0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update LoginAssist

Browse source
This commit is contained in:
Shinsuke Sugaya 2016-08-07 22:33:24 +09:00
parent b3e07571f8
commit 418dabd1c7
14 changed files with 61 additions and 197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pom.xml
View file

@ -40,7 +40,7 @@
<!-- Main Framework -->
<dbflute.version>1.1.1</dbflute.version>
<lastaflute.version>0.8.3-RC1</lastaflute.version>
<lastaflute.version>0.8.3-RC2</lastaflute.version>
<lasta.taglib.version>0.7.0</lasta.taglib.version>
<lasta.job.version>0.2.2</lasta.job.version>
<mailflute.version>0.5.1</mailflute.version>

20
src/main/java/org/codelibs/fess/app/web/base/login/ActionLoginCredential.java → src/main/java/org/codelibs/fess/app/web/base/login/ActionResponseCredential.java
View file

@ -15,33 +15,19 @@
*/
package org.codelibs.fess.app.web.base.login;
import java.util.Collections;
import java.util.function.Supplier;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.response.ActionResponse;
public class ActionLoginCredential implements LoginCredential {
public class ActionResponseCredential implements LoginCredential {
private final Supplier<ActionResponse> action;
public ActionLoginCredential(final Supplier<ActionResponse> action) {
public ActionResponseCredential(final Supplier<ActionResponse> action) {
this.action = action;
}
@Override
public void validate() {
}
@Override
public String getId() {
return action.toString();
}
@Override
public Object getResource() {
return Collections.emptyMap();
}
public ActionResponse execute() {
return action.get();
}

68
src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java
View file

@ -33,12 +33,10 @@ import org.lastaflute.core.time.TimeManager;
import org.lastaflute.web.login.LoginHandlingResource;
import org.lastaflute.web.login.PrimaryLoginManager;
import org.lastaflute.web.login.TypicalLoginAssist;
import org.lastaflute.web.login.exception.LoginFailureException;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.login.credential.UserPasswordCredential;
import org.lastaflute.web.login.exception.LoginRequiredException;
import org.lastaflute.web.login.option.LoginOpCall;
import org.lastaflute.web.login.option.LoginSpecifiedOption;
import org.lastaflute.web.login.redirect.LoginRedirectSuccessCall;
import org.lastaflute.web.response.HtmlResponse;
/**
* @author jflute
@ -63,19 +61,13 @@ public class FessLoginAssist extends TypicalLoginAssist<String, FessUserBean, Fe
// Find User
// =========
@Override
protected boolean doCheckUserLoginable(final String username, final String cipheredPassword) {
return userBhv.selectCount(cb -> {
cb.query().setName_Equal(username);
cb.query().setPassword_Equal(cipheredPassword);
}) > 0;
public boolean checkUserLoginable(LoginCredential credential) {
throw new UnsupportedOperationException("checkUserLoginable is not supported.");
}
@Override
protected OptionalEntity<FessUser> doFindLoginUser(final String username, final String cipheredPassword) {
return userBhv.selectEntity(cb -> {
cb.query().setName_Equal(username);
cb.query().setPassword_Equal(cipheredPassword);
}).map(user -> (FessUser) user);
protected void checkCredential(TypicalLoginAssist<String, FessUserBean, FessUser>.CredentialChecker checker) {
throw new UnsupportedOperationException("checkCredential is not supported.");
}
@Override
@ -144,29 +136,10 @@ public class FessLoginAssist extends TypicalLoginAssist<String, FessUserBean, Fe
// ==============
@Override
public HtmlResponse loginRedirect(final String account, final String password, final LoginOpCall opLambda,
final LoginRedirectSuccessCall oneArgLambda) throws LoginFailureException {
return loginRedirect(new UserPasswordLoginCredential(account, password), opLambda, oneArgLambda);
}
public HtmlResponse loginRedirect(final LoginCredential credential, final LoginOpCall opLambda,
final LoginRedirectSuccessCall oneArgLambda) throws LoginFailureException {
doLogin(credential, createLoginOption(opLambda)); // exception if login failure
return switchToRequestedActionIfExists(oneArgLambda.success()); // so success only here
}
protected void doLogin(final LoginCredential credential, final LoginSpecifiedOption option) throws LoginFailureException {
credential.validate();
handleLoginSuccess(findLoginUser(credential).orElseThrow(() -> {
final String msg = "Not found the user by the account and password: " + credential.getId() + ", " + option;
return handleLoginFailure(msg, credential.getResource(), OptionalThing.of(option));
}), option);
}
public OptionalEntity<FessUser> findLoginUser(final LoginCredential credential) {
if (credential instanceof UserPasswordLoginCredential) {
final UserPasswordLoginCredential userCredential = (UserPasswordLoginCredential) credential;
final String username = userCredential.getUsername();
protected void resolveCredential(CredentialResolver resolver) {
resolver.resolve(UserPasswordCredential.class, credential -> {
final UserPasswordCredential userCredential = (UserPasswordCredential) credential;
final String username = userCredential.getUser();
final String password = userCredential.getPassword();
if (!fessConfig.isAdminUser(username)) {
final OptionalEntity<FessUser> ldapUser = ComponentUtil.getLdapManager().login(username, password);
@ -175,14 +148,23 @@ public class FessLoginAssist extends TypicalLoginAssist<String, FessUserBean, Fe
}
}
return doFindLoginUser(username, encryptPassword(password));
} else if (credential instanceof SpnegoLoginCredential) {
final String username = credential.getId();
});
resolver.resolve(SpnegoCredential.class, credential -> {
final String username = ((SpnegoCredential) credential).getUsername();
if (!fessConfig.isAdminUser(username)) {
return ComponentUtil.getLdapManager().login(username);
}
} else if (credential instanceof OpenIdConnectLoginCredential) {
return OptionalEntity.of(((OpenIdConnectLoginCredential) credential).getUser());
}
return OptionalEntity.empty();
return OptionalEntity.empty();
});
resolver.resolve(OpenIdConnectCredential.class, credential -> {
return OptionalEntity.of(((OpenIdConnectCredential) credential).getUser());
});
}
protected OptionalEntity<FessUser> doFindLoginUser(final String username, final String cipheredPassword) {
return userBhv.selectEntity(cb -> {
cb.query().setName_Equal(username);
cb.query().setPassword_Equal(cipheredPassword);
}).map(user -> (FessUser) user);
}
}

