From 2dc9c635c9d9ce1fc48a904c2abc712b8c2aa0e5 Mon Sep 17 00:00:00 2001
From: Alan Davis <alan.davis@alfresco.com>
Date: Fri, 11 Mar 2016 17:26:55 +0000
Subject: [PATCH] Merged 5.1.N (5.1.1) to HEAD (5.1)    115951 adavis: Merged
 5.0.N (5.0.3) to 5.1.N (5.1.1)       115852 cturlica: Merged DEV to 5.0.N
 (5.0.3)          115849 cturlica: MNT-14367: Unable to connect to CMIS 1.0
 and CMIS 1.1 API URL in 5.0.1 only with Kerberos SSO enabled             -
 fixed issue caused by re-logon specific restart by the kerberos filter that
 shouldn't cause the SSO fallback (if fallback SSO is enabled)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@123585 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../BaseKerberosAuthenticationFilter.java     | 20 ++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
index b535ef912d..c8cb3418f6 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
@@ -358,7 +358,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
                         req.getRemoteAddr() + ":" + req.getRemotePort() + ")");
             
             // Send back a request for SPNEGO authentication
-            logonStartAgain(context, req, resp);
+            logonStartAgain(context, req, resp, true);
             return false;
         }
         else
@@ -643,13 +643,27 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
      * @throws IOException
      */
     public void logonStartAgain(ServletContext context, HttpServletRequest req, HttpServletResponse resp) throws IOException
-	{
+    {
+        logonStartAgain(context, req, resp, false);
+    }
+    
+    /**
+     * The logon to start again
+     *
+     * @param context ServletContext
+     * @param req HttpServletRequest
+     * @param resp HttpServletResponse
+     * @param ignoreFallback ignore fallback
+     * @throws IOException
+     */
+    private void logonStartAgain(ServletContext context, HttpServletRequest req, HttpServletResponse resp, boolean ignoreFallback) throws IOException
+        {
         if (getLogger().isDebugEnabled())
             getLogger().debug("Issuing login challenge to browser.");
         // Force the logon to start again
         resp.setHeader("WWW-Authenticate", "Negotiate");
         
-        if (isFallbackEnabled())
+        if (!ignoreFallback && isFallbackEnabled())
         {
             includeFallbackAuth(context, req, resp);
         }