Changeset 6425

Timestamp:

Feb 26, 2014, 11:33:37 AM (9 years ago)

Author:

Nicklas Nordborg

Message:

References #1599: Convert authentication plug-in system to an extension point

Re-designed the authentication process a bit to make it possible to return more information about the authentication back to the core.

Authentication managers should now return a AutheniticatedUser object instead of AuthenticationInformation (which is deprecated).

Introduced AuthenticationMethod which is stored in the SessionControl for potential use by client applications to allow/disallow user actions based on the authentication method used.

Introduced ExtraUserInformation which also allow extended properties to be synchronized with user accounts.

Location:

trunk/src/core/net/sf/basedb/core

Files:

• AuthenticationContext.java (modified) (3 diffs)
• SessionControl.java (modified) (17 diffs)
• authentication/AuthenticatedUser.java (added)
• authentication/AuthenticationInformation.java (modified) (6 diffs)
• authentication/AuthenticationManager.java (modified) (1 diff)
• authentication/AuthenticationMethod.java (added)
• authentication/ExtraUserInformation.java (added)
• authentication/OldAuthenticationWrapperFactory.java (modified) (4 diffs)

trunk/src/core/net/sf/basedb/core/AuthenticationContext.java

@@ -22 +22 @@
 package net.sf.basedb.core;
 
-import net.sf.basedb.core.authentication.AuthenticationInformation;
+import net.sf.basedb.core.authentication.AuthenticatedUser;
 import net.sf.basedb.core.authentication.LoginRequest;
 import net.sf.basedb.core.data.UserData;
@@ -90 +90 @@
   }
   
+  /**
+    Load a user item from the BASE database given an internal id.
+    @param id The internal id for the user
+    @return A UserData object or null if there is no user
+  */
+  public UserData getUserById(int id)
+  {
+    return HibernateUtil.loadData(session, UserData.class, id);
+  }
   
   /**
@@ -95 +104 @@
     internal authentication.
   */
-  public AuthenticationInformation verifyUserInternal(LoginRequest loginRequest)
+  public AuthenticatedUser verifyUserInternal(LoginRequest loginRequest)
   {
-    UserData userData = getSessionControl().verifyUserInternal(session, loginRequest);
-    AuthenticationInformation info = new AuthenticationInformation(userData.getLogin(), userData.getExternalId());
-    return info;    
+    return getSessionControl().verifyUserInternal(session, loginRequest);
   }
 

trunk/src/core/net/sf/basedb/core/SessionControl.java

@@ -45 +45 @@
 import net.sf.basedb.util.extensions.Registry;
 import net.sf.basedb.util.extensions.manager.ExtensionsManager;
+import net.sf.basedb.core.authentication.AuthenticatedUser;
 import net.sf.basedb.core.authentication.AuthenticationManager;
-import net.sf.basedb.core.authentication.AuthenticationInformation;
+import net.sf.basedb.core.authentication.AuthenticationMethod;
+import net.sf.basedb.core.authentication.ExtraUserInformation;
 import net.sf.basedb.core.authentication.LoginRequest;
 
@@ -59 +61 @@
 import java.util.Collections;
 import java.util.List;
+
 
 /**
@@ -378 +381 @@
       tx = HibernateUtil.newTransaction(session);
 
-      UserData userData = null;
       // Try external authentication at first, except...
       // ...root user should always use internal verification
@@ -384 +386 @@
       assert root != null : "root == null";
       
+      AuthenticatedUser authUser = null;
       if (!loginRequest.getLogin().equals(root.getLogin()))
       {
-        userData = verifyUserExternal(session, loginRequest);
+        authUser = verifyUserExternal(session, loginRequest);
       }
       
-      if (userData == null)
+      if (authUser == null)
       {
         // If no user was found, use internal authentication
-        userData = verifyUserInternal(session, loginRequest);
+        authUser = verifyUserInternal(session, loginRequest);
       }
       