38
src/main/java/org/codelibs/fess/app/web/base/login/LoginCredential.java
View file

@ -1,38 +0,0 @@
/*
* Copyright 2012-2016 CodeLibs Project and the Others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific language
* governing permissions and limitations under the License.
*/
package org.codelibs.fess.app.web.base.login;
public interface LoginCredential {
void validate();
String getId();
Object getResource();
public default void assertLoginAccountRequired(final String account) {
if (account == null || account.length() == 0) {
final String msg = "The argument 'account' should not be null for login.";
throw new IllegalArgumentException(msg);
}
}
public default void assertLoginPasswordRequired(final String password) {
if (password == null || password.length() == 0) {
final String msg = "The argument 'password' should not be null for login.";
throw new IllegalArgumentException(msg);
}
}
}

19
src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectLoginCredential.java → src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java
View file

@ -25,33 +25,28 @@ import org.codelibs.fess.entity.FessUser;
import org.codelibs.fess.helper.SystemHelper;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.login.credential.LoginCredential;
public class OpenIdConnectLoginCredential implements LoginCredential {
public class OpenIdConnectCredential implements LoginCredential {
private final Map<String, Object> attributes;
public OpenIdConnectLoginCredential(final Map<String, Object> attributes) {
public OpenIdConnectCredential(final Map<String, Object> attributes) {
this.attributes = attributes;
}
@Override
public void validate() {
assertLoginAccountRequired((String) attributes.get("email"));
public String toString() {
return "{" + getEmail() + "}";
}
@Override
public String getId() {
public String getEmail() {
return (String) attributes.get("email");
}
@Override
public Object getResource() {
return attributes;
}
public User getUser() {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
return new User(getId(), fessConfig.getOicDefaultGroupsAsArray(), fessConfig.getOicDefaultRolesAsArray());
return new User(getEmail(), fessConfig.getOicDefaultGroupsAsArray(), fessConfig.getOicDefaultRolesAsArray());
}
public static class User implements FessUser {

