inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-06-30 18:15:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
alfresco-community-repo/source/java/org/alfresco/repo/security/authentication/AuthenticationContextImpl.java
Dave Ward 569c55eadc Merged V4.1-BUG-FIX to HEAD 
40484: ALF-15370: 'New Rule' page localisation breaks after any rule was created in Japanese
   40487: Merged BRANCHES/V4.1 to BRANCHES/DEV/4.1-BUG-FIX:
      40485: ALF-15453: Incorrect manage permissions working for a file/folder
   40490: ALF-15455: Pass through windows specific environment variables (will not be set on unix) to make ImageMagick work on Windows with Bitrock layout
   40492: Merged BRANCHES/DEV/BELARUS/V4.1-BUG-FIX-2012_08_15 to BRANCHES/DEV/V4.1-BUG-FIX
      40491: ALF-7803 : Tomcat 7??? "Submit Items" page isn't opened
             The duplicate cellpadding attibutes were removed from jsp.
   40495: Final part of achievable fix for ALF-12803 - No user feedback: Cannot transformed content with password. (Failure of synchronous rule causes upload to fail with unhelpful message)
    - cleaned up flash error message - but see comments on ALF-12803 for full resolution
   40522: ALF-12839 Share - Inconsistency in adding a user or a group into a group
   40525: ALF-12839 Share - Inconsistency in adding a user or a group into a group
      - fix unit test by adding the * added by javascript code
   40535: ALF-15455: Another attempt
   - Properly escape global variables so bitrock doesn't try to expand them
   - Force backslash paths on windows
   40539: ALF-15455: ImageMagick still not working on Windows because env variable setting was losing the system PATH
   - Did it ever work before?
   - Now, if variables are specified, the PATH is propagated from the parent environment. If a PATH is specified, it is prepended to the parent PATH.
   40554: New Russian translations from Gloria plus Bitrock configuration to enable them
   40559: ALF-15506: When deleting a file from the actions menu a message was not shown to indicate that the folder is being deleted.
   40590: ALF-15318: It was possible for a user with a disabled / expired account to log in via NTLM/SSO
   40591: Merged V4.1 to V4.1-BUG-FIX
      40485: ALF-15453: Incorrect manage pernissions working for a file/folder
      40545: Fixes a bug in the visibility of the Cloud Sync settings page on the user profile.
   40592: Merged V4.1 to V4.1-BUG-FIX (RECORD ONLY)
      40478: Merged BRANCHES/DEV/V4.1-BUG-FIX to BRANCHES/V4.1
         40153: ALF-13998: 'No items' error is highlighted in red, even that is not sever error.
         40361: ALF-15453: Incorrect manage permissions working for a file/folder
      40481: Merge issue in r40478 fixed
   40593: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
      40503: Fix for ALF-14832 - Search by Tags is not working in WCMQS site


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@40594 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2012-08-19 14:12:51 +00:00

165 lines
5.4 KiB
Java
Raw Blame History

/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.authentication;
import net.sf.acegisecurity.AccountExpiredException;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.CredentialsExpiredException;
import net.sf.acegisecurity.DisabledException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.LockedException;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.repo.tenant.TenantService;
/**
* @author Andy Hind
* @author dward
*/
public class AuthenticationContextImpl implements AuthenticationContext
{
private TenantService tenantService;
public void setTenantService(TenantService tenantService)
{
this.tenantService = tenantService;
}
/**
* Explicitly set the given validated user details to be authenticated.
*
* @param ud
* the User Details
* @return Authentication
*/
public Authentication setUserDetails(UserDetails ud)
{
try
{
// Apply the same validation that ACEGI would have to the user details - we may be going through a 'back
// door'.
if (!ud.isEnabled())
{
throw new DisabledException("User is disabled");
}
if (!ud.isAccountNonExpired())
{
throw new AccountExpiredException("User account has expired");
}
if (!ud.isAccountNonLocked())
{
throw new LockedException("User account is locked");
}
if (!ud.isCredentialsNonExpired())
{
throw new CredentialsExpiredException("User credentials have expired");
}
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(ud, "", ud
.getAuthorities());
auth.setDetails(ud);
auth.setAuthenticated(true);
return setCurrentAuthentication(auth);
}
catch (net.sf.acegisecurity.AuthenticationException ae)
{
throw new AuthenticationException(ae.getMessage(), ae);
}
finally
{
// Support for logging tenantdomain / username (via log4j NDC)
AuthenticationUtil.logNDC(ud.getUsername());
}
}
public Authentication setSystemUserAsCurrentUser()
{
return setSystemUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
}
public Authentication setSystemUserAsCurrentUser(String tenantDomain)
{
GrantedAuthority[] gas = new GrantedAuthority[1];
gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
return setUserDetails(new User(getSystemUserName(tenantDomain), "", true, true, true, true, gas));
}
public String getSystemUserName()
{
return AuthenticationUtil.SYSTEM_USER_NAME;
}
public String getSystemUserName(String tenantDomain)
{
return this.tenantService.getDomainUser(getSystemUserName(), tenantDomain);
}
public boolean isSystemUserName(String userName)
{
return getSystemUserName().equals(this.tenantService.getBaseNameUser(userName));
}
public boolean isCurrentUserTheSystemUser()
{
return isSystemUserName(getCurrentUserName());
}
public String getGuestUserName(String tenantDomain)
{
return this.tenantService.getDomainUser(getGuestUserName(), tenantDomain);
}
public String getGuestUserName()
{
return AuthenticationUtil.getGuestUserName();
}
public boolean isGuestUserName(String userName)
{
return AuthenticationUtil.getGuestUserName().equalsIgnoreCase(this.tenantService.getBaseNameUser(userName));
}
public Authentication setCurrentAuthentication(Authentication authentication)
{
return AuthenticationUtil.setFullAuthentication(authentication);
}
public Authentication getCurrentAuthentication() throws AuthenticationException
{
return AuthenticationUtil.getFullAuthentication();
}
public String getCurrentUserName() throws AuthenticationException
{
return AuthenticationUtil.getFullyAuthenticatedUser();
}
public void clearCurrentSecurityContext()
{
AuthenticationUtil.clearCurrentSecurityContext();
}
public String getUserDomain(String userName)
{
return this.tenantService.getUserDomain(userName);
}
}
Reference in New Issue View Git Blame Copy Permalink