Examples of org.apache.jetspeed.security.AuthenticatedUser

org.apache.jetspeed.security.AuthenticatedUser
@version $Id: AuthenticatedUser.java 692968 2008-09-08 01:09:52Z ate $

                boolean success = false;
                String password = userBean.getPassword();
                User user = userBean.getUser();
                if (user != null && password != null)
                {
                    AuthenticatedUser authUser = null;
                    try
                    {
                        authUser = authorization.authenticate(userBean.getUsername(), password);
                    }
                    catch (SecurityException e) 
                    {
                        RequestContext rc = SecurityHelper.getRequestContext(actionRequest);
                        audit.logUserActivity(userBean.getUsername(), rc.getRequest().getRemoteAddr(), 
                                AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");                    
                    }
                    if (authUser != null)
                    {
                        // validate request parameers, if valid update user preferences
                        String question1 = actionRequest.getParameter("question1");
                        String question2 = actionRequest.getParameter("question2");
                        String question3 = actionRequest.getParameter("question3");
                        String answer1 = actionRequest.getParameter("answer1");
                        String answer2 = actionRequest.getParameter("answer2");
                        String answer3 = actionRequest.getParameter("answer3");
                        String passPhrase = actionRequest.getParameter("passphrase");
                        
                        // validation (SecurityHelper.isEmpty, unique questions)
                        if (SecurityHelper.isEmpty(answer1) || SecurityHelper.isEmpty(answer2) || SecurityHelper.isEmpty(answer3))
                        {
                            StatusMessage msg = new StatusMessage("Please enter a valid answer for all 3 questions.", StatusMessage.ERROR);
                            PortletMessaging.publish(actionRequest, STATUS_MESSAGE, msg);
                            setView(actionRequest, phase, FAILURE1);                                                                    
                            return;
                        }
                        if (SecurityHelper.isEmpty(passPhrase))
                        {
                            StatusMessage msg = new StatusMessage("Please enter a valid pass phrase.", StatusMessage.ERROR);
                            PortletMessaging.publish(actionRequest, STATUS_MESSAGE, msg);
                            setView(actionRequest, phase, FAILURE1);                                                                    
                            return;
                        }
                        if (question1.equals(question2) || question1.equals(question3) || question2.equals(question3))
                        {
                            StatusMessage msg = new StatusMessage("Please select a unique question in all cases.", StatusMessage.ERROR);
                            PortletMessaging.publish(actionRequest, STATUS_MESSAGE, msg);
                            setView(actionRequest, phase, FAILURE1);                                                                    
                            return;                    
                        }
        
