View Javadoc

1   /**
2    * This file Copyright (c) 2003-2010 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security;
35  
36  import info.magnolia.cms.beans.config.ContentRepository;
37  import info.magnolia.cms.core.Content;
38  import info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler;
39  import info.magnolia.cms.security.auth.callback.PlainTextCallbackHandler;
40  import info.magnolia.cms.util.ObservationUtil;
41  
42  import javax.jcr.RepositoryException;
43  import javax.jcr.observation.EventIterator;
44  import javax.jcr.observation.EventListener;
45  import javax.security.auth.Subject;
46  import javax.security.auth.login.LoginContext;
47  import javax.security.auth.login.LoginException;
48  
49  import org.apache.commons.lang.StringUtils;
50  import org.slf4j.Logger;
51  import org.slf4j.LoggerFactory;
52  
53  
54  /**
55   * Responsible to handle system users like anonymous and superuser.
56   * @author philipp
57   * @version $Id: SystemUserManager.java 32667 2010-03-13 00:37:06Z gjoseph $
58   */
59  public class SystemUserManager extends MgnlUserManager {
60  
61      /**
62       * Logger.
63       */
64      private static Logger log = LoggerFactory.getLogger(SystemUserManager.class);
65  
66      /**
67       * kept as static for performance reasons on live instance. reinitialized on any modification event on anonymous
68       * role
69       */
70      private User anonymousUser;
71  
72      public SystemUserManager() {
73  
74          EventListener anonymousListener = new EventListener() {
75  
76              public void onEvent(EventIterator events) {
77                  anonymousUser = null;
78                  log.debug("Anonymous user reloaded");
79              }
80  
81          };
82  
83          final String anonymousUserPath = "/" + Realm.REALM_SYSTEM + "/" + UserManager.ANONYMOUS_USER;
84          ObservationUtil.registerChangeListener(
85              ContentRepository.USERS,
86              anonymousUserPath,
87              true,
88              "mgnl:user",
89              anonymousListener);
90  
91          ObservationUtil.registerChangeListener(
92              ContentRepository.USER_GROUPS,
93              "/",
94              true,
95              "mgnl:group",
96              anonymousListener);
97  
98          ObservationUtil.registerDeferredChangeListener(
99              ContentRepository.USER_ROLES,
100             "/",
101             true,
102             "mgnl:role",
103             anonymousListener,
104             1000,
105             5000);
106     }
107 
108     public String getRealmName() {
109         String name = super.getRealmName();
110         // attempt to fix: MAGNOLIA-1839
111         if (StringUtils.isEmpty(name)) {
112             log.error("realm of system user manager is not set!");
113             return Realm.REALM_SYSTEM;
114         }
115         return name;
116     }
117 
118     public User getSystemUser() {
119         return getOrCreateUser(UserManager.SYSTEM_USER, UserManager.SYSTEM_PSWD);
120     }
121 
122     public User getAnonymousUser() {
123         if (anonymousUser == null) {
124             // see MAGNOLIA-2029
125             anonymousUser = getRequiredSystemUser(UserManager.ANONYMOUS_USER, UserManager.ANONYMOUS_USER);
126         }
127         return anonymousUser;
128     }
129 
130     /**
131      * Load a system user from the repository, but don't try to create it if missing
132      * @param username username
133      * @param password password
134      */
135     private User getRequiredSystemUser(String username, String password) {
136         MgnlUser user = null;
137         Content node;
138         try {
139             node = getHierarchyManager().getContent("/" + Realm.REALM_SYSTEM + "/" + username);
140         }
141         catch (RepositoryException e) {
142             log.error("Error caught while loading the system user "
143                 + username
144                 + ": "
145                 + e.getClass().getName()
146                 + ": "
147                 + e.getMessage(), e);
148             return null;
149         }
150         if (node == null) {
151             log.error("User not found: {}.", username);
152             return null;
153         }
154 
155         user = userInstance(node);
156         Subject subject = getSubject(username, password);
157         user.setSubject(subject);
158         return user;
159     }
160 
161     protected User getOrCreateUser(String userName, String password) {
162         User user = getUser(userName);
163         if (user == null) {
164             log.error(
165                 "Failed to get system user [{}], will try to create new system user with default password",
166                 userName);
167             user = this.createUser(userName, password);
168         }
169         return user;
170     }
171 
172     private Subject getSubject(String userName, String password) {
173         CredentialsCallbackHandler callbackHandler = new PlainTextCallbackHandler(
174             userName,
175             password.toCharArray(),
176             getRealmName());
177         try {
178             LoginContext loginContext = new LoginContext("magnolia", callbackHandler);
179             loginContext.login();
180             return loginContext.getSubject();
181         }
182         catch (LoginException le) {
183             log.error("Failed to login as " + userName + " user", le);
184         }
185         return null;
186     }
187 }