Examples of org.jasig.portal.security.ISecurityContext

• org.jasig.portal.security.ISecurityContext
  This is the main interface for the JASIG portal effort's security mechanism. We endeavor here to provide considerable encapsulation of the data we are trying to present. @author Andrew Newman, newman@yale.edu @version $Revision: 19776 $ @author Don Fracapane (df7@columbia.edu)Added getSubContextNames() to support principal and credential tokens

        }

        // If still no password, loop through subcontexts to find cached credentials
        Enumeration en = baseContext.getSubContexts();
        while (password == null && en.hasMoreElements()) {
            ISecurityContext subContext = (ISecurityContext)en.nextElement();
            password = this.getPassword(subContext);
        }

        return password;
    }

        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void testGetAuthenticatedCredentials() {
        ISecurityContext creds = (ISecurityContext) filter.getPreAuthenticatedCredentials(request);
        assertEquals(context, creds);
    }

      // retrieve the existing security contexts.  If one of the existing security contexts is a RemoteUserSecurityContext,
      // we set the REMOTE_USER field of the existing RemoteUserSecurityContext context.
      //
      // If a RemoteUserSecurityContext does not already exist, we create one and populate the REMOTE_USER field.

      ISecurityContext context = null;
      Enumeration subContexts = null;
      boolean remoteUserSecurityContextExists = false;

      // Retrieve existing security contexts.
      context = person.getSecurityContext( );
      if ( context != null )
          subContexts = context.getSubContexts( );

      if ( subContexts != null ) {
        while ( subContexts.hasMoreElements( ) ) {
            ISecurityContext ctx = (ISecurityContext)subContexts.nextElement( );
            // Check to see if a RemoteUserSecurityContext already exists, and set the REMOTE_USER
            if ( ctx instanceof RemoteUserSecurityContext ) {
                RemoteUserSecurityContext remoteuserctx = (RemoteUserSecurityContext)ctx;
                remoteuserctx.setRemoteUser( remoteUser );
                remoteUserSecurityContextExists = true;

        // STEP (1):  Is there an IPerson?
        final IPerson person = personManager.getPerson((HttpServletRequest) req);
        if (person != null) {

            // STEP (2):  Is the person authenticated?
            final ISecurityContext securityContext = person.getSecurityContext();
            if (securityContext != null && securityContext.isAuthenticated()) {

                // STEP (3):  Does this user have SUBSCRIBE permission for permissionsAdminChannel?
                IAuthorizationPrincipal principal = authorizationService.newPrincipal((String) person.getAttribute(IPerson.USERNAME), IPerson.class);

                final IPortletDefinition permissionsAdminPortlet = portletDefinitionRegistry.getPortletDefinitionByFname(PERMISSIONS_ADMIN_PORTLET_FNAME);

    }

    protected boolean isGuestUser(HttpServletRequest containerRequest) {
        //Checking for isAuth instead of isGuest to allow for authenticated guest customization of prefs
        final IPerson person = this.personManager.getPerson(containerRequest);
        final ISecurityContext securityContext = person.getSecurityContext();
        return !securityContext.isAuthenticated();
    }

      super.authenticate();

      Enumeration e = getSubContexts();
      while (e.hasMoreElements()) {
        ISecurityContext subCtx = (ISecurityContext) e.nextElement();
        if (subCtx.isAuthenticated()) {
            this.myPrincipal = new ChainingPrincipal(subCtx.getPrincipal());
            this.myAdditionalDescriptor=subCtx.getAdditionalDescriptor();
            this.isauth=true;
            break;
            }
        }
  }

    int i;
    Enumeration e = mySubContexts.elements();
    boolean error = false;

    while (e.hasMoreElements()) {
      ISecurityContext sctx = ((Entry) e.nextElement()).getCtx();
      // The principal and credential are now set for all subcontexts in Authentication
      try {
          if (sctx instanceof IParentAwareSecurityContext) {
              ((IParentAwareSecurityContext) sctx).authenticate(this);
          } else {
              sctx.authenticate();
          }
      } catch (Exception ex) {
        error = true;
        log.error("Exception authenticating subcontext " + sctx, ex);
      }
      // Stop attempting to authenticate if authenticated and if the property flag is set
      if(stopWhenAuthenticated && sctx.isAuthenticated()) {
        break;
      }
    }

    // Zero out the actual credentials if it isn't already null

    if (isPasswordRequested(request, portletWindow)) {

          final HttpServletRequest httpServletRequest = this.portalRequestUtils.getPortletHttpRequest(request);
          final IUserInstance userInstance = userInstanceManager.getUserInstance(httpServletRequest);
          final IPerson person = userInstance.getPerson();
      final ISecurityContext context = person.getSecurityContext();

      // if it is, attempt to request a password
      String password = getPassword(context);
      if (this.decryptPassword && password != null) {
        password = stringEncryptionService.decrypt(password);

        }

        // If still no password, loop through subcontexts to find cached credentials
        Enumeration en = baseContext.getSubContexts();
        while (password == null && en.hasMoreElements()) {
            ISecurityContext subContext = (ISecurityContext)en.nextElement();
            password = this.getPassword(subContext);
        }

        return password;
    }

    /**
     * Test that setSecurityContext does not change the security context.
     */
    public void testSetSecurityContext() {
        ISecurityContext baselineContext = this.person.getSecurityContext();
        assertNotNull(baselineContext);

        assertNull(this.restrictedPerson.getSecurityContext());

        this.restrictedPerson.setSecurityContext(new DummySecurityContext());