Ejemplo n.º 1
0
  public SystemUser update(
      SystemUserVO systemUserVO,
      String oldPassword,
      String[] roleNames,
      String[] groupNames,
      Database db)
      throws ConstraintException, SystemException, Exception {
    logger.info("systemUserVO:" + systemUserVO.getUserName());
    logger.info("oldPassword:"******"newPassword:"******"roleNames:" + roleNames);
    logger.info("groupNames:" + groupNames);
    if (CmsPropertyHandler.getUsePasswordEncryption()) {
      String password = systemUserVO.getPassword();
      try {
        byte[] encryptedPassRaw = DigestUtils.sha(password);
        String encryptedPass = new String(new Base64().encode(encryptedPassRaw), "ASCII");
        password = encryptedPass;
        systemUserVO.setPassword(password);

        byte[] encryptedOldPasswordRaw = DigestUtils.sha(oldPassword);
        String encryptedOldPassword =
            new String(new Base64().encode(encryptedOldPasswordRaw), "ASCII");
        oldPassword = encryptedOldPassword;
      } catch (Exception e) {
        logger.error("Error generating password:"******"Wrong user or password.");

    systemUserVO.setUserName(systemUser.getUserName());

    if (roleNames != null) {
      systemUser.getRoles().clear();
      for (int i = 0; i < roleNames.length; i++) {
        Role role = RoleController.getController().getRoleWithName(roleNames[i], db);
        systemUser.getRoles().add(role);
        role.getSystemUsers().add(systemUser);
      }
    }

    if (groupNames != null) {
      systemUser.getGroups().clear();
      for (int i = 0; i < groupNames.length; i++) {
        Group group = GroupController.getController().getGroupWithName(groupNames[i], db);
        systemUser.getGroups().add(group);
        group.getSystemUsers().add(systemUser);
      }
    }

    // systemUserVO.setPassword(systemUser.getPassword());
    systemUser.setValueObject(systemUserVO);

    return systemUser;
  }
Ejemplo n.º 2
0
  public SystemUser update(
      SystemUserVO systemUserVO, String[] roleNames, String[] groupNames, Database db)
      throws ConstraintException, SystemException {
    SystemUser systemUser = getSystemUserWithName(systemUserVO.getUserName(), db);

    systemUserVO.setUserName(systemUser.getUserName());

    if (roleNames != null) {
      systemUser.getRoles().clear();
      for (int i = 0; i < roleNames.length; i++) {
        Role role = RoleController.getController().getRoleWithName(roleNames[i], db);
        systemUser.getRoles().add(role);
        role.getSystemUsers().add(systemUser);
      }
    }

    if (groupNames != null) {
      systemUser.getGroups().clear();
      for (int i = 0; i < groupNames.length; i++) {
        Group group = GroupController.getController().getGroupWithName(groupNames[i], db);
        systemUser.getGroups().add(group);
        group.getSystemUsers().add(systemUser);
      }
    }

    systemUserVO.setPassword(systemUser.getPassword());
    systemUser.setValueObject(systemUserVO);

    return systemUser;
  }
  /** This method handles all of the logic for checking how to handle a login. */
  public String authenticateUser(
      HttpServletRequest request, HttpServletResponse response, FilterChain fc) throws Exception {
    String authenticatedUserName = null;

    try {
      String j_userName = request.getParameter("j_username");
      String j_password = request.getParameter("j_password");

      logger.info("userName:"******"=" + j_password);
      String allowedDirectLoginNames = CmsPropertyHandler.getAllowedDirectLoginNames();
      logger.info("allowedDirectLoginNames:" + allowedDirectLoginNames);
      String[] allowedDirectLoginNamesArray = allowedDirectLoginNames.split(",");
      for (String allowedUserName : allowedDirectLoginNamesArray) {
        logger.info("allowedUserName:"******"Was allowed - let's try to authenticate:" + allowedUserName);
          SystemUserVO systemUserVO =
              SystemUserController.getController().getSystemUserVO(allowedUserName, j_password);
          logger.info("Was it found:" + systemUserVO);
          if (systemUserVO != null) return systemUserVO.getUserName();
        }
      }
    } catch (Exception e) {
      logger.error(
          "Could not check if the user was allowed to log in with url parameters:" + e.getMessage(),
          e);
    }

    String ticket = request.getParameter("ticket");
    logger.info("ticket:" + ticket);

