source: VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/ApplicationSession.java @ 5523

Last change on this file since 5523 was 5523, checked in by Twan Goosen, 10 years ago

Added reading of shibboleth attributes for display name, organisation and e-mail. Also added these properties to the shhaa filter.
Principal is now dynamically retrieved from the http request.
Refs #595
  • Property svn:eol-style set to native
File size: 4.7 KB
Line 
1package eu.clarin.cmdi.virtualcollectionregistry.gui;
2
3import de.mpg.aai.shhaa.model.AuthAttribute;
4import de.mpg.aai.shhaa.model.AuthPrincipal;
5import eu.clarin.cmdi.virtualcollectionregistry.model.User;
6import java.security.Principal;
7import java.util.regex.Pattern;
8import javax.servlet.http.HttpServletRequest;
9import org.apache.wicket.Request;
10import org.apache.wicket.RequestCycle;
11import org.apache.wicket.authentication.AuthenticatedWebSession;
12import org.apache.wicket.authorization.strategies.role.Roles;
13import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
14import org.slf4j.Logger;
15import org.slf4j.LoggerFactory;
16
17@SuppressWarnings("serial")
18public class ApplicationSession extends AuthenticatedWebSession {
19
20    private final static Logger logger = LoggerFactory.getLogger(ApplicationSession.class);
21
22    private static final String[] ATTRIBUTE_NAMES_NAME
23            = {"cn", "commonName", "displayName"};
24    private static final Pattern PERSITENT_ID_REGEX
25            = Pattern.compile("^[^!]+![^!]+![^!]+$");
26    private static final Roles ROLES_USER
27            = new Roles(Roles.USER);
28    private static final Roles ROLES_ADMIN
29            = new Roles(new String[]{Roles.USER, Roles.ADMIN});
30    private String user;
31    private boolean isAdmin;
32    private String userDisplay;
33
34    public ApplicationSession(Request request) {
35        super(request);
36    }
37
38    public boolean signIn(Principal principal) {
39        logger.trace("Signing in principal {}", principal);
40        boolean result = false;
41        if (principal != null) {
42            result = signIn(principal.getName(), null);
43            if (result) {
44                user = principal.getName();
45                isAdmin = ((Application) getApplication()).isAdmin(user);
46                userDisplay = findDisplayName(principal);
47                logger.debug("Principal is signed in [user = {}, display name = {}, isAdmin = {}]", user, userDisplay, isAdmin);
48            }
49        }
50        return result;
51    }
52
53    @Override
54    public boolean authenticate(String username, String password) {
55        return username != null;
56    }
57
58    @Override
59    public Roles getRoles() {
60        if (isSignedIn()) {
61            return isAdmin ? ROLES_ADMIN : ROLES_USER;
62        }
63        return null;
64    }
65
66    public Principal getPrincipal() {
67        ServletWebRequest servletWebRequest = (ServletWebRequest) RequestCycle.get().getRequest();
68        HttpServletRequest request = servletWebRequest.getHttpServletRequest();
69        return request.getUserPrincipal();
70    }
71
72    /**
73     *
74     * @param user user to check for
75     * @return whether the specified user is the user currently signed in (false
76     * if {@link #isSignedIn() } returns false)
77     */
78    public boolean isCurrentUser(User user) {
79        return isSignedIn() && getUser().equals(user.getName());
80    }
81
82    public String getUser() {
83        return user;
84    }
85
86    public String getUserDisplay() {
87        if (userDisplay != null) {
88            return userDisplay;
89        }
90        if (PERSITENT_ID_REGEX.matcher(user).matches()) {
91            return "Authenticated via Shibboleth";
92        }
93        return user;
94    }
95
96    public static ApplicationSession get() {
97        return (ApplicationSession) AuthenticatedWebSession.get();
98    }
99
100    private static String findDisplayName(Principal p) {
101        logger.trace("Looking for display name for principal {}", p);
102        if (p instanceof AuthPrincipal) {
103            final AuthPrincipal principal = (AuthPrincipal) p;
104            for (String attr : ATTRIBUTE_NAMES_NAME) {
105                final String name = getAttribute(principal, attr);
106                if (name != null) {
107                    logger.debug("Display name found for principal: {}", name);
108                    return name;
109                }
110            }
111            String givenName = getAttribute(principal, "givenName");
112            String surname = getAttribute(principal, "surname");
113            if ((givenName != null) && (surname != null)) {
114                final String name = givenName + " " + surname;
115                logger.debug("Display name found for principal: {}", name);
116                return name;
117            }
118        }
119        logger.debug("No display name found for principal");
120        return null;
121    }
122
123    private static String getAttribute(final AuthPrincipal principal, String attr) {
124        logger.trace("Looking for attribute {}", attr);
125        final AuthAttribute<?> attribute = principal.getAttribues().get(attr);
126        if (attribute != null) {
127            final Object value = attribute.getValue();
128            if (value != null) {
129                logger.trace("Found attribute value: {} = {}", attr, value);
130                return value.toString();
131            }
132        }
133        return null;
134    }
135
136} // class ApplicationSession
Note: See TracBrowser for help on using the repository browser.