                        // update the prefs db (we are not logged in yet
                        user = userBean.getUser();
                        try
                        {
                            user.getSecurityAttributes().getAttribute("user.question.1", true).setStringValue(question1);
                            user.getSecurityAttributes().getAttribute("user.question.2", true).setStringValue(question2);
                            user.getSecurityAttributes().getAttribute("user.question.3", true).setStringValue(question3);
                            user.getSecurityAttributes().getAttribute("user.answer.1", true).setStringValue(answer1);
                            user.getSecurityAttributes().getAttribute("user.answer.2", true).setStringValue(answer2);
                            user.getSecurityAttributes().getAttribute("user.answer.3", true).setStringValue(answer3);
                            user.getSecurityAttributes().getAttribute("user.passphrase", true).setStringValue(passPhrase);
                            user.getSecurityAttributes().getAttribute("user.cookie", true).setStringValue(CaptchaImageResource.randomString(8, 16));
                            userManager.updateUser(user);
                            success = true;
                        }
                        catch (SecurityException e)
                        {
                            success = false;
                            RequestContext rc = SecurityHelper.getRequestContext(actionRequest);
                            audit.logUserActivity(userBean.getUsername(), rc.getRequest().getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "Exception updating attributes" );
                            setView(actionRequest, phase, FAILURE2);                                                
                        }
                        if (success)
                        {
                            String username = userBean.getUsername();
                            String redirect = actionRequest.getParameter("redirect");
                            RequestContext rc = SecurityHelper.getRequestContext(actionRequest);
                            audit.logUserActivity(username, rc.getRequest().getRemoteAddr(), 
                                    LOGIN_ENROLL_ACTIVITY, "enrolling user with questions and passphrase");
                            redirect(actionRequest, actionResponse, redirect, username, password);
                        }
                    }
                }
                if (success == false)
                {
                    RequestContext rc = SecurityHelper.getRequestContext(actionRequest);
                    audit.logUserActivity(userBean.getUsername(), rc.getRequest().getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "Unauthorized Attribute Modification Attempt.");
                    setView(actionRequest, phase, FAILURE2);                    
                }
            }
            else if (phase.equals("enroll-login"))
            {                
                String username = userBean.getUsername();
                String password = actionRequest.getParameter(LoginConstants.PASSWORD);
                if (SecurityHelper.isEmpty(password))
                {
                    RequestContext rc = SecurityHelper.getRequestContext(actionRequest);
                    rc.setSessionAttribute(MFALogin.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);                    
                    setView(actionRequest, phase, FAILURE1);
                    return;
                }                
                // are we in the enrollment phase?
                if (SecurityHelper.isEmpty(userBean.getPassPhrase()))
                {
                    AuthenticatedUser authUser = null;
                    boolean authenticated = false;
                    try
                    {
                        authUser = authorization.authenticate(username, password);
                        authenticated = true;
                    }
                    catch (SecurityException e) 
                    {}
                    if (authenticated)
                    {
                        userBean.setPassword(password);
                        setView(actionRequest, phase, SUCCESS1);
                        clearLoginMessages(actionRequest);
                    }
                    else
                    {
                        failedLoginProcessing(actionRequest, phase, username, userBean);                        
                    }                    
                }
            }
            else if (phase.equals("three"))
            {
                String redirect = actionRequest.getParameter("redirect");


                String username = userBean.getUsername();
                String password = actionRequest.getParameter(LoginConstants.PASSWORD);
                if (SecurityHelper.isEmpty(password) || SecurityHelper.isEmpty(redirect))
                {
                    RequestContext rc = SecurityHelper.getRequestContext(actionRequest);                    
                    rc.setSessionAttribute(MFALogin.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);                                        
                    setView(actionRequest, phase, FAILURE1);
                    return;
                }                
                // process authentication
                AuthenticatedUser authUser = null;
                boolean authenticated = false;
                try
                {
                    authUser = authorization.authenticate(username, password);
                    authenticated = true;

View Full Code Here

                AuthenticationProvider authProvider = (AuthenticationProvider)cm.getComponent("org.apache.jetspeed.security.AuthenticationProvider");
                
                // Commenting out for the using latest securty API's
                //boolean success = userManager.authenticate(username, password);
                //if (success)
                AuthenticatedUser authUser = null;
                try{
                  authUser = authProvider.authenticate(username, password);  
                }
                catch (SecurityException e) 
                {
                    audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");                    
                    request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
        }
                if (authUser != null)
                {
                    audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
                    PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
                        cm.getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
                    if (authenticationConfiguration.isCreateNewSessionOnLogin())
                    {
                        request.getSession().invalidate();
                    }
                    else
                    {
                        UserContentCacheManager userContentCacheManager = (UserContentCacheManager)cm.getComponent("userContentCacheManager");
                        userContentCacheManager.evictUserContentCache(username, request.getSession().getId());
                    }
                    if (authUser.getUser() == null)
                    {
                        try
                        {
                            // load the user principals (roles, groups, credentials)
                            User user = userManager.getUser(username);
                            if ( user != null )
                            {
                              authUser = new AuthenticatedUserImpl(user, authUser.getPublicCredentials(), authUser.getPrivateCredentials() );
                            }
                        }
                        catch (SecurityException sex)
                        {
                          // TODO: maybe some better handling required here
                          throw new ServletException(sex);
                        }       
                    }
                    Subject subject;
          try
          {
            // default solution using the build-in UserManager
            subject = userManager.getSubject(authUser);
            
