From 1bfacb7037eaed8f6ce1b87dad983886517303d8 Mon Sep 17 00:00:00 2001 From: Jan Vonka Date: Wed, 14 Oct 2009 09:56:38 +0000 Subject: [PATCH] Merged V3.2 to HEAD 16444: Fix ETHREEOH-2767 - regress: cannot login to MT Share, also fix unreported MT issue with site dashboards 16671: (record-only) Merged V3.1 to V3.2 (record-only - already resolved) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16900 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../repo/web/scripts/RepositoryContainer.java | 22 ++++++------------- .../FacebookAuthenticatorFactory.java | 21 +++++++++++++----- .../JSR168PortletAuthenticatorFactory.java | 15 ++++++++++++- .../BasicHttpAuthenticatorFactory.java | 21 ++++++++++++++---- 4 files changed, 54 insertions(+), 25 deletions(-) diff --git a/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java b/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java index bca255a7ac..4443831220 100644 --- a/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java +++ b/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java @@ -243,11 +243,12 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten WebScript script = scriptReq.getServiceMatch().getWebScript(); Description desc = script.getDescription(); - // Escalate the webscript declared level of authentication to the container required authentication (must be - // guest if MT is enabled) + // Escalate the webscript declared level of authentication to the container required authentication + // eg. must be guest if MT is enabled unless credentials are empty RequiredAuthentication required = desc.getRequiredAuthentication(); RequiredAuthentication containerRequiredAuthentication = getRequiredAuthentication(); - if (required.compareTo(containerRequiredAuthentication) < 0) + + if ((required.compareTo(containerRequiredAuthentication) < 0) && (! auth.emptyCredentials())) { required = containerRequiredAuthentication; } @@ -255,9 +256,9 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten if (required == RequiredAuthentication.none) { - // TODO revisit - cleared here, in-lieu of WebClient clear + // TODO revisit - cleared here, in-lieu of WebClient clear AuthenticationUtil.clearCurrentSecurityContext(); - + transactionedExecuteAs(script, scriptReq, scriptRes); } else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest) @@ -312,7 +313,7 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten if (logger.isDebugEnabled()) { String user = AuthenticationUtil.getFullyAuthenticatedUser(); - logger.debug("Authentication reset: " + (user == null ? "unauthenticated" : "authenticated as " + user)); + logger.debug("Authentication reset: " + (user == null ? "unauthenticated" : "authenticated as " + user)); } } } @@ -457,15 +458,6 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten @Override public Registry getRegistry() { - if (AuthenticationUtil.isMtEnabled()) - { - String user = AuthenticationUtil.getRunAsUser(); - if (user == null) - { - throw new RuntimeException("Failed to getRegistry: need to pre-authenticate in MT environment"); - } - } - String tenantDomain = tenantAdminService.getCurrentUserDomain(); Registry registry = webScriptsRegistryCache.get(tenantDomain); if (registry == null) diff --git a/source/java/org/alfresco/repo/web/scripts/facebook/FacebookAuthenticatorFactory.java b/source/java/org/alfresco/repo/web/scripts/facebook/FacebookAuthenticatorFactory.java index a2080bcdd4..30f509d9cd 100644 --- a/source/java/org/alfresco/repo/web/scripts/facebook/FacebookAuthenticatorFactory.java +++ b/source/java/org/alfresco/repo/web/scripts/facebook/FacebookAuthenticatorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -82,6 +82,9 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory private FacebookServletRequest fbReq; private WebScriptServletResponse fbRes; + private String sessionKey; + private String user; + /** * Construct * @@ -93,6 +96,9 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory { this.fbReq = req; this.fbRes = res; + + this.sessionKey = fbReq.getSessionKey(); + this.user = fbReq.getUserId(); } /* (non-Javadoc) @@ -100,16 +106,13 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory */ public boolean authenticate(RequiredAuthentication required, boolean isGuest) { - String sessionKey = fbReq.getSessionKey(); - String user = fbReq.getUserId(); - if (logger.isDebugEnabled()) { logger.debug("fb_sig_session_key = '" + sessionKey + "'"); logger.debug("fb_sig_user = '" + user + "'"); } - if ((sessionKey == null || sessionKey.length() == 0) || (user == null || user.length() == 0)) + if (emptyCredentials()) { // session has not been established, redirect to login @@ -145,6 +148,14 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory AuthenticationUtil.setFullyAuthenticatedUser(user); return true; } + + /* (non-Javadoc) + * @see org.alfresco.web.scripts.Authenticator#emptyCredentials() + */ + public boolean emptyCredentials() + { + return ((sessionKey == null || sessionKey.length() == 0) || (user == null || user.length() == 0)); + } } } \ No newline at end of file diff --git a/source/java/org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.java b/source/java/org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.java index ecc2dc249f..0ecd518a18 100644 --- a/source/java/org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.java +++ b/source/java/org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -168,6 +168,19 @@ public class JSR168PortletAuthenticatorFactory implements PortletAuthenticatorFa return true; } + + /* (non-Javadoc) + * @see org.alfresco.web.scripts.Authenticator#emptyCredentials() + */ + public boolean emptyCredentials() + { + String portalUser = (String)req.getPortletSession().getAttribute(WebScriptPortletRequest.ALFPORTLETUSERNAME); + if (portalUser == null) + { + portalUser = req.getRemoteUser(); + } + return (portalUser == null); + } } } diff --git a/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java b/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java index 7e241cc12f..8d08de044d 100644 --- a/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java +++ b/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -81,6 +81,9 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor private WebScriptServletRequest servletReq; private WebScriptServletResponse servletRes; + private String authorization; + private String ticket; + /** * Construct * @@ -92,6 +95,11 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor { this.servletReq = req; this.servletRes = res; + + HttpServletRequest httpReq = servletReq.getHttpServletRequest(); + + this.authorization = httpReq.getHeader("Authorization"); + this.ticket = httpReq.getParameter("alf_ticket"); } /* (non-Javadoc) @@ -105,10 +113,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor // validate credentials // - HttpServletRequest req = servletReq.getHttpServletRequest(); HttpServletResponse res = servletRes.getHttpServletResponse(); - String authorization = req.getHeader("Authorization"); - String ticket = req.getParameter("alf_ticket"); if (logger.isDebugEnabled()) { @@ -198,6 +203,14 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor } return authorized; } + + /* (non-Javadoc) + * @see org.alfresco.web.scripts.Authenticator#emptyCredentials() + */ + public boolean emptyCredentials() + { + return ((ticket == null || ticket.length() == 0) && (authorization == null || authorization.length() == 0)); + } } } \ No newline at end of file