From 3e5aa0c84a3dc956ccb46e114090d993f0e8c327 Mon Sep 17 00:00:00 2001
From: Kevin Roast <kevin.roast@alfresco.com>
Date: Wed, 18 Jan 2006 16:42:27 +0000
Subject: [PATCH] Checkpoint of client Guest access implementation

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2140 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../web/app/portlet/AlfrescoFacesPortlet.java | 32 ++++++-
 .../web/app/servlet/AuthenticationHelper.java | 89 ++++++++++++++++++-
 .../java/org/alfresco/web/bean/LoginBean.java | 23 +++++
 source/web/jsp/login.jsp                      | 26 ++++++
 source/web/jsp/relogin.jsp                    | 17 ++++
 5 files changed, 182 insertions(+), 5 deletions(-)

diff --git a/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java b/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java
index 10df8f9b77..0964370f69 100644
--- a/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java
+++ b/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java
@@ -40,6 +40,7 @@ import org.alfresco.web.app.Application;
 import org.alfresco.web.app.servlet.AuthenticationHelper;
 import org.alfresco.web.bean.ErrorBean;
 import org.alfresco.web.bean.FileUploadBean;
+import org.alfresco.web.bean.LoginBean;
 import org.alfresco.web.bean.repository.User;
 import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
@@ -59,6 +60,7 @@ import org.springframework.web.context.WebApplicationContext;
  */
 public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
 {
+   private static final String PREF_ALF_USERNAME = "_alfUserName";
    public static final String INSTANCE_NAME = "AlfrescoClientInstance";
    public static final String MANAGED_BEAN_PREFIX = "javax.portlet.p." + INSTANCE_NAME + "?";
    
@@ -146,7 +148,6 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
          }
          else
          {
-            String viewId = request.getParameter(VIEW_ID);
             User user = (User)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
             if (user != null)
             {
@@ -158,6 +159,23 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
                   AuthenticationService auth = (AuthenticationService)ctx.getBean("authenticationService");
                   auth.validate(user.getTicket());
                   
+                  // save last username into portlet preferences, get from LoginBean state
+                  LoginBean loginBean = (LoginBean)request.getPortletSession().getAttribute(AuthenticationHelper.LOGIN_BEAN);
+                  if (loginBean != null)
+                  {
+                     //
+                     // TODO: Need to login to JBoss Portal to get a user here to store prefs against
+                     //       so not really a suitable solution as they get thrown away at present!
+                     //       Also would need to store prefs PER user - so auto login for each...?
+                     //
+                     String oldValue = request.getPreferences().getValue(PREF_ALF_USERNAME, null);
+                     if (oldValue == null || oldValue.equals(loginBean.getUsernameInternal()) == false)
+                     {
+                        request.getPreferences().setValue(PREF_ALF_USERNAME, loginBean.getUsernameInternal());
+                        request.getPreferences().store();
+                     }
+                  }
+                  
                   // do the normal JSF processing
                   super.processAction(request, response);
                }
@@ -226,6 +244,7 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
       {
          // if we have no User object in the session then an HTTP Session timeout must have occured
          // use the viewId to check that we are not already on the login page
+         PortletSession session = request.getPortletSession();
          String viewId = request.getParameter(VIEW_ID);
          User user = (User)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
          if (user == null && (viewId == null || viewId.equals(getLoginPage()) == false))
@@ -233,6 +252,10 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
             if (logger.isDebugEnabled())
                logger.debug("No valid User login, requesting login page. ViewId: " + viewId);
             
+            // set last used username as special session value used by the LoginBean
+            session.setAttribute(AuthenticationHelper.SESSION_USERNAME,
+                  request.getPreferences().getValue(PREF_ALF_USERNAME, null));
+            
             // login page redirect
             response.setContentType("text/html");
             request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
@@ -240,6 +263,13 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
          }
          else
          {
+            if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) != null)
+            {
+               // remove the username preference value as explicit logout was requested by the user
+               request.getPreferences().reset(PREF_ALF_USERNAME);
+               session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
+            }
+            
             try
             {
                if (user != null)
diff --git a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
index 347118da0f..ee40374bdf 100644
--- a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
+++ b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
@@ -19,6 +19,7 @@ package org.alfresco.web.app.servlet;
 import java.io.IOException;
 
 import javax.servlet.ServletContext;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -27,25 +28,44 @@ import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.web.app.Application;
 import org.alfresco.web.app.portlet.AlfrescoFacesPortlet;
+import org.alfresco.web.bean.LoginBean;
 import org.alfresco.web.bean.repository.User;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
 
