mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
Merged 5.2.0 (5.2.0) to HEAD (5.2)
134416 amukha: Merged 5.2.N (5.2.1) to 5.2.0 (5.2.0)
134396 amukha: Merged DEV to 5.2.N (5.2.1)
133903 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" take user disabled status in to account for external authentication subsystem + tests
133907 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" don't propagate user disabled exception
133930 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" move test class and add to a test suite
134295 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Added a test to simulate creation of missing person during external auth log in.
134315 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Added a fallback to supprt the logging in by non provisioned users.
134354 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Added a test with deauthorized user. Refactored existing test to start context once.
134359 jvonka: REPO-1227: External authentication - prevent disabled user from authenticating
- add log warning (with masked username, similar to brute force attack) if authentication bypassed when setting user details
134372 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Updated core and data model (contain new logging)
134390 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- isEnabled flag for users is returned correctly
- Added tests
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@134976 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
@@ -27,6 +27,7 @@ package org.alfresco.repo.web.scripts.servlet;
|
||||
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.alfresco.error.ExceptionStackUtil;
|
||||
import org.alfresco.repo.SessionUser;
|
||||
import org.alfresco.repo.management.subsystems.ActivateableBean;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
@@ -43,6 +44,8 @@ import org.springframework.extensions.webscripts.Description.RequiredAuthenticat
|
||||
import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
|
||||
import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse;
|
||||
|
||||
import net.sf.acegisecurity.DisabledException;
|
||||
|
||||
/**
|
||||
* Authenticator to provide Remote User based Header authentication dropping back to Basic Auth otherwise.
|
||||
* Statelessly authenticating via a secure header now does not require a Session so can be used with
|
||||
@@ -99,9 +102,25 @@ public class RemoteUserAuthenticatorFactory extends BasicHttpAuthenticatorFactor
|
||||
final String userId = getRemoteUser();
|
||||
if (userId != null)
|
||||
{
|
||||
authenticationComponent.setCurrentUser(userId);
|
||||
listener.userAuthenticated(new TicketCredentials(authenticationService.getCurrentTicket()));
|
||||
authenticated = true;
|
||||
try
|
||||
{
|
||||
authenticationComponent.setCurrentUser(userId);
|
||||
listener.userAuthenticated(new TicketCredentials(authenticationService.getCurrentTicket()));
|
||||
authenticated = true;
|
||||
}
|
||||
catch (AuthenticationException authErr)
|
||||
{
|
||||
// don't propagate if the user is disabled
|
||||
Throwable disabledCause = ExceptionStackUtil.getCause(authErr, DisabledException.class);
|
||||
if(disabledCause != null)
|
||||
{
|
||||
listener.authenticationFailed(new WebCredentials() {});
|
||||
}
|
||||
else
|
||||
{
|
||||
throw authErr;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user