1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.authentication;
35
36 import fr.paris.lutece.plugins.mylutece.web.MyLuteceApp;
37 import fr.paris.lutece.portal.service.i18n.I18nService;
38 import fr.paris.lutece.portal.service.plugin.Plugin;
39 import fr.paris.lutece.portal.service.plugin.PluginService;
40 import fr.paris.lutece.portal.service.security.LoginRedirectException;
41 import fr.paris.lutece.portal.service.security.LuteceAuthentication;
42 import fr.paris.lutece.portal.service.security.LuteceUser;
43 import fr.paris.lutece.portal.service.util.AppLogService;
44 import fr.paris.lutece.portal.web.LocalVariables;
45
46 import org.apache.commons.lang3.StringUtils;
47
48 import java.util.ArrayList;
49 import java.util.Collection;
50 import java.util.HashMap;
51 import java.util.List;
52 import java.util.Map;
53
54 import javax.security.auth.login.LoginException;
55
56 import javax.servlet.http.HttpServletRequest;
57
58
59
60
61
62 public class MultiLuteceAuthentication extends AbstractAuthentication
63 {
64 private static final String PROPERTY_MESSAGE_NO_AUTHENTICATION_SELECTED = "mylutece.message.noAuthenticationSelected";
65 private static final String PARAMETER_AUTH_PROVIDER = "auth_provider";
66 private static final Map<String, LuteceAuthentication> _mapAuthentications = new HashMap<String, LuteceAuthentication>( );
67
68
69
70
71
72
73
74 public static void registerAuthentication( LuteceAuthentication authentication )
75 {
76 AppLogService.info( "MultiLuteceAuthentication : Registering authentication " + authentication.getName( ) );
77 _mapAuthentications.put( authentication.getName( ), authentication );
78 }
79
80
81
82
83
84
85
86 public static void removeAuthentication( String strAuthenticationName )
87 {
88 if ( _mapAuthentications.containsKey( strAuthenticationName ) )
89 {
90 AppLogService.info( "MultiLuteceAuthentication : Unregistering authentication " + strAuthenticationName );
91 _mapAuthentications.remove( strAuthenticationName );
92 }
93 else
94 {
95 AppLogService.error( "Unable to remove authentication " + strAuthenticationName + ". Authentication not found. Available values are "
96 + _mapAuthentications.keySet( ) );
97 }
98 }
99
100
101
102
103
104
105
106 public String getLoginPageUrl( )
107 {
108 String strLoginUrl = MyLuteceApp.getLoginPageUrl( );
109 HttpServletRequest request = LocalVariables.getRequest( );
110
111 if ( request != null )
112 {
113 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
114
115 if ( StringUtils.isNotBlank( strAuthentication ) )
116 {
117 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
118 strLoginUrl = authentication.getLoginPageUrl( );
119 }
120 }
121
122 return strLoginUrl;
123 }
124
125
126
127
128
129
130
131 public String getDoLoginUrl( )
132 {
133 String strLoginUrl = MyLuteceApp.getDoLoginUrl( );
134 HttpServletRequest request = LocalVariables.getRequest( );
135
136 if ( request != null )
137 {
138 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
139
140 if ( StringUtils.isNotBlank( strAuthentication ) )
141 {
142 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
143 strLoginUrl = authentication.getDoLoginUrl( );
144 }
145 }
146
147 return strLoginUrl;
148 }
149
150
151
152
153
154
155
156 public String getNewAccountPageUrl( )
157 {
158 String strNewAccountUrl = MyLuteceApp.getNewAccountUrl( );
159 HttpServletRequest request = LocalVariables.getRequest( );
160
161 if ( request != null )
162 {
163 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
164
165 if ( StringUtils.isNotBlank( strAuthentication ) )
166 {
167 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
168 strNewAccountUrl = authentication.getNewAccountPageUrl( );
169 }
170 }
171
172 return strNewAccountUrl;
173 }
174
175
176
177
178
179
180
181 public String getViewAccountPageUrl( )
182 {
183 String strViewAccountUrl = MyLuteceApp.getViewAccountUrl( );
184 HttpServletRequest request = LocalVariables.getRequest( );
185
186 if ( request != null )
187 {
188 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
189
190 if ( StringUtils.isNotBlank( strAuthentication ) )
191 {
192 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
193 strViewAccountUrl = authentication.getViewAccountPageUrl( );
194 }
195 }
196
197 return strViewAccountUrl;
198 }
199
200
201
202
203
204
205
206 public String getLostPasswordPageUrl( )
207 {
208 String strLostPasswordUrl = MyLuteceApp.getLostPasswordUrl( );
209 HttpServletRequest request = LocalVariables.getRequest( );
210
211 if ( request != null )
