Added configuration option for accepting external auth(applicationContext.xml), default is OFF
This commit is contained in:
Robin Eklund
parent
f4f4a5741a
commit
302db362d5
src/main
java/se/su/dsv/scipro
resources
@ -11,6 +11,7 @@ public class ApplicationSettings {
|
||||
|
||||
private boolean enableRemoteUserLookup;
|
||||
private String remoteLookupUrl;
|
||||
private boolean acceptExternalAuthentication;
|
||||
|
||||
public boolean isEnableRemoteUserLookup() {
|
||||
return enableRemoteUserLookup;
|
||||
@ -28,4 +29,12 @@ public class ApplicationSettings {
|
||||
return remoteLookupUrl;
|
||||
}
|
||||
|
||||
public boolean isAcceptExternalAuthentication(){
|
||||
return acceptExternalAuthentication;
|
||||
}
|
||||
|
||||
public void setAcceptExternalAuthentication(boolean pAcceptExternalAuthentication){
|
||||
acceptExternalAuthentication = pAcceptExternalAuthentication;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -310,7 +310,7 @@ public class SciProApplication extends RepositoryApplication implements IThemabl
|
||||
public WebRequest newWebRequest(final HttpServletRequest request){
|
||||
final WebRequest webRequest = super.newWebRequest(request);
|
||||
if(attemptExternalAuthentication(webRequest)){
|
||||
logger.debug("External authentication used");
|
||||
logger.debug("External authentication used successfully");
|
||||
}
|
||||
return webRequest;
|
||||
}
|
||||
@ -331,19 +331,19 @@ public class SciProApplication extends RepositoryApplication implements IThemabl
|
||||
if(session != null){
|
||||
if(session.isLoggedIn()){
|
||||
if(!helper.isRemoteUserValid(session.getUser())){//This check may not be needed and may hinder performance, but better safe than sorry for now.
|
||||
logger.warn("User is logged in, but conflicting info is supplied via external authentication protocols.");
|
||||
logger.debug("User is logged in as '"+session.getUser().getEmailAddress()+"', but conflicting info ('"+helper.getExternalAuthRemoteUser()+"') is supplied via external authentication protocols.");
|
||||
}
|
||||
}else{
|
||||
//logger.info("Attempting sign in with external auth data");
|
||||
if(!helper.signIn(session)){
|
||||
logger.error("User passes external authentication but cannot be signed in.");
|
||||
logger.error("User '"+helper.getExternalAuthRemoteUser()+"' passes external authentication but cannot be signed in.");
|
||||
}else{
|
||||
logger.debug("Signed in user '"+helper.getExternalAuthRemoteUser()+"' via external authentication");
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}else{
|
||||
throw new IllegalStateException("External authentication was attempted, but no session was available.");
|
||||
throw new IllegalStateException("External authentication was attempted, but no session was available for sign in.");
|
||||
}
|
||||
}
|
||||
return false;
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
package se.su.dsv.scipro.security.auth;
|
||||
|
||||
import java.security.Policy.Parameters;
|
||||
import java.util.Enumeration;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
@ -8,7 +7,10 @@ import java.util.Set;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.wicket.injection.web.InjectorHolder;
|
||||
import org.apache.wicket.spring.injection.annot.SpringBean;
|
||||
|
||||
import se.su.dsv.scipro.ApplicationSettings;
|
||||
import se.su.dsv.scipro.SciProSession;
|
||||
import se.su.dsv.scipro.data.dataobjects.User;
|
||||
import se.su.dsv.scipro.data.dataobjects.Username;
|
||||
@ -30,18 +32,24 @@ public final class ExternalAuthenticationRequestHelper{
|
||||
//Wrapped request
|
||||
private final HttpServletRequest req;
|
||||
//remote user attribute
|
||||
private String remoteUser;
|
||||
private String remoteUser=null;
|
||||
//if remote user is on the username@realm form, this attribute holds the username
|
||||
private String remoteUserId;
|
||||
private String remoteUserId=null;
|
||||
//if remote user is on the username@realm form, this attribute holds the realm
|
||||
private String remoteUserRealm;
|
||||
private String remoteUserRealm=null;
|
||||
//logger instance
|
||||
private Logger logger = Logger.getLogger(this.getClass());
|
||||
@SpringBean
|
||||
private ApplicationSettings appSettings;
|
||||
/**
|
||||
* Construct a utility wrapper from a servlet request.
|
||||
* Throws IllegalStateException if the request is null.
|
||||
* @param request
|
||||
*/
|
||||
public ExternalAuthenticationRequestHelper(final HttpServletRequest request){
|
||||
public ExternalAuthenticationRequestHelper(final HttpServletRequest request) throws IllegalStateException{
|
||||
if(request==null)
|
||||
throw new IllegalStateException("Request is null, this is considered illegal.");
|
||||
InjectorHolder.getInjector().inject(this);
|
||||
req = request;
|
||||
formatUserString();
|
||||
}
|
||||
@ -54,7 +62,7 @@ public final class ExternalAuthenticationRequestHelper{
|
||||
}
|
||||
/**
|
||||
* Exposed query method.
|
||||
* @return If remote user is on the username@realm form, this attribute holds the userid, else getExternalAuthRemoteUser().
|
||||
* @return If remote user is on the username@realm form, this attribute holds the username, else getExternalAuthRemoteUser().
|
||||
*/
|
||||
public String getExternalAuthRemoteUserId(){
|
||||
return remoteUserId;
|
||||
@ -83,7 +91,11 @@ public final class ExternalAuthenticationRequestHelper{
|
||||
* @return true if the application is configured to accept external authentication and the needed information is available on the request, else false.
|
||||
*/
|
||||
public boolean isExternalAuthSupported(){
|
||||
return (true && isExternalAuthInfoOnRequest());
|
||||
if(appSettings.isAcceptExternalAuthentication() && !isExternalAuthInfoOnRequest())
|
||||
logger.error("External authentication support is ON, but REMOTE_USER is not populated");
|
||||
if(!appSettings.isAcceptExternalAuthentication() && isExternalAuthInfoOnRequest())
|
||||
logger.error("External authentication support is OFF, but REMOTE_USER is populated");
|
||||
return (appSettings.isAcceptExternalAuthentication() && isExternalAuthInfoOnRequest());
|
||||
}
|
||||
/**
|
||||
* Private utility method for dumping headers.
|
||||
@ -165,8 +177,8 @@ public final class ExternalAuthenticationRequestHelper{
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Signs the stored remote user in on the given SciProSession.
|
||||
* @param session
|
||||
* Signs the stored remote user in on the supplied SciProSession.
|
||||
* @param session If null, method fails gracefully by returning false.
|
||||
* @return true on success, else false.
|
||||
*/
|
||||
public boolean signIn(final SciProSession session){
|
||||
|
||||
@ -83,6 +83,8 @@
|
||||
<property name="enableRemoteUserLookup" value="true"></property>
|
||||
<!-- This property points to the location of the daisy json search -->
|
||||
<property name="remoteLookupUrl" value="https://thesis.dsv.su.se/projectplan/json" />
|
||||
<!-- External auth support (via J2EE standard mechanism REMOTE_USER) -->
|
||||
<property name="acceptExternalAuthentication" value="false"/>
|
||||
</bean>
|
||||
|
||||
<!-- Defines the class used for lookup in username against a remote server NOW AUTOWIRED AND DEPRECATED, NOT MAINTAINED-->
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user