1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.cms.core.Content;
38 import info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler;
39 import info.magnolia.cms.security.auth.callback.PlainTextCallbackHandler;
40 import info.magnolia.cms.util.ObservationUtil;
41
42 import javax.jcr.RepositoryException;
43 import javax.jcr.observation.EventIterator;
44 import javax.jcr.observation.EventListener;
45 import javax.security.auth.Subject;
46 import javax.security.auth.login.LoginContext;
47 import javax.security.auth.login.LoginException;
48
49 import org.apache.commons.lang.StringUtils;
50 import org.slf4j.Logger;
51 import org.slf4j.LoggerFactory;
52
53
54
55
56
57
58
59 public class SystemUserManager extends MgnlUserManager {
60
61
62
63
64 private static Logger log = LoggerFactory.getLogger(SystemUserManager.class);
65
66
67
68
69
70 private User anonymousUser;
71
72 public SystemUserManager() {
73
74 EventListener anonymousListener = new EventListener() {
75
76 public void onEvent(EventIterator events) {
77 anonymousUser = null;
78 log.debug("Anonymous user reloaded");
79 }
80
81 };
82
83 final String anonymousUserPath = "/" + Realm.REALM_SYSTEM + "/" + UserManager.ANONYMOUS_USER;
84 ObservationUtil.registerChangeListener(
85 ContentRepository.USERS,
86 anonymousUserPath,
87 true,
88 "mgnl:user",
89 anonymousListener);
90
91 ObservationUtil.registerChangeListener(
92 ContentRepository.USER_GROUPS,
93 "/",
94 true,
95 "mgnl:group",
96 anonymousListener);
97
98 ObservationUtil.registerDeferredChangeListener(
99 ContentRepository.USER_ROLES,
100 "/",
101 true,
102 "mgnl:role",
103 anonymousListener,
104 1000,
105 5000);
106 }
107
108 public String getRealmName() {
109 String name = super.getRealmName();
110
111 if (StringUtils.isEmpty(name)) {
112 log.error("realm of system user manager is not set!");
113 return Realm.REALM_SYSTEM;
114 }
115 return name;
116 }
117
118 public User getSystemUser() {
119 return getOrCreateUser(UserManager.SYSTEM_USER, UserManager.SYSTEM_PSWD);
120 }
121
122 public User getAnonymousUser() {
123 if (anonymousUser == null) {
124
125 anonymousUser = getRequiredSystemUser(UserManager.ANONYMOUS_USER, UserManager.ANONYMOUS_USER);
126 }
127 return anonymousUser;
128 }
129
130
131
132
133
134
135 private User getRequiredSystemUser(String username, String password) {
136 MgnlUser user = null;
137 Content node;
138 try {
139 node = getHierarchyManager().getContent("/" + Realm.REALM_SYSTEM + "/" + username);
140 }
141 catch (RepositoryException e) {
142 log.error("Error caught while loading the system user "
143 + username
144 + ": "
145 + e.getClass().getName()
146 + ": "
147 + e.getMessage(), e);
148 return null;
149 }
150 if (node == null) {
151 log.error("User not found: {}.", username);
152 return null;
153 }
154
155 user = userInstance(node);
156 Subject subject = getSubject(username, password);
157 user.setSubject(subject);
158 return user;
159 }
160
161 protected User getOrCreateUser(String userName, String password) {
162 User user = getUser(userName);
163 if (user == null) {
164 log.error(
165 "Failed to get system user [{}], will try to create new system user with default password",
166 userName);
167 user = this.createUser(userName, password);
168 }
169 return user;
170 }
171
172 private Subject getSubject(String userName, String password) {
173 CredentialsCallbackHandler callbackHandler = new PlainTextCallbackHandler(
174 userName,
175 password.toCharArray(),
176 getRealmName());
177 try {
178 LoginContext loginContext = new LoginContext("magnolia", callbackHandler);
179 loginContext.login();
180 return loginContext.getSubject();
181 }
182 catch (LoginException le) {
183 log.error("Failed to login as " + userName + " user", le);
184 }
185 return null;
186 }
187 }