    // no ticket?  abort request processing and redirect
    if (ticket == null || ticket.equals("")) {
      if (loginUrl == null) {
        throw new ServletException(
            "When InfoGlueFilter protects pages that do not receive a 'userName' "
                + "parameter, it needs a org.infoglue.cms.security.loginUrl "
                + "filter parameter");
      }

      String requestURI = request.getRequestURI();
      String queryString = "" + request.getQueryString();
      logger.info("requestURI:" + requestURI);

      String redirectUrl = "";

      if (CmsPropertyHandler.getApplicationName() == null
          || CmsPropertyHandler.getApplicationName().equalsIgnoreCase("deliver")
          || requestURI.indexOf("ViewCMSTool.action") > -1
          || requestURI.indexOf("Admin.action") > -1
          || requestURI.toLowerCase().indexOf("standalone") > -1
          || requestURI.indexOf("workflows") > -1
          || requestURI.indexOf("ViewDigitalAsset") > -1
          || requestURI.indexOf("Editor") > -1
          || requestURI.indexOf("ViewCommonAjaxServices") > -1
          || requestURI.indexOf("binding") > -1
          || queryString.indexOf("directView") > -1) {
        if (requestURI.indexOf("?") > 0)
          redirectUrl =
              loginUrl
                  + "&service="
                  + getService(request)
                  + ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");
        else
          redirectUrl =
              loginUrl
                  + "?service="
                  + getService(request)
                  + ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");

        logger.info("redirectUrl 1:" + redirectUrl);
        response.sendRedirect(redirectUrl);
      } else {
        logger.info("redirectUrl 2:" + "index-cms.html");
        response.sendRedirect("index-cms.html");
      }

      return null;
    }

    authenticatedUserName = authenticate(ticket);
    logger.info("authenticatedUserName:"******"requestURI:" + requestURI);

      String redirectUrl = "";

      if (requestURI.indexOf("?") > 0)
        redirectUrl =
            loginUrl
                + "&service="
                + getService(request)
                + ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");
      else
        redirectUrl =
            loginUrl
                + "?service="
                + getService(request)
                + ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");

      logger.error("redirectUrl 2:" + redirectUrl);
      response.sendRedirect(redirectUrl);

      return null;
    }

    // request.getSession().setAttribute("ticket", ticket);

    // fc.doFilter(request, response);
    return authenticatedUserName;
  }
  /** This method handles all of the logic for checking how to handle a login. */
  private String getAuthenticatedUserName(
      HttpServletRequest request, HttpServletResponse response, Map status) throws Exception {
    String authenticatedUserName = null;

    String ticket = request.getParameter("ticket");
    String gateway = (String) request.getAttribute("gateway");
    logger.info("ticket:" + ticket);
    logger.info("gateway:" + gateway);

    String j_userName = (String) request.getParameter("j_username");
    String j_password = (String) request.getParameter("j_password");
    if (j_userName != null && j_password != null) {
      String userName = CmsPropertyHandler.getAdministratorUserName();
      // String password = CmsPropertyHandler.getAdministratorPassword();

      boolean matchesRootPassword = CmsPropertyHandler.getMatchesAdministratorPassword(j_password);
      if (j_userName.equals(userName) && matchesRootPassword) return j_userName;
      /*
      if(j_userName.equals(userName) && j_password.equals(password))
      	return j_userName;
      */

      String anonymousUserName = CmsPropertyHandler.getAnonymousUser();
      String anonymousPassword = CmsPropertyHandler.getAnonymousPassword();

      if (j_userName.equals(anonymousUserName) && j_password.equals(anonymousPassword))
        return j_userName;

      try {
        logger.info("userName:"******"=" + j_password);
        String allowedDirectLoginNames = CmsPropertyHandler.getAllowedDirectLoginNames();
        logger.info("allowedDirectLoginNames:" + allowedDirectLoginNames);
        String[] allowedDirectLoginNamesArray = allowedDirectLoginNames.split(",");
        for (String allowedUserName : allowedDirectLoginNamesArray) {
          logger.info("allowedUserName:"******"Was allowed - let's try to authenticate:" + allowedUserName);
            SystemUserVO systemUserVO =
                SystemUserController.getController().getSystemUserVO(allowedUserName, j_password);
            logger.info("Was it found:" + systemUserVO);
            if (systemUserVO != null) return systemUserVO.getUserName();
          }
        }
      } catch (Exception e) {
        logger.error(
            "Could not check if the user was allowed to log in with url parameters:"
                + e.getMessage(),
            e);
      }
    }