212 {
213 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
214
215 if ( StringUtils.isNotBlank( strAuthentication ) )
216 {
217 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
218 strLostPasswordUrl = authentication.getLostPasswordPageUrl( );
219 }
220 }
221
222 return strLostPasswordUrl;
223 }
224
225
226
227
228
229
230
231 @Override
232 public String getLostLoginPageUrl( )
233 {
234 String strLostLoginUrl = MyLuteceApp.getLostPasswordUrl( );
235 HttpServletRequest request = LocalVariables.getRequest( );
236
237 if ( request != null )
238 {
239 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
240
241 if ( StringUtils.isNotBlank( strAuthentication ) )
242 {
243 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
244 strLostLoginUrl = authentication.getLostLoginPageUrl( );
245 }
246 }
247
248 return strLostLoginUrl;
249 }
250
251
252
253
254 @Override
255 public boolean findResetPassword( HttpServletRequest request, String strLogin )
256 {
257 boolean bResetPasswordActive = false;
258
259
260 if ( request != null )
261 {
262 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
263
264 if ( StringUtils.isNotBlank( strAuthentication ) )
265 {
266 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
267 bResetPasswordActive = authentication.findResetPassword( request, strLogin );
268 }
269 }
270
271 return bResetPasswordActive;
272 }
273
274
275
276
277 @Override
278 public String getResetPasswordPageUrl( HttpServletRequest request )
279 {
280 String strResetPasswordUrl = MyLuteceApp.getResetPasswordUrl( request );
281
282 if ( request != null )
283 {
284 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
285
286 if ( StringUtils.isNotBlank( strAuthentication ) )
287 {
288 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
289 strResetPasswordUrl = authentication.getResetPasswordPageUrl( request );
290 }
291 }
292
293 return strResetPasswordUrl;
294 }
295
296
297
298
299
300
301
302 public String getDoLogoutUrl( )
303 {
304 String strDoLogoutUrl = MyLuteceApp.getDoLogoutUrl( );
305 HttpServletRequest request = LocalVariables.getRequest( );
306
307 if ( request != null )
308 {
309 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
310
311 if ( StringUtils.isNotBlank( strAuthentication ) )
312 {
313 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
314 strDoLogoutUrl = authentication.getDoLogoutUrl( );
315 }
316 }
317
318 return strDoLogoutUrl;
319 }
320
321
322
323
324
325
326 public String getAccessDeniedTemplate( )
327 {
328 return MyLuteceApp.getAccessDeniedTemplate( );
329 }
330
331
332
333
334
335
336 public String getAccessControledTemplate( )
337 {
338 return MyLuteceApp.getAccessControledTemplate( );
339 }
340
341
342
343
344
345 public LuteceUser getAnonymousUser( )
346 {
347
348
349
350
351 final class AnonymousUser extends LuteceUser
352 {
353 AnonymousUser( )
354 {
355 super( LuteceUser.ANONYMOUS_USERNAME, MultiLuteceAuthentication.this );
356 }
357 }
358
359 return new AnonymousUser( );
360 }
361
362
363
364
365
366 public String getAuthServiceName( )
367 {
368 return "Lutece Multi Authentication Service";
369 }
370
371
372
373
374
375 public String getAuthType( HttpServletRequest request )
376 {
377 return HttpServletRequest.BASIC_AUTH;
378 }
379
380
381
382
383
384
385
386
387
388 public LuteceUser getHttpAuthenticatedUser( HttpServletRequest request )
389 {
390 LuteceUser luteceUser = null;
391
392 for ( LuteceAuthentication luteceAuthentication : getListLuteceAuthentication( ) )
393 {
394 if ( luteceAuthentication.isExternalAuthentication( ) )
395 {
396 luteceUser = luteceAuthentication.getHttpAuthenticatedUser( request );
397
398 if ( luteceUser != null )
399 {
400 break;
401 }
402 }
403 }
404
405 return luteceUser;
406 }
407
408
409
410
411
412 public String [ ] getRolesByUser( LuteceUser user )
413 {
414 LuteceAuthentication userAuthentication = user.getLuteceAuthenticationService( );
415
416 if ( userAuthentication != null )
417 {
418 return userAuthentication.getRolesByUser( user );
419 }
420
421 return null;
422 }
423
424
425
426
427
428
429
430
431
432
433 public LuteceUser getUser( String strUserLogin )
434 {
435
436 for ( LuteceAuthentication authentication : getListLuteceAuthentication( ) )
437 {
438 LuteceUser user = authentication.getUser( strUserLogin );
439
440 if ( user != null )
441 {
442 return user;
443 }
444 }
445
446 return null;
447 }
448
449
450
451
452
453
454
455 public Collection<LuteceUser> getUsers( )
456 {
457 List<LuteceUser> listUsers = new ArrayList<LuteceUser>( );
