Coverage Report

Coverage Report - org.kuali.student.security.spring.KSRiceDefaultUserDetailsService

Classes in this File

0/49

0/18

 /**
  * Copyright 2010 The Kuali Foundation Licensed under the
  * Educational Community License, Version 2.0 (the "License"); you may
  * not use this file except in compliance with the License. You may
  * obtain a copy of the License at
  *
  * http://www.osedu.org/licenses/ECL-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an "AS IS"
  * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 
 package org.kuali.student.security.spring;
 
 import org.kuali.rice.core.config.Config;
 import org.kuali.rice.core.config.ConfigContext;
 import org.kuali.rice.kim.bo.entity.dto.KimPrincipalInfo;
 import org.kuali.rice.kim.service.IdentityService;
 import org.kuali.student.common.util.security.UserWithId;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.security.util.AuthorityUtils;
 
 /**
  * This is a description of what this class does. 
  * 
  * @author Kuali Student Team
  *
  */
 public class KSRiceDefaultUserDetailsService implements UserDetailsService{
 
     private UserWithId ksuser = null;
     private String password = "";
    
     private boolean enabled = true;
     private boolean nonlocked = true;
     
     private IdentityService identityService = null;
     
     // Spring Security requires roles to have a prefix of ROLE_ , 
     // look in org.springframework.security.vote.RoleVoter to change.
     private GrantedAuthority[] authorities = 
         AuthorityUtils.commaSeparatedStringToAuthorityArray("ROLE_KS_ADMIN, ROLE_KS_USER");
     
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         if(username==null || username.equals("")){
             throw new UsernameNotFoundException("Username cannot be null or empty");
         }
         
         Config config = ConfigContext.getCurrentContextConfig();
         String ksIgnoreRiceLogin = config.getProperty("ks.ignore.rice.login");
         
         // if property was not set in a config file then 
         // it will be null and it falls through to the identityService code.
         if(Boolean.valueOf(ksIgnoreRiceLogin) == true){
             return new User(username, password, enabled, true, true, nonlocked, authorities);
         }
         
         KimPrincipalInfo kimPrincipalInfo = null;
         kimPrincipalInfo = identityService.getPrincipalByPrincipalName(username);
         
         String userId;
         if (null != kimPrincipalInfo) {
             username = kimPrincipalInfo.getPrincipalName();
             userId = kimPrincipalInfo.getPrincipalId();
         } else {
         // When a UsernameNotFoundException is thrown, spring security will proceed to the next AuthenticationProvider on the list.
         // When Rice is running and username is not found in KIM, we want authentication to stop and allow the user to enter the correct username.
         // to do this we need to throw a AccountStatusException and not UsernameNotFoundException.
             throw new KimUserNotFoundException("Invalid username or password");  
         }
         ksuser = new UserWithId(username, password, enabled, true, true, nonlocked, authorities);
         ksuser.setUserId(userId);
         return ksuser;
     }
     
     public UserDetails loadUserByUsernameAndToken(String username, UsernamePasswordAuthenticationToken authentication) throws UsernameNotFoundException {
         if(username==null || username.equals("")){
             throw new UsernameNotFoundException("Username cannot be null or empty");
         }
         
         Config config = ConfigContext.getCurrentContextConfig();
         String ksIgnoreRiceLogin = config.getProperty("ks.ignore.rice.login");
         
         // if property was not set in a config file then 
         // it will be null and it falls through to the identityService code.
         // -----------------
         // Here starts a new comment
         // ------------------
         // J.Jacobus Roos -- I changed this since the return of a valid principal ID is crucial 4 workflow
         // thus I use the getPrincipalByPrincipalName which doesn't require me 2 know the password. 
         // by changing the  ks.ignore.rice.login 2 false this step will be skipped and the proper soap method
         // will be called which include the username and password.
         // PS: the previous comment is not true anymore since I do not let it fall thru. I populate it with
         // all the values from Rice. The fact that it fell thru in the past was a quick way to allowing people
         // to login without knowing the password. This was good for testing, but that service did not include
         // the functionality 2 load the correct details(principalId) of the logged in person... thus that service return
         // principalId and principalName as the same value... which breaks workflow. 
         
