View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication;
35  
36  import fr.paris.lutece.plugins.mylutece.authentication.ExternalAuthentication;
37  import fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication.business.IdxWSSODatabaseHome;
38  import fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication.service.WssoDatabasePlugin;
39  import fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication.service.WssoDatabaseService;
40  import fr.paris.lutece.portal.service.plugin.Plugin;
41  import fr.paris.lutece.portal.service.plugin.PluginService;
42  import fr.paris.lutece.portal.service.security.LuteceUser;
43  import fr.paris.lutece.portal.service.util.AppPropertiesService;
44  
45  import java.util.ArrayList;
46  import java.util.Collection;
47  import java.util.List;
48  
49  import javax.security.auth.login.LoginException;
50  
51  import javax.servlet.http.Cookie;
52  import javax.servlet.http.HttpServletRequest;
53  
54  
55  /**
56   * The Class provides an implementation of the PortalService interface based on a the IdealX WebSSO solution. It retrieves roles associated with the user from the database.
57   */
58  public class IdxWSSODatabaseAuthentication extends ExternalAuthentication
59  {
60      private static final String PROPERTY_AUTH_SERVICE_NAME = "mylutece-wssodatabase.service.name";
61      private static final String PROPERTY_COOKIE_AUTHENTIFICATION = "mylutece-wssodatabase.cookie.authenticationMode"; // authentication mode, login/pwd or certificate
62      private static final String PROPERTY_COOKIE_WSSOGUID = "mylutece-wssodatabase.cookie.wssoguid"; // unique hexa user id
63      
64      private static final String PLUGIN_NAME = "mylutece-wssodatabase";
65  
66      /**
67       * Constructor
68       */
69      public IdxWSSODatabaseAuthentication(  )
70      {
71      }
72  
73      /**
74       * Gets the Authentification service name
75       * @return The name of the authentication service
76       */
77      public String getAuthServiceName(  )
78      {
79          return AppPropertiesService.getProperty( PROPERTY_AUTH_SERVICE_NAME );
80      }
81  
82      /**
83       * Gets the Authentification type
84       * @param request The HTTP request
85       * @return The type of authentication
86       */
87      public String getAuthType( HttpServletRequest request )
88      {
89          Cookie[] cookies = request.getCookies(  );
90          String strAuthType = request.getAuthType(  );
91  
92          for ( int i = 0; i < cookies.length; i++ )
93          {
94              Cookie cookie = cookies[i];
95  
96              if ( cookie.getName(  ).equals( PROPERTY_COOKIE_AUTHENTIFICATION ) )
97              {
98                  strAuthType = cookie.getValue(  );
99              }
100         }
101 
102         return strAuthType;
103     }
104 
105     /**
106      * This methods checks the login info in the base repository
107      *
108      * @param strUserName The username
109      * @param strUserPassword The password
110      * @param request The HTTP request
111      * @return A LuteceUser object corresponding to the login
112      * @throws LoginException The LoginException
113      */
114     public LuteceUser login( String strUserName, String strUserPassword, HttpServletRequest request )
115         throws LoginException
116     {
117         // There is no login required : the user is supposed to be already authenticated
118         LuteceUser luteceUser = getHttpAuthenticatedUser( request );
119 
120         return luteceUser;
121     }
122 
123     /**
124      * This methods logout the user
125      * @param user The user
126      */
127     public void logout( LuteceUser user )
128     {
129     }
130 
131     /**
132      * This method returns an anonymous Lutece user
133      *
134      * @return An anonymous Lutece user
135      */
136     public LuteceUser getAnonymousUser(  )
137     {
138         /** @todo Implémenter cette méthode fr.paris.lutece.portal.service.security.PortalAuthentication */
139         throw new java.lang.UnsupportedOperationException( "The method getAnonymousUser() is not implemented yet." );
140     }
141 
142     /**
143      * Checks that the current user is associated to a given role
144      * @param user The user
145      * @param request The HTTP request
146      * @param strRole The role name
147      * @return Returns true if the user is associated to the role, otherwise false
148      */
149     public boolean isUserInRole( LuteceUser user, HttpServletRequest request, String strRole )
150     {
151         if ( ( user == null ) || ( strRole == null ) )
152         {
153             return false;
154         }
155 
156         String[] roles = user.getRoles(  );
157 
158         if ( roles != null )
