public SystemUser update(
SystemUserVO systemUserVO, String[] roleNames, String[] groupNames, Database db)
throws ConstraintException, SystemException {
SystemUser systemUser = getSystemUserWithName(systemUserVO.getUserName(), db);
systemUserVO.setUserName(systemUser.getUserName());
if (roleNames != null) {
systemUser.getRoles().clear();
for (int i = 0; i < roleNames.length; i++) {
Role role = RoleController.getController().getRoleWithName(roleNames[i], db);
systemUser.getRoles().add(role);
role.getSystemUsers().add(systemUser);
}
}
if (groupNames != null) {
systemUser.getGroups().clear();
for (int i = 0; i < groupNames.length; i++) {
Group group = GroupController.getController().getGroupWithName(groupNames[i], db);
systemUser.getGroups().add(group);
group.getSystemUsers().add(systemUser);
}
}
systemUserVO.setPassword(systemUser.getPassword());
systemUser.setValueObject(systemUserVO);
return systemUser;
}
/*
* CREATE
*
*/
public SystemUserVO create(SystemUserVO systemUserVO)
throws ConstraintException, SystemException {
if (CmsPropertyHandler.getUsePasswordEncryption()) {
String password = systemUserVO.getPassword();
try {
byte[] encryptedPassRaw = DigestUtils.sha(password);
String encryptedPass = new String(new Base64().encode(encryptedPassRaw), "ASCII");
password = encryptedPass;
systemUserVO.setPassword(password);
} catch (Exception e) {
System.out.println("Error generating password:" + e.getMessage());
}
}
SystemUser systemUser = new SystemUserImpl();
systemUser.setValueObject(systemUserVO);
systemUser = (SystemUser) createEntity(systemUser);
return systemUser.getValueObject();
}
public SystemUser update(
SystemUserVO systemUserVO,
String oldPassword,
String[] roleNames,
String[] groupNames,
Database db)
throws ConstraintException, SystemException, Exception {
logger.info("systemUserVO:" + systemUserVO.getUserName());
logger.info("oldPassword:"******"newPassword:"******"roleNames:" + roleNames);
logger.info("groupNames:" + groupNames);
if (CmsPropertyHandler.getUsePasswordEncryption()) {
String password = systemUserVO.getPassword();
try {
byte[] encryptedPassRaw = DigestUtils.sha(password);
String encryptedPass = new String(new Base64().encode(encryptedPassRaw), "ASCII");
password = encryptedPass;
systemUserVO.setPassword(password);
byte[] encryptedOldPasswordRaw = DigestUtils.sha(oldPassword);
String encryptedOldPassword =
new String(new Base64().encode(encryptedOldPasswordRaw), "ASCII");
oldPassword = encryptedOldPassword;
} catch (Exception e) {
logger.error("Error generating password:"******"Wrong user or password.");
systemUserVO.setUserName(systemUser.getUserName());
if (roleNames != null) {
systemUser.getRoles().clear();
for (int i = 0; i < roleNames.length; i++) {
Role role = RoleController.getController().getRoleWithName(roleNames[i], db);
systemUser.getRoles().add(role);
role.getSystemUsers().add(systemUser);
}
}
if (groupNames != null) {
systemUser.getGroups().clear();
for (int i = 0; i < groupNames.length; i++) {
Group group = GroupController.getController().getGroupWithName(groupNames[i], db);
systemUser.getGroups().add(group);
group.getSystemUsers().add(systemUser);
}
}
// systemUserVO.setPassword(systemUser.getPassword());
systemUser.setValueObject(systemUserVO);
return systemUser;
}
/** Registers a new system user. */
public Boolean createUser(
final String principalName,
String firstName,
String lastName,
String email,
String userName,
String password,
List roleNames,
List groupNames) {
if (!ServerNodeController.getController().getIsIPAllowed(getRequest())) {
logger.error(
"A client with IP "
+ getRequest().getRemoteAddr()
+ " was denied access to the webservice. Could be a hack attempt or you have just not configured the allowed IP-addresses correct.");
return new Boolean(false);
}
Boolean status = new Boolean(true);
logger.info("***************************************");
logger.info("Creating user through webservice.......");
logger.info("***************************************");
try {
initializePrincipal(principalName);
SystemUserVO systemUserVO = new SystemUserVO();
systemUserVO.setFirstName(firstName);
systemUserVO.setLastName(lastName);