 /**
+ * Helper to authenticate the current user using available Ticket information.
+ * 
  * @author Kevin Roast
  */
 public final class AuthenticationHelper
 {
-   public final static String AUTHENTICATION_USER = "_alfAuthTicket";
+   public static final String AUTHENTICATION_USER = "_alfAuthTicket";
+   public static final String SESSION_USERNAME = "_alfLastUser";
+   public static final String SESSION_INVALIDATED = "_alfSessionInvalid";
+   public static final String LOGIN_BEAN = "LoginBean";
    
+   private static final String AUTHENTICATION_SERVICE = "authenticationService";
+   private static final String COOKIE_ALFUSER = "alfUser";
+   
+   /**
+    * Helper to authenticate the current user using session based Ticket information.
+    * <p>
+    * User information is looked up in the Session. If found the ticket is retrieved and validated.
+    * If no User info is found or the ticket is invalid then a redirect is performed to the login page. 
+    * 
+    * @return true if authentication successful, false otherwise.
+    */
    public static boolean authenticate(ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse)
       throws IOException
    {
       // examine the appropriate session for our User object
       User user;
+      LoginBean loginBean = null;
       if (Application.inPortalServer() == false)
       {
          user = (User)httpRequest.getSession().getAttribute(AUTHENTICATION_USER);
+         loginBean = (LoginBean)httpRequest.getSession().getAttribute(LOGIN_BEAN);
       }
       else
       {
@@ -54,7 +74,7 @@ public final class AuthenticationHelper
       
       if (user == null)
       {
-         // no user/ticket - redirect to login page
+         // no user/ticket found - redirect to login page
          httpResponse.sendRedirect(httpRequest.getContextPath() + "/faces" + Application.getLoginPage(context));
          
          return false;
@@ -63,7 +83,7 @@ public final class AuthenticationHelper
       {
          // setup the authentication context
          WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
-         AuthenticationService auth = (AuthenticationService)ctx.getBean("authenticationService");
+         AuthenticationService auth = (AuthenticationService)ctx.getBean(AUTHENTICATION_SERVICE);
          try
          {
             auth.validate(user.getTicket());
@@ -75,6 +95,12 @@ public final class AuthenticationHelper
             return false;
          }
          
+         // set last authentication username cookie value
+         if (loginBean != null)
+         {
+            setUsernameCookie(httpRequest, httpResponse, loginBean.getUsernameInternal());
+         }
+         
          // Set the current locale
          I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession()));
          
@@ -82,12 +108,17 @@ public final class AuthenticationHelper
       }
    }
    
+   /**
+    * Helper to authenticate the current user using the supplied Ticket value.
+    * 
+    * @return true if authentication successful, false otherwise.
+    */
    public static boolean authenticate(ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse, String ticket)
       throws IOException
    {
       // setup the authentication context
       WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
-      AuthenticationService auth = (AuthenticationService)ctx.getBean("authenticationService");
+      AuthenticationService auth = (AuthenticationService)ctx.getBean(AUTHENTICATION_SERVICE);
       try
       {
          auth.validate(ticket);
@@ -102,4 +133,54 @@ public final class AuthenticationHelper
       
       return true;
    }
+   
+   /**
+    * Setup the Alfresco auth cookie value.
+    * 
+    * @param httpRequest
+    * @param httpResponse
+    * @param username
+    */
+   public static void setUsernameCookie(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String username)
+   {
+      Cookie authCookie = getAuthCookie(httpRequest);
+      if (authCookie == null)
+      {
+         authCookie = new Cookie(COOKIE_ALFUSER, username);
+      }
+      else
+      {
+         authCookie.setValue(username);
+      }
+      authCookie.setPath(httpRequest.getContextPath());
+      // TODO: make this configurable - currently 7 days (value in seconds)
+      authCookie.setMaxAge(60*60*24*7);
+      httpResponse.addCookie(authCookie);
+   }
+   
+   /**
+    * Helper to return the Alfresco auth cookie. The cookie saves the last used username value.
+    * 
+    * @param httpRequest
+    * 
+    * @return Cookie if found or null if not present
+    */
+   public static Cookie getAuthCookie(HttpServletRequest httpRequest)
+   {
+      Cookie authCookie = null;
+      Cookie[] cookies = httpRequest.getCookies();
+      if (cookies != null)
+      {
+         for (int i=0; i<cookies.length; i++)
+         {
+            if (COOKIE_ALFUSER.equals(cookies[i].getName()))
+            {
+               // found cookie
+               authCookie = cookies[i];
+               break;
+            }
+         }
+      }
+      return authCookie;
+   }
 }
diff --git a/source/java/org/alfresco/web/bean/LoginBean.java b/source/java/org/alfresco/web/bean/LoginBean.java
index 0cae177aa5..aa88d67d03 100644
--- a/source/java/org/alfresco/web/bean/LoginBean.java
+++ b/source/java/org/alfresco/web/bean/LoginBean.java
@@ -135,6 +135,23 @@ public class LoginBean
     * @return The username string from login dialog
     */
    public String getUsername()
+   {
+      // this value may have been set by a servlet filter via a cookie
+      // check for this by detecting a special value in the session
+      FacesContext context = FacesContext.getCurrentInstance();
+      Map session = context.getExternalContext().getSessionMap();
+      
+      String username = (String)session.get(AuthenticationHelper.SESSION_USERNAME);
+      if (username != null)
+      {
+         session.remove(AuthenticationHelper.SESSION_USERNAME);
+         this.username = username;
+      }
+      
+      return this.username;
+   }
+   
+   public String getUsernameInternal()
    {
       return this.username;
    }
@@ -446,6 +463,12 @@ public class LoginBean
          this.authenticationService.invalidateTicket(user.getTicket());
       }
       