20
src/main/java/org/codelibs/fess/app/web/base/login/SpnegoLoginCredential.java → src/main/java/org/codelibs/fess/app/web/base/login/SpnegoCredential.java
View file

@ -15,30 +15,20 @@
*/
package org.codelibs.fess.app.web.base.login;
import org.dbflute.util.DfCollectionUtil;
import org.lastaflute.web.login.credential.LoginCredential;
public class SpnegoLoginCredential implements LoginCredential {
public class SpnegoCredential implements LoginCredential {
private final String username;
// private Principal principal;
public SpnegoLoginCredential(final String username) {
public SpnegoCredential(final String username) {
this.username = username;
}
@Override
public void validate() {
assertLoginAccountRequired(username);
}
@Override
public Object getResource() {
return DfCollectionUtil.newHashMap("account", username);
}
@Override
public String getId() {
return username;
public String toString() {
return "{" + username + "}";
}
public String getUsername() {

53
src/main/java/org/codelibs/fess/app/web/base/login/UserPasswordLoginCredential.java
View file

@ -1,53 +0,0 @@
/*
* Copyright 2012-2016 CodeLibs Project and the Others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific language
* governing permissions and limitations under the License.
*/
package org.codelibs.fess.app.web.base.login;
import org.dbflute.util.DfCollectionUtil;
public class UserPasswordLoginCredential implements LoginCredential {
private final String username;
private final String password;
public UserPasswordLoginCredential(final String username, final String password) {
this.username = username;
this.password = password;
}
@Override
public void validate() {
assertLoginAccountRequired(username);
assertLoginPasswordRequired(password);
}
@Override
public Object getResource() {
return DfCollectionUtil.newHashMap("account", username, "password", password);
}
@Override
public String getId() {
return username;
}
public String getUsername() {
return username;
}
public String getPassword() {
return password;
}
}

3
src/main/java/org/codelibs/fess/app/web/login/LoginAction.java
View file

@ -18,6 +18,7 @@ package org.codelibs.fess.app.web.login;
import org.codelibs.fess.app.web.base.FessLoginAction;
import org.codelibs.fess.util.RenderDataUtil;
import org.lastaflute.web.Execute;
import org.lastaflute.web.login.credential.UserPasswordCredential;
import org.lastaflute.web.login.exception.LoginFailureException;
import org.lastaflute.web.response.HtmlResponse;
@ -44,7 +45,7 @@ public class LoginAction extends FessLoginAction {
final String password = form.password;
form.clearSecurityInfo();
try {
return fessLoginAssist.loginRedirect(username, password, op -> {}, () -> {
return fessLoginAssist.loginRedirect(new UserPasswordCredential(username, password), op -> {}, () -> {
activityHelper.login(getUserBean());
return getHtmlResponse();
});

3
src/main/java/org/codelibs/fess/app/web/profile/ProfileAction.java
View file

@ -26,6 +26,7 @@ import org.codelibs.fess.app.service.UserService;
import org.codelibs.fess.app.web.base.FessSearchAction;
import org.codelibs.fess.app.web.login.LoginAction;
import org.lastaflute.web.Execute;
import org.lastaflute.web.login.credential.UserPasswordCredential;
import org.lastaflute.web.response.HtmlResponse;
import org.lastaflute.web.validation.VaErrorHook;
import org.slf4j.Logger;
@ -87,7 +88,7 @@ public class ProfileAction extends FessSearchAction {
}, validationErrorLambda);
}
fessLoginAssist.findLoginUser(getUserBean().get().getUserId(), form.oldPassword).orElseGet(() -> {
fessLoginAssist.findLoginUser(new UserPasswordCredential(getUserBean().get().getUserId(), form.oldPassword)).orElseGet(() -> {
throwValidationError(messages -> {
messages.addErrorsNoUserForChangingPassword(GLOBAL);
}, validationErrorLambda);

