) {
Log.error("access denied, bad password " + userName);
return null;
} catch (Exception e) {
Log.error("access denied " + userName);
return null;
}
Principal userPrincipal = new KnownUser(userName, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
subject.getPrincipals().add(new RolePrincipal("ofmeet"));
subject.setReadOnly();
identity = _identityService.newUserIdentity(subject, userPrincipal, new String[] {"ofmeet"});
identities.put(userName, identity);
}
return identity;
}
