Merged V3.2 to HEAD

16444: Fix ETHREEOH-2767 - regress: cannot login to MT Share, also fix unreported MT issue with site dashboards 16671: (record-only) Merged V3.1 to V3.2 (record-only - already resolved) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16900 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2009-10-14 09:56:38 +00:00
parent c90128c200
commit 1bfacb7037
4 changed files with 54 additions and 25 deletions
--- a/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
+++ b/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
@@ -243,11 +243,12 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
        WebScript script = scriptReq.getServiceMatch().getWebScript();
        Description desc = script.getDescription();
-        // Escalate the webscript declared level of authentication to the container required authentication (must be
+        // Escalate the webscript declared level of authentication to the container required authentication
-        // guest if MT is enabled)
+        // eg. must be guest if MT is enabled unless credentials are empty
        RequiredAuthentication required = desc.getRequiredAuthentication();
        RequiredAuthentication containerRequiredAuthentication = getRequiredAuthentication();
-        if (required.compareTo(containerRequiredAuthentication) < 0)
+        
        if ((required.compareTo(containerRequiredAuthentication) < 0) && (! auth.emptyCredentials()))
        {
            required = containerRequiredAuthentication;
        }
@@ -457,15 +458,6 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
    @Override
    public Registry getRegistry()
    {
        if (AuthenticationUtil.isMtEnabled())
        {
            String user = AuthenticationUtil.getRunAsUser();
            if (user == null)
            {
                throw new RuntimeException("Failed to getRegistry: need to pre-authenticate in MT environment");
            }
        }
        String tenantDomain = tenantAdminService.getCurrentUserDomain();
        Registry registry = webScriptsRegistryCache.get(tenantDomain);
        if (registry == null)
--- a/source/java/org/alfresco/repo/web/scripts/facebook/FacebookAuthenticatorFactory.java
+++ b/source/java/org/alfresco/repo/web/scripts/facebook/FacebookAuthenticatorFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -82,6 +82,9 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory
        private FacebookServletRequest fbReq;
        private WebScriptServletResponse fbRes;
        private String sessionKey;
        private String user;
        /**
         * Construct
         * 
@@ -93,6 +96,9 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory
        {
            this.fbReq = req;
            this.fbRes = res;
            this.sessionKey = fbReq.getSessionKey();
            this.user = fbReq.getUserId();
        }
        /* (non-Javadoc)
@@ -100,16 +106,13 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory
         */
        public boolean authenticate(RequiredAuthentication required, boolean isGuest)
        {
    	    String sessionKey = fbReq.getSessionKey();
    	    String user = fbReq.getUserId();
    	    if (logger.isDebugEnabled())
    	    {
    	    	logger.debug("fb_sig_session_key = '" + sessionKey + "'");
    	    	logger.debug("fb_sig_user = '" + user + "'");
    	    }
-            if ((sessionKey == null || sessionKey.length() == 0) || (user == null || user.length() == 0))
+            if (emptyCredentials())
            {
            	// session has not been established, redirect to login
@@ -145,6 +148,14 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory
            AuthenticationUtil.setFullyAuthenticatedUser(user);
        	return true;
        }
        /* (non-Javadoc)
         * @see org.alfresco.web.scripts.Authenticator#emptyCredentials()
         */
        public boolean emptyCredentials()
        {
            return ((sessionKey == null || sessionKey.length() == 0) || (user == null || user.length() == 0));
        }
    }
 }
--- a/source/java/org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.java
+++ b/source/java/org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -168,6 +168,19 @@ public class JSR168PortletAuthenticatorFactory implements PortletAuthenticatorFa
            return true;
        }
        /* (non-Javadoc)
         * @see org.alfresco.web.scripts.Authenticator#emptyCredentials()
         */
        public boolean emptyCredentials()
        {
            String portalUser = (String)req.getPortletSession().getAttribute(WebScriptPortletRequest.ALFPORTLETUSERNAME);
            if (portalUser == null)
            {
                portalUser = req.getRemoteUser();
            }
            return (portalUser == null);
        }
    }
 }
--- a/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
+++ b/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -81,6 +81,9 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
        private WebScriptServletRequest servletReq;
        private WebScriptServletResponse servletRes;
        private String authorization;
        private String ticket;
        /**
         * Construct
         * 
@@ -92,6 +95,11 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
        {
            this.servletReq = req;
            this.servletRes = res;
            HttpServletRequest httpReq = servletReq.getHttpServletRequest();
            this.authorization = httpReq.getHeader("Authorization");
            this.ticket = httpReq.getParameter("alf_ticket");
        }
        /* (non-Javadoc)
@@ -105,10 +113,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
            // validate credentials
            // 
            HttpServletRequest req = servletReq.getHttpServletRequest();
            HttpServletResponse res = servletRes.getHttpServletResponse();
            String authorization = req.getHeader("Authorization");
            String ticket = req.getParameter("alf_ticket");
            if (logger.isDebugEnabled())
            {
@@ -198,6 +203,14 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
            }
            return authorized;
        }
        /* (non-Javadoc)
         * @see org.alfresco.web.scripts.Authenticator#emptyCredentials()
         */
        public boolean emptyCredentials()
        {
            return ((ticket == null || ticket.length() == 0) && (authorization == null || authorization.length() == 0));
        }
    }
 }