-      LoginInfo li = createLoginInfo(session, userData, loginRequest.getComment(), false);
+      UserData user = HibernateUtil.loadData(session, UserData.class, authUser.getInternalId());
+      
+      LoginInfo li = createLoginInfo(session, user, loginRequest.getComment(), false, authUser.getAuthenticationMethod());
       HibernateUtil.commit(tx);
       currentContexts.clear();
@@ -415 +420 @@
     Verify the user with internal authentication.
   */
-  UserData verifyUserInternal(org.hibernate.Session session, LoginRequest loginRequest)
+  AuthenticatedUser verifyUserInternal(org.hibernate.Session session, LoginRequest loginRequest)
   {
     String login = loginRequest.getLogin();
@@ -453 +458 @@
     }
     
-    return userData;
+    return new AuthenticatedUser(AuthenticationMethod.INTERNAL, userData);
   }
   
@@ -460 +465 @@
   */
   @SuppressWarnings("unchecked")
-  private UserData verifyUserExternal(org.hibernate.Session session, LoginRequest loginRequest)
+  private AuthenticatedUser verifyUserExternal(org.hibernate.Session session, LoginRequest loginRequest)
   {
     AuthenticationContext context = new AuthenticationContext(this, session, loginRequest);
@@ -468 +473 @@
     ExtensionsInvoker<AuthenticationManager> invoker = (ExtensionsInvoker<AuthenticationManager>)registry.useExtensions(context, xtManager.getSettings(), "net.sf.basedb.core.authentication-manager");
     
-    AuthenticationInformation info = null;
-    boolean extraInfo = false;
+    AuthenticatedUser authUser = null;
     try
     {
@@ -476 +480 @@
       for (AuthenticationManager auth : invoker)
       {
-        info = auth.authenticate();
-        if (info != null)
+        authUser = auth.authenticate();
+        if (authUser != null)
         {
           // Found a valid login
-          extraInfo = auth.supportsExtraInformation() && info.hasExtraInfo;
           break;
         }
@@ -506 +509 @@
     
     // Return null to force internal verification
-    if (info == null) return null;
-
-    // Load user information, first try 'id' and then 'login'
-    UserData userData = context.getUserByExternalId(info.id);
-    if (userData == null)
-    {
-      userData = context.getUserByLogin(info.login);
-    }
+    if (authUser == null) return null;
+
+    
+    // Load user information, priority order is 'internal id', 'external id', 'login'
+    UserData userData = null;
+    if (authUser.getInternalId() > 0)
+    {
+      userData = HibernateUtil.loadData(session, UserData.class, authUser.getInternalId());
+    }
+    if (userData == null && authUser.getExternalId() != null)
+    {
+      userData = context.getUserByExternalId(authUser.getExternalId());
+    }
+    if (userData == null && authUser.getLogin() != null)
+    {
+      userData = context.getUserByLogin(authUser.getLogin());
+    }
+      
     if (userData == null) 
     {
       // Create new user
       userData = new UserData();
-      userData.setExternalId(info.id);
-      userData.setLogin(info.login);
-      userData.setName(info.name == null ? info.login : info.name);
+      userData.setExternalId(authUser.getExternalId());
+      userData.setLogin(authUser.getLogin());
+      userData.setName(authUser.getLogin());
       userData.setQuota(HibernateUtil.loadData(session, QuotaData.class, SystemItems.getId(Quota.DEFAULT)));
       User.addDefultRolesAndGroups(session, userData);
@@ -534 +547 @@
     
