/**
  * Calculate the tenant store for the given user Id.
  *
  * @param userId User Id to process - must be non-null and cannot be Guest.
  * @return Tenant store for the user or empty string for the default tenant.
  */
 private final String getTenantUserStore(final String userId) {
   if (userId == null || AuthenticationUtil.isGuest(userId)) {
     throw new AlfrescoRuntimeException("User ID must exist and cannot be guest.");
   }
   String storeId = ""; // default domain
   int idx = userId.indexOf('@');
   if (idx != -1) {
     // assume MT so partition by user domain
     storeId = userId.substring(idx);
   }
   return storeId;
 }
Esempio n. 2
0
 @Override
 public String toString() {
   try {
     String out = "";
     final RequestContext rc = ThreadLocalRequestContext.getRequestContext();
     final String userId = rc.getUserId();
     if (userId != null && !AuthenticationUtil.isGuest(userId)) {
       int idx = userId.indexOf('@');
       if (idx != -1) {
         out = "Mimetypes for user domain: " + userId.substring(idx) + "\r\n";
       }
     }
     return out + getMimetypes().toString();
   } catch (Throwable e) {
     return super.toString();
   }
 }
  @Override
  protected boolean loginRequiredForPage(
      RequestContext context, HttpServletRequest request, Page page) {
    boolean externalAuth = false;
    EndpointDescriptor descriptor =
        getRemoteConfig(context).getEndpointDescriptor(AlfrescoUserFactory.ALFRESCO_ENDPOINT_ID);
    if (descriptor != null) {
      externalAuth = descriptor.getExternalAuth();
    }

    boolean login = false;
    User user = context.getUser();
    switch (page.getAuthentication()) {
      case guest:
        {
          login = (user == null);
          break;
        }

        // Enhanced test over the super class implementation - to check that the user has
        // credentials to
        // use the default "alfresco" endpoint - ensures that say a user ID is in the session from
        // access to an RSS feed endpoint, they are not given permission to proceed until after a
        // full login
      case user:
        {
          try {
            login =
                (user == null || AuthenticationUtil.isGuest(user.getId()))
                    || (!context
                            .getServiceRegistry()
                            .getConnectorService()
                            .getCredentialVault(request.getSession(), user.getId())
                            .hasCredentials(AlfrescoUserFactory.ALFRESCO_ENDPOINT_ID)
                        && externalAuth == false);
          } catch (CredentialVaultProviderException err) {
            throw new PlatformRuntimeException(
                "Unable to retrieve credentials for current user.", err);
          }
          break;
        }

      case admin:
        {
          try {
            login =
                (user == null || !user.isAdmin())
                    || (!context
                            .getServiceRegistry()
                            .getConnectorService()
                            .getCredentialVault(request.getSession(), user.getId())
                            .hasCredentials(AlfrescoUserFactory.ALFRESCO_ENDPOINT_ID)
                        && externalAuth == false);
          } catch (CredentialVaultProviderException err) {
            throw new PlatformRuntimeException(
                "Unable to retrieve credentials for current user.", err);
          }
          if (login) {
            // special case for admin - need to clear user context before
            // we can login again to "upgrade" our user authentication level
            AuthenticationUtil.clearUserContext(request);
          }
          break;
        }
    }
    return login;
  }