@RequestMapping(value = "/people.json", method = RequestMethod.GET)
  public ModelAndView getPeople(
      @RequestParam("searchTerms[]") List<String> searchTerms,
      HttpServletRequest request,
      HttpServletResponse response) {

    final IPerson person = personManager.getPerson((HttpServletRequest) request);
    if (person == null) {
      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
      return null;
    }

    // build a search query from the request parameters
    Map<String, Object> query = new HashMap<String, Object>();
    for (String term : searchTerms) {
      String search = request.getParameter(term);
      if (StringUtils.isNotBlank(search)) {
        query.put(term, search);
      }
    }

    List<IPersonAttributes> people = lookupHelper.searchForPeople(person, query);

    ModelAndView mv = new ModelAndView();
    mv.addObject("people", people);
    mv.setViewName("json");

    return mv;
  }
Пример #2
0
 private void setUserInformationInModel(
     PortletRequest portletRequest, final Map<String, Object> model) {
   final HttpServletRequest servletRequest =
       this.portalRequestUtils.getPortletHttpRequest(portletRequest);
   final boolean impersonating = this.identitySwapperManager.isImpersonating(servletRequest);
   final IPerson person = personManager.getPerson(servletRequest);
   logUserInfoDebug(impersonating, person);
   model.put("userName", person.getUserName());
   model.put("displayName", person.getFullName());
   model.put("userImpersonating", impersonating);
 }
  @Override
  protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
    // if there's no session, the user hasn't yet visited the login
    // servlet and we should just give up
    HttpSession session = request.getSession(false);
    if (session == null) {
      return null;
    }

    // otherwise, use the current IPerson as the UserDetails
    final IPerson person = personManager.getPerson(request);
    final UserDetails details = new PortalPersonUserDetails(person);
    return details;
  }
  @Override
  protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
    // if there's no session, the user hasn't yet visited the login
    // servlet and we should just give up
    HttpSession session = request.getSession(false);
    if (session == null) {
      return null;
    }

    // otherwise, use the person's current SecurityContext as the
    // credentials
    final IPerson person = personManager.getPerson(request);
    return person.getSecurityContext();
  }
  @RequestMapping(value = "/people/{username}.json", method = RequestMethod.GET)
  public ModelAndView getPerson(
      @PathVariable String username, HttpServletRequest request, HttpServletResponse response) {

    final IPerson searcher = personManager.getPerson((HttpServletRequest) request);
    if (searcher == null) {
      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
      return null;
    }

    final IPersonAttributes person = lookupHelper.findPerson(searcher, username);

    final ModelAndView mv = new ModelAndView();
    mv.addObject("person", person);
    mv.setViewName("json");

    return mv;
  }
  private void doPortalAuthentication(HttpServletRequest request) {
    // Clear out the existing session for the user if they have one
    String targetUid = null;
    String originalUid = null;
    String originalEventSessionId = null;
    boolean swap = false;
    String swapperProfile = null;

    final String requestedSessionId = request.getRequestedSessionId();

    if (request.isRequestedSessionIdValid()) {
      if (logger.isDebugEnabled()) {
        logger.debug("doPortalAuthentication for valid requested session id " + requestedSessionId);
      }

      try {
        HttpSession s = request.getSession(false);

        if (s != null) {
          // Check if this is a swapped user hitting the Login servlet
          originalUid = this.identitySwapperManager.getOriginalUsername(s);
        }

        // No original person in session so check for swap request
        if (originalUid == null) {
          targetUid = this.identitySwapperManager.getTargetUsername(s);
          if (targetUid != null) {
            final IPerson person = personManager.getPerson(request);
            originalUid = person.getName();
            swap = true;
            swapperProfile = identitySwapperManager.getTargetProfile(s);
          }
        }
        // Original person in session so this must be an un-swap request
        else {
          if (logger.isDebugEnabled()) {
            logger.trace(
                "This is an un-swap request swapping back from impersonated "
                    + targetUid
                    + " to original user "
                    + originalUid
                    + ".");
          }

          final IPerson person = personManager.getPerson(request);
          targetUid = person.getName();
        }

        if (s != null) {
          if (logger.isDebugEnabled()) {
            logger.debug("Invalidating the impersonated session in un-swapping.");
          }

          s.invalidate();
        }
      } catch (IllegalStateException ise) {
        // ISE indicates session was already invalidated.
        // This is fine.  This servlet trying to guarantee that the session has been invalidated;
        // it doesn't have to insist that it is the one that invalidated it.
        if (logger.isTraceEnabled()) {
          logger.trace("LoginServlet attempted to invalidate an already invalid session.", ise);
        }
      }
    } else {
      if (logger.isTraceEnabled()) {
        logger.trace(
            "Requested session id "
                + requestedSessionId
                + " was not valid "
                + "so no attempt to apply swapping rules.");
      }
    }

    //  Create the user's session
    HttpSession s = request.getSession(true);

    IPerson person = null;
    try {
      final HashMap<String, String> principals;
      final HashMap<String, String> credentials;

      // Get the person object associated with the request
      person = personManager.getPerson(request);

      // If doing an identity swap
      if (targetUid != null && originalUid != null) {
        if (swap) {
          swapperLog.warn("Swapping identity for '" + originalUid + "' to '" + targetUid + "'");

          // Track the originating user
          this.identitySwapperManager.setOriginalUser(s, originalUid, targetUid);

          // Setup the swapped person
          person.setUserName(targetUid);
        } else {
          swapperLog.warn(
              "Reverting swapped identity from '" + targetUid + "' to '" + originalUid + "'");

          person.setUserName(originalUid);
        }

        // Setup the custom security context
        final IdentitySwapperPrincipal identitySwapperPrincipal =
            new IdentitySwapperPrincipal(person);
        final IdentitySwapperSecurityContext identitySwapperSecurityContext =
            new IdentitySwapperSecurityContext(identitySwapperPrincipal);
        person.setSecurityContext(identitySwapperSecurityContext);

        principals = new HashMap<String, String>();
        credentials = new HashMap<String, String>();
      }
      // Norm authN path
      else {
        // WE grab all of the principals and credentials from the request and load
        // them into their respective HashMaps.
        principals = getPropertyFromRequest(principalTokens, request);
        credentials = getPropertyFromRequest(credentialTokens, request);
      }

      // Attempt to authenticate using the incoming request
      authenticationService.authenticate(request, principals, credentials, person);
    } catch (Exception e) {
      // Log the exception
      logger.error("Exception authenticating the request", e);
      // Reset everything
      request.getSession(false).invalidate();
      // Add the authentication failure
      request.getSession(true).setAttribute(LoginController.AUTH_ERROR_KEY, Boolean.TRUE);
    }

    final String requestedProfile = request.getParameter(LoginController.REQUESTED_PROFILE_KEY);

    if (requestedProfile != null) {

      final ProfileSelectionEvent event =
          new ProfileSelectionEvent(this, requestedProfile, person, request);
      this.eventPublisher.publishEvent(event);

    } else if (swapperProfile != null) {

      final ProfileSelectionEvent event =
          new ProfileSelectionEvent(this, swapperProfile, person, request);
      this.eventPublisher.publishEvent(event);

    } else {
      if (logger.isTraceEnabled()) {
        logger.trace("No requested or swapper profile requested so no profile selection event.");
      }
    }
  }