Skip to content
Snippets Groups Projects
Commit 25963acd authored by Mike McKay's avatar Mike McKay
Browse files

XNAT-4154 Got auth REST call to support alias tokens again.

parent 9f7d0d64
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/java/org/nrg/xnat/security/alias/AliasTokenAuthenticationProvider.java
+ 24
8
View file @ 25963acd
...@@ -11,13 +11,16 @@ ...@@ -11,13 +11,16 @@
package org.nrg.xnat.security.alias; package org.nrg.xnat.security.alias;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.nrg.framework.services.ContextService;
import org.nrg.xdat.entities.AliasToken; import org.nrg.xdat.entities.AliasToken;
import org.nrg.xdat.security.helpers.Users; import org.nrg.xdat.security.helpers.Users;
import org.nrg.xdat.services.AliasTokenService; import org.nrg.xdat.services.AliasTokenService;
import org.nrg.xdat.services.XdatUserAuthService; import org.nrg.xdat.services.XdatUserAuthService;
import org.nrg.xdat.services.impl.hibernate.HibernateAliasTokenService;
import org.nrg.xft.security.UserI; import org.nrg.xft.security.UserI;
import org.nrg.xnat.security.provider.XnatAuthenticationProvider; import org.nrg.xnat.security.provider.XnatAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Lazy; import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
...@@ -28,8 +31,6 @@ import org.springframework.security.core.AuthenticationException; ...@@ -28,8 +31,6 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import javax.inject.Inject;
public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements XnatAuthenticationProvider { public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements XnatAuthenticationProvider {
/** /**
...@@ -47,7 +48,7 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent ...@@ -47,7 +48,7 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent
@Override @Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException { public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
final String alias = (String) authentication.getPrincipal(); final String alias = (String) authentication.getPrincipal();
final AliasToken token = _aliasTokenService.locateToken(alias); final AliasToken token = getAliasTokenService().locateToken(alias);
if (token == null) { if (token == null) {
throw new BadCredentialsException("No valid alias token found for alias: " + alias); throw new BadCredentialsException("No valid alias token found for alias: " + alias);
} }
...@@ -131,7 +132,7 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent ...@@ -131,7 +132,7 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent
String alias = ((AliasTokenAuthenticationToken) authentication).getAlias(); String alias = ((AliasTokenAuthenticationToken) authentication).getAlias();
long secret = ((AliasTokenAuthenticationToken) authentication).getSecret(); long secret = ((AliasTokenAuthenticationToken) authentication).getSecret();
String userId = _aliasTokenService.validateToken(alias, secret); String userId = getAliasTokenService().validateToken(alias, secret);
if (StringUtils.isBlank(userId) || !userId.equals(userDetails.getUsername())) { if (StringUtils.isBlank(userId) || !userId.equals(userDetails.getUsername())) {
throw new BadCredentialsException("The submitted alias token was invalid: " + alias); throw new BadCredentialsException("The submitted alias token was invalid: " + alias);
} }
...@@ -166,7 +167,7 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent ...@@ -166,7 +167,7 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent
*/ */
@Override @Override
protected UserDetails retrieveUser(final String username, final UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { protected UserDetails retrieveUser(final String username, final UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
AliasToken token = _aliasTokenService.locateToken(username); AliasToken token = getAliasTokenService().locateToken(username);
if (token == null) { if (token == null) {
throw new UsernameNotFoundException("Unable to locate token with alias: " + username); throw new UsernameNotFoundException("Unable to locate token with alias: " + username);
} }
...@@ -175,15 +176,30 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent ...@@ -175,15 +176,30 @@ public class AliasTokenAuthenticationProvider extends AbstractUserDetailsAuthent
* The hack is to return the user details for the most recent successful login of the user, as that is likely the provider that was used. * The hack is to return the user details for the most recent successful login of the user, as that is likely the provider that was used.
* Not perfect, but better than just hard-coding to localdb provider (cause then it won't work for a token created by an LDAP-authenticated user). * Not perfect, but better than just hard-coding to localdb provider (cause then it won't work for a token created by an LDAP-authenticated user).
*/ */
return _userAuthService.getUserDetailsByUsernameAndMostRecentSuccessfulLogin(token.getXdatUserId()); return getUserAuthService().getUserDetailsByUsernameAndMostRecentSuccessfulLogin(token.getXdatUserId());
}
private XdatUserAuthService getUserAuthService() {
if (_userAuthService == null) {
_userAuthService = _contextService.getBean(XdatUserAuthService.class);
}
return _userAuthService;
}
private AliasTokenService getAliasTokenService() {
if (_aliasTokenService == null) {
_aliasTokenService = _contextService.getBean(HibernateAliasTokenService.class);
}
return _aliasTokenService;
} }
@Autowired @Autowired
@Qualifier("rootContextService")
@Lazy @Lazy
private ContextService _contextService;
private AliasTokenService _aliasTokenService; private AliasTokenService _aliasTokenService;
@Autowired
@Lazy
private XdatUserAuthService _userAuthService; private XdatUserAuthService _userAuthService;
private String _name; private String _name;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment