diff --git a/source/java/org/alfresco/repo/webdav/auth/AuthenticationDriver.java b/source/java/org/alfresco/repo/webdav/auth/AuthenticationDriver.java
new file mode 100644
index 0000000000..eb22c3bdcb
--- /dev/null
+++ b/source/java/org/alfresco/repo/webdav/auth/AuthenticationDriver.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2005-2010 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.webdav.auth;
+
+import java.io.IOException;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * A general interface for servlet-based authentication. Allows code to be shared by Web Client, WebDAV and Sharepoint
+ * authentication classes.
+ *
+ * @author dward
+ */
+public interface AuthenticationDriver
+{
+ /**
+ * Authenticate user based on information in http request such as Authorization header or cached session
+ * information.
+ *
+ * @param context
+ * the context
+ * @param request
+ * http request
+ * @param response
+ * http response
+ * @return true if authentication was successful
+ * @throws IOException
+ * @throws ServletException
+ */
+ public boolean authenticateRequest(ServletContext context, HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException;
+
+ /**
+ * Send a status 401 response that will restart the log in handshake.
+ *
+ * @param context
+ * the context
+ * @param request
+ * http request
+ * @param response
+ * http response
+ * @throws IOException
+ */
+ public void restartLoginChallenge(ServletContext context, HttpServletRequest request, HttpServletResponse response)
+ throws IOException;
+}
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
index 7de1551701..20aca35a03 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
@@ -34,11 +34,8 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.RealmCallback;
-import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -237,30 +234,9 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
}
- /*
- * (non-Javadoc)
- * @see org.alfresco.repo.web.filter.beans.DependencyInjectedFilter#doFilter(javax.servlet.ServletContext,
- * javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
- */
- public void doFilter(ServletContext context, ServletRequest sreq, ServletResponse sresp, FilterChain chain)
+ public boolean authenticateRequest(ServletContext context, HttpServletRequest req, HttpServletResponse resp)
throws IOException, ServletException
{
- // Get the HTTP request/response/session
- HttpServletRequest req = (HttpServletRequest) sreq;
- HttpServletResponse resp = (HttpServletResponse) sresp;
-
- // If a filter up the chain has marked the request as not requiring auth then respect it
-
- if (req.getAttribute( NO_AUTH_REQUIRED) != null)
- {
- if ( getLogger().isDebugEnabled())
- getLogger().debug("Authentication not required (filter), chaining ...");
-
- // Chain to the next filter
- chain.doFilter(sreq, sresp);
- return;
- }
-
// Check if there is an authorization header with an SPNEGO security blob
String authHdr = req.getHeader("Authorization");
@@ -279,10 +255,8 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// Restart the authentication
- restartLoginChallenge(req, resp, req.getSession());
-
- chain.doFilter(sreq, sresp);
- return;
+ restartLoginChallenge(context, req, resp);
+ return false;
}
}
@@ -304,8 +278,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// Chain to the next filter
- chain.doFilter(sreq, sresp);
- return;
+ return true;
}
// Check if the login page is being accessed, do not intercept the login page
@@ -315,8 +288,8 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
getLogger().debug("Login page requested, chaining ...");
// Chain to the next filter
- chain.doFilter( sreq, sresp);
- return;
+
+ return true;
}
// Check the authorization header
@@ -336,8 +309,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// Chain to the next filter
- chain.doFilter(sreq, sresp);
- return;
+ return true;
}
}
@@ -349,7 +321,8 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// Send back a request for SPNEGO authentication
- restartLoginChallenge(req, resp, httpSess);
+ restartLoginChallenge(context, req, resp);
+ return false;
}
else
{
@@ -366,8 +339,8 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// Restart the authentication
- restartLoginChallenge(req, resp, httpSess);
- return;
+ restartLoginChallenge(context, req, resp);
+ return false;
}
// Check the received SPNEGO token type
@@ -412,22 +385,23 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
{
// Allow the user to access the requested page
onValidate(context, req, resp);
-
- chain.doFilter( req, resp);
+
+ return true;
}
else
{
// Send back a request for SPNEGO authentication
- restartLoginChallenge(req, resp, httpSess);
+ restartLoginChallenge(context, req, resp);
+ return false;
}
}
catch (AuthenticationException ex)
{
// Even though the user successfully authenticated, the ticket may not be granted, e.g. to
// max user limit
- onValidateFailed(req, resp, httpSess);
- return;
+ onValidateFailed(context, req, resp, httpSess);
+ return false;
}
}
}
@@ -448,9 +422,10 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// Send back a request for SPNEGO authentication