systemUserVO.setEmail(email);
systemUserVO.setUserName(userName);
systemUserVO.setPassword(password);
Object[] roleNamesArray = roleNames.toArray();
Object[] groupNamesArray = groupNames.toArray();
String[] roles = new String[roleNamesArray.length];
String[] groups = new String[groupNamesArray.length];
for (int i = 0; i < roleNamesArray.length; i++) roles[i] = "" + roleNamesArray[i];
for (int i = 0; i < groupNamesArray.length; i++) groups[i] = "" + groupNamesArray[i];
userControllerProxy.createUser(systemUserVO);
userControllerProxy.updateUser(systemUserVO, roles, groups);
} catch (Exception e) {
status = new Boolean(false);
logger.error(
"En error occurred when we tried to create a new contentVersion:" + e.getMessage(), e);
}
updateCaches();
return status;
}
/** Updates a system user. */
public StatusBean updateUser(
final String principalName,
final Object[] inputsArray,
String[] roleNames,
String[] groupNames) {
if (!ServerNodeController.getController().getIsIPAllowed(getRequest())) {
logger.error(
"A client with IP "
+ getRequest().getRemoteAddr()
+ " was denied access to the webservice. Could be a hack attempt or you have just not configured the allowed IP-addresses correct.");
return new StatusBean(false, "You are not allowed to talk to this service");
}
StatusBean statusBean = new StatusBean(true, "ok");
logger.info("***************************************");
logger.info("Updating user through webservice.......");
logger.info("***************************************");
try {
final DynamicWebserviceSerializer serializer = new DynamicWebserviceSerializer();
List users = (List) serializer.deserialize(inputsArray);
logger.info("users:" + users);
initializePrincipal(principalName);
Iterator usersIterator = users.iterator();
while (usersIterator.hasNext()) {
Map userMap = (Map) usersIterator.next();
Boolean isPasswordChangeOperation = (Boolean) userMap.get("isPasswordChangeOperation");
Boolean isPasswordResetOperation = (Boolean) userMap.get("isPasswordResetOperation");
String firstName = (String) userMap.get("firstName");
String lastName = (String) userMap.get("lastName");
String email = (String) userMap.get("email");
String userName = (String) userMap.get("userName");
String password = (String) userMap.get("password");
String oldPassword = (String) userMap.get("oldPassword");
if (isPasswordChangeOperation) {
logger.info("isPasswordChangeOperation");
logger.info("userName:"******"oldPassword:"******"password:"******"isPasswordResetOperation");
userControllerProxy.updateUserPassword(userName);
} else {
logger.info("isUserUpdateOperation");
SystemUserVO systemUserVO = new SystemUserVO();
systemUserVO.setEmail(email);
systemUserVO.setFirstName(firstName);
systemUserVO.setLastName(lastName);
systemUserVO.setPassword(password);
systemUserVO.setUserName(userName);
if (roleNames != null && roleNames.length == 0) roleNames = null;
if (groupNames != null && groupNames.length == 0) groupNames = null;
userControllerProxy.updateUser(systemUserVO, oldPassword, roleNames, groupNames);
}
}
} catch (Throwable e) {
statusBean.setStatus(false);
statusBean.setMessage(
"En error occurred when we tried to update one or more users:" + e.getMessage());
logger.error(
"En error occurred when we tried to update one or more users:" + e.getMessage(), e);
}
updateCaches();
return statusBean;
}
/** This method handles all of the logic for checking how to handle a login. */
public String authenticateUser(
HttpServletRequest request, HttpServletResponse response, FilterChain fc) throws Exception {
String authenticatedUserName = null;
try {
String j_userName = request.getParameter("j_username");
String j_password = request.getParameter("j_password");
logger.info("userName:"******"=" + j_password);
String allowedDirectLoginNames = CmsPropertyHandler.getAllowedDirectLoginNames();
logger.info("allowedDirectLoginNames:" + allowedDirectLoginNames);
String[] allowedDirectLoginNamesArray = allowedDirectLoginNames.split(",");
for (String allowedUserName : allowedDirectLoginNamesArray) {
logger.info("allowedUserName:"******"Was allowed - let's try to authenticate:" + allowedUserName);
SystemUserVO systemUserVO =
