Package ca.carleton.gcrc.auth.common

Examples of ca.carleton.gcrc.auth.common.User

154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
   
    logger.info("Login authorization: "+auth+" name:"+name+" adjustCookies: "+adjustCookies);
   
    if( null == auth ) {
      // No authentication provided. Assume default user.
      User user = userRepository.getDefaultUser();

      // If adjusting cookies, do not complain and return OK
      if( adjustCookies ) {
        acceptRequest(response, false, user);
       
      } else {
        // Inform client that authentication is required.
        rejectRequest(response);
      }
      return;
    }
   
    String[] userNameAndPassword = null;
    try {
      userNameAndPassword = AuthenticationUtils.getUserNameAndPassword(auth);
    } catch (Exception e) {
      throw new Exception("Unable to acquire user",e);
    }
   
    // An auth has been provided. Check that the auth corresponds to
    // the 'name' provided by the script. This is to avoid a situation
    // where the browser has changed its tokens, already learned from
    // the fact that this path is protected and supplies already known
    // credentials, ignoring the username and password provided in the
    // XmlHttpRequest
   
    if( false == adjustCookies ) {
      if( null == name ) {
        // We're not adjusting cookies, therefore we must know the
        // intended user
        throw new Exception("name parameter not provided");
      }
      if( false == name.equals( userNameAndPassword[0] ) ) {
        // The funny (interesting) situation has occurred.
        // Send back a 401 to get intended name and password
        rejectRequest(response);
        return;
      }
    }
   
    // From this point on, an auth has been provided for an intended
    // user. We do not want to return an error or else a pop-up box
    // from the browser (not javascript) will be displayed. Even if
    // login fails, return an OK status. The outcome of the login is
    // returned as a JSON object. Also, the cookie installed on the
    // client reflects a default user if the authentication fails.

    User user;
    boolean loggedIn = false;
    try {
      user = userRepository.authenticate(userNameAndPassword[0],userNameAndPassword[1]);
      loggedIn = true;
    } catch (Exception e) {
View Full Code Here
277
278
279
280
281
282
283
284
    // to return an error or else a pop-up box from the browser (not
    // javascript) will be displayed. At this point, we are logging out
    // so we are expecting bogus credentials and we should not check
    // them. Accept request as default user.
   
    User user = userRepository.getDefaultUser();
    acceptRequest(response, false, user);
  }
View Full Code Here
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
      logger.info("Unable to decode user name and password",e);
      return result;
    }

    // Fetch user from repository
    User user;
    try {
      user = userRepository.authenticate(userNameAndPassword[0],userNameAndPassword[1]);

      logger.info("user: "+user);
     
      result.user = user;
     
      if( allowAnonymous && user.isAnonymous() ) {
        result.allowed = true;
       
      } else if( allowAdmin && user.isAdmin() ) {
        result.allowed = true;
       
      } else if( allowUser && !user.isAdmin() && !user.isAnonymous() ) {
        result.allowed = true;
      }

    } catch (Exception e) {
     
View Full Code Here
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
   
    logger.info("Login authorization: "+auth+" name:"+name+" adjustCookies: "+adjustCookies);
   
    if( null == auth ) {
      // No authentication provided. Assume default user.
      User user = userRepository.getDefaultUser();

      // If adjusting cookies, do not complain and return OK
      if( adjustCookies ) {
        acceptRequest(response, false, user);
       
      } else {
        // Inform client that authentication is required.
        rejectRequest(response);
      }
      return;
    }
   
    String[] userNameAndPassword = null;
    try {
      userNameAndPassword = AuthenticationUtils.getUserNameAndPassword(auth);
    } catch (Exception e) {
      throw new Exception("Unable to acquire user",e);
    }
   