- restartLoginChallenge(req, resp, httpSess);
+ restartLoginChallenge(context, req, resp);
}
}
+ return false;
}
/**
@@ -571,6 +546,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
return negTokenTarg;
}
+
/**
* Restart the Kerberos logon process
*
@@ -578,8 +554,14 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
* @param httpSess HttpSession
* @throws IOException
*/
- protected void restartLoginChallenge(HttpServletRequest req, HttpServletResponse resp, HttpSession session) throws IOException
+ public void restartLoginChallenge(ServletContext context, HttpServletRequest req, HttpServletResponse resp) throws IOException
{
+ HttpSession session = req.getSession(false);
+ if (session != null)
+ {
+ session.invalidate();
+ }
+
// Force the logon to start again
resp.setHeader("WWW-Authenticate", "Negotiate");
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
index cf80d2bc42..8179f01b5e 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
@@ -26,11 +26,8 @@ import java.util.Arrays;
import java.util.List;
import java.util.Random;
-import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -170,89 +167,64 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
m_ntlmFlags = NTLM_FLAGS_NTLM1;
}
- }
-
+ }
- /* (non-Javadoc)
- * @see org.alfresco.repo.web.filter.beans.DependencyInjectedFilter#doFilter(javax.servlet.ServletContext, javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
- */
- public void doFilter(ServletContext context, ServletRequest sreq, ServletResponse sresp, FilterChain chain)
- throws IOException, ServletException
+ public boolean authenticateRequest(ServletContext context, HttpServletRequest sreq, HttpServletResponse sresp) throws IOException, ServletException
{
- // Get the HTTP request/response/session
- HttpServletRequest req = (HttpServletRequest) sreq;
- HttpServletResponse resp = (HttpServletResponse) sresp;
-
- // If a filter up the chain has marked the request as not requiring auth then respect it
-
- if (req.getAttribute( NO_AUTH_REQUIRED) != null)
- {
- if ( getLogger().isDebugEnabled())
- getLogger().debug("Authentication not required (filter), chaining ...");
-
- // Chain to the next filter
- chain.doFilter(sreq, sresp);
- return;
- }
-
// Check if there is an authorization header with an NTLM security blob
- String authHdr = req.getHeader(AUTHORIZATION);
+ String authHdr = sreq.getHeader(AUTHORIZATION);
boolean reqAuth = false;
// Check if an NTLM authorization header was received
if ( authHdr != null)
{
- // Check for an NTLM authorization header
-
- if ( authHdr.startsWith(AUTH_NTLM))
- reqAuth = true;
- else if ( authHdr.startsWith( "Negotiate"))
- {
- if ( getLogger().isDebugEnabled())
- getLogger().debug("Received 'Negotiate' from client, may be SPNEGO/Kerberos logon");
-
- // Restart the authentication
-
- restartLoginChallenge(req, resp, req.getSession());
- return;
- }
+ // Check for an NTLM authorization header
+
+ if ( authHdr.startsWith(AUTH_NTLM))
+ reqAuth = true;
+ else if ( authHdr.startsWith( "Negotiate"))
+ {
+ if ( getLogger().isDebugEnabled())
+ getLogger().debug("Received 'Negotiate' from client, may be SPNEGO/Kerberos logon");
+
+ // Restart the authentication
+
+ restartLoginChallenge(context, sreq, sresp);
+ return false;
+ }
}
// Check if the user is already authenticated
- SessionUser user = getSessionUser(context, req, resp, true);
-
- HttpSession httpSess = req.getSession(true);
+ SessionUser user = getSessionUser(context, sreq, sresp, true);
// If the user has been validated and we do not require re-authentication then continue to
// the next filter
if (user != null && reqAuth == false)
{
// Filter validate hook
- onValidate( context, req, resp);
+ onValidate( context, sreq, sresp);
if (getLogger().isDebugEnabled())
getLogger().debug("Authentication not required (user), chaining ...");
// Chain to the next filter
- chain.doFilter(sreq, sresp);
- return;
+ return true;
}
// Check if the login page is being accessed, do not intercept the login page
- if (hasLoginPage() && req.getRequestURI().endsWith(getLoginPage()) == true)
+ if (hasLoginPage() && sreq.getRequestURI().endsWith(getLoginPage()) == true)
{
if (getLogger().isDebugEnabled())
getLogger().debug("Login page requested, chaining ...");
// Chain to the next filter
- chain.doFilter( sreq, sresp);
- return;
+ return true;
}
// Check if the browser is Opera, if so then display the login page as Opera does not
// support NTLM and displays an error page if a request to use NTLM is sent to it
- String userAgent = req.getHeader("user-agent");
+ String userAgent = sreq.getHeader("user-agent");
if (userAgent != null && userAgent.indexOf("Opera ") != -1)
{
if (getLogger().isDebugEnabled())
@@ -261,10 +233,10 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
// If there is no login page configured (WebDAV) then just keep requesting the user details from the client
if ( hasLoginPage())
- redirectToLoginPage(req, resp);
+ redirectToLoginPage(sreq, sresp);
else
- restartLoginChallenge(req, resp, httpSess);
- return;
+ restartLoginChallenge(context, sreq, sresp);