458
459 for ( LuteceAuthentication luteceAuthentication : getListLuteceAuthentication( ) )
460 {
461 if ( luteceAuthentication.getUsers( ) != null )
462 {
463
464 listUsers.addAll( luteceAuthentication.getUsers( ) );
465
466 }
467 }
468
469 return listUsers;
470 }
471
472
473
474
475
476 public boolean isExternalAuthentication( )
477 {
478 return true;
479 }
480
481
482
483
484
485 public boolean isUserInRole( LuteceUser user, HttpServletRequest request, String strRole )
486 {
487 if ( user == null )
488 {
489 return false;
490 }
491
492 LuteceAuthentication authentication = user.getLuteceAuthenticationService( );
493
494 if ( authentication != null )
495 {
496 return authentication.isUserInRole( user, request, strRole );
497 }
498
499 return false;
500 }
501
502
503
504
505
506
507
508 public boolean isUsersListAvailable( )
509 {
510 return false;
511 }
512
513
514
515
516
517 public LuteceUser login( String strUserName, String strUserPassword, HttpServletRequest request ) throws LoginException, LoginRedirectException
518 {
519 LuteceUser luteceUser = null;
520 String strAuthProvider = request.getParameter( PARAMETER_AUTH_PROVIDER );
521
522 if ( strAuthProvider != null )
523 {
524 LuteceAuthentication myLuteceAuthentication = _mapAuthentications.get( strAuthProvider );
525
526 if ( myLuteceAuthentication != null )
527 {
528 if ( AppLogService.isDebugEnabled( ) )
529 {
530 AppLogService.debug( "Using " + myLuteceAuthentication.getAuthServiceName( ) + " for user " + strUserName );
531 }
532
533 luteceUser = myLuteceAuthentication.login( strUserName, strUserPassword, request );
534 }
535 else
536 {
537 AppLogService.error( "Authentication null for key " + strAuthProvider );
538 throw new LoginException( I18nService.getLocalizedString( PROPERTY_MESSAGE_NO_AUTHENTICATION_SELECTED, request.getLocale( ) ) );
539 }
540 }
541 else
542 {
543 throw new LoginException( I18nService.getLocalizedString( PROPERTY_MESSAGE_NO_AUTHENTICATION_SELECTED, request.getLocale( ) ) );
544 }
545
546 return luteceUser;
547 }
548
549
550
551
552
553 public void logout( LuteceUser user )
554 {
555 if ( user != null )
556 {
557 LuteceAuthentication luteceAuthentication = user.getLuteceAuthenticationService( );
558
559 if ( luteceAuthentication != null )
560 {
561 luteceAuthentication.logout( user );
562 }
563 else
564 {
565 AppLogService.error( "No auth provider found for " + user.getName( ) + ". Brute force logout." );
566
567 for ( LuteceAuthentication authentication : _mapAuthentications.values( ) )
568 {
569 authentication.logout( user );
570 }
571 }
572 }
573 else
574 {
575 AppLogService.error( "Tried to logout null user" );
576 }
577 }
578
579
580
581
582
583 public boolean isMultiAuthenticationSupported( )
584 {
585 return true;
586 }
587
588
589
590
591
592
593
594
595 public LuteceAuthentication getLuteceAuthentication( String strKey )
596 {
597 return _mapAuthentications.get( strKey );
598 }
599
600
601
602
603
604 public boolean isDelegatedAuthentication( )
605 {
606 return false;
607 }
608
609
610
611
612
613
614 public List<LuteceAuthentication> getListLuteceAuthentication( )
615 {
616 List<LuteceAuthentication> listAuthentications = new ArrayList<LuteceAuthentication>( );
617
618 for ( LuteceAuthentication authentication : _mapAuthentications.values( ) )
619 {
620 Plugin plugin = PluginService.getPlugin( authentication.getPluginName( ) );
621
622 if ( ( plugin != null ) && plugin.isInstalled( ) )
623 {
624 listAuthentications.add( authentication );
625 }
626 else
627 if ( AppLogService.isDebugEnabled( ) )
628 {
629 AppLogService.debug( "Authentication : Plugin not found or not installed for plugin name " + authentication.getPluginName( ) );
630 }
631 }
632
633 return listAuthentications;
634 }
635
636
637
638
639
640
641 public String getIconUrl( )
642 {
643 return null;
644 }
645
646
647
648
649
650
651
652 public String getName( )
653 {
654 return null;
655 }
656
657
658
659
660
661
662
663 public String getPluginName( )
664 {
665 return null;
666 }
667
668
669
670
671 @Override
672 public void updateDateLastLogin( LuteceUser user, HttpServletRequest request )
673 {
674 if ( request != null )
675 {
676 String strAuthentication = request.getParameter( PARAMETER_AUTH_PROVIDER );
677
678 if ( StringUtils.isNotBlank( strAuthentication ) )
679 {
680 LuteceAuthentication authentication = _mapAuthentications.get( strAuthentication );
681 authentication.updateDateLastLogin( user, request );
682 }
683 }
684 }
685 }