1 | package eu.clarin.cmdi.virtualcollectionregistry.gui; |
---|
2 | |
---|
3 | import de.mpg.aai.shhaa.model.AuthAttribute; |
---|
4 | import de.mpg.aai.shhaa.model.AuthPrincipal; |
---|
5 | import eu.clarin.cmdi.virtualcollectionregistry.model.User; |
---|
6 | import java.security.Principal; |
---|
7 | import java.util.regex.Pattern; |
---|
8 | import javax.servlet.http.HttpServletRequest; |
---|
9 | import org.apache.wicket.Request; |
---|
10 | import org.apache.wicket.RequestCycle; |
---|
11 | import org.apache.wicket.authentication.AuthenticatedWebSession; |
---|
12 | import org.apache.wicket.authorization.strategies.role.Roles; |
---|
13 | import org.apache.wicket.protocol.http.servlet.ServletWebRequest; |
---|
14 | import org.slf4j.Logger; |
---|
15 | import org.slf4j.LoggerFactory; |
---|
16 | |
---|
17 | @SuppressWarnings("serial") |
---|
18 | public class ApplicationSession extends AuthenticatedWebSession { |
---|
19 | |
---|
20 | private final static Logger logger = LoggerFactory.getLogger(ApplicationSession.class); |
---|
21 | |
---|
22 | private static final String[] ATTRIBUTE_NAMES_NAME |
---|
23 | = {"cn", "commonName", "displayName"}; |
---|
24 | private static final Pattern PERSITENT_ID_REGEX |
---|
25 | = Pattern.compile("^[^!]+![^!]+![^!]+$"); |
---|
26 | private static final Roles ROLES_USER |
---|
27 | = new Roles(Roles.USER); |
---|
28 | private static final Roles ROLES_ADMIN |
---|
29 | = new Roles(new String[]{Roles.USER, Roles.ADMIN}); |
---|
30 | private String user; |
---|
31 | private boolean isAdmin; |
---|
32 | private String userDisplay; |
---|
33 | |
---|
34 | public ApplicationSession(Request request) { |
---|
35 | super(request); |
---|
36 | } |
---|
37 | |
---|
38 | public boolean signIn(Principal principal) { |
---|
39 | logger.trace("Signing in principal {}", principal); |
---|
40 | boolean result = false; |
---|
41 | if (principal != null) { |
---|
42 | result = signIn(principal.getName(), null); |
---|
43 | if (result) { |
---|
44 | user = principal.getName(); |
---|
45 | isAdmin = ((Application) getApplication()).isAdmin(user); |
---|
46 | userDisplay = findDisplayName(principal); |
---|
47 | logger.debug("Principal is signed in [user = {}, display name = {}, isAdmin = {}]", user, userDisplay, isAdmin); |
---|
48 | } |
---|
49 | } |
---|
50 | return result; |
---|
51 | } |
---|
52 | |
---|
53 | @Override |
---|
54 | public boolean authenticate(String username, String password) { |
---|
55 | return username != null; |
---|
56 | } |
---|
57 | |
---|
58 | @Override |
---|
59 | public Roles getRoles() { |
---|
60 | if (isSignedIn()) { |
---|
61 | return isAdmin ? ROLES_ADMIN : ROLES_USER; |
---|
62 | } |
---|
63 | return null; |
---|
64 | } |
---|
65 | |
---|
66 | public Principal getPrincipal() { |
---|
67 | ServletWebRequest servletWebRequest = (ServletWebRequest) RequestCycle.get().getRequest(); |
---|
68 | HttpServletRequest request = servletWebRequest.getHttpServletRequest(); |
---|
69 | return request.getUserPrincipal(); |
---|
70 | } |
---|
71 | |
---|
72 | /** |
---|
73 | * |
---|
74 | * @param user user to check for |
---|
75 | * @return whether the specified user is the user currently signed in (false |
---|
76 | * if {@link #isSignedIn() } returns false) |
---|
77 | */ |
---|
78 | public boolean isCurrentUser(User user) { |
---|
79 | return isSignedIn() && getUser().equals(user.getName()); |
---|
80 | } |
---|
81 | |
---|
82 | public String getUser() { |
---|
83 | return user; |
---|
84 | } |
---|
85 | |
---|
86 | public String getUserDisplay() { |
---|
87 | if (userDisplay != null) { |
---|
88 | return userDisplay; |
---|
89 | } |
---|
90 | if (PERSITENT_ID_REGEX.matcher(user).matches()) { |
---|
91 | return "Authenticated via Shibboleth"; |
---|
92 | } |
---|
93 | return user; |
---|
94 | } |
---|
95 | |
---|
96 | public static ApplicationSession get() { |
---|
97 | return (ApplicationSession) AuthenticatedWebSession.get(); |
---|
98 | } |
---|
99 | |
---|
100 | private static String findDisplayName(Principal p) { |
---|
101 | logger.trace("Looking for display name for principal {}", p); |
---|
102 | if (p instanceof AuthPrincipal) { |
---|
103 | final AuthPrincipal principal = (AuthPrincipal) p; |
---|
104 | for (String attr : ATTRIBUTE_NAMES_NAME) { |
---|
105 | final String name = getAttribute(principal, attr); |
---|
106 | if (name != null) { |
---|
107 | logger.debug("Display name found for principal: {}", name); |
---|
108 | return name; |
---|
109 | } |
---|
110 | } |
---|
111 | String givenName = getAttribute(principal, "givenName"); |
---|
112 | String surname = getAttribute(principal, "surname"); |
---|
113 | if ((givenName != null) && (surname != null)) { |
---|
114 | final String name = givenName + " " + surname; |
---|
115 | logger.debug("Display name found for principal: {}", name); |
---|
116 | return name; |
---|
117 | } |
---|
118 | } |
---|
119 | logger.debug("No display name found for principal"); |
---|
120 | return null; |
---|
121 | } |
---|
122 | |
---|
123 | private static String getAttribute(final AuthPrincipal principal, String attr) { |
---|
124 | logger.trace("Looking for attribute {}", attr); |
---|
125 | final AuthAttribute<?> attribute = principal.getAttribues().get(attr); |
---|
126 | if (attribute != null) { |
---|
127 | final Object value = attribute.getValue(); |
---|
128 | if (value != null) { |
---|
129 | logger.trace("Found attribute value: {} = {}", attr, value); |
---|
130 | return value.toString(); |
---|
131 | } |
---|
132 | } |
---|
133 | return null; |
---|
134 | } |
---|
135 | |
---|
136 | } // class ApplicationSession |
---|