1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.rest.internal

File XWikiAuthentication.java

 

Coverage histogram

../../../../img/srcFileCovDistChart9.png
38% of files have more coverage

Code metrics

6
28
2
1
131
64
7
0.25
14
2
3.5

Classes

Class Line # Actions
XWikiAuthentication 62 28 0% 7 5
0.861111186.1%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.rest.internal;
21   
22    import java.util.logging.Level;
23   
24    import org.restlet.Context;
25    import org.restlet.Request;
26    import org.restlet.Response;
27    import org.restlet.data.ChallengeScheme;
28    import org.restlet.data.Form;
29    import org.restlet.engine.http.header.HeaderConstants;
30    import org.restlet.security.ChallengeAuthenticator;
31    import org.xwiki.component.manager.ComponentLookupException;
32    import org.xwiki.component.manager.ComponentManager;
33    import org.xwiki.model.reference.DocumentReferenceResolver;
34    import org.xwiki.model.reference.EntityReferenceSerializer;
35    import org.xwiki.rest.internal.resources.BrowserAuthenticationResource;
36   
37    import com.xpn.xwiki.XWiki;
38    import com.xpn.xwiki.XWikiContext;
39    import com.xpn.xwiki.XWikiException;
40    import com.xpn.xwiki.user.api.XWikiUser;
41   
42    /**
43    * <p>
44    * The authentication filter is called before serving any request and it is responsible to set in the XWiki context the
45    * user that is carrying on the request. It implements the following logic:
46    * </p>
47    * <ul>
48    * <li>If authorization header is present in the HTTP request then it is used to authenticate the user. If the
49    * authentication is successful then the user is set in the XWikiContext associated to the request. Otherwise an
50    * UNAUTHORIZED response is sent to the client.</li>
51    * <li>If no authorization header is present in the HTTP request then:</li>
52    * <ul>
53    * <li>If session information about a previously authenticated user is present in the request, and it is valid, then
54    * that user is assumed carrying out the request.
55    * <li>If there is no session information in the request or it is invalid then XWiki.Guest is assumed carrying out the
56    * request.</li>
57    * </ul>
58    * </ul>
59    *
60    * @version $Id: d38364be3ccf3f85e718cf330b63a54ffa25a6b3 $
61    */
 
62    public class XWikiAuthentication extends ChallengeAuthenticator
63    {
 
64  18 toggle public XWikiAuthentication(Context context) throws IllegalArgumentException
65    {
66  18 super(context, true, ChallengeScheme.CUSTOM, "XWiki");
67    }
68   
 
69  1709 toggle @Override
70    public boolean authenticate(Request request, Response response)
71    {
72    /*
73    * Browser authentication resource is a special resource that allows to trigger the authentication dialog box in
74    * web browsers
75    */
76  1709 if (request.getResourceRef().getPath().endsWith(BrowserAuthenticationResource.URI_PATTERN)) {
77  0 return super.authenticate(request, response);
78    }
79   
80  1709 ComponentManager componentManager =
81    (ComponentManager) getContext().getAttributes().get(Constants.XWIKI_COMPONENT_MANAGER);
82  1709 XWikiContext xwikiContext = Utils.getXWikiContext(componentManager);
83  1709 XWiki xwiki = Utils.getXWiki(componentManager);
84   
85  1709 DocumentReferenceResolver<String> resolver;
86  1709 EntityReferenceSerializer<String> serializer;
87  1709 try {
88  1709 resolver = componentManager.getInstance(DocumentReferenceResolver.TYPE_STRING, "current");
89  1709 serializer = componentManager.getInstance(EntityReferenceSerializer.TYPE_STRING);
90    } catch (ComponentLookupException e1) {
91  0 return false;
92    }
93   
94    /* By default set XWiki.Guest as the user that is sending the request. */
95  1709 xwikiContext.setUserReference(null);
96   
97    /*
98    * After performing the authentication we should add headers to the response to allow applications to verify if
99    * the authentication is still valid We are also adding the XWiki version at the same moment.
100    */
101  1709 Form responseHeaders = (Form) response.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS);
102  1709 if (responseHeaders == null) {
103  1709 responseHeaders = new Form();
104  1709 response.getAttributes().put(HeaderConstants.ATTRIBUTE_HEADERS, responseHeaders);
105    }
106  1709 responseHeaders.add("XWiki-User", serializer.serialize(xwikiContext.getUserReference()));
107  1709 responseHeaders.add("XWiki-Version", xwikiContext.getWiki().getVersion());
108   
109    // Try with standard XWiki auth
110  1709 try {
111  1709 XWikiUser xwikiUser = xwiki.checkAuth(xwikiContext);
112  1709 if (xwikiUser != null) {
113    // Make sure the user is in the context
114  770 xwikiContext.setUserReference(resolver.resolve(xwikiUser.getUser()));
115   
116  770 getLogger().fine(String.format("Authenticated as '%s'.", xwikiUser.getUser()));
117   
118    // the user has changed so we need to reset the header
119  770 responseHeaders.set("XWiki-User", serializer.serialize(xwikiContext.getUserReference()));
120   
121  770 return true;
122    }
123    } catch (XWikiException e) {
124  0 getLogger().log(Level.WARNING, "Exception occurred while authenticating.", e);
125    }
126   
127    // Falback on restlet auth
128  939 return super.authenticate(request, response);
129    }
130   
131    }