From 0fb90a52043cc9b18b6cba95ac9acae4079e87bd Mon Sep 17 00:00:00 2001
From: David Caruana <david.caruana@alfresco.com>
Date: Thu, 21 Jun 2007 12:14:42 +0000
Subject: [PATCH] Web Scripts - support for JSR-168 authenticator (without Web
 Client dependency)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6050 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../web-scripts-application-context.xml       |  6 +-
 .../portlet/JSR168PortletAuthenticator.java   | 96 +++++++++++++++++++
 .../web/scripts/portlet/WebScriptPortlet.java | 14 ++-
 source/web/WEB-INF/portlet.xml                | 16 ++++
 4 files changed, 130 insertions(+), 2 deletions(-)
 create mode 100644 source/java/org/alfresco/web/scripts/portlet/JSR168PortletAuthenticator.java

diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml
index b10279545a..cba9841713 100644
--- a/config/alfresco/web-scripts-application-context.xml
+++ b/config/alfresco/web-scripts-application-context.xml
@@ -95,7 +95,11 @@
    </bean>
 
    <!--  JSR-168 Authenticator (Portal based) -->
-   <bean id="webscripts.authenticator.jsr168" class="org.alfresco.web.scripts.portlet.WebClientPortletAuthenticator">
+   <bean id="webscripts.authenticator.jsr168" class="org.alfresco.web.scripts.portlet.JSR168PortletAuthenticator">
+      <property name="authenticationService" ref="AuthenticationService" />
+   </bean>
+   <!--  -->
+   <bean id="webscripts.authenticator.jsr168.webclient" class="org.alfresco.web.scripts.portlet.WebClientPortletAuthenticator">
       <property name="scriptContext" ref="webscripts.context" />
       <property name="authenticationService" ref="AuthenticationService" />
    </bean>
diff --git a/source/java/org/alfresco/web/scripts/portlet/JSR168PortletAuthenticator.java b/source/java/org/alfresco/web/scripts/portlet/JSR168PortletAuthenticator.java
new file mode 100644
index 0000000000..50dba4f432
--- /dev/null
+++ b/source/java/org/alfresco/web/scripts/portlet/JSR168PortletAuthenticator.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.web.scripts.portlet;
+
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.service.cmr.security.AuthenticationService;
+import org.alfresco.web.scripts.WebScriptException;
+import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+
+/**
+ * Portlet authenticator
+ * 
+ * @author davidc
+ */
+public class JSR168PortletAuthenticator implements WebScriptPortletAuthenticator
+{
+    // Logger
+    private static final Log logger = LogFactory.getLog(JSR168PortletAuthenticator.class);
+
+    // dependencies
+    private AuthenticationService authenticationService;
+    
+    /**
+     * @param authenticationService
+     */
+    public void setAuthenticationService(AuthenticationService authenticationService)
+    {
+        this.authenticationService = authenticationService;
+    }
+    
+    
+    /* (non-Javadoc)
+     * @see org.alfresco.web.scripts.portlet.WebScriptPortletAuthenticator#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean, javax.portlet.RenderRequest, javax.portlet.RenderResponse)
+     */
+    public boolean authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res)
+    {
+        String portalUser = req.getRemoteUser();
+        
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("JSR-168 Remote user: " + portalUser);
+        }
+
+        if (isGuest || portalUser == null)
+        {
+            if (logger.isDebugEnabled())
+                logger.debug("Authenticating as Guest");
+            
+            // authenticate as guest
+            AuthenticationUtil.setCurrentUser(AuthenticationUtil.getGuestUserName());
+        }
+        else
+        {
+            if (logger.isDebugEnabled())
+                logger.debug("Authenticating as user " + portalUser);
+            
+            if (!authenticationService.authenticationExists(portalUser))
+            {
+                throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "User " + portalUser + " is not a known Alfresco user");
+            }
+            AuthenticationUtil.setCurrentUser(portalUser);
+        }
+        
+        return true;
+    }
+
+}
diff --git a/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java b/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java
index 14ff1eea05..b54d389646 100644
--- a/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java
+++ b/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java
@@ -92,7 +92,19 @@ public class WebScriptPortlet implements Portlet
         registry = (DeclarativeWebScriptRegistry)ctx.getBean("webscripts.registry");
         transactionHelper = (RetryingTransactionHelper)ctx.getBean("retryingTransactionHelper");
         authorityService = (AuthorityService)ctx.getBean("authorityService");
-        authenticator = (WebScriptPortletAuthenticator)ctx.getBean("webscripts.authenticator.jsr168");
+        
+        // retrieve authenticator via portlet initialization parameter
+        String authenticatorId = config.getInitParameter("authenticator");
+        if (authenticatorId == null || authenticatorId.length() == 0)
+        {
+            authenticatorId = "webscripts.authenticator.jsr168";
+        }
+        Object bean = ctx.getBean(authenticatorId);
+        if (bean == null || !(bean instanceof WebScriptPortletAuthenticator))
+        {
+            throw new PortletException("Initialisation parameter 'authenticator' does not refer to a Web Script authenticator (" + authenticatorId + ")");
+        }
+        authenticator = (WebScriptPortletAuthenticator)bean;
     }
 
     /* (non-Javadoc)
diff --git a/source/web/WEB-INF/portlet.xml b/source/web/WEB-INF/portlet.xml
index e1ba5f2557..4ea642598c 100644
--- a/source/web/WEB-INF/portlet.xml
+++ b/source/web/WEB-INF/portlet.xml
@@ -27,6 +27,10 @@
         <portlet-name>AlfrescoMyTasks</portlet-name>
         <portlet-class>org.alfresco.web.scripts.portlet.WebScriptPortlet</portlet-class>
         
+        <init-param>
+           <name>authenticator</name>
+           <value>webscripts.authenticator.jsr168.webclient</value>
+        </init-param>
         <init-param>
            <name>scriptUrl</name>
            <value>/alfresco/168s/mytasks</value>
@@ -48,6 +52,10 @@
         <portlet-name>AlfrescoDocList</portlet-name>
         <portlet-class>org.alfresco.web.scripts.portlet.WebScriptPortlet</portlet-class>
         
+        <init-param>
+           <name>authenticator</name>
+           <value>webscripts.authenticator.jsr168.webclient</value>
+        </init-param>
         <init-param>
            <name>scriptUrl</name>
            <value>/alfresco/168s/doclist</value>
@@ -69,6 +77,10 @@
         <portlet-name>AlfrescoMySpaces</portlet-name>
         <portlet-class>org.alfresco.web.scripts.portlet.WebScriptPortlet</portlet-class>
         
+        <init-param>
+           <name>authenticator</name>
+           <value>webscripts.authenticator.jsr168.webclient</value>
+        </init-param>
         <init-param>
            <name>scriptUrl</name>
            <value>/alfresco/168s/myspaces</value>
@@ -90,6 +102,10 @@
         <portlet-name>AlfrescoMyWebForms</portlet-name>
         <portlet-class>org.alfresco.web.scripts.portlet.WebScriptPortlet</portlet-class>
         
+        <init-param>
+           <name>authenticator</name>
+           <value>webscripts.authenticator.jsr168.webclient</value>
+        </init-param>
         <init-param>
            <name>scriptUrl</name>
            <value>/alfresco/168s/mywebforms</value>