/**
* Calculate the tenant store for the given user Id.
*
* @param userId User Id to process - must be non-null and cannot be Guest.
* @return Tenant store for the user or empty string for the default tenant.
*/
private final String getTenantUserStore(final String userId) {
if (userId == null || AuthenticationUtil.isGuest(userId)) {
throw new AlfrescoRuntimeException("User ID must exist and cannot be guest.");
}
String storeId = ""; // default domain
int idx = userId.indexOf('@');
if (idx != -1) {
// assume MT so partition by user domain
storeId = userId.substring(idx);
}
return storeId;
}
@Override
public String toString() {
try {
String out = "";
final RequestContext rc = ThreadLocalRequestContext.getRequestContext();
final String userId = rc.getUserId();
if (userId != null && !AuthenticationUtil.isGuest(userId)) {
int idx = userId.indexOf('@');
if (idx != -1) {
out = "Mimetypes for user domain: " + userId.substring(idx) + "\r\n";
}
}
return out + getMimetypes().toString();
} catch (Throwable e) {
return super.toString();
}
}
@Override
protected boolean loginRequiredForPage(
RequestContext context, HttpServletRequest request, Page page) {
boolean externalAuth = false;
EndpointDescriptor descriptor =
getRemoteConfig(context).getEndpointDescriptor(AlfrescoUserFactory.ALFRESCO_ENDPOINT_ID);
if (descriptor != null) {
externalAuth = descriptor.getExternalAuth();
}
boolean login = false;
User user = context.getUser();
switch (page.getAuthentication()) {
case guest:
{
login = (user == null);
break;
}
// Enhanced test over the super class implementation - to check that the user has
// credentials to
// use the default "alfresco" endpoint - ensures that say a user ID is in the session from
// access to an RSS feed endpoint, they are not given permission to proceed until after a
// full login
case user:
{
try {
login =
(user == null || AuthenticationUtil.isGuest(user.getId()))
|| (!context
.getServiceRegistry()
.getConnectorService()
.getCredentialVault(request.getSession(), user.getId())
.hasCredentials(AlfrescoUserFactory.ALFRESCO_ENDPOINT_ID)
&& externalAuth == false);
} catch (CredentialVaultProviderException err) {
throw new PlatformRuntimeException(
"Unable to retrieve credentials for current user.", err);
}
break;
}
case admin:
{
try {
login =
(user == null || !user.isAdmin())
|| (!context
.getServiceRegistry()
.getConnectorService()
.getCredentialVault(request.getSession(), user.getId())
.hasCredentials(AlfrescoUserFactory.ALFRESCO_ENDPOINT_ID)
&& externalAuth == false);
} catch (CredentialVaultProviderException err) {
throw new PlatformRuntimeException(
"Unable to retrieve credentials for current user.", err);
}
if (login) {
// special case for admin - need to clear user context before
// we can login again to "upgrade" our user authentication level
AuthenticationUtil.clearUserContext(request);
}
break;
}
}
return login;
}