NIHVIVO-1207 Add authenticationSource field to LoginStatusBean, so we can tell whether the user logged in via internal or external credentials.
This commit is contained in:
jeb228
parent
61d95dbf5c
commit
1365f0a665
7 changed files with 57 additions and 24 deletions
|
|
@ -35,7 +35,7 @@ public class LoginStatusBean {
|
|||
|
||||
/** A bean to return when the user has not logged in. */
|
||||
private static final LoginStatusBean DUMMY_BEAN = new LoginStatusBean("",
|
||||
"", ANYBODY);
|
||||
"", ANYBODY, AuthenticationSource.UNKNOWN);
|
||||
|
||||
/** The bean is attached to the session by this name. */
|
||||
private static final String ATTRIBUTE_NAME = "loginStatus";
|
||||
|
|
@ -95,14 +95,21 @@ public class LoginStatusBean {
|
|||
// the bean
|
||||
// ----------------------------------------------------------------------
|
||||
|
||||
public enum AuthenticationSource {
|
||||
UNKNOWN, INTERNAL, EXTERNAL
|
||||
}
|
||||
|
||||
private final String userURI;
|
||||
private final String username;
|
||||
private final int securityLevel;
|
||||
private final AuthenticationSource authenticationSource;
|
||||
|
||||
public LoginStatusBean(String userURI, String username, int securityLevel) {
|
||||
public LoginStatusBean(String userURI, String username, int securityLevel,
|
||||
AuthenticationSource authenticationSource) {
|
||||
this.userURI = userURI;
|
||||
this.username = username;
|
||||
this.securityLevel = securityLevel;
|
||||
this.authenticationSource = authenticationSource;
|
||||
}
|
||||
|
||||
public String getUserURI() {
|
||||
|
|
@ -117,6 +124,10 @@ public class LoginStatusBean {
|
|||
return securityLevel;
|
||||
}
|
||||
|
||||
public AuthenticationSource getAuthenticationSource() {
|
||||
return authenticationSource;
|
||||
}
|
||||
|
||||
public boolean isLoggedIn() {
|
||||
return securityLevel > ANYBODY;
|
||||
}
|
||||
|
|
@ -129,10 +140,15 @@ public class LoginStatusBean {
|
|||
return securityLevel >= minimumLevel;
|
||||
}
|
||||
|
||||
public boolean hasExternalAuthentication() {
|
||||
return authenticationSource == AuthenticationSource.EXTERNAL;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "LoginStatusBean[userURI=" + userURI + ", username=" + username
|
||||
+ ", securityLevel=" + securityLevel + "]";
|
||||
+ ", securityLevel=" + securityLevel
|
||||
+ ", authenticationSource=" + authenticationSource + "]";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import java.util.List;
|
|||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
|
||||
/**
|
||||
|
|
@ -86,7 +87,8 @@ public abstract class Authenticator {
|
|||
* - notify other users of the model
|
||||
* </pre>
|
||||
*/
|
||||
public abstract void recordLoginAgainstUserAccount(String username);
|
||||
public abstract void recordLoginAgainstUserAccount(String username,
|
||||
AuthenticationSource authSource);
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
|
|
@ -96,7 +98,7 @@ public abstract class Authenticator {
|
|||
* </pre>
|
||||
*/
|
||||
public abstract void recordLoginWithoutUserAccount(String username,
|
||||
String individualUri);
|
||||
String individualUri, AuthenticationSource authSource);
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.apache.commons.logging.LogFactory;
|
|||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate;
|
||||
|
|
@ -81,7 +82,8 @@ public class BasicAuthenticator extends Authenticator {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void recordLoginAgainstUserAccount(String username) {
|
||||
public void recordLoginAgainstUserAccount(String username,
|
||||
AuthenticationSource authSource) {
|
||||
User user = getUserByUsername(username);
|
||||
if (user == null) {
|
||||
log.error("Trying to record the login of a non-existent user: "
|
||||
|
|
@ -95,24 +97,26 @@ public class BasicAuthenticator extends Authenticator {
|
|||
String roleUri = user.getRoleURI();
|
||||
int securityLevel = parseUserSecurityLevel(user);
|
||||
recordLoginWithOrWithoutUserAccount(username, userUri, roleUri,
|
||||
securityLevel);
|
||||
securityLevel, authSource);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void recordLoginWithoutUserAccount(String username,
|
||||
String individualUri) {
|
||||
String individualUri, AuthenticationSource authSource) {
|
||||
String roleUri = AuthRole.USER.roleUri();
|
||||
int securityLevel = LoginStatusBean.NON_EDITOR;
|
||||
recordLoginWithOrWithoutUserAccount(username, individualUri, roleUri,
|
||||
securityLevel);
|
||||
securityLevel, authSource);
|
||||
}
|
||||
|
||||
/** This much is in common on login, whether or not you have a user account. */
|
||||
private void recordLoginWithOrWithoutUserAccount(String username,
|
||||
String userUri, String roleUri, int securityLevel) {
|
||||
String userUri, String roleUri, int securityLevel,
|
||||
AuthenticationSource authSource) {
|
||||
HttpSession session = request.getSession();
|
||||
createLoginFormBean(username, userUri, roleUri, session);
|
||||
createLoginStatusBean(username, userUri, securityLevel, session);
|
||||
createLoginStatusBean(username, userUri, securityLevel, authSource,
|
||||
session);
|
||||
setSessionTimeoutLimit(session);
|
||||
recordInUserSessionMap(userUri, session);
|
||||
notifyOtherUsers(userUri, session);
|
||||
|
|
@ -152,9 +156,10 @@ public class BasicAuthenticator extends Authenticator {
|
|||
* TODO this should eventually replace the LoginFormBean.
