View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication;
35  
36  import fr.paris.lutece.plugins.mylutece.authentication.ExternalAuthentication;
37  import fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication.business.IdxWSSODatabaseHome;
38  import fr.paris.lutece.plugins.mylutece.modules.wssodatabase.authentication.service.WssoDatabasePlugin;
39  import fr.paris.lutece.portal.service.plugin.Plugin;
40  import fr.paris.lutece.portal.service.plugin.PluginService;
41  import fr.paris.lutece.portal.service.security.LuteceUser;
42  import fr.paris.lutece.portal.service.util.AppPropertiesService;
43  
44  import java.util.ArrayList;
45  import java.util.Collection;
46  import java.util.List;
47  
48  import javax.security.auth.login.LoginException;
49  import javax.servlet.http.Cookie;
50  import javax.servlet.http.HttpServletRequest;
51  
52  
53  /**
54   * The Class provides an implementation of the PortalService interface based on
55   * a the IdealX WebSSO solution. It retrieves roles associated with the user
56   * from the database.
57   */
58  public class IdxWSSODatabaseAuthentication extends ExternalAuthentication
59  {
60      private static final String PROPERTY_AUTH_SERVICE_NAME = "mylutece-wssodatabase.service.name";
61      private static final String PROPERTY_COOKIE_AUTHENTIFICATION = "mylutece-wssodatabase.cookie.authenticationMode"; // authentication mode, login/pwd or certificate
62      private static final String PROPERTY_COOKIE_WSSOGUID = "mylutece-wssodatabase.cookie.wssoguid"; // unique hexa user id
63      private static final String PLUGIN_NAME = "mylutece-wssodatabase";
64  
65      /**
66       * Constructor
67       */
68      public IdxWSSODatabaseAuthentication( )
69      {
70      }
71  
72      /**
73       * Gets the Authentification service name
74       * @return The name of the authentication service
75       */
76      public String getAuthServiceName( )
77      {
78          return AppPropertiesService.getProperty( PROPERTY_AUTH_SERVICE_NAME );
79      }
80  
81      /**
82       * Gets the Authentification type
83       * @param request The HTTP request
84       * @return The type of authentication
85       */
86      public String getAuthType( HttpServletRequest request )
87      {
88          Cookie[] cookies = request.getCookies( );
89          String strAuthType = request.getAuthType( );
90  
91          for ( int i = 0; i < cookies.length; i++ )
92          {
93              Cookie cookie = cookies[i];
94  
95              if ( cookie.getName( ).equals( PROPERTY_COOKIE_AUTHENTIFICATION ) )
96              {
97                  strAuthType = cookie.getValue( );
98              }
99          }
100 
101         return strAuthType;
102     }
103 
104     /**
105      * This methods checks the login info in the base repository
106      * 
107      * @param strUserName The username
108      * @param strUserPassword The password
109      * @param request The HTTP request
110      * @return A LuteceUser object corresponding to the login
111      * @throws LoginException The LoginException
112      */
113     public LuteceUser login( String strUserName, String strUserPassword, HttpServletRequest request )
114             throws LoginException
115     {
116         // There is no login required : the user is supposed to be already authenticated
117         LuteceUser luteceUser = getHttpAuthenticatedUser( request );
118 
119         return luteceUser;
120     }
121 
122     /**
123      * This methods logout the user
124      * @param user The user
125      */
126     public void logout( LuteceUser user )
127     {
128     }
129 
130     /**
131      * This method returns an anonymous Lutece user
132      * 
133      * @return An anonymous Lutece user
134      */
135     public LuteceUser getAnonymousUser( )
136     {
137         /**
138          * @todo Implémenter cette méthode
139          *       fr.paris.lutece.portal.service.security.PortalAuthentication
140          */
141         throw new java.lang.UnsupportedOperationException( "The method getAnonymousUser() is not implemented yet." );
142     }
143 
144     /**
145      * Checks that the current user is associated to a given role
146      * @param user The user
147      * @param request The HTTP request
148      * @param strRole The role name
149      * @return Returns true if the user is associated to the role, otherwise
150      *         false
151      */
152     public boolean isUserInRole( LuteceUser user, HttpServletRequest request, String strRole )
153     {
154         if ( ( user == null ) || ( strRole == null ) )
155         {
156             return false;
157         }
158 
159         String[] roles = user.getRoles( );
160 
161         if ( roles != null )
162         {
163             for ( int i = 0; i < roles.length; i++ )
164             {
165                 if ( strRole.equals( roles[i] ) )
166                 {
167                     return true;
168                 }
169             }
170         }
171 
172         return false;
173     }
174 
175     /**
176      * Returns a Lutece user object if the user is already authenticated by the
177      * WSSO
178      * @param request The HTTP request
179      * @return Returns A Lutece User
180      */
181     public LuteceUser getHttpAuthenticatedUser( HttpServletRequest request )
182     {
183         if ( request != null )
184         {
185             Cookie[] cookies = request.getCookies( );
186             IdxWSSODatabaseUser user = null;
187             String strUserID = null;
188 
189             if ( cookies != null )
190             {
191                 for ( int i = 0; i < cookies.length; i++ )
192                 {
193                     Cookie cookie = cookies[i];
194 
195                     if ( cookie.getName( ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_WSSOGUID ) ) )
196                     {
197                         strUserID = cookie.getValue( );
198                     }
199                 }
200             }
201 
202             if ( strUserID != null )
203             {
204 
205                 Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
206                 user = IdxWSSODatabaseHome.findUserByGuid( strUserID, plugin, this );
207 
208                 if ( user != null )
209                 {
210                     IdxWSSODatabaseHome.updateDateLastLogin( strUserID, new java.util.Date( ), plugin );
211                     List<String> arrayRoles = IdxWSSODatabaseHome.findUserRolesFromGuid( strUserID, plugin, this );
212 
213                     if ( !arrayRoles.isEmpty( ) )
214                     {
215                         user.setRoles( arrayRoles );
216                     }
217                 }
218             }
219 
220             return user;
221         }
222         return null;
223     }
224 
225     /**
226      * Tells whether or not the authentication service can provide a list of all
227      * its users
228      * @return true if the service can return a users list
229      */
230     public boolean isUsersListAvailable( )
231     {
232         return true;
233     }
234 
235     /**
236      * Returns all users managed by the authentication service if this feature
237      * is available.
238      * @return A collection of Lutece users or null if the service doesn't
239      *         provide a users list
240      */
241     public Collection<LuteceUser> getUsers( )
242     {
243         Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
244 
245         Collection<IdxWSSODatabaseUser> usersList = IdxWSSODatabaseHome.findUsersList( plugin, this );
246         Collection<LuteceUser> luteceUsers = new ArrayList<LuteceUser>( );
247 
248         for ( IdxWSSODatabaseUser user : usersList )
249         {
250             luteceUsers.add( user );
251         }
252 
253         return luteceUsers;
254     }
255 
256     /**
257      * Returns the user managed by the authentication service if this feature is
258      * available.
259      * @param userLogin user login
260      * @return A Lutece users or null if the service doesn't provide a user
261      */
262     public LuteceUser getUser( String userLogin )
263     {
264         Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
265 
266         // In case of wsso user, login is the guid
267         IdxWSSODatabaseUser user = IdxWSSODatabaseHome.findUserByGuid( userLogin, plugin, this );
268 
269         return user;
270     }
271 
272     /**
273      * get all roles for this user : - user's roles - user's groups roles
274      * 
275      * @param user The user
276      * @return Array of roles
277      */
278     public String[] getRolesByUser( LuteceUser user )
279     {
280         return user.getRoles( );
281     }
282 
283     /**
284      * 
285      * {@inheritDoc}
286      */
287     public String getIconUrl( )
288     {
289         return null;
290     }
291 
292     /**
293      * 
294      * {@inheritDoc}
295      */
296     public String getName( )
297     {
298         return WssoDatabasePlugin.PLUGIN_NAME;
299     }
300 
301     /**
302      * 
303      * {@inheritDoc}
304      */
305     public String getPluginName( )
306     {
307         return WssoDatabasePlugin.PLUGIN_NAME;
308     }
309 
310     /**
311      * 
312      * {@inheritDoc}
313      */
314     public boolean isMultiAuthenticationSupported( )
315     {
316         return false;
317     }
318 
319     /**
320      * 
321      * {@inheritDoc}
322      */
323     @Override
324     public void updateDateLastLogin( LuteceUser user, HttpServletRequest request )
325     {
326         Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
327         IdxWSSODatabaseHome.updateDateLastLogin( user.getName( ), new java.util.Date( ), plugin );
328     }
329 }