         // So it is funny since now the people had 2 change the principalIds in the db to the same as the principalname 
         // What a crude workaround... please communicate people... 
 
        
         if(Boolean.valueOf(ksIgnoreRiceLogin) == true){
                 KimPrincipalInfo kimPrincipalInfo;
                 kimPrincipalInfo = identityService.getPrincipalByPrincipalName(username);
             String userId;
             if (null != kimPrincipalInfo) {
                 username = kimPrincipalInfo.getPrincipalName();
                 userId = kimPrincipalInfo.getPrincipalId();
             } else {
             // When a UsernameNotFoundException is thrown, spring security will proceed to the next AuthenticationProvider on the list.
             // When Rice is running and username is not found in KIM, we want authentication to stop and allow the user to enter the correct username.
             // to do this we need to throw a AccountStatusException and not UsernameNotFoundException.
                 //System.out.println("kimPrincipalInfo is null ");
                 throw new KimUserNotFoundException("Invalid username or password");  
             }
             ksuser = new UserWithId(username, password, enabled, true, true, nonlocked, authorities);
             ksuser.setUserId(userId);
             return ksuser;
         }
         
         password = (String)authentication.getCredentials();
         
         KimPrincipalInfo kimPrincipalInfo = null;
         
         kimPrincipalInfo = identityService.getPrincipalByPrincipalNameAndPassword(username, password);
         String userId;
         if (null != kimPrincipalInfo) {
             username = kimPrincipalInfo.getPrincipalName();
             userId = kimPrincipalInfo.getPrincipalId();
         } else {
         // When a UsernameNotFoundException is thrown, spring security will proceed to the next AuthenticationProvider on the list.
         // When Rice is running and username is not found in KIM, we want authentication to stop and allow the user to enter the correct username.
         // to do this we need to throw a AccountStatusException and not UsernameNotFoundException.
             //System.out.println("kimPrincipalInfo is null ");
             throw new KimUserNotFoundException("Invalid username or password");  
         }
         ksuser = new UserWithId(username, password, enabled, true, true, nonlocked, authorities);
         ksuser.setUserId(userId);
         return ksuser;
     }
     
     public void setAuthorities(String[] roles) {
         this.authorities =  AuthorityUtils.stringArrayToAuthorityArray(roles);
     }
 
     public void setIdentityService(IdentityService identityService) {
         this.identityService = identityService;
     }
 }