    // An auth has been provided. Check that the auth corresponds to
    // the 'name' provided by the script. This is to avoid a situation
    // where the browser has changed its tokens, already learned from
    // the fact that this path is protected and supplies already known
    // credentials, ignoring the username and password provided in the
    // XmlHttpRequest
   
    if( false == adjustCookies ) {
      if( null == name ) {
        // We're not adjusting cookies, therefore we must know the
        // intended user
        throw new Exception("name parameter not provided");
      }
      if( false == name.equals( userNameAndPassword[0] ) ) {
        // The funny (interesting) situation has occurred.
        // Send back a 401 to get intended name and password
        rejectRequest(response);
        return;
      }
    }
   
    // From this point on, an auth has been provided for an intended
    // user. We do not want to return an error or else a pop-up box
    // from the browser (not javascript) will be displayed. Even if
    // login fails, return an OK status. The outcome of the login is
    // returned as a JSON object. Also, the cookie installed on the
    // client reflects a default user if the authentication fails.

    User user;
    boolean loggedIn = false;
    try {
      user = userRepository.authenticate(userNameAndPassword[0],userNameAndPassword[1]);
      loggedIn = true;
    } catch (Exception e) {
View Full Code Here
277
278
279
280
281
282
283
284
    // to return an error or else a pop-up box from the browser (not
    // javascript) will be displayed. At this point, we are logging out
    // so we are expecting bogus credentials and we should not check
    // them. Accept request as default user.
   
    User user = userRepository.getDefaultUser();
    acceptRequest(response, false, user);
  }
View Full Code Here
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
    HttpServletRequest request = (HttpServletRequest)servletRequest;
    HttpServletResponse response = (HttpServletResponse)servletResponse;
   
    if( request instanceof AuthHttpServletRequest ) {
      try {
        User user = AuthenticationUtils.getUserFromRequest(request);
        checkAndDispatch(user, request, response, chain);
      } catch (Exception e) {
        throw new ServletException("Error while filtering AuthHttpServletRequest",e);
      }
     
    } else {
      try {
        // Validate cookie and obtain user from it
        User user = null;
        {
          Cookie cookie = getCookieFromRequest(request);
          if( null != cookie ) {
            user = CookieAuthentication.verifyCookieString(userRepository, cookie.getValue());
          }
View Full Code Here
157
158
159
160
161
162
163
164
165
166
167
   
    if( null == name || null == password ) {
      throw new Exception("name or password missing");
    }
   
    User user;
    try {
      user = userRepository.authenticate(name,password);
    } catch (Exception e) {
      throw new Exception("Invalid credentials");
    }
View Full Code Here
170
171
172
173
174
175
176
177
    acceptRequest(response, true, user);
  }

  private void performLogout(HttpServletRequest request, HttpServletResponse response) throws Exception {

    User user = userRepository.getDefaultUser();
    acceptRequest(response, false, user);
  }
View Full Code Here
184
185
186
187
188
189
190
191
192
193
194
   * @throws IOException
   */
  private void performAdjustCookies(HttpServletRequest request, HttpServletResponse response) throws Exception {

    boolean loggedIn = false;
    User user = null;
    try {
      Cookie cookie = getCookieFromRequest(request);
      if( null != cookie ) {
        user = CookieAuthentication.verifyCookieString(userRepository, cookie.getValue());
        loggedIn = true;
View Full Code Here
159
160
161
162
163
164
165
166
167
168
169
    if( 0 != version ) {
      throw new Exception("Unknown version of auth cookie string");
    }
   
    // Get user
    User user = null;
    {
      user = userRepository.userFromId(userId);
      if( null == user ) {
        throw new Exception("Can not find user from auth cookie string");
      }
View Full Code Here
TOP

Related Classes of ca.carleton.gcrc.auth.common.User

  • ca.carleton.gcrc.auth.Authentication
  • ca.carleton.gcrc.auth.AuthFilter
  • ca.carleton.gcrc.auth.AuthServlet
  • ca.carleton.gcrc.auth.common.impl.UserRepositoryAbstract
  • ca.carleton.gcrc.auth.cookie.AuthFilter
  • ca.carleton.gcrc.auth.cookie.AuthServlet
  • ca.carleton.gcrc.auth.cookie.impl.CookieAuthentication
  • ca.carleton.gcrc.dbWeb.DbWebServlet
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.