public void handleMessage(Message message) throws Fault { SecurityContext context = message.get(SecurityContext.class); if (context == null) { return; } Principal principal = context.getUserPrincipal(); UsernameToken usernameToken = (UsernameToken) message.get(SecurityToken.class); if (principal == null || usernameToken == null || !principal.getName().equals(usernameToken.getName())) { return; } // Read the user from Syncope and get the roles WebClient client = WebClient.create(address, Collections.singletonList(new JacksonJsonProvider())); String authorizationHeader = "Basic " + Base64Utility.encode( (usernameToken.getName() + ":" + usernameToken.getPassword()).getBytes()); client.header("Authorization", authorizationHeader); client = client.path("users/self"); UserTO user = null; try { user = client.get(UserTO.class); if (user == null) { Exception exception = new Exception("Authentication failed"); throw new Fault(exception); } } catch (RuntimeException ex) { if (log.isDebugEnabled()) { log.debug(ex.getMessage(), ex); } throw new Fault(ex); } // Now get the roles List<MembershipTO> membershipList = user.getMemberships(); Subject subject = new Subject(); subject.getPrincipals().add(principal); for (MembershipTO membership : membershipList) { String roleName = membership.getRoleName(); subject.getPrincipals().add(new SimpleGroup(roleName, usernameToken.getName())); } subject.setReadOnly(); message.put(SecurityContext.class, new DefaultSecurityContext(principal, subject)); }
/** * Put user into realm. * * @param userName The user to add * @param credential The users Credentials * @param roles The users roles * @return UserIdentity */ public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles) { Principal userPrincipal = new KnownUser(userName, credential); Subject subject = new Subject(); subject.getPrincipals().add(userPrincipal); subject.getPrivateCredentials().add(credential); if (roles != null) for (String role : roles) subject.getPrincipals().add(new RolePrincipal(role)); subject.setReadOnly(); UserIdentity identity = _identityService.newUserIdentity(subject, userPrincipal, roles); _users.put(userName, identity); return identity; }
/** * Create a subject for a username and a series of groups. * * @param username * @param groups (optional) * @return subject */ private Subject createSubject(String username, String... groups) { if (username == null) throw new IllegalArgumentException("Username cannot be null."); if (groups == null) { groups = new String[0]; } Subject subject = new Subject(); subject.getPrincipals().add(new Username(username)); for (String group : groups) { if (group == null || group.length() <= 0) throw new IllegalArgumentException("Group null or zero length."); subject.getPrincipals().add(new Group(group)); } subject.setReadOnly(); return subject; }
/** * Put user into realm. Called by implementations to put the user data loaded from file/db etc * into the user structure. * * @param userName User name * @param info a UserIdentity instance, or a String password or Credential instance * @return User instance */ protected synchronized UserIdentity putUser(String userName, Object info) { final UserIdentity identity; if (info instanceof UserIdentity) identity = (UserIdentity) info; else { Credential credential = (info instanceof Credential) ? (Credential) info : Credential.getCredential(info.toString()); Principal userPrincipal = new KnownUser(userName, credential); Subject subject = new Subject(); subject.getPrincipals().add(userPrincipal); subject.getPrivateCredentials().add(credential); subject.setReadOnly(); identity = _identityService.newUserIdentity(subject, userPrincipal, IdentityService.NO_ROLES); } _users.put(userName, identity); return identity; }
public Object run() { _s.setReadOnly(); return null; // nothing to return }
public UserIdentity login(String userName, Object credential) { // AuthFactory supports both a bare username, as well as user@domain. However, UserManager only // accepts the bare // username. If the provided value includes a domain, use only the node-part (after verifying // that it's actually // a user of our domain). final String[] parts = userName.split("@", 2); if (parts.length > 1) { if (XMPPServer.getInstance().getServerInfo().getXMPPDomain().equals(parts[1])) { userName = parts[0]; } else { Log.error("access denied, unknown domain" + userName); return null; } } UserIdentity identity = null; if (identities.containsKey(userName)) { identity = identities.get(userName); if (authTokens.containsKey(userName) == false) { Log.debug("UserIdentity login " + userName + " "); try { AuthToken authToken = AuthFactory.authenticate(userName, (String) credential); authTokens.put(userName, authToken); } catch (UnauthorizedException e) { Log.error("access denied, bad password " + userName); return null; } catch (Exception e) { Log.error("access denied " + userName); return null; } } } else { Log.debug("UserIdentity login " + userName + " "); try { userManager.getUser(userName); } catch (UserNotFoundException e) { Log.error("user not found " + userName, e); return null; } try { AuthToken authToken = AuthFactory.authenticate(userName, (String) credential); authTokens.put(userName, authToken); } catch (UnauthorizedException e) { Log.error("access denied, bad password " + userName); return null; } catch (Exception e) { Log.error("access denied " + userName); return null; } Principal userPrincipal = new KnownUser(userName, credential); Subject subject = new Subject(); subject.getPrincipals().add(userPrincipal); subject.getPrivateCredentials().add(credential); subject.getPrincipals().add(new RolePrincipal("ofmeet")); subject.setReadOnly(); identity = _identityService.newUserIdentity(subject, userPrincipal, new String[] {"ofmeet"}); identities.put(userName, identity); } return identity; }