Merged 5.1.N (5.1.1) to HEAD (5.1)

115951 adavis: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) 115852 cturlica: Merged DEV to 5.0.N (5.0.3) 115849 cturlica: MNT-14367: Unable to connect to CMIS 1.0 and CMIS 1.1 API URL in 5.0.1 only with Kerberos SSO enabled - fixed issue caused by re-logon specific restart by the kerberos filter that shouldn't cause the SSO fallback (if fallback SSO is enabled) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@123585 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-21 18:09:20 +00:00 · 2016-03-11 17:26:55 +00:00
parent bd7b19bb61
commit 2dc9c635c9
1 changed files with 17 additions and 3 deletions
--- a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
@@ -358,7 +358,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
                        req.getRemoteAddr() + ":" + req.getRemotePort() + ")");
            
            // Send back a request for SPNEGO authentication
-            logonStartAgain(context, req, resp);
+            logonStartAgain(context, req, resp, true);
            return false;
        }
        else
@@ -643,13 +643,27 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
     * @throws IOException
     */
    public void logonStartAgain(ServletContext context, HttpServletRequest req, HttpServletResponse resp) throws IOException
-	{
+    {
+        logonStartAgain(context, req, resp, false);
+    }
+    
+    /**
+     * The logon to start again
+     *
+     * @param context ServletContext
+     * @param req HttpServletRequest
+     * @param resp HttpServletResponse
+     * @param ignoreFallback ignore fallback
+     * @throws IOException
+     */
+    private void logonStartAgain(ServletContext context, HttpServletRequest req, HttpServletResponse resp, boolean ignoreFallback) throws IOException
+        {
        if (getLogger().isDebugEnabled())
            getLogger().debug("Issuing login challenge to browser.");
        // Force the logon to start again
        resp.setHeader("WWW-Authenticate", "Negotiate");
        
-        if (isFallbackEnabled())
+        if (!ignoreFallback && isFallbackEnabled())
        {
            includeFallbackAuth(context, req, resp);
        }