1 /* 2 * Copyright (c) 2002-2021, City of Paris 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright notice 10 * and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright notice 13 * and the following disclaimer in the documentation and/or other materials 14 * provided with the distribution. 15 * 16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 * 32 * License 1.0 33 */ 34 package fr.paris.lutece.plugins.mylutece.authentication; 35 36 import fr.paris.lutece.portal.service.security.LoginRedirectException; 37 import fr.paris.lutece.portal.service.security.LuteceAuthentication; 38 import fr.paris.lutece.portal.service.security.LuteceUser; 39 import javax.security.auth.login.LoginException; 40 import javax.servlet.http.HttpServletRequest; 41 42 import fr.paris.lutece.plugins.mylutece.service.ILuteceUserAttributesProvidedDescription; 43 import fr.paris.lutece.plugins.mylutece.service.ILuteceUserRolesProvidedDescription; 44 import fr.paris.lutece.plugins.mylutece.service.MyLuteceUserService; 45 import java.util.Arrays; 46 47 public abstract class AbstractAuthentication implements LuteceAuthentication,ILuteceUserAttributesProvidedDescription,ILuteceUserRolesProvidedDescription 48 { 49 /** 50 * {@inheritDoc } 51 */ 52 @Override 53 public LuteceUser login( final String strUserName, final String strUserPassword, HttpServletRequest request ) throws LoginException, LoginRedirectException 54 { 55 LuteceUser user = processLogin( strUserName, strUserPassword, request ); 56 MyLuteceUserService.provideUserExternalInfos( user ); 57 58 return user; 59 } 60 61 /** 62 * {@inheritDoc } 63 */ 64 @Override 65 public LuteceUser getHttpAuthenticatedUser( HttpServletRequest request ) 66 { 67 LuteceUser user = processHttpAuthenticatedUser( request ); 68 MyLuteceUserService.provideUserExternalInfos( user ); 69 70 return user; 71 } 72 73 /** 74 * {@inheritDoc } 75 */ 76 @Override 77 public boolean isUserInRole( LuteceUser user, HttpServletRequest request, String strRole ) 78 { 79 return Arrays.asList( user.getRoles( ) ).contains( strRole ); 80 } 81 82 /** 83 * Process the login of the user 84 * 85 * @param strUsername 86 * the username 87 * @param strPassword 88 * the password 89 * @param request 90 * the HttpServletRequest 91 * @return the LuteceUser 92 * @throws LoginException 93 * @throws LoginRedirectException 94 */ 95 protected LuteceUser processLogin( String strUsername, String strPassword, HttpServletRequest request ) throws LoginException, LoginRedirectException 96 { 97 // Default implementation doesn't do anything. This is used for backward compatibility 98 // with authentication modules which called "login" method directly 99 return null; 100 } 101 102 /** 103 * Process the authentication of the user when authentication infos are on the request 104 * 105 * @param request 106 * the HttpServletRequest 107 * @return the LuteceUser 108 */ 109 protected LuteceUser processHttpAuthenticatedUser( HttpServletRequest request ) 110 { 111 // Default implementation doesn't do anything. This is used for backward compatibility 112 // with authentication modules which called "getHttpAuthenticated" method directly 113 return null; 114 } 115 116 }