Exemple #1
0
 private static IPentahoSession getAdminSession() {
   IUserDetailsRoleListService userDetailsRoleListService =
       PentahoSystem.getUserDetailsRoleListService();
   UserSession session = new UserSession("admin", null, false, null);
   GrantedAuthority[] auths =
       userDetailsRoleListService.getUserRoleListService().getAllAuthorities();
   Authentication auth =
       new AnonymousAuthenticationToken("admin", SecurityHelper.SESSION_PRINCIPAL, auths);
   session.setAttribute(SecurityHelper.SESSION_PRINCIPAL, auth);
   session.doStartupActions(null);
   return session;
 }
  /**
   * Looks in the provided session to get the Spring Security Authentication object out. Optionally
   * returns an "anonymous" Authentication if desired.
   *
   * @param session Users' IPentahoSession object
   * @param allowAnonymous If true, will return an anonymous Authentication object.
   * @return the Authentication object from the session
   */
  public static Authentication getAuthentication(
      final IPentahoSession session, final boolean allowAnonymous) {
    Principal principal = (Principal) session.getAttribute(SecurityHelper.SESSION_PRINCIPAL);
    if (SecurityHelper.logger.isDebugEnabled()) {
      SecurityHelper.logger.debug("principal from IPentahoSession: " + principal); // $NON-NLS-1$
      if (null != principal) {
        SecurityHelper.logger.debug(
            "principal class: " + principal.getClass().getName()); // $NON-NLS-1$
      }
    }
    if (principal instanceof Authentication) {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("principal is an instance of Authentication"); // $NON-NLS-1$
      }
      return (Authentication) principal;
    } else if (principal != null) {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug(
            "principal is not an instance of Authentication"); //$NON-NLS-1$
        SecurityHelper.logger.debug("attempting role fetch with username"); // $NON-NLS-1$
      }

      // OK - Not Spring Security somehow.
      // However, since the principal interface doesn't specify the
      // roles a user is in, we need to dispatch a call to the
      // UserRoleListProvider to get that information from there.

      IUserDetailsRoleListService roleListService = PentahoSystem.getUserDetailsRoleListService();
      List roles = roleListService.getRolesForUser(principal.getName());
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("rolesForUser from roleListService:" + roles); // $NON-NLS-1$
      }
      if (!roles.isEmpty()) {
        GrantedAuthority[] grantedAuthorities = new GrantedAuthority[roles.size()];
        for (int i = 0; i < roles.size(); i++) {
          grantedAuthorities[i] = new GrantedAuthorityImpl((String) roles.get(i));
        }

        Authentication auth =
            new UsernamePasswordAuthenticationToken(principal.getName(), null, grantedAuthorities);

        return auth;
      }
    }
    if (SecurityHelper.logger.isDebugEnabled()) {
      SecurityHelper.logger.debug("either principal is null or user has no roles"); // $NON-NLS-1$
    }

    if (allowAnonymous) {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("there is no principal in IPentahoSession"); // $NON-NLS-1$
        SecurityHelper.logger.debug(
            "creating token with username anonymous and role Anonymous"); //$NON-NLS-1$
      }
      // Hmmm - at this point, we're being asked for an authentication on
      // an un-authenticated user. For now, we'll default to returning
      // an authentication that has the user as anonymous.
      Authentication auth =
          new UsernamePasswordAuthenticationToken(
              SecurityHelper.DefaultAnonymousUser,
              null,
              new GrantedAuthorityImpl[] {
                new GrantedAuthorityImpl(SecurityHelper.DefaultAnonymousRole)
              });
      return auth;
    } else {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("there is no principal in IPentahoSession"); // $NON-NLS-1$
        SecurityHelper.logger.debug("and allowAnonymous is false"); // $NON-NLS-1$
      }
      // If we're here - we require a properly authenticated user and
      // there's nothing
      // else we can do aside from returning null.
      return null;
    }
  }