+      // Request that the username cookie state is removed - this is not
+      // possible from JSF - so instead we setup a session variable
+      // which will be detected by the login.jsp/Portlet as appropriate.
+      session = context.getExternalContext().getSessionMap();
+      session.put(AuthenticationHelper.SESSION_INVALIDATED, true);
+      
       // set language to last used
       if (this.language != null && this.language.length() != 0)
       {
diff --git a/source/web/jsp/login.jsp b/source/web/jsp/login.jsp
index 63662bbaf0..cb4ac69bf7 100644
--- a/source/web/jsp/login.jsp
+++ b/source/web/jsp/login.jsp
@@ -20,9 +20,35 @@
 <%@ taglib uri="/WEB-INF/alfresco.tld" prefix="a" %>
 <%@ taglib uri="/WEB-INF/repo.tld" prefix="r" %>
 
+<%@ page import="org.alfresco.web.app.servlet.AuthenticationHelper" %>
+<%@ page import="javax.servlet.http.Cookie" %>
+
 <%@ page buffer="16kb" contentType="text/html;charset=UTF-8" %>
 <%@ page isELIgnored="false" %>
 
+<%
+   Cookie authCookie = AuthenticationHelper.getAuthCookie(request);
+   
+   // remove the username cookie value if explicit logout was requested by the user
+   if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) != null)
+   {
+      if (authCookie != null)
+      {
+         authCookie.setMaxAge(0);
+         response.addCookie(authCookie);
+      }
+      session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
+   }
+   else
+   {      
+      // setup value used by JSF bean state ready for login page if we find the cookie
+      if (authCookie != null)
+      {
+         session.setAttribute(AuthenticationHelper.SESSION_USERNAME, authCookie.getValue());
+      }
+   }
+%>
+
 <body bgcolor="#ffffff" style="background-image: url(<%=request.getContextPath()%>/images/logo/AlfrescoFadedBG.png); background-repeat: no-repeat; background-attachment: fixed">
 
 <r:page titleId="title_login">
diff --git a/source/web/jsp/relogin.jsp b/source/web/jsp/relogin.jsp
index 15ca5160fb..5217a2bd34 100644
--- a/source/web/jsp/relogin.jsp
+++ b/source/web/jsp/relogin.jsp
@@ -20,9 +20,26 @@
 <%@ taglib uri="/WEB-INF/alfresco.tld" prefix="a" %>
 <%@ taglib uri="/WEB-INF/repo.tld" prefix="r" %>
 
+<%@ page import="org.alfresco.web.app.servlet.AuthenticationHelper" %>
+<%@ page import="javax.servlet.http.Cookie" %>
+
 <%@ page buffer="16kb" contentType="text/html;charset=UTF-8" %>
 <%@ page isELIgnored="false" %>
 
+<%
+   // remove the username cookie value if explicit logout was requested by the user
+   if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) != null)
+   {
+      Cookie authCookie = AuthenticationHelper.getAuthCookie(request);
+      if (authCookie != null)
+      {
+         authCookie.setMaxAge(0);
+         response.addCookie(authCookie);
+      }
+      session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
+   }
+%>
+
 <body bgcolor="#ffffff" style="background-image: url(<%=request.getContextPath()%>/images/logo/AlfrescoFadedBG.png); background-repeat: no-repeat; background-attachment: fixed">
 
 <r:page titleId="title_relogin">