            // alternate DIY solution not using the build-in UserManager:
                      //subject = JetspeedSubjectFactory.createSubject(authUser.getUser(),authUser.getPrivateCredentials(),authUser.getPublicCredentials(),null);
          }
          catch (SecurityException e)
          {
                      // TODO: maybe some better handling required here
                      throw new ServletException(e);
          }
                    sRequest = wrapperRequest(request, subject, authUser.getUser());
                    request.getSession().removeAttribute(LoginConstants.ERRORCODE);
                    HttpSession session = request.getSession(true);
                    session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
                    //System.out.println("*** login session = " + session);
                }

View Full Code Here

        this.synchronizer = synchronizer;
    }


    public AuthenticatedUser authenticate(String userName, String password) throws SecurityException
    {
        AuthenticatedUser authUser = null;
        boolean authenticated = false;
        try
        {
            if (userName == null)
            {

View Full Code Here

                AuthenticationProvider authProvider = (AuthenticationProvider)cm.getComponent("org.apache.jetspeed.security.AuthenticationProvider");
                
                // Commenting out for the using latest securty API's
                //boolean success = userManager.authenticate(username, password);
                //if (success)
                AuthenticatedUser authUser = null;
                try{
                  authUser = authProvider.authenticate(username, password);  
                }
                catch (SecurityException e) 
                {
                    audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");                    
                    request.getSession().setAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
        }
                if (authUser != null)
                {
                    audit.logUserActivity(username, request.getRemoteAddr(), AuditActivity.AUTHENTICATION_SUCCESS, "PortalFilter");
                    PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
                        cm.getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
                    if (authenticationConfiguration.isCreateNewSessionOnLogin() && httpSession != null && !httpSession.isNew())
                    {
                        request.getSession().invalidate();
                    }
                    else
                    {
                        UserContentCacheManager userContentCacheManager = (UserContentCacheManager)cm.getComponent("userContentCacheManager");
                        userContentCacheManager.evictUserContentCache(username, request.getSession().getId());
                    }
                    if (authUser.getUser() == null)
                    {
                        try
                        {
                            // load the user principals (roles, groups, credentials)
                            User user = userManager.getUser(username);
                            if ( user != null )
                            {
                              authUser = new AuthenticatedUserImpl(user, authUser.getPublicCredentials(), authUser.getPrivateCredentials() );
                            }
                        }
                        catch (SecurityException sex)
                        {
                          // TODO: maybe some better handling required here
                          throw new ServletException(sex);
                        }       
                    }
                    Subject subject;
          try
          {
            // default solution using the build-in UserManager
            subject = userManager.getSubject(authUser);
            
            // alternate DIY solution not using the build-in UserManager:
                      //subject = JetspeedSubjectFactory.createSubject(authUser.getUser(),authUser.getPrivateCredentials(),authUser.getPublicCredentials(),null);
          }
          catch (SecurityException e)
          {
                      // TODO: maybe some better handling required here
                      throw new ServletException(e);
          }
                    sRequest = wrapperRequest(request, subject, authUser.getUser());
                    request.getSession().removeAttribute(LoginConstants.ERRORCODE);
                    HttpSession session = request.getSession(true);
                    session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
                    //System.out.println("*** login session = " + session);
                }

View Full Code Here

        this.searchControls.setSearchScope(Integer.parseInt(searchScope));
    }


    public AuthenticatedUser authenticate(String userName, String password) throws SecurityException
    {
        AuthenticatedUser authUser = null;
        if (StringUtils.isEmpty(userName))
        {
            throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
        }
        if (password == null)

View Full Code Here

TOP

Related Classes of org.apache.jetspeed.security.AuthenticatedUser

org.apache.jetspeed.login.filter.PortalFilter

org.apache.jetspeed.security.impl.LdapAuthenticationProvider

org.apache.jetspeed.security.mfa.portlets.MFALogin

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.