8
src/main/java/org/codelibs/fess/app/web/sso/SsoAction.java
View file

@ -16,12 +16,12 @@
package org.codelibs.fess.app.web.sso;
import org.codelibs.fess.app.web.base.FessLoginAction;
import org.codelibs.fess.app.web.base.login.ActionLoginCredential;
import org.codelibs.fess.app.web.base.login.LoginCredential;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.login.LoginAction;
import org.codelibs.fess.sso.SsoManager;
import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.Execute;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.login.exception.LoginFailureException;
import org.lastaflute.web.response.ActionResponse;
import org.slf4j.Logger;
@ -49,8 +49,8 @@ public class SsoAction extends FessLoginAction {
saveError(messages -> messages.addErrorsSsoLoginError(GLOBAL));
}
return redirect(LoginAction.class);
} else if (loginCredential instanceof ActionLoginCredential) {
return ((ActionLoginCredential) loginCredential).execute();
} else if (loginCredential instanceof ActionResponseCredential) {
return ((ActionResponseCredential) loginCredential).execute();
}
try {
return fessLoginAssist.loginRedirect(loginCredential, op -> {}, () -> {

2
src/main/java/org/codelibs/fess/sso/SsoAuthenticator.java
View file

@ -15,7 +15,7 @@
*/
package org.codelibs.fess.sso;
import org.codelibs.fess.app.web.base.login.LoginCredential;
import org.lastaflute.web.login.credential.LoginCredential;
public interface SsoAuthenticator {

2
src/main/java/org/codelibs/fess/sso/SsoManager.java
View file

@ -17,8 +17,8 @@ package org.codelibs.fess.sso;
import javax.annotation.PostConstruct;
import org.codelibs.fess.app.web.base.login.LoginCredential;
import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.login.credential.LoginCredential;
public class SsoManager {

10
src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
View file

@ -25,13 +25,13 @@ import javax.servlet.http.HttpSession;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.core.net.UuidUtil;
import org.codelibs.fess.app.web.base.login.ActionLoginCredential;
import org.codelibs.fess.app.web.base.login.LoginCredential;
import org.codelibs.fess.app.web.base.login.OpenIdConnectLoginCredential;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.OpenIdConnectCredential;
import org.codelibs.fess.crawler.Constants;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.sso.SsoAuthenticator;
import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.response.HtmlResponse;
import org.lastaflute.web.util.LaRequestUtil;
import org.slf4j.Logger;
@ -79,7 +79,7 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
}
}
return new ActionLoginCredential(() -> HtmlResponse.fromRedirectPathAsIs(getAuthUrl(request)));
return new ActionResponseCredential(() -> HtmlResponse.fromRedirectPathAsIs(getAuthUrl(request)));
}).orElse(null);
}
@ -123,7 +123,7 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
parseJwtClaim(jwtClaim, attributes);
return new OpenIdConnectLoginCredential(attributes);
return new OpenIdConnectCredential(attributes);
} catch (final IOException e) {
if (logger.isDebugEnabled()) {
logger.debug("Failed to process callbacked request.", e);

10
src/main/java/org/codelibs/fess/sso/spnego/SpnegoAuthenticator.java
View file

@ -24,9 +24,8 @@ import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletResponse;
import org.codelibs.core.io.ResourceUtil;
import org.codelibs.fess.app.web.base.login.ActionLoginCredential;
import org.codelibs.fess.app.web.base.login.LoginCredential;
import org.codelibs.fess.app.web.base.login.SpnegoLoginCredential;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.SpnegoCredential;
import org.codelibs.fess.exception.FessSystemException;
import org.codelibs.fess.exception.SsoLoginException;
import org.codelibs.fess.mylasta.direction.FessConfig;
@ -37,6 +36,7 @@ import org.codelibs.spnego.SpnegoHttpFilter;
import org.codelibs.spnego.SpnegoHttpFilter.Constants;
import org.codelibs.spnego.SpnegoHttpServletResponse;
import org.codelibs.spnego.SpnegoPrincipal;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.servlet.filter.RequestLoggingFilter;
import org.lastaflute.web.util.LaRequestUtil;
import org.lastaflute.web.util.LaResponseUtil;
@ -86,7 +86,7 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
// context/auth loop not yet complete
if (spnegoResponse.isStatusSet()) {
return new ActionLoginCredential(() -> {
return new ActionResponseCredential(() -> {
throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.",
"401 Unauthorized", HttpServletResponse.SC_UNAUTHORIZED);
});
@ -104,7 +104,7 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
}
final String[] username = principal.getName().split("@", 2);
return new SpnegoLoginCredential(username[0]);
return new SpnegoCredential(username[0]);
}).orElseGet(() -> null);
}