     // Synchronize extra information if supported and allowed by config
-    if (extraInfo && (Config.getBoolean("auth.synchronize") || userData.getId() == 0))
-    {
-      userData.setName(info.name == null ? info.login : info.name);
-      userData.setOrganisation(info.organisation);
-      userData.setAddress(info.address);
-      userData.setPhone(info.phone);
-      userData.setFax(info.fax);
-      userData.setEmail(info.email);
-      userData.setUrl(info.url);
-      userData.setDescription(info.description);
+    if (authUser.hasExtraInformation() && (Config.getBoolean("auth.synchronize") || userData.getId() == 0))
+    {
+      ExtraUserInformation extraInfo = authUser.getExtraInformation();
+      if (extraInfo.getName() != null)
+      {
+        userData.setName(extraInfo.getName());
+      }
+      userData.setOrganisation(extraInfo.getOrganisation());
+      userData.setAddress(extraInfo.getAddress());
+      userData.setPhone(extraInfo.getPhone());
+      userData.setFax(extraInfo.getFax());
+      userData.setEmail(extraInfo.getEmail());
+      userData.setUrl(extraInfo.getUrl());
+      userData.setDescription(extraInfo.getDescription());
+      
+      List<ExtendedProperty> properties = ExtendedProperties.getProperties("UserData");
+      if (properties != null)
+      {
+        for (ExtendedProperty ep : properties)
+        {
+          Object value = extraInfo.getExtended(ep.getName());
+          if (value == null || ep.getType().isCorrectType(value))
+          {
+            userData.setExtended(ep.getName(), value);
+          }
+        }
+      }
     }
     if (userData.getId() == 0)
@@ -550 +580 @@
     }
     HibernateUtil.flush(session);
-    return userData;
+    return new AuthenticatedUser(authUser.getAuthenticationMethod(), userData);
   }
 
@@ -585 +615 @@
       // Load user data
       UserData userData = HibernateUtil.loadData(session, UserData.class, userId);
-      LoginInfo li = createLoginInfo(session, userData, comment, true);
+      LoginInfo li = createLoginInfo(session, userData, comment, true, getAuthenticationMethod());
       HibernateUtil.commit(tx);
       SessionControl impersonated = Application.newSessionControl(getExternalClientId(), getRemoteId(), null);
@@ -618 +648 @@
     Create a LoginInfo object and load all information that it needs.
   */
-  private LoginInfo createLoginInfo(org.hibernate.Session session, UserData userData, String comment, boolean impersonated)
+  private LoginInfo createLoginInfo(org.hibernate.Session session, UserData userData, String comment, boolean impersonated, AuthenticationMethod authenticationMethod)
     throws BaseException
   {
@@ -663 +693 @@
     li.userId = userData.getId();
     li.userLogin = userData.getLogin();
+    li.authenticationMethod = authenticationMethod;
     li.sessionSettings = Collections.synchronizedMap(new HashMap<String,Object>());
     return li;
@@ -743 +774 @@
     updateLastAccess();
     return loginInfo == null ? 0 : loginInfo.userId;
+  }
+  
+  /**
+    Get the method that was used to authenticate the currently
+    logged in user. Internal authentication return
+    {@link AuthenticationMethod#INTERNAL}.
+    @return An AuthenticationMethod object or null if no user is logged in
+    @since 3.3
+  */
+  public AuthenticationMethod getAuthenticationMethod()
+  {
+    return loginInfo == null ? null : loginInfo.authenticationMethod;
   }
 
@@ -2152 +2195 @@
     
     /**
+      The authentication method used to allow the user to
+      login.
+    */
+    private AuthenticationMethod authenticationMethod;
+    
+    /**
       The id of the {@link ProjectData} object of the active project.
     */

trunk/src/core/net/sf/basedb/core/authentication/AuthenticationInformation.java

@@ -25 +25 @@
 /**
   Objects of this class are returned by the 
-  {@link AuthenticationManager#authenticate()}
+  {@link Authenticator#authenticate(String, String)}
   method and contains information about the authenticated
   user. The only required fields are {@link #id} and {@link #login}.
@@ -32 +32 @@
   <p>
   If the implementation supports extra information, ie. the call to
-  {@link AuthenticationManager#supportsExtraInformation()}
+  {@link Authenticator#supportsExtraInformation()}
   returns TRUE, the other fields may also contain information.
   
