- AJAX framework now handles unauthenticated requests properly

- Removed JavaScript layer above dojo - Minor updates following wiki writeup git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3331 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2006-07-17 12:01:48 +00:00
parent 9f0066637a
commit 1c5f72db89
3 changed files with 22 additions and 56 deletions
--- a/source/java/org/alfresco/web/app/servlet/BaseServlet.java
+++ b/source/java/org/alfresco/web/app/servlet/BaseServlet.java
@@ -103,8 +103,22 @@ public abstract class BaseServlet extends HttpServlet
    * 
    * @throws IOException
    */
-   public AuthenticationStatus servletAuthenticate(HttpServletRequest req, HttpServletResponse res)
+   public AuthenticationStatus servletAuthenticate(HttpServletRequest req, HttpServletResponse res) 
      throws IOException
+   {
+      return servletAuthenticate(req, res, true);
+   }
+   
+   /**
+    * Perform an authentication for the servlet request URI. Processing any "ticket" or
+    * "guest" URL arguments.
+    * 
+    * @return AuthenticationStatus
+    * 
+    * @throws IOException
+    */
+   public AuthenticationStatus servletAuthenticate(HttpServletRequest req, HttpServletResponse res,
+         boolean redirectToLoginPage) throws IOException
   {
      AuthenticationStatus status;
      
@@ -124,9 +138,9 @@ public abstract class BaseServlet extends HttpServlet
         }
         status = AuthenticationHelper.authenticate(getServletContext(), req, res, forceGuest);
      }
-      if (status == AuthenticationStatus.Failure)
+      if (status == AuthenticationStatus.Failure && redirectToLoginPage)
      {
-         // authentication failed - now need to display the login page to the user
+         // authentication failed - now need to display the login page to the user, if asked to
         redirectToLoginPage(req, res, getServletContext());
      }
      
--- a/source/java/org/alfresco/web/app/servlet/ajax/AjaxServlet.java
+++ b/source/java/org/alfresco/web/app/servlet/ajax/AjaxServlet.java
@@ -22,9 +22,7 @@ import org.apache.commons.logging.LogFactory;
 * The URL to the servlet should be in the form:
 * <pre>/alfresco/ajax/command/Bean.binding.expression</pre>
 * <p>
- * where 'command' is one of 'invoke', 'get' or 'set'.
- * <p>
- * TODO: Explain what the commands do...
+ * See http://wiki.alfresco.com/wiki/AJAX_Support for details.
 * <p>
 * Like most Alfresco servlets, the URL may be followed by a valid 'ticket' argument for authentication:
 * ?ticket=1234567890
@@ -69,14 +67,12 @@ public class AjaxServlet extends BaseServlet
            }
         }
         
-         // ************
-         // TODO: Need to send in a flag to method to stop it from redirecting
-         //       to login page, we can then throw an error in here!!
-         
-         AuthenticationStatus status = servletAuthenticate(request, response);
+         // Make sure the user is authenticated, if not throw an error to return the 
+         // 500 Internal Server Error code back to the client
+         AuthenticationStatus status = servletAuthenticate(request, response, false);
         if (status == AuthenticationStatus.Failure)
         {
-            return;
+            throw new AlfrescoRuntimeException("Access Denied: User not authenticated");
         }
         
         uri = uri.substring(request.getContextPath().length());
@@ -109,10 +105,6 @@ public class AjaxServlet extends BaseServlet
         {
            command = new GetCommand();
         }
-//         else if (Command.set.toString().equals(commandName))
-//         {
-//            command = new SetCommand();
-//         }
         else
         {
            throw new AlfrescoRuntimeException("Unrecognised command received: " + commandName);
--- a/source/web/scripts/ajax.js
+++ b/source/web/scripts/ajax.js
@@ -3,46 +3,6 @@
 // Gavin Cornwell 14-07-2006
 //

-/**
- * Makes an AJAX request to the server using POST. A text/html response
- * is presumed.
- *
- * @param context The name of the application, normally "/alfresco"
- * @param command The AJAX command to call, either 'invoke', 'get' or 'set'
- * @param expression The managed bean expression
- * @param callbackHandler The function to callback when the request completes
- */
-function ajaxPostRequest(context, command, expression, callbackHandler)
-{
-   makeAjaxRequest(context, command, expression, null, callbackHandler, 
-                   "post", "text/html");
-}
-
-/**
- * Makes an AJAX request to the server using POST.
- *
- * @param context The name of the application, normally "/alfresco"
- * @param command The AJAX command to call, either 'invoke', 'get' or 'set'
- * @param expression The managed bean expression
- * @param parameters Set of parameters to pass with the request
- * @param callbackHandler The function to callback when the request completes
- * @param method The HTTP method to use for the request either "get" or "post"
- * @param contentType The mimetype to expect from the server
- */
-function makeAjaxRequest(context, command, expression, parameters, 
-                         callbackHandler, method, contentType)
-{
-   // use dojo to do the actual work
-   dojo.io.bind({
-      method: method,
-      url: context + "/ajax/" + command + "/" + expression,
-      content: parameters,
-      load: callbackHandler,
-      error: handleErrorDojo,
-      mimetype: contentType
-   });
-}
-
 /**
 * Default handler for errors
 */