SystemUserController.getController().getSystemUserVO(allowedUserName, j_password);
logger.info("Was it found:" + systemUserVO);
if (systemUserVO != null) return systemUserVO.getUserName();
}
}
} catch (Exception e) {
logger.error(
"Could not check if the user was allowed to log in with url parameters:" + e.getMessage(),
e);
}
String ticket = request.getParameter("ticket");
logger.info("ticket:" + ticket);
// no ticket? abort request processing and redirect
if (ticket == null || ticket.equals("")) {
if (loginUrl == null) {
throw new ServletException(
"When InfoGlueFilter protects pages that do not receive a 'userName' "
+ "parameter, it needs a org.infoglue.cms.security.loginUrl "
+ "filter parameter");
}
String requestURI = request.getRequestURI();
String queryString = "" + request.getQueryString();
logger.info("requestURI:" + requestURI);
String redirectUrl = "";
if (CmsPropertyHandler.getApplicationName() == null
|| CmsPropertyHandler.getApplicationName().equalsIgnoreCase("deliver")
|| requestURI.indexOf("ViewCMSTool.action") > -1
|| requestURI.indexOf("Admin.action") > -1
|| requestURI.toLowerCase().indexOf("standalone") > -1
|| requestURI.indexOf("workflows") > -1
|| requestURI.indexOf("ViewDigitalAsset") > -1
|| requestURI.indexOf("Editor") > -1
|| requestURI.indexOf("ViewCommonAjaxServices") > -1
|| requestURI.indexOf("binding") > -1
|| queryString.indexOf("directView") > -1) {
if (requestURI.indexOf("?") > 0)
redirectUrl =
loginUrl
+ "&service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");
else
redirectUrl =
loginUrl
+ "?service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");
logger.info("redirectUrl 1:" + redirectUrl);
response.sendRedirect(redirectUrl);
} else {
logger.info("redirectUrl 2:" + "index-cms.html");
response.sendRedirect("index-cms.html");
}
return null;
}
authenticatedUserName = authenticate(ticket);
logger.info("authenticatedUserName:"******"requestURI:" + requestURI);
String redirectUrl = "";
if (requestURI.indexOf("?") > 0)
redirectUrl =
loginUrl
+ "&service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");
else
redirectUrl =
loginUrl
+ "?service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "");
logger.error("redirectUrl 2:" + redirectUrl);
response.sendRedirect(redirectUrl);
return null;
}
// request.getSession().setAttribute("ticket", ticket);
// fc.doFilter(request, response);
return authenticatedUserName;
}
/** This method handles all of the logic for checking how to handle a login. */
private String getAuthenticatedUserName(
HttpServletRequest request, HttpServletResponse response, Map status) throws Exception {
String authenticatedUserName = null;
String ticket = request.getParameter("ticket");
String gateway = (String) request.getAttribute("gateway");
logger.info("ticket:" + ticket);
logger.info("gateway:" + gateway);
String j_userName = (String) request.getParameter("j_username");
String j_password = (String) request.getParameter("j_password");
if (j_userName != null && j_password != null) {
String userName = CmsPropertyHandler.getAdministratorUserName();
// String password = CmsPropertyHandler.getAdministratorPassword();
boolean matchesRootPassword = CmsPropertyHandler.getMatchesAdministratorPassword(j_password);
if (j_userName.equals(userName) && matchesRootPassword) return j_userName;
/*
if(j_userName.equals(userName) && j_password.equals(password))
return j_userName;
*/
String anonymousUserName = CmsPropertyHandler.getAnonymousUser();
String anonymousPassword = CmsPropertyHandler.getAnonymousPassword();
if (j_userName.equals(anonymousUserName) && j_password.equals(anonymousPassword))
return j_userName;
try {
logger.info("userName:"******"=" + j_password);
String allowedDirectLoginNames = CmsPropertyHandler.getAllowedDirectLoginNames();
logger.info("allowedDirectLoginNames:" + allowedDirectLoginNames);
String[] allowedDirectLoginNamesArray = allowedDirectLoginNames.split(",");
for (String allowedUserName : allowedDirectLoginNamesArray) {
logger.info("allowedUserName:"******"Was allowed - let's try to authenticate:" + allowedUserName);
SystemUserVO systemUserVO =
SystemUserController.getController().getSystemUserVO(allowedUserName, j_password);
