View Javadoc

1   /**
2    * This file Copyright (c) 2003-2011 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security;
35  
36  import info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler;
37  import info.magnolia.cms.security.auth.login.LoginResult;
38  
39  import java.util.ArrayList;
40  import java.util.Collection;
41  import java.util.Collections;
42  
43  import javax.security.auth.Subject;
44  import javax.security.auth.login.LoginContext;
45  import javax.security.auth.login.LoginException;
46  
47  /**
48   * To be used as a replacement of /server/security or SecuritySupportImpl in mgnl-beans.properties
49   * in case the configuration is messed up. For instance, edit
50   * <code>WEB-INF/config/default/magnolia.properties</code> and add
51   * <pre>info.magnolia.cms.security.SecuritySupport=info.magnolia.cms.security.RescueSecuritySupport</pre>
52   *
53   * @author gjoseph
54   * @version $Revision: $ ($Author: $)
55   */
56  public class RescueSecuritySupport extends SecuritySupportBase {
57  
58      private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(RescueSecuritySupport.class);
59      public RescueSecuritySupport() {
60          super();
61          log.warn("Using RescueSecuritySupport !");
62      }
63  
64      public UserManager getUserManager() {
65          log.warn("Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration !");
66          SystemUserManager userManager = new RescueUserManager();
67          userManager.setName(Realm.REALM_SYSTEM);
68          return userManager;
69      }
70  
71      public UserManager getUserManager(String realmName) {
72          log.warn("Using RescueSecuritySupport, will instantiate RescueUserManager, please fix your configuration !");
73          SystemUserManager userManager = new RescueUserManager();
74          userManager.setName(realmName);
75          return userManager;
76      }
77  
78      public GroupManager getGroupManager() {
79          log.warn("Using RescueSecuritySupport, will instantiate MgnlGroupManager, please fix your configuration !");
80          return new MgnlGroupManager();
81      }
82  
83      public RoleManager getRoleManager() {
84          log.warn("Using RescueSecuritySupport, will instantiate MgnlRoleManager, please fix your configuration !");
85          return new MgnlRoleManager();
86      }
87  
88      @Override
89      public LoginResult authenticate(CredentialsCallbackHandler callbackHandler, String customLoginModule) {
90          log.warn("Using RescueSecuritySupport, will force authentication with a fake system user, please fix your configuration !");
91          try {
92              LoginContext loginContext = createLoginContext(callbackHandler, customLoginModule);
93              loginContext.login();
94              User user = new RescueUser(UserManager.SYSTEM_USER, UserManager.SYSTEM_PSWD);
95              user.setSubject(loginContext.getSubject());
96              return new LoginResult(LoginResult.STATUS_SUCCEEDED, user);
97          } catch (LoginException e) {
98              throw new RuntimeException(e);
99          }
100     }
101 
102     /**
103      * TODO: extract as top level class? Currently this class is tested implicitly by {@link RescueSecuritySupportTest}. Should this implement directly UserManager and throw UnsupportedMethodException for the methods not implemented?
104      * <p>Overrides {@link SystemUserManager#getSystemUser()}, {@link SystemUserManager#getAnonymousUser()} and {@link SystemUserManager#getUser(String)}. All methods return an instance of {@link RescueUser}.
105      * @version $Id$
106      */
107     protected class RescueUserManager extends SystemUserManager {
108 
109         @Override
110         public User getSystemUser() {
111             return new RescueUser(SYSTEM_USER, SYSTEM_PSWD);
112         }
113 
114         @Override
115         public User getAnonymousUser() {
116             return new RescueUser(ANONYMOUS_USER, "");
117         }
118         @Override
119         public User getUser(String name) {
120             if(SYSTEM_USER.equals(name)){
121                 return new RescueUser(SYSTEM_USER, SYSTEM_PSWD);
122             }
123             return new RescueUser(ANONYMOUS_USER, "");
124         }
125     }
126 
127     /**
128      * TODO extract as top level class? Currently this class is tested implicitly by {@link RescueSecuritySupportTest}.<p>
129      * A <em>"fake"</em> user, that is a user who is created in-memory rather than relying on a working <em>users</em> repository,
130      * as the latter may be corrupted and in need of being fixed.
131      * <p>See <a href='http://jira.magnolia-cms.com/browse/MAGNOLIA-3561'>MAGNOLIA-3561</a>.
132      * @version $Id$
133      */
134     protected class RescueUser implements User {
135         private static final long serialVersionUID = 1L;
136 
137         private String name;
138 
139         private String password;
140 
141         private Subject subject;
142 
143         private Collection<String> groups = new ArrayList<String>();
144 
145         private Collection<String> roles = new ArrayList<String>();
146 
147         public RescueUser(String name, String password) {
148             this.name = name;
149             this.password = password;
150 
151             if(UserManager.SYSTEM_USER.equals(name)){
152                 groups.add("publishers");
153 
154                 roles.add("superuser");
155                 roles.add("workflow-base");
156             }
157         }
158 
159         public boolean hasRole(String roleName) {
160             return roles.contains(roleName);
161         }
162 
163         public void removeRole(String roleName) throws UnsupportedOperationException {
164             throw new UnsupportedOperationException();
165         }
166 
167         public void addRole(String roleName) throws UnsupportedOperationException {
168             throw new UnsupportedOperationException();
169         }
170 
171         public boolean inGroup(String groupName) {
172             return groups.contains(groupName);
173         }
174 
175         public void removeGroup(String groupName) throws UnsupportedOperationException {
176             throw new UnsupportedOperationException();
177         }
178 
179         public void addGroup(String groupName) throws UnsupportedOperationException {
180             throw new UnsupportedOperationException();
181         }
182 
183         public boolean isEnabled() {
184             return true;
185         }
186 
187         public void setEnabled(boolean enabled) {
188             throw new UnsupportedOperationException();
189         }
190 
191         public String getLanguage() {
192             return "en";
193         }
194 
195         public String getName() {
196             return name;
197         }
198 
199         public String getPassword() {
200             return password;
201         }
202 
203         public String getProperty(String propertyName) {
204             return null;
205         }
206 
207         public void setProperty(String propertyName, String value) {
208             throw new UnsupportedOperationException();
209         }
210 
211         public Collection<String> getGroups() {
212             return Collections.unmodifiableCollection(groups);
213         }
214 
215         public Collection<String> getAllGroups() {
216             return Collections.unmodifiableCollection(groups);
217         }
218 
219         public Collection<String> getRoles() {
220             return Collections.unmodifiableCollection(roles);
221         }
222 
223         public Collection<String> getAllRoles() {
224             return Collections.unmodifiableCollection(roles);
225         }
226 
227         public Subject getSubject() {
228             return subject;
229         }
230 
231         public void setSubject(Subject subject) {
232             this.subject = subject;
233         }
234     }
235 }