View Javadoc
1   /**
2    * This file Copyright (c) 2003-2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security;
35  
36  import info.magnolia.cms.security.auth.ACL;
37  import info.magnolia.cms.security.auth.GroupList;
38  import info.magnolia.cms.security.auth.RoleList;
39  import info.magnolia.context.MgnlContext;
40  
41  import java.util.ArrayList;
42  import java.util.Collection;
43  import java.util.HashSet;
44  import java.util.Map;
45  import java.util.Set;
46  
47  import javax.jcr.Value;
48  import javax.security.auth.Subject;
49  
50  import org.slf4j.Logger;
51  import org.slf4j.LoggerFactory;
52  
53  /**
54   * Manages the JAAS users.
55   */
56  public class ExternalUserManager implements UserManager {
57  
58      private static final Logger log = LoggerFactory.getLogger(ExternalUserManager.class);
59  
60      @Override
61      public User getUser(String name) throws UnsupportedOperationException {
62          // we only support accessing current User object
63          // - implement source specific UserManager if needed
64          if (name.equalsIgnoreCase(MgnlContext.getUser().getName())) {
65              return MgnlContext.getUser();
66          }
67          throw new UnsupportedOperationException("not implemented yet");
68      }
69  
70      @Override
71      public User getUserById(final String id) throws UnsupportedOperationException {
72          throw new UnsupportedOperationException("not implemented yet");
73      }
74  
75      /**
76       * Initialize new user using JAAS authenticated/authorized subject.
77       */
78      @Override
79      public User getUser(Subject subject) throws UnsupportedOperationException {
80          return new ExternalUser(subject);
81      }
82  
83      public User getUser(Map<String, String> properties, GroupList groupList, RoleList roleList) {
84          return new ExternalUser(properties, groupList, roleList);
85      }
86  
87      @Override
88      public Collection<User> getAllUsers() throws UnsupportedOperationException {
89          throw new UnsupportedOperationException("not implemented yet");
90      }
91  
92      @Override
93      public User createUser(String name, String pw) throws UnsupportedOperationException {
94          throw new UnsupportedOperationException("not implemented yet");
95      }
96  
97      @Override
98      public User createUser(String path, String name, String pw) throws UnsupportedOperationException {
99          throw new UnsupportedOperationException("not implemented yet");
100     }
101 
102     @Override
103     public User../../../info/magnolia/cms/security/User.html#User">User changePassword(User user, String newPassword) throws UnsupportedOperationException {
104         throw new UnsupportedOperationException("not implemented yet");
105     }
106 
107     /**
108      * SystemUserManager does this.
109      */
110     @Override
111     public User getSystemUser() throws UnsupportedOperationException {
112         throw new UnsupportedOperationException();
113     }
114 
115     /**
116      * SystemUserManager does this.
117      */
118     @Override
119     public User getAnonymousUser() throws UnsupportedOperationException {
120         throw new UnsupportedOperationException();
121     }
122 
123     @Override
124     public void updateLastAccessTimestamp(User user) throws UnsupportedOperationException {
125         throw new UnsupportedOperationException();
126     }
127 
128     @Override
129     public boolean hasAny(String name, String roleName, String nodeRoles) throws UnsupportedOperationException {
130         throw new UnsupportedOperationException("not implemented yet");
131     }
132 
133     @Override
134     public Map<String, ACL> getACLs(User user) {
135         throw new UnsupportedOperationException("not implemented yet");
136     }
137 
138     @Override
139     public Useref="../../../../info/magnolia/cms/security/User.html#User">User addRole(User user, String roleName) {
140         throw new UnsupportedOperationException("not implemented yet");
141     }
142 
143     @Override
144     public Userf="../../../../info/magnolia/cms/security/User.html#User">User addGroup(User user, String groupName) {
145         throw new UnsupportedOperationException("not implemented yet");
146     }
147 
148     @Override
149     public int getLockTimePeriod() {
150         throw new UnsupportedOperationException("Not supported by this user manager.");
151     }
152 
153     @Override
154     public int getMaxFailedLoginAttempts() {
155         throw new UnsupportedOperationException("Not supported by this user manager.");
156     }
157 
158     @Override
159     public void setLockTimePeriod(int lockTimePeriod) {
160         throw new UnsupportedOperationException("Not supported by this user manager.");
161     }
162 
163     @Override
164     public void setMaxFailedLoginAttempts(int maxFailedLoginAttempts) {
165         throw new UnsupportedOperationException("Not supported by this user manager.");
166     }
167 
168     @Override
169     public User../../../../info/magnolia/cms/security/User.html#User">User setProperty(User user, String propertyName, Value propertyValue) {
170         throw new UnsupportedOperationException("Not supported by this user manager.");
171     }
172 
173     @Override
174     public User../../../../info/magnolia/cms/security/User.html#User">User setProperty(User user, String propertyName, String propertyValue) {
175         throw new UnsupportedOperationException("Not supported by this user manager.");
176     }
177 
178     @Override
179     public User../../../../info/magnolia/cms/security/User.html#User">User removeGroup(User user, String groupName) {
180         throw new UnsupportedOperationException("not implemented yet");
181     }
182 
183     @Override
184     public User"../../../../info/magnolia/cms/security/User.html#User">User removeRole(User user, String roleName) {
185         throw new UnsupportedOperationException("not implemented yet");
186     }
187 
188     /**
189      * Default implementation for external userManagers. Please overwrite in case it can be implemented in a more efficient way.
190      */
191     @Override
192     public Collection<String> getUsersWithGroup(String groupName, boolean transitive) {
193         if (!transitive) {
194             return getUsersWithGroup(groupName);
195         }
196 
197         Collection<User> allUsers = getAllUsers();
198         Set<String> usersWithGroup = new HashSet<>();
199         // Can't inject securitySupport or get static instance of SecuritySupport during the initialization phase.
200         GroupManager man = SecuritySupport.Factory.getInstance().getGroupManager();
201         Collection<String> groupNames = man.getAllSubGroups(groupName);
202         groupNames.add(groupName);
203         for (User currentUser: allUsers) {
204             for (String transitiveGroupName: groupNames) {
205                 if (currentUser.inGroup(transitiveGroupName)) {
206                     usersWithGroup.add(currentUser.getName());
207                     break;
208                 }
209             }
210         }
211         return usersWithGroup;
212     }
213 
214     /**
215      * Default implementation for external userManagers. Please overwrite in case it can be implemented in a more efficient way.
216      */
217     @Override
218     public Collection<String> getUsersWithGroup(final String groupName) {
219         Collection<User> users = getAllUsers();
220         Collection<String> usersWithProvidedGroup = new ArrayList<>();
221         for (User current: users) {
222             if (current.inGroup(groupName)) {
223                 usersWithProvidedGroup.add(current.getName());
224             }
225         }
226 
227         return usersWithProvidedGroup;
228     }
229 
230     /**
231      * Default implementation for external userManagers. Please overwrite in case it can be implemented in a more efficient way.
232      */
233     @Override
234     public Collection<String> getUsersWithRole(final String roleName) {
235         Collection<User> users = getAllUsers();
236         Collection<String> usersWithProvidedGroup = new ArrayList<String>();
237         for (User current : users) {
238             if (current.hasRole(roleName)) {
239                 usersWithProvidedGroup.add(current.getName());
240             }
241         }
242 
243         return usersWithProvidedGroup;
244     }
245 }