/** This method is not adapted used in SAML_SP case. */ void reLogginUserIfRequired( HttpServletRequest httpRequest, HttpServletResponse httpResponse, AuthorizationRequestData rdo, StringBuffer url) { final String userId = httpRequest.getParameter(PARAM_LOGIN_USER_ID); if (!ADMStringUtils.isBlank(userId)) { // user login data was just provided by the login dialog try { ServiceAccess serviceAccess = ServiceAccess.getServiceAcccessFor(httpRequest.getSession()); IdentityService identityService = serviceAccess.getService(IdentityService.class); rdo.setUserId(userId); rdo.setPassword(httpRequest.getParameter(PARAM_LOGIN_PASSWORD)); VOUser voUser = readTechnicalUserFromDb(identityService, rdo); serviceAccess.login(voUser, rdo.getPassword(), httpRequest, httpResponse); httpRequest .getSession() .setAttribute(Constants.SESS_ATTR_USER, identityService.getCurrentUserDetails()); } catch (Exception e2) { httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_LOGIN); // open marketplace login dialog again and fill in // userId appendParam( url, Constants.REQ_PARAM_AUTO_OPEN_MP_LOGIN_DIALOG, Boolean.TRUE.toString(), httpRequest.getCharacterEncoding()); appendParam(url, Constants.REQ_PARAM_USER_ID, userId, httpRequest.getCharacterEncoding()); } } }
private void createServiceSession( ServiceAccess serviceAccess, String subKey, String sessionId, String userToken) throws ObjectNotFoundException, ServiceParameterException, OperationNotPermittedException, ValidationException { SessionService service = serviceAccess.getService(SessionService.class); long subscriptionKey = ADMStringUtils.parseUnsignedLong(subKey); service.createServiceSession(subscriptionKey, sessionId, userToken); }
/** * Helper method which performs an EJB call and gets the subscription value object for the given * subscription key. * * @param key the (hex)-key of the subscription. * @return the subscription value object. */ private VOSubscription getSubscription(ServiceAccess serviceAccess, String key) { SubscriptionService subscriptionService = serviceAccess.getService(SubscriptionService.class); List<VOUserSubscription> list = subscriptionService.getSubscriptionsForCurrentUser(); if (list != null) { for (VOSubscription vo : list) { if (key.equals(Long.toHexString(vo.getKey()))) { return vo; } } } return null; }
protected boolean loginUser( FilterChain chain, HttpServletRequest httpRequest, HttpServletResponse httpResponse, VOUser voUser, AuthorizationRequestData rdo, IdentityService identityService) throws ServletException, IOException { HttpSession session = httpRequest.getSession(); boolean onlyServiceLogin = BesServletRequestReader.onlyServiceLogin(session); String forwardUrl = (String) session.getAttribute(Constants.SESS_ATTR_FORWARD_URL); SessionBean sessionBean = (SessionBean) session.getAttribute(Constants.SESS_ATTR_SESSION_BEAN); ServiceAccess serviceAccess = ServiceAccess.getServiceAcccessFor(session); if (onlyServiceLogin) { session.setAttribute(Constants.SESS_ATTR_ONLY_SERVICE_LOGIN, Boolean.TRUE); } if (!ADMStringUtils.isBlank(forwardUrl)) { session.setAttribute(Constants.SESS_ATTR_FORWARD_URL, forwardUrl); } if (sessionBean != null) { session.setAttribute(Constants.SESS_ATTR_SESSION_BEAN, sessionBean); } if (!ADMStringUtils.isBlank(rdo.getMarketplaceId())) { session.setAttribute(Constants.REQ_PARAM_MARKETPLACE_ID, rdo.getMarketplaceId()); } // authenticate the user // IMPORTANT: Changes to this method must also be applied to // UserBean.login() try { serviceAccess.login(voUser, rdo.getPassword(), httpRequest, httpResponse); } catch (CommunicationException e) { handleCommunicationException(chain, httpRequest, httpResponse, rdo); return