1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.service.security;
35
36 import fr.paris.lutece.portal.business.event.LuteceUserEvent;
37 import fr.paris.lutece.portal.service.datastore.DatastoreService;
38 import fr.paris.lutece.portal.service.event.LuteceUserEventManager;
39 import fr.paris.lutece.portal.service.init.LuteceInitException;
40 import fr.paris.lutece.portal.service.util.AppLogService;
41 import fr.paris.lutece.portal.service.util.AppPropertiesService;
42 import fr.paris.lutece.util.url.UrlItem;
43
44 import java.security.Principal;
45
46 import java.util.Collection;
47 import java.util.Enumeration;
48 import java.util.List;
49
50 import javax.security.auth.login.LoginException;
51
52 import javax.servlet.http.HttpServletRequest;
53 import javax.servlet.http.HttpSession;
54
55
56
57
58 public final class SecurityService
59 {
60
61
62
63 private static final String ATTRIBUTE_LUTECE_USER = "lutece_user";
64
65 private static final String PROPERTY_AUTHENTICATION_CLASS = "mylutece.authentication.class";
66 private static final String PROPERTY_AUTHENTICATION_ENABLE = "mylutece.authentication.enable";
67 private static final String PROPERTY_PORTAL_AUTHENTICATION_REQUIRED = "mylutece.portal.authentication.required";
68
69 private static final String URL_INTERROGATIVE = "?";
70 private static final String URL_AMPERSAND = "&";
71 private static final String URL_EQUAL = "=";
72
73 private static final String CONSTANT_ACTION_LOGIN_USER = "user.loginUser";
74 private static final String CONSTANT_ACTION_LOGOUT_USER = "user.logoutUser";
75 private static final String CONSTANT_FO = "FO";
76
77 private static SecurityServicerity/SecurityService.html#SecurityService">SecurityService _singleton = new SecurityService( );
78 private static LuteceAuthentication _authenticationService;
79 private static boolean _bEnable;
80
81
82
83
84 private SecurityService( )
85 {
86 }
87
88
89
90
91
92
93
94 public static synchronized void init( ) throws LuteceInitException
95 {
96 _bEnable = false;
97
98 String strEnable = AppPropertiesService.getProperty( PROPERTY_AUTHENTICATION_ENABLE, "false" );
99
100 if ( strEnable.equalsIgnoreCase( "true" ) )
101 {
102 _authenticationService = getPortalAuthentication( );
103
104 if ( _authenticationService != null )
105 {
106 _bEnable = true;
107 }
108 }
109 else
110 {
111
112 _authenticationService = null;
113 }
114 }
115
116
117
118
119
120
121 public static SecurityService getInstance( )
122 {
123 return _singleton;
124 }
125
126
127
128
129
130
131 public static boolean isAuthenticationEnable( )
132 {
133 return _bEnable;
134 }
135
136
137
138
139
140
141
142
143
144
145 public LuteceUser getRemoteUser( HttpServletRequest request ) throws UserNotSignedException
146 {
147 LuteceUser user = getRegisteredUser( request );
148
149 if ( user == null )
150 {
151
152
153 if ( _authenticationService.isExternalAuthentication( ) || _authenticationService.isMultiAuthenticationSupported( ) )
154 {
155 user = _authenticationService.getHttpAuthenticatedUser( request );
156
157 if ( ( user == null ) && isPortalAuthenticationRequired( ) )
158 {
159 throw new UserNotSignedException( );
160 }
161
162 registerUser( request, user );
163 }
164 else
165 {
166 throw new UserNotSignedException( );
167 }
168 }
169
170 return user;
171 }
172
173
174
175
176
177
178
179
180
181
182 public Principal getUserPrincipal( HttpServletRequest request ) throws UserNotSignedException
183 {
184 return getRemoteUser( request );
185 }
186
187
188
189
190
191
192
193
194
195
196 public boolean isUserInRole( HttpServletRequest request, String strRole )
197 {
198 LuteceUser user;
199
200 if ( !isAuthenticationEnable( ) )
201 {
202 return true;
203 }
204
205 try
206 {
207 user = getRemoteUser( request );
208 }
209 catch( UserNotSignedException e )
210 {
211 return false;
212 }
213
214 return _authenticationService.isUserInRole( user, request, strRole );
215 }
216
217
218
219
220
221
222
223
224
225
226 public boolean isUserInAnyRole( HttpServletRequest request, List<String> listRoles )
227 {
228 boolean bAutorized = false;
229 for ( String strRole : listRoles )
230 {
231 if ( isUserInRole( request, strRole ) )
232 {
233 bAutorized = true;
234 break;
235 }
236 }
237 return bAutorized;
238 }
239
240
241
242
243
244
245
246
247 public String [ ] getRolesByUser( LuteceUser user )
248 {
249 return _authenticationService.getRolesByUser( user );
250 }
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266 public void loginUser( HttpServletRequest request, final String strUserName, final String strPassword ) throws LoginException, LoginRedirectException
267 {
268 LuteceUser user = _authenticationService.login( strUserName, strPassword, request );
269
270 _authenticationService.updateDateLastLogin( user, request );
271
272 if ( _authenticationService.findResetPassword( request, strUserName ) )
273 {
274 String redirect = _authenticationService.getResetPasswordPageUrl( request );
275 registerUser( request, user );
276 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_CONNECT, CONSTANT_ACTION_LOGIN_USER, user, null, CONSTANT_FO );
277
278 throw new LoginRedirectException( redirect );
279 }
280
281 registerUser( request, user );
282
283 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_CONNECT, CONSTANT_ACTION_LOGIN_USER, user, null, CONSTANT_FO );
284
285 }
286
287
288
289
290
291
292
293 public void logoutUser( HttpServletRequest request )
294 {
295 LuteceUser user;
296
297 try
298 {
299 user = getRemoteUser( request );
300 }
301 catch( UserNotSignedException e )
302 {
303 return;
304 }
305
306 _authenticationService.logout( user );
307 HttpSession session = request.getSession( false );
308 if(session!=null)
309 {
310 session.invalidate();
311 }
312 LuteceUserEventManager.getInstance().notifyListeners( new LuteceUserEvent( user,LuteceUserEvent.EventType.LOGOUT ) );
313 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_DISCONNECT, CONSTANT_ACTION_LOGOUT_USER, user, null, CONSTANT_FO );
314 }
315
316
317
318
319
320
321
322
323 private static LuteceAuthentication getPortalAuthentication( ) throws LuteceInitException
324 {
325 String strAuthenticationClass = AppPropertiesService.getProperty( PROPERTY_AUTHENTICATION_CLASS );
326 LuteceAuthentication authentication = null;
327
328 if ( ( strAuthenticationClass != null ) && !strAuthenticationClass.equals( "" ) )
329 {
330 try
331 {
332 authentication = (LuteceAuthentication) Class.forName( strAuthenticationClass ).newInstance( );
333 AppLogService.info( "Authentication service loaded : {}", authentication.getAuthServiceName( ) );
334 }
335 catch( InstantiationException | IllegalAccessException | ClassNotFoundException e )
336 {
337 throw new LuteceInitException( "Error instantiating Authentication Class", e );
338 }
339 }
340
341 return authentication;
342 }
343
344
345
346
347
348
349
350
351
352 public void registerUser( HttpServletRequest request, LuteceUser user )
353 {
354 HttpSession session = request.getSession( true );
355 session.setAttribute( ATTRIBUTE_LUTECE_USER, user );
356
357 if ( user != null )
358 {
359 LuteceUserEventManager.getInstance().notifyListeners( new LuteceUserEvent( user, LuteceUserEvent.EventType.LOGIN_SUCCESSFUL ) );
360 }
361 }
362
363
364
365
366
367
368
369 public void unregisterUser( HttpServletRequest request )
370 {
371 HttpSession session = request.getSession( true );
372 LuteceUser/../../../../../fr/paris/lutece/portal/service/security/LuteceUser.html#LuteceUser">LuteceUser user = (LuteceUser)session.getAttribute( ATTRIBUTE_LUTECE_USER );
373
374 if ( user != null )
375 {
376 session.removeAttribute( ATTRIBUTE_LUTECE_USER );
377 }
378 }
379
380
381
382
383
384
385
386
387 public LuteceUser getRegisteredUser( HttpServletRequest request )
388 {
389 HttpSession session = ( request != null ) ? request.getSession( false ) : null;
390
391 if ( session != null )
392 {
393 return (LuteceUser) session.getAttribute( ATTRIBUTE_LUTECE_USER );
394 }
395
396 return null;
397 }
398
399
400
401
402
403
404 public boolean isExternalAuthentication( )
405 {
406 return _authenticationService.isExternalAuthentication( );
407 }
408
409
410
411
412
413
414 public String getLoginPageUrl( )
415 {
416 return _authenticationService.getLoginPageUrl( );
417 }
418
419
420
421
422
423
424 public String getDoLoginUrl( )
425 {
426 return _authenticationService.getDoLoginUrl( );
427 }
428
429
430
431
432
433
434 public String getDoLogoutUrl( )
435 {
436 return _authenticationService.getDoLogoutUrl( );
437 }
438
439
440
441
442
443
444 public String getNewAccountPageUrl( )
445 {
446 return _authenticationService.getNewAccountPageUrl( );
447 }
448
449
450
451
452
453
454 public String getViewAccountPageUrl( )
455 {
456 return _authenticationService.getViewAccountPageUrl( );
457 }
458
459
460
461
462
463
464 public String getLostPasswordPageUrl( )
465 {
466 return _authenticationService.getLostPasswordPageUrl( );
467 }
468
469
470
471
472
473
474
475
476 public String getAccessDeniedTemplate( )
477 {
478 return _authenticationService.getAccessDeniedTemplate( );
479 }
480
481
482
483
484
485
486 public String getAccessControledTemplate( )
487 {
488 return _authenticationService.getAccessControledTemplate( );
489 }
490
491
492
493
494
495
496
497 public boolean isPortalAuthenticationRequired( )
498 {
499 String strAuthenticationRequired = DatastoreService.getDataValue( PROPERTY_PORTAL_AUTHENTICATION_REQUIRED, "false" );
500
501 return strAuthenticationRequired.equals( "true" );
502 }
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520 public LuteceUser remoteLoginUser( final HttpServletRequest request, final String strUserName, final String strPassword )
521 throws LoginException, LoginRedirectException
522 {
523 return _authenticationService.login( strUserName, strPassword, request );
524 }
525
526
527
528
529
530
531
532
533 public boolean isLoginUrl( HttpServletRequest request )
534 {
535 if ( ( getLoginPageUrl( ) == null ) || ( request == null ) )
536 {
537 return false;
538 }
539
540 String strRequestUrl = request.getRequestURI( );
541 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strRequestUrl );
542
543 for ( String strParamValueLoginPageUrl : getLoginPageUrl( ).substring( getLoginPageUrl( ).indexOf( URL_INTERROGATIVE ) + 1 ).split( URL_AMPERSAND ) )
544 {
545 String [ ] arrayParamValueLoginPageUrl = strParamValueLoginPageUrl.split( URL_EQUAL );
546 Enumeration<String> enumParams = request.getParameterNames( );
547
548 while ( enumParams.hasMoreElements( ) )
549 {
550 String strRequestParameter = enumParams.nextElement( );
551
552 if ( arrayParamValueLoginPageUrl [0].equals( strRequestParameter )
553 && arrayParamValueLoginPageUrl [1].equals( request.getParameter( strRequestParameter ) ) )
554 {
555 url.addParameter( strRequestParameter, request.getParameter( strRequestParameter ) );
556 }
557 }
558 }
559
560 return url.getUrl( ).endsWith( getLoginPageUrl( ) ) && !getLoginPageUrl( ).equals( "" );
561 }
562
563
564
565
566
567
568 boolean isUsersListAvailable( )
569 {
570 return _authenticationService.isUsersListAvailable( );
571 }
572
573
574
575
576
577
578 public Collection<LuteceUser> getUsers( )
579 {
580 return _authenticationService.getUsers( );
581 }
582
583
584
585
586
587
588
589
590 public LuteceUser getUser( String strUserLogin )
591 {
592 return _authenticationService.getUser( strUserLogin );
593 }
594
595
596
597
598
599
600 public boolean isMultiAuthenticationSupported( )
601 {
602 return _authenticationService.isMultiAuthenticationSupported( );
603 }
604
605
606
607
608
609
610 public LuteceAuthentication getAuthenticationService( )
611 {
612 return _authenticationService;
613 }
614 }