159         {
160             for ( int i = 0; i < roles.length; i++ )
161             {
162                 if ( strRole.equals( roles[i] ) )
163                 {
164                     return true;
165                 }
166             }
167         }
168 
169         return false;
170     }
171 
172     /**
173      * Returns a Lutece user object if the user is already authenticated by the WSSO
174      * @param request The HTTP request
175      * @return Returns A Lutece User
176      */
177     public LuteceUser getHttpAuthenticatedUser( HttpServletRequest request )
178     {
179         Cookie[] cookies = request.getCookies(  );
180         IdxWSSODatabaseUser user = null;
181         String strUserID = null;
182 
183         if ( cookies != null )
184         {
185             for ( int i = 0; i < cookies.length; i++ )
186             {
187                 Cookie cookie = cookies[i];
188 
189                 if ( cookie.getName(  ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_WSSOGUID ) ) )
190                 {
191                     strUserID = cookie.getValue(  );
192                 }
193             }
194         }
195 
196         if ( strUserID != null )
197         {
198             Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
199             user = WssoDatabaseService.getInstance( ).loadIdxWSSOUser( strUserID, request,this,plugin );
200 
201             if ( user != null )
202             {
203                 IdxWSSODatabaseHome.updateDateLastLogin( strUserID, new java.util.Date(  ), plugin );
204 
205                 List<String> arrayRoles = IdxWSSODatabaseHome.findUserRolesFromGuid( strUserID, plugin, this );
206 
207                 if ( !arrayRoles.isEmpty(  ) )
208                 {
209                     user.setRoles( arrayRoles );
210                 }
211             }
212         }
213 
214         return user;
215     }
216 
217     /**
218      * Tells whether or not the authentication service can provide a list of all its users
219      * @return true if the service can return a users list
220      */
221     public boolean isUsersListAvailable(  )
222     {
223         return true;
224     }
225 
226     /**
227      * Returns all users managed by the authentication service if this feature is available.
228      * @return A collection of Lutece users or null if the service doesn't provide a users list
229      */
230     public Collection<LuteceUser> getUsers(  )
231     {
232         Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
233 
234         Collection<IdxWSSODatabaseUser> usersList = IdxWSSODatabaseHome.findUsersList( plugin, this );
235         Collection<LuteceUser> luteceUsers = new ArrayList<LuteceUser>(  );
236 
237         for ( IdxWSSODatabaseUser user : usersList )
238         {
239             luteceUsers.add( user );
240         }
241 
242         return luteceUsers;
243     }
244 
245     /**
246      * Returns the user managed by the authentication service if this feature is available.
247      * @param userLogin user login
248      * @return A Lutece users or null if the service doesn't provide a user
249      */
250     public LuteceUser getUser( String userLogin )
251     {
252         Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
253 
254         // In case of wsso user, login is the guid
255         IdxWSSODatabaseUser user = IdxWSSODatabaseHome.findUserByGuid( userLogin, plugin, this );
256 
257         return user;
258     }
259 
260     /**
261      * get all roles for this user : - user's roles - user's groups roles
262      *
263      * @param user The user
264      * @return Array of roles
265      */
266     public String[] getRolesByUser( LuteceUser user )
267     {
268         return user.getRoles(  );
269     }
270 
271     /**
272      *
273      *{@inheritDoc}
274      */
275     public String getIconUrl(  )
276     {
277         return null;
278     }
279 
280     /**
281      *
282      *{@inheritDoc}
283      */
284     public String getName(  )
285     {
286         return WssoDatabasePlugin.PLUGIN_NAME;
287     }
288 
289     /**
290      *
291      *{@inheritDoc}
292      */
293     public String getPluginName(  )
294     {
295         return WssoDatabasePlugin.PLUGIN_NAME;
296     }
297 
298     /**
299      *
300      *{@inheritDoc}
301      */
302     public boolean isMultiAuthenticationSupported(  )
303     {
304         return false;
305     }
306 
307     /**
308      *
309      *{@inheritDoc}
310      */
311     @Override
312     public void updateDateLastLogin( LuteceUser user, HttpServletRequest request )
313     {
314         Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
315         IdxWSSODatabaseHome.updateDateLastLogin( user.getName(  ), new java.util.Date(  ), plugin );
316     }
317 }