Merged DEV to 5.2.N (5.2.1)

133903 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" take user disabled status in to account for external authentication subsystem + tests
   133907 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" don't propagate user disabled exception
   133930 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" move test class and add to a test suite
   134295 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
      - Added a test to simulate creation of missing person during external auth log in.
   134315 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
      - Added a fallback to supprt the logging in by non provisioned users.
   134354 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
      - Added a test with deauthorized user. Refactored existing test to start context once.
   134359 jvonka: REPO-1227: External authentication - prevent disabled user from authenticating
      - add log warning (with masked username, similar to brute force attack) if authentication bypassed when setting user details
   134372 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
      - Updated core and data model (contain new logging)
   134390 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
      - isEnabled flag for users is returned correctly
      - Added tests


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@134396 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/web/scripts/servlet/RemoteUserAuthenticatorFactory.java

@@ -27,6 +27,7 @@ package org.alfresco.repo.web.scripts.servlet;
 
 import javax.servlet.http.HttpSession;
 
+import org.alfresco.error.ExceptionStackUtil;
 import org.alfresco.repo.SessionUser;
 import org.alfresco.repo.management.subsystems.ActivateableBean;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
@@ -43,6 +44,8 @@ import org.springframework.extensions.webscripts.Description.RequiredAuthenticat
 import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
 import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse;
 
+import net.sf.acegisecurity.DisabledException;
+
 /**
  * Authenticator to provide Remote User based Header authentication dropping back to Basic Auth otherwise. 
  * Statelessly authenticating via a secure header now does not require a Session so can be used with
@@ -99,9 +102,25 @@ public class RemoteUserAuthenticatorFactory extends BasicHttpAuthenticatorFactor
             final String userId = getRemoteUser();
             if (userId != null)
             {
-                authenticationComponent.setCurrentUser(userId);
-                listener.userAuthenticated(new TicketCredentials(authenticationService.getCurrentTicket()));
-                authenticated = true;
+                try
+                {
+                    authenticationComponent.setCurrentUser(userId);
+                    listener.userAuthenticated(new TicketCredentials(authenticationService.getCurrentTicket()));
+                    authenticated = true;
+                }
+                catch (AuthenticationException authErr)
+                {
+                    // don't propagate if the user is disabled
+                    Throwable disabledCause = ExceptionStackUtil.getCause(authErr, DisabledException.class);
+                    if(disabledCause != null)
+                    {
+                    	listener.authenticationFailed(new WebCredentials() {});
+                    }
+                    else
+                    {
+                        throw authErr;
+                    }
+                }
             }
             else
             {