    // no ticket?  abort request processing and redirect
    if (ticket == null || ticket.equals("")) {
      if (loginUrl == null) {
        throw new ServletException(
            "When InfoGlueFilter protects pages that do not receive a 'userName' "
                + "parameter, it needs a org.infoglue.cms.security.loginUrl "
                + "filter parameter");
      }

      String requestURI = request.getRequestURI();
      logger.info("requestURI:" + requestURI);

      String redirectUrl = "";

      if (requestURI.indexOf("?") > 0)
        redirectUrl =
            loginUrl
                + "&service="
                + getService(request)
                + ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "")
                + ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : "");
      else
        redirectUrl =
            loginUrl
                + "?service="
                + getService(request)
                + ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "")
                + ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : "");

      logger.info("redirectUrl 6:" + redirectUrl);

      response.sendRedirect(redirectUrl);
      status.put("redirected", new Boolean(true));
      return null;
    }

    authenticatedUserName = authenticate(ticket);
    logger.info("authenticatedUserName:"******"requestURI:" + requestURI);

      String redirectUrl = "";

      if (requestURI.indexOf("?") > 0)
        redirectUrl =
            loginUrl
                + "&service="
                + getService(request)
                + ((casRenew != null && !casRenew.equals(""))
                    ? "&renew=" + casRenew
                    : "" + ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : ""));
      else
        redirectUrl =
            loginUrl
                + "?service="
                + getService(request)
                + ((casRenew != null && !casRenew.equals(""))
                    ? "&renew=" + casRenew
                    : "" + ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : ""));

      logger.info("redirectUrl 7:" + redirectUrl);

      response.sendRedirect(redirectUrl);

      status.put("redirected", new Boolean(true));

      return null;
    }

    return authenticatedUserName;
  }
  /** This method handles all of the logic for checking how to handle a login. */
  public String authenticateUser(Map request) throws Exception {
    String authenticatedUserName = null;

    String j_userName = (String) request.get("j_username");
    String j_password = (String) request.get("j_password");
    if (j_userName != null && j_password != null) {
      String userName = CmsPropertyHandler.getAdministratorUserName();
      // String password = CmsPropertyHandler.getAdministratorPassword();

      boolean matchesRootPassword = CmsPropertyHandler.getMatchesAdministratorPassword(j_password);
      if (j_userName.equals(userName) && matchesRootPassword) return j_userName;
      /*
      if(j_userName.equals(userName) && j_password.equals(password))
      	return j_userName;
      */

      String anonymousUserName = CmsPropertyHandler.getAnonymousUser();
      String anonymousPassword = CmsPropertyHandler.getAnonymousPassword();

      if (j_userName.equals(anonymousUserName) && j_password.equals(anonymousPassword))
        return j_userName;

      try {
        logger.info("userName:"******"=" + j_password);
        String allowedDirectLoginNames = CmsPropertyHandler.getAllowedDirectLoginNames();
        logger.info("allowedDirectLoginNames:" + allowedDirectLoginNames);
        String[] allowedDirectLoginNamesArray = allowedDirectLoginNames.split(",");
        for (String allowedUserName : allowedDirectLoginNamesArray) {
          logger.info("allowedUserName:"******"Was allowed - let's try to authenticate:" + allowedUserName);
            SystemUserVO systemUserVO =
                SystemUserController.getController().getSystemUserVO(allowedUserName, j_password);
            logger.info("Was it found:" + systemUserVO);
            if (systemUserVO != null) return systemUserVO.getUserName();
          }
        }
      } catch (Exception e) {
        logger.error(
            "Could not check if the user was allowed to log in with url parameters:"
                + e.getMessage(),
            e);
      }
    }

    String ticket = (String) request.get("ticket");
    logger.info("ticket:" + ticket);

    // no ticket?  abort request processing and redirect
    if (ticket == null || ticket.equals("")) {
      return null;
    }

    authenticatedUserName = authenticate(ticket);
    if (logger.isInfoEnabled()) {
      logger.info("authenticatedUserName:"******"CAS was called from authenticateUser:"******"DEBUG:" + e.getMessage(), e);
      }
    }

    return authenticatedUserName;
  }