logger.info("Was it found:" + systemUserVO);
if (systemUserVO != null) return systemUserVO.getUserName();
}
}
} catch (Exception e) {
logger.error(
"Could not check if the user was allowed to log in with url parameters:"
+ e.getMessage(),
e);
}
}
// no ticket? abort request processing and redirect
if (ticket == null || ticket.equals("")) {
if (loginUrl == null) {
throw new ServletException(
"When InfoGlueFilter protects pages that do not receive a 'userName' "
+ "parameter, it needs a org.infoglue.cms.security.loginUrl "
+ "filter parameter");
}
String requestURI = request.getRequestURI();
logger.info("requestURI:" + requestURI);
String redirectUrl = "";
if (requestURI.indexOf("?") > 0)
redirectUrl =
loginUrl
+ "&service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "")
+ ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : "");
else
redirectUrl =
loginUrl
+ "?service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals("")) ? "&renew=" + casRenew : "")
+ ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : "");
logger.info("redirectUrl 6:" + redirectUrl);
response.sendRedirect(redirectUrl);
status.put("redirected", new Boolean(true));
return null;
}
authenticatedUserName = authenticate(ticket);
logger.info("authenticatedUserName:"******"requestURI:" + requestURI);
String redirectUrl = "";
if (requestURI.indexOf("?") > 0)
redirectUrl =
loginUrl
+ "&service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals(""))
? "&renew=" + casRenew
: "" + ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : ""));
else
redirectUrl =
loginUrl
+ "?service="
+ getService(request)
+ ((casRenew != null && !casRenew.equals(""))
? "&renew=" + casRenew
: "" + ((gateway != null && !gateway.equals("")) ? "&gateway=" + gateway : ""));
logger.info("redirectUrl 7:" + redirectUrl);
response.sendRedirect(redirectUrl);
status.put("redirected", new Boolean(true));
return null;
}
return authenticatedUserName;
}
/** This method handles all of the logic for checking how to handle a login. */
public String authenticateUser(Map request) throws Exception {
String authenticatedUserName = null;
String j_userName = (String) request.get("j_username");
String j_password = (String) request.get("j_password");
if (j_userName != null && j_password != null) {
String userName = CmsPropertyHandler.getAdministratorUserName();
// String password = CmsPropertyHandler.getAdministratorPassword();
boolean matchesRootPassword = CmsPropertyHandler.getMatchesAdministratorPassword(j_password);
if (j_userName.equals(userName) && matchesRootPassword) return j_userName;
/*
if(j_userName.equals(userName) && j_password.equals(password))
return j_userName;
*/
String anonymousUserName = CmsPropertyHandler.getAnonymousUser();
String anonymousPassword = CmsPropertyHandler.getAnonymousPassword();
if (j_userName.equals(anonymousUserName) && j_password.equals(anonymousPassword))
return j_userName;
try {
logger.info("userName:"******"=" + j_password);
String allowedDirectLoginNames = CmsPropertyHandler.getAllowedDirectLoginNames();
logger.info("allowedDirectLoginNames:" + allowedDirectLoginNames);
String[] allowedDirectLoginNamesArray = allowedDirectLoginNames.split(",");
for (String allowedUserName : allowedDirectLoginNamesArray) {
logger.info("allowedUserName:"******"Was allowed - let's try to authenticate:" + allowedUserName);
SystemUserVO systemUserVO =
SystemUserController.getController().getSystemUserVO(allowedUserName, j_password);
logger.info("Was it found:" + systemUserVO);
if (systemUserVO != null) return systemUserVO.getUserName();
}
}
} catch (Exception e) {
logger.error(
"Could not check if the user was allowed to log in with url parameters:"
+ e.getMessage(),
e);
}
}
String ticket = (String) request.get("ticket");
logger.info("ticket:" + ticket);
// no ticket? abort request processing and redirect
if (ticket == null || ticket.equals("")) {
return null;
}
authenticatedUserName = authenticate(ticket);
if (logger.isInfoEnabled()) {
logger.info("authenticatedUserName:"******"CAS was called from authenticateUser:"******"DEBUG:" + e.getMessage(), e);
}
}
return authenticatedUserName;
}