1		/**
2		* Copyright 2010 The Kuali Foundation Licensed under the
3		* Educational Community License, Version 2.0 (the "License"); you may
4		* not use this file except in compliance with the License. You may
5		* obtain a copy of the License at
6		*
7		* http://www.osedu.org/licenses/ECL-2.0
8		*
9		* Unless required by applicable law or agreed to in writing,
10		* software distributed under the License is distributed on an "AS IS"
11		* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12		* or implied. See the License for the specific language governing
13		* permissions and limitations under the License.
14		*/
15
16		package org.kuali.student.security.spring;
17
18		import org.kuali.rice.core.config.Config;
19		import org.kuali.rice.core.config.ConfigContext;
20		import org.kuali.rice.kim.bo.entity.dto.KimPrincipalInfo;
21		import org.kuali.rice.kim.service.IdentityService;
22		import org.kuali.student.common.util.security.UserWithId;
23		import org.springframework.security.GrantedAuthority;
24		import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
25		import org.springframework.security.userdetails.User;
26		import org.springframework.security.userdetails.UserDetails;
27		import org.springframework.security.userdetails.UserDetailsService;
28		import org.springframework.security.userdetails.UsernameNotFoundException;
29		import org.springframework.security.util.AuthorityUtils;
30
31		/**
32		* This is a description of what this class does.
33		*
34		* @author Kuali Student Team
35		*
36		*/
37	0	public class KSRiceDefaultUserDetailsService implements UserDetailsService{
38
39	0	private UserWithId ksuser = null;
40	0	private String password = "";
41
42	0	private boolean enabled = true;
43	0	private boolean nonlocked = true;
44
45	0	private IdentityService identityService = null;
46
47		// Spring Security requires roles to have a prefix of ROLE_ ,
48		// look in org.springframework.security.vote.RoleVoter to change.
49	0	private GrantedAuthority[] authorities =
50		AuthorityUtils.commaSeparatedStringToAuthorityArray("ROLE_KS_ADMIN, ROLE_KS_USER");
51
52		public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
53	0	if(username==null \|\| username.equals("")){
54	0	throw new UsernameNotFoundException("Username cannot be null or empty");
55		}
56
57	0	Config config = ConfigContext.getCurrentContextConfig();
58	0	String ksIgnoreRiceLogin = config.getProperty("ks.ignore.rice.login");
59
60		// if property was not set in a config file then
61		// it will be null and it falls through to the identityService code.
62	0	if(Boolean.valueOf(ksIgnoreRiceLogin) == true){
63	0	return new User(username, password, enabled, true, true, nonlocked, authorities);
64		}
65
66	0	KimPrincipalInfo kimPrincipalInfo = null;
67	0	kimPrincipalInfo = identityService.getPrincipalByPrincipalName(username);
68
69		String userId;
70	0	if (null != kimPrincipalInfo) {
71	0	username = kimPrincipalInfo.getPrincipalName();
72	0	userId = kimPrincipalInfo.getPrincipalId();
73		} else {
74		// When a UsernameNotFoundException is thrown, spring security will proceed to the next AuthenticationProvider on the list.
75		// When Rice is running and username is not found in KIM, we want authentication to stop and allow the user to enter the correct username.
76		// to do this we need to throw a AccountStatusException and not UsernameNotFoundException.
77	0	throw new KimUserNotFoundException("Invalid username or password");
78		}
79	0	ksuser = new UserWithId(username, password, enabled, true, true, nonlocked, authorities);
80	0	ksuser.setUserId(userId);
81	0	return ksuser;
82		}
83
84		public UserDetails loadUserByUsernameAndToken(String username, UsernamePasswordAuthenticationToken authentication) throws UsernameNotFoundException {
85	0	if(username==null \|\| username.equals("")){
86	0	throw new UsernameNotFoundException("Username cannot be null or empty");
87		}
88
89	0	Config config = ConfigContext.getCurrentContextConfig();
90	0	String ksIgnoreRiceLogin = config.getProperty("ks.ignore.rice.login");
91
92		// if property was not set in a config file then
93		// it will be null and it falls through to the identityService code.
94		// -----------------
95		// Here starts a new comment
96		// ------------------
97		// J.Jacobus Roos -- I changed this since the return of a valid principal ID is crucial 4 workflow
98		// thus I use the getPrincipalByPrincipalName which doesn't require me 2 know the password.
99		// by changing the ks.ignore.rice.login 2 false this step will be skipped and the proper soap method
100		// will be called which include the username and password.
101		// PS: the previous comment is not true anymore since I do not let it fall thru. I populate it with
102		// all the values from Rice. The fact that it fell thru in the past was a quick way to allowing people
103		// to login without knowing the password. This was good for testing, but that service did not include
104		// the functionality 2 load the correct details(principalId) of the logged in person... thus that service return
105		// principalId and principalName as the same value... which breaks workflow.
106
107		// So it is funny since now the people had 2 change the principalIds in the db to the same as the principalname
108		// What a crude workaround... please communicate people...
109
110
111	0	if(Boolean.valueOf(ksIgnoreRiceLogin) == true){
112		KimPrincipalInfo kimPrincipalInfo;
113	0	kimPrincipalInfo = identityService.getPrincipalByPrincipalName(username);
114		String userId;
115	0	if (null != kimPrincipalInfo) {
116	0	username = kimPrincipalInfo.getPrincipalName();
117	0	userId = kimPrincipalInfo.getPrincipalId();
118		} else {
119		// When a UsernameNotFoundException is thrown, spring security will proceed to the next AuthenticationProvider on the list.
120		// When Rice is running and username is not found in KIM, we want authentication to stop and allow the user to enter the correct username.
121		// to do this we need to throw a AccountStatusException and not UsernameNotFoundException.
122		//System.out.println("kimPrincipalInfo is null ");
123	0	throw new KimUserNotFoundException("Invalid username or password");
124		}
125	0	ksuser = new UserWithId(username, password, enabled, true, true, nonlocked, authorities);
126	0	ksuser.setUserId(userId);
127	0	return ksuser;
128		}
129
130	0	password = (String)authentication.getCredentials();
131
132	0	KimPrincipalInfo kimPrincipalInfo = null;
133
134	0	kimPrincipalInfo = identityService.getPrincipalByPrincipalNameAndPassword(username, password);
135		String userId;
136	0	if (null != kimPrincipalInfo) {
137	0	username = kimPrincipalInfo.getPrincipalName();
138	0	userId = kimPrincipalInfo.getPrincipalId();
139		} else {
140		// When a UsernameNotFoundException is thrown, spring security will proceed to the next AuthenticationProvider on the list.
141		// When Rice is running and username is not found in KIM, we want authentication to stop and allow the user to enter the correct username.
142		// to do this we need to throw a AccountStatusException and not UsernameNotFoundException.
143		//System.out.println("kimPrincipalInfo is null ");
144	0	throw new KimUserNotFoundException("Invalid username or password");
145		}
146	0	ksuser = new UserWithId(username, password, enabled, true, true, nonlocked, authorities);
147	0	ksuser.setUserId(userId);
148	0	return ksuser;
149		}
150
151		public void setAuthorities(String[] roles) {
152	0	this.authorities = AuthorityUtils.stringArrayToAuthorityArray(roles);
153	0	}
154
155		public void setIdentityService(IdentityService identityService) {
156	0	this.identityService = identityService;
157	0	}
158		}