@@ -38 +38 @@
   @version 2.0
   @base.modified $Date$
+  @deprecated In 3.3, use {@link AuthenticatedUser} instead
 */
+@Deprecated
 public class AuthenticationInformation
 {
   /**
-    TRUE if the contructor with extra information was used, FALSE if the minial constructor was used.
+    TRUE if the extra information has been provided, FALSE if not.
     @since 3.3
   */
@@ -106 +108 @@
   public AuthenticationInformation(String login, String id)
   {
-    this(login, id, null, null, null, null, null, null, null, null, false);
+    this(login, id, null, null, null, null, null, null, null, null);
   }
 
@@ -138 +140 @@
   )
   {
-    this(login, id, name, organisation, address, phone, fax, email, url, description, true);
-  }
-  
-  private AuthenticationInformation
-  (
-    String login,
-    String id,
-    String name,
-    String organisation,
-    String address,
-    String phone,
-    String fax,
-    String email,
-    String url,
-    String description,
-    boolean hasExtraInfo
-  )
-  {
     if (id == null) throw new NullPointerException("id");
     if (login == null) throw new NullPointerException("login");
@@ -168 +152 @@
     this.url = url;
     this.description = description;
-    this.hasExtraInfo = hasExtraInfo;
+    this.hasExtraInfo = !allNull(name, organisation, address, phone, fax, email, url, description);
   }
 
+  
+  private static boolean allNull(Object... objects)
+  {
+    for (Object o : objects)
+    {
+      if (o != null) return false;
+    }
+    return true;
+  }
 }

trunk/src/core/net/sf/basedb/core/authentication/AuthenticationManager.java

@@ -60 +60 @@
     @throws A {@link AuthenticationException} if the user was not authenticated
   */
-  public AuthenticationInformation authenticate();
+  public AuthenticatedUser authenticate();
   
-  /**
-    Should return TRUE or FALSE depending on if the authentication
-    server returns additional information about the user. 
-      @return TRUE if additional information is returned, FALSE otherwise. 
-    @see AuthenticationInformation
-  */
-  public boolean supportsExtraInformation();
   
 }

trunk/src/core/net/sf/basedb/core/authentication/OldAuthenticationWrapperFactory.java

@@ -46 +46 @@
   
   private Authenticator auth;
+  private AuthenticationMethod authMethod;
   
   public OldAuthenticationWrapperFactory()
@@ -53 +54 @@
     {
       auth = getAuthenticator(driver);
+      authMethod = AuthenticationMethod.getInstance(driver);
     }
   }
@@ -66 +68 @@
   {
     AuthenticationContext authContext = (AuthenticationContext)context.getClientContext();
-    return new AuthenticationManager[] { new OldAuthenticationManager(auth, authContext.getLoginRequest()) };
+    LoginRequest request = authContext.getLoginRequest();
+    AuthenticationManager authManager = new OldAuthenticationManager(request);
+
+    return new AuthenticationManager[] { authManager };
   }
   
@@ -89 +94 @@
   }
   
-  static class OldAuthenticationManager
+  class OldAuthenticationManager
     implements AuthenticationManager
   {
-    private final Authenticator auth;
     private final LoginRequest request;
 
-    OldAuthenticationManager(Authenticator auth, LoginRequest request) 
+    OldAuthenticationManager(LoginRequest request) 
     {
-      this.auth = auth;
       this.request = request;
     }
 
     @Override
-    public AuthenticationInformation authenticate() 
+    public AuthenticatedUser authenticate() 
     {
-      return auth.authenticate(request.getLogin(), request.getPassword());
+      AuthenticationInformation info = auth.authenticate(request.getLogin(), request.getPassword());
+      
+      AuthenticatedUser authUser = new AuthenticatedUser(authMethod, info.login, info.id);
+      if (auth.supportsExtraInformation() && info.hasExtraInfo)
+      {
+        ExtraUserInformation extra = new ExtraUserInformation();
+        extra.setAddress(info.address);
+        extra.setDescription(info.description);
+        extra.setEmail(info.email);
+        extra.setFax(info.fax);
+        extra.setName(info.name);
+        extra.setOrganisation(info.organisation);
+        extra.setPhone(info.phone);
+        extra.setUrl(info.url);
+      }
+      return authUser;
     }
 
-    @Override
-    public boolean supportsExtraInformation() 
-    {
-      return auth.supportsExtraInformation();
-    }
-    
   }