Example #1
0
  private User authenticate(HttpServletRequest request, HttpServletResponse response)
      throws java.io.IOException {
    // First try to validate the principial if passed from the servlet engine
    Principal principal = request.getUserPrincipal();

    if (principal instanceof XmldbPrincipal) {
      String username = ((XmldbPrincipal) principal).getName();
      String password = ((XmldbPrincipal) principal).getPassword();

      LOG.info("Validating Principle: " + principal.getName());
      User user = pool.getSecurityManager().getUser(username);

      if (user != null) {
        if (password.equalsIgnoreCase(user.getPassword())) {
          LOG.info("Valid User: "******"Password invalid for user: "******"User not found: " + principal.getName());
      }
    }

    String auth = request.getHeader("Authorization");
    if (auth == null && defaultUser != null) {
      return defaultUser;
    }
    return authenticator.authenticate(request, response);
  }
 @Override
 public void updateUser(User user) throws XMLDBException {
   final Account account = new UserAider(user.getName());
   account.setPassword(user.getPassword());
   // TODO: groups
   updateAccount(account);
 }
Example #3
0
  protected void service(HttpServletRequest request, HttpServletResponse response)
      throws ServletException {
    try {
      // Get the path
      String path = request.getPathInfo();

      if (path == null) {
        response.sendError(
            HttpServletResponse.SC_BAD_REQUEST, "URL has no extra path information specified.");
        return;
      }

      int firstSlash = path.indexOf('/', 1);
      if (firstSlash < 0 && path.length() == 1) {
        response.sendError(400, "Module not specified.");
        return;
      }
      String moduleName = firstSlash < 0 ? path.substring(1) : path.substring(1, firstSlash);
      path = firstSlash < 0 ? "" : path.substring(firstSlash);

      AtomModule module = (AtomModule) modules.get(moduleName);
      if (module == null) {
        response.sendError(400, "Module " + moduleName + " not found.");
        return;
      }

      User user = null;
      if (noAuth.get(moduleName) == null) {
        // Authenticate
        user = authenticate(request, response);
        if (user == null) {
          // You now get a challenge if there is no user
          return;
        }
      }

      final Principal principal = new UserXmldbPrincipal(WebDAV.BASIC_AUTH, user);
      HttpServletRequest wrappedRequest =
          new HttpServletRequestWrapper(request) {
            public Principal getUserPrincipal() {
              return principal;
            }
          };

      // Handle the resource
      DBBroker broker = null;
      try {
        broker = pool.get(user);
        module.process(
            broker,
            new HttpRequestMessage(request, path, '/' + moduleName),
            new HttpResponseMessage(response));
      } catch (NotFoundException ex) {
        LOG.info("Resource " + path + " not found by " + moduleName, ex);
        response.sendError(404, ex.getMessage());
      } catch (PermissionDeniedException ex) {
        LOG.info(
            "Permission denied to " + path + " by " + moduleName + " for " + user.getName(), ex);
        response.sendError(401, ex.getMessage());
      } catch (BadRequestException ex) {
        LOG.info("Bad request throw from module " + moduleName, ex);
        response.sendError(400, ex.getMessage());
      } catch (EXistException ex) {
        LOG.fatal("Exception getting broker from pool for user " + user.getName(), ex);
        response.sendError(500, "Service is not available.");
      } finally {
        pool.release(broker);
      }
    } catch (IOException ex) {
      LOG.fatal("I/O exception on request.", ex);
      try {
        response.sendError(500, "Service is not available.");
      } catch (IOException finalEx) {
        LOG.fatal("Cannot return 500 on exception.", ex);
      }
    }
  }
Example #4
0
 public String getName() {
   return user.getName();
 }
 @Override
 public void lockResource(Resource res, User u) throws XMLDBException {
   final Account account = new UserAider(u.getName());
   lockResource(res, account);
 }
 @Override
 public void addUser(User user) throws XMLDBException {
   final Account account = new UserAider(user.getName());
   addAccount(account);
 }