false; } catch (LoginException e) { logger.logInfo( Log4jLogger.ACCESS_LOG, LogMessageIdentifier.INFO_USER_LOGIN_INVALID, httpRequest.getRemoteHost(), Integer.toString(httpRequest.getRemotePort()), StringUtils.isNotBlank(voUser.getUserId()) ? voUser.getUserId() : "", IPResolver.resolveIpAddress(httpRequest), voUser.getTenantId()); try { voUser = identityService.getUser(voUser); } catch (ObjectNotFoundException e1) { handleUserNotRegistered(chain, httpRequest, httpResponse, rdo); return false; } catch (SaaSApplicationException e1) { setErrorAttributesAndForward(errorPage, httpRequest, httpResponse, e1); return false; } if (voUser.getStatus() != null && voUser.getStatus().getLockLevel() > UserAccountStatus.LOCK_LEVEL_LOGIN) { httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_USER_LOCKED); forward(errorPage, httpRequest, httpResponse); return false; } handleLoginException(chain, httpRequest, httpResponse, rdo); return false; } if (!rdo.isMarketplace() && !rdo.isAccessToServiceUrl() // BE09588 Login is OK if a // service is accessed, whose // subscription has no // marketplace && identityService.getCurrentUserDetails().getOrganizationRoles().size() == 1 && identityService .getCurrentUserDetails() .getOrganizationRoles() .contains(OrganizationRoleType.CUSTOMER)) { if (ADMStringUtils.isBlank(rdo.getMarketplaceId())) { if (redirectToMpUrl(httpRequest, httpResponse)) { setupUserDetail(httpRequest, rdo, identityService, session); return false; } else { httpRequest.setAttribute( Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_INVALID_MARKETPLACE_URL); forward(BaseBean.MARKETPLACE_ERROR_PAGE, httpRequest, httpResponse); } } else { setupUserDetail(httpRequest, rdo, identityService, session); forward(BaseBean.MARKETPLACE_START_SITE, httpRequest, httpResponse); } return false; } // get the service again because the credentials have been // changed (important for WS usage) identityService = serviceAccess.getService(IdentityService.class); try { identityService.refreshLdapUser(); } catch (ValidationException e) { logger.logDebug( "Refresh of LDAP user failed, most likely due to missing/wrong LDAP settings"); } logger.logInfo( Log4jLogger.ACCESS_LOG, LogMessageIdentifier.INFO_USER_LOGIN_SUCCESS, StringUtils.isNotBlank(voUser.getUserId()) ? voUser.getUserId() : "", IPResolver.resolveIpAddress(httpRequest), voUser.getTenantId()); return true; }
protected void handleProtectedUrlAndChangePwdCase( FilterChain chain, HttpServletRequest httpRequest, HttpServletResponse httpResponse, AuthorizationRequestData rdo) throws IOException, ServletException { if (logger.isDebugLoggingEnabled()) { logger.logDebug("Access to protected URL='" + rdo.getRelativePath() + "'"); } ServiceAccess serviceAccess = ServiceAccess.getServiceAcccessFor(httpRequest.getSession()); try { if (rdo.isAccessToServiceUrl()) { /* * We must NOT read the request parameters for service URLs * because this would cause a state switch of the request. * Afterwards the rewriting of a POST request may fail because * the parameters can't be accessed via the request input * stream. */ httpRequest = handleServiceUrl(chain, httpRequest, httpResponse, rdo); if (httpRequest == null) { return; } } else if (ADMStringUtils.isBlank(rdo.getUserId())) { if (authSettings.isServiceProvider()) { if (isSamlForward(httpRequest)) { SAMLCredentials samlCredentials = new SAMLCredentials(httpRequest); rdo.setUserId(samlCredentials.getUserId()); if (rdo.getUserId() == null) { httpRequest.setAttribute( Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_INVALID_SAML_RESPONSE); forward(errorPage, httpRequest, httpResponse); } } } else { rdo.setUserId(httpRequest.getParameter(Constants.REQ_PARAM_USER_ID)); } } // continue if user is already logged-in if (handleLoggedInUser(chain, httpRequest, httpResponse, serviceAccess, rdo)) { return; } // the httpRequest was already processed and we forwarded to the // corresponding page therefore we must not try to login again if (httpRequest.getAttribute(Constants.REQ_ATTR_ERROR_KEY) != null) { chain.doFilter(httpRequest, httpResponse); return; } refreshData(authSettings, rdo, httpRequest, httpResponse); // user not logged in, check user-name and password before login // don't do a trim on password because it may have // leading/trailing/only blanks if (authSettings.isServiceProvider()) { rollbackDefaultTimeout(httpRequest); if (ADMStringUtils.isBlank(rdo.getUserId())) { httpRequest.setAttribute( Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_INVALID_SAML_RESPONSE); if (isSamlForward(httpRequest)) { forward(errorPage, httpRequest, httpResponse); } else { forwardToLoginPage(rdo.getRelativePath(), true, httpRequest, httpResponse, chain); } return; } } else { if (ADMStringUtils.isBlank(rdo.getUserId()) || !rdo.isPasswordSet()) { if (!rdo.isMarketplace() && (!ADMStringUtils.isBlank(rdo.getUserId()) || rdo.isPasswordSet())) { // login data not complete, user or password empty httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_LOGIN); } forwardToLoginPage(rdo.getRelativePath(), true, httpRequest, httpResponse, chain); return; } } IdentityService identityService = serviceAccess.getService(IdentityService.class); VOUser voUser; try { voUser = readTechnicalUserFromDb(identityService, rdo); } catch (ObjectNotFoundException e) { handleUserNotRegistered(chain, httpRequest, httpResponse, rdo); return; } catch (SaaSApplicationException e) { setErrorAttributesAndForward(errorPage, httpRequest, httpResponse, e); return; } if (!authSettings.isServiceProvider()) { if (isAccountLocked(httpRequest, httpResponse, voUser)) { return; } } final boolean operationSucceeded; if (!authSettings.isServiceProvider() && rdo.isRequestedToChangePwd()) { operationSucceeded = handleChangeUserPasswordRequest(chain, httpRequest, httpResponse, rdo, identityService); } else { operationSucceeded = loginUser(chain, httpRequest, httpResponse, voUser, rdo, identityService); } if (!operationSucceeded) { return; } rdo.setUserDetails(identityService.getCurrentUserDetails()); // read user details value object and store it in the session, DON'T // use old session, because it might have been invalidated httpRequest.getSession().setAttribute(Constants.SESS_ATTR_USER, rdo.getUserDetails()); if (isPageForbiddenToAccess(httpRequest, rdo, serviceAccess)) { forward(insufficientAuthoritiesUrl, httpRequest, httpResponse); } // check if user must change his password if (!authSettings.isServiceProvider() && (rdo.getUserDetails().getStatus() == UserAccountStatus.PASSWORD_MUST_BE_CHANGED)) { forwardToPwdPage(rdo.getUserDetails().getUserId(), httpRequest, httpResponse); } else { redirectToPrimarilyRequestedUrl(chain, httpRequest, httpResponse, serviceAccess, rdo); } } catch (NumberFormatException e) { handleNumberFormatException(chain, httpRequest, httpResponse, e, rdo); } catch (ServletException e) { handleServletException(httpRequest, httpResponse, e); } catch (MarketplaceRemovedException e) { handleMarketplaceRemovedException(httpRequest, httpResponse); } }
private LandingpageConfigurationService lookupLandingpageConfigurationService( HttpServletRequest httpRequest) { ServiceAccess serviceAccess = ServiceAccess.getServiceAcccessFor(httpRequest.getSession()); return serviceAccess.getService(LandingpageConfigurationService.class); }