+ return false;
}
// Check the authorization header
@@ -274,26 +246,25 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
if ( allowsTicketLogons())
{
- // Check if the request includes an authentication ticket
-
- if (checkForTicketParameter(context, req, resp))
+ // Check if the request includes an authentication ticket
+
+ if (checkForTicketParameter(context, sreq, sresp))
{
-
- // Authentication was bypassed using a ticket parameter
-
- chain.doFilter(sreq, sresp);
- return;
- }
+
+ // Authentication was bypassed using a ticket parameter
+ return true;
+ }
}
// DEBUG
-
+
if (getLogger().isDebugEnabled())
- getLogger().debug("New NTLM auth request from " + req.getRemoteHost() + " (" +
- req.getRemoteAddr() + ":" + req.getRemotePort() + ") SID:" + req.getSession().getId());
+ getLogger().debug("New NTLM auth request from " + sreq.getRemoteHost() + " (" +
+ sreq.getRemoteAddr() + ":" + sreq.getRemotePort() + ") SID:" + sreq.getSession().getId());
// Send back a request for NTLM authentication
- restartLoginChallenge(req, resp, httpSess);
+ restartLoginChallenge(context, sreq, sresp);
+ return false;
}
else
{
@@ -304,24 +275,30 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
{
// Process the type 1 NTLM message
Type1NTLMMessage type1Msg = new Type1NTLMMessage(ntlmByts);
- processType1(type1Msg, req, resp);
+ processType1(type1Msg, sreq, sresp);
+ return false;
}
else if (ntlmTyp == NTLM.Type3)
{
// Process the type 3 NTLM message
Type3NTLMMessage type3Msg = new Type3NTLMMessage(ntlmByts);
- processType3(type3Msg, context, req, resp, chain);
+ return processType3(type3Msg, context, sreq, sresp);
}
else
{
if (getLogger().isDebugEnabled())
getLogger().debug("NTLM blob not handled, redirecting to login page.");
- redirectToLoginPage(req, resp);
+ if ( hasLoginPage())
+ redirectToLoginPage(sreq, sresp);
+ else
+ restartLoginChallenge(context, sreq, sresp);
+ return false;
}
}
}
-
+
+
/**
* Process a type 1 NTLM message
*
@@ -444,7 +421,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
* @exception IOException
* @exception ServletException
*/
- protected void processType3(Type3NTLMMessage type3Msg, ServletContext context, HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException
+ protected boolean processType3(Type3NTLMMessage type3Msg, ServletContext context, HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
{
Log logger = getLogger();
@@ -484,8 +461,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
onValidate(context, req, res);
// Allow the user to access the requested page
- chain.doFilter(req, res);
- return;
+ return true;
}
else
{
@@ -599,8 +575,8 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
if (logger.isDebugEnabled())
logger.debug("Failed to validate user " + userName, ex);
- onValidateFailed(req, res, session);
- return;
+ onValidateFailed(context, req, res, session);
+ return false;
}
}
@@ -634,14 +610,15 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
if (onLoginComplete(context, req, res, userInit))
{
// Allow the user to access the requested page
- chain.doFilter(req, res);
+ return true;
}
}
else
{
- restartLoginChallenge(req, res, session);
+ restartLoginChallenge(context, req, res);
}
}
+ return false;
}
/**
@@ -1001,15 +978,19 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
/**
* Restart the NTLM logon process
*
+ * @param context
* @param resp
* @param httpSess
* @throws IOException
*/
- protected void restartLoginChallenge(HttpServletRequest req, HttpServletResponse res, HttpSession session) throws IOException
+ public void restartLoginChallenge(ServletContext context, HttpServletRequest req, HttpServletResponse res) throws IOException
{
// Remove any existing session and NTLM details from the session
- session.removeAttribute(NTLM_AUTH_SESSION);
- session.removeAttribute(NTLM_AUTH_DETAILS);
+ HttpSession session = req.getSession(false);
+ if (session != null)
+ {
+ session.invalidate();
+ }
// Force the logon to start again
res.setHeader(WWW_AUTHENTICATE, AUTH_NTLM);
@@ -1018,6 +999,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
res.flushBuffer();
}
+
/**
* Disable NTLMv2 support, must be called from the implementation constructor
*/
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
index 8f4537bca0..908761604d 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
@@ -23,8 +23,11 @@ import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
+import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -48,7 +51,7 @@ import org.springframework.beans.factory.InitializingBean;
* @author gkspencer
* @author kroast
*/
-public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter, ActivateableBean, InitializingBean
+public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter, AuthenticationDriver, ActivateableBean, InitializingBean
{
// Allow an authentication ticket to be passed as part of a request to bypass authentication
@@ -110,6 +113,27 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
init();
}
}
+
+ /*
+ * (non-Javadoc)
+ * @see org.alfresco.repo.web.filter.beans.DependencyInjectedFilter#doFilter(javax.servlet.ServletContext,
+ * javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ */
+ public void doFilter(ServletContext context, ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException
+ {
+ // If a filter up the chain has marked the request as not requiring auth then respect it
+ if (request.getAttribute( NO_AUTH_REQUIRED) != null)
+ {
+ if ( getLogger().isDebugEnabled())
+ getLogger().debug("Authentication not required (filter), chaining ...");
+ chain.doFilter(request, response);
+ }
+ else if (authenticateRequest(context, (HttpServletRequest) request, (HttpServletResponse) response))
+ {
+ chain.doFilter(request, response);
+ }
+ }
/**
* Initializes the filter. Only called if the filter is active, as indicated by {@link #isActive()}. Subclasses
@@ -138,11 +162,12 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
/**
* Callback executed on failed authentication of a user ticket during Type3 Message processing
*
+ * @param sc the servlet context
* @param req HttpServletRequest
* @param res HttpServletResponse
* @param session HttpSession
*/
- protected void onValidateFailed(HttpServletRequest req, HttpServletResponse res, HttpSession session)
+ protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
throws IOException
{
}
@@ -339,7 +364,7 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
*
* @param ticketsAllowed boolean
*/
- protected final void setTicketLogons( boolean ticketsAllowed)
+ public final void setTicketLogons( boolean ticketsAllowed)
{
m_ticketLogons = ticketsAllowed;
}
diff --git a/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
index 9f642a7df0..007fe5ccf0 100644
--- a/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
@@ -20,13 +20,11 @@ package org.alfresco.repo.webdav.auth;
import java.io.IOException;
-import javax.servlet.ServletException;
+import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.alfresco.repo.SessionUser;
-import org.alfresco.service.cmr.repository.NodeRef;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -39,35 +37,18 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
{
// Debug logging
- private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);
-
-
-
- /* (non-Javadoc)
- * @see org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter#init()
- */
- @Override
- protected void init() throws ServletException
- {
- // Call the base Kerberos filter initialization
-
- super.init();
-
- // Enable ticket based logons
-
- setTicketLogons(true);
- }
+ private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);
/* (non-Javadoc)
- * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidateFailed(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+ * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
*/
@Override
- protected void onValidateFailed(HttpServletRequest req, HttpServletResponse res, HttpSession session)
+ protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
throws IOException
{
// Restart the login challenge process if validation fails
- restartLoginChallenge(req, res, session);
+ restartLoginChallenge(sc, req, res);
}
/* (non-Javadoc)
diff --git a/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java
index 5ecafa1499..131659a181 100644
--- a/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java
@@ -20,6 +20,7 @@ package org.alfresco.repo.webdav.auth;
import java.io.IOException;
+import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -38,31 +39,17 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
// Debug logging
private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class);
-
-
- /* (non-Javadoc)
- * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#init()
- */
- @Override
- protected void init() throws ServletException
- {
- super.init();
-
- // Enable ticket based logons
-
- setTicketLogons( true);
- }
/* (non-Javadoc)
- * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidateFailed(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+ * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
*/
@Override
- protected void onValidateFailed(HttpServletRequest req, HttpServletResponse res, HttpSession session)
+ protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
throws IOException
{
// Restart the login challenge process if validation fails
- restartLoginChallenge(req, res, session);
+ restartLoginChallenge(sc, req, res);
}
/* (non-Javadoc)
diff --git a/source/java/org/alfresco/repo/webdav/auth/SharepointConstants.java b/source/java/org/alfresco/repo/webdav/auth/SharepointConstants.java
new file mode 100644
index 0000000000..0466891215
--- /dev/null
+++ b/source/java/org/alfresco/repo/webdav/auth/SharepointConstants.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2005-2010 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.webdav.auth;
+
+/**
+ * A place to put Sharepoint specific authentication constants.
+ *
+ * @author dward
+ */
+public interface SharepointConstants
+{
+
+ /** The session attribute under which sharepoint {@link AuthenticationDriver}s store their user objects. */
+ public final static String USER_SESSION_ATTRIBUTE = "_vtiAuthTicket";
+
+}