From 12d42a1fd04b1ca87d840187d18e985b0844b70a Mon Sep 17 00:00:00 2001
From: Alan Davis <alan.davis@alfresco.com>
Date: Sat, 31 Jan 2015 12:20:43 +0000
Subject: [PATCH] Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)    93267:
 Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)       93242: Merged
 V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.1)          93175: MNT-12484: Merged DEV
 to V4.2-BUG-FIX (4.2.5)             89773: MNT-12484: VTI server fails to
 authenticate behind an AJP proxy if HTTP authentication headers are sent in
 addition to the REMOTE_USER CGI variable                - For VTI give
 precedence to external authentication with remote user over HTTP Basic

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94951 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../auth/BasicAuthenticationHandler.java      | 29 +++++++++----------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
index 4761ffd85d..31cc790241 100644
--- a/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
+++ b/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2013 Alfresco Software Limited.
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
  *
  * This file is part of Alfresco
  *
@@ -106,6 +106,18 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
         SessionUser sessionUser = session == null ? null : (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
         if (sessionUser == null)
         {
+            if (remoteUserMapper != null && (!(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive()))
+            {
+                String userId = remoteUserMapper.getRemoteUser(request);
+                if (userId != null)
+                {
+                    // authenticated by other
+                    authenticationComponent.setCurrentUser(userId);
+
+                    request.getSession().setAttribute(USER_SESSION_ATTRIBUTE, new User(userId, authenticationService.getCurrentTicket(), personService.getPerson(userId)));
+                    return true;
+                }
+            }
             if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
             {
                 String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes()));
@@ -152,21 +164,6 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
                     authenticationListener.authenticationFailed(new BasicAuthCredentials(username, password), ex);
                 }
             }
-            else
-            {
-                if (remoteUserMapper != null && (!(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive()))
-                {
-                    String userId = remoteUserMapper.getRemoteUser(request);
-                    if (userId != null)
-                    {
-                        // authenticated by other
-                        authenticationComponent.setCurrentUser(userId);
-
-                        request.getSession().setAttribute(USER_SESSION_ATTRIBUTE, new User(userId, authenticationService.getCurrentTicket(), personService.getPerson(userId)));
-                        return true;
-                    }
-                }
-            }
         }
         else
         {