|
||||
*/
|
||||
private void createLoginStatusBean(String username, String userUri,
|
||||
int securityLevel, HttpSession session) {
|
||||
int securityLevel, AuthenticationSource authSource,
|
||||
HttpSession session) {
|
||||
LoginStatusBean lsb = new LoginStatusBean(userUri, username,
|
||||
securityLevel);
|
||||
securityLevel, authSource);
|
||||
LoginStatusBean.setBean(session, lsb);
|
||||
log.info("Adding status bean: " + lsb);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
|
|
@ -43,7 +44,8 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
|
|||
@Override
|
||||
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
|
||||
throws ServletException, IOException {
|
||||
String username = ExternalAuthHelper.getHelper(req).getExternalUsername(req);
|
||||
String username = ExternalAuthHelper.getHelper(req)
|
||||
.getExternalUsername(req);
|
||||
String uri = getAssociatedIndividualUri(username, req);
|
||||
|
||||
if (username == null) {
|
||||
|
|
@ -52,12 +54,14 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
|
|||
MESSAGE_LOGIN_FAILED);
|
||||
} else if (getAuthenticator(req).isExistingUser(username)) {
|
||||
log.debug("Logging in as " + username);
|
||||
getAuthenticator(req).recordLoginAgainstUserAccount(username);
|
||||
getAuthenticator(req).recordLoginAgainstUserAccount(username,
|
||||
AuthenticationSource.EXTERNAL);
|
||||
removeLoginProcessArtifacts(req);
|
||||
loginRedirector.redirectLoggedInUser(req, resp);
|
||||
} else if (uri != null) {
|
||||
log.debug("Recognize '' as self-editor for " + uri);
|
||||
getAuthenticator(req).recordLoginWithoutUserAccount(username, uri);
|
||||
getAuthenticator(req).recordLoginWithoutUserAccount(username, uri,
|
||||
AuthenticationSource.EXTERNAL);
|
||||
removeLoginProcessArtifacts(req);
|
||||
loginRedirector.redirectSelfEditingUser(req, resp, uri);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import org.apache.commons.logging.LogFactory;
|
|||
import com.hp.hpl.jena.ontology.OntModel;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
|
|
@ -287,7 +288,8 @@ public class Authenticate extends VitroHttpServlet {
|
|||
private void transitionToLoggedIn(HttpServletRequest request,
|
||||
String username) {
|
||||
log.debug("Completed login: " + username);
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(username);
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(username,
|
||||
AuthenticationSource.INTERNAL);
|
||||
LoginProcessBean.removeBean(request);
|
||||
}
|
||||
|
||||
|
|
@ -299,7 +301,8 @@ public class Authenticate extends VitroHttpServlet {
|
|||
String username, String newPassword) {
|
||||
log.debug("Completed login: " + username + ", password changed.");
|
||||
getAuthenticator(request).recordNewPassword(username, newPassword);
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(username);
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(username,
|
||||
AuthenticationSource.INTERNAL);
|
||||
LoginProcessBean.removeBean(request);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import java.util.Map;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate;
|
||||
|
||||
|
|
@ -138,12 +139,13 @@ public class AuthenticatorStub extends Authenticator {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void recordLoginAgainstUserAccount(String username) {
|
||||
public void recordLoginAgainstUserAccount(String username,
|
||||
AuthenticationSource authSource) {
|
||||
recordedLogins.add(username);
|
||||
|
||||
User user = getUserByUsername(username);
|
||||
LoginStatusBean lsb = new LoginStatusBean(user.getURI(), username,
|
||||
parseUserSecurityLevel(user.getRoleURI()));
|
||||
parseUserSecurityLevel(user.getRoleURI()), authSource);
|
||||
LoginStatusBean.setBean(request.getSession(), lsb);
|
||||
}
|
||||
|
||||
|
|
@ -177,7 +179,7 @@ public class AuthenticatorStub extends Authenticator {
|
|||
|
||||
@Override
|
||||
public void recordLoginWithoutUserAccount(String username,
|
||||
String individualUri) {
|
||||
String individualUri, AuthenticationSource authSource) {
|
||||
throw new RuntimeException(
|
||||
"AuthenticatorStub.recordLoginWithoutUserAccount() not implemented.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ import stubs.javax.servlet.http.HttpServletRequestStub;
|
|||
import stubs.javax.servlet.http.HttpServletResponseStub;
|
||||
import stubs.javax.servlet.http.HttpSessionStub;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.AuthenticatorStub;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State;
|
||||
|
||||
|
|
@ -56,7 +56,8 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
private static final String URL_SELF_EDITOR_PAGE = "/individual?uri=selfEditorURI";
|
||||
|
||||
private static final LoginStatusBean LOGIN_STATUS_DBA = new LoginStatusBean(
|
||||
USER_DBA_URI, USER_DBA_NAME, LoginStatusBean.DBA);
|
||||
USER_DBA_URI, USER_DBA_NAME, LoginStatusBean.DBA,
|
||||
AuthenticationSource.INTERNAL);
|
||||
|
||||
private AuthenticatorStub authenticator;
|
||||
private ServletContextStub servletContext;
|
||||
|
|
@ -91,7 +92,7 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
|
||||
auth = new Authenticate();
|
||||
auth.init(servletConfig);
|
||||
|
||||
|
||||
}
|
||||
|
||||
private User createNewDbaUser() {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue