Merged V4.1-BUG-FIX (4.1.8) to V4.2-BUG-FIX (4.2.1)

57582: Merged DEV to V4.1-BUG-FIX (4.1.8) with corrections 56334: MNT-9712: VTI doesn't allow external authentication. - Modify org.alfresco.web.sharepoint.auth.BasicAuthenticationHandler to check Remote User - Add unit test. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/V4.2-BUG-FIX/root@57647 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-11-05 10:19:01 +00:00
parent ee5e06e66b
commit 40a176205a
2 changed files with 42 additions and 6 deletions
--- a/config/alfresco/web-client-application-context.xml
+++ b/config/alfresco/web-client-application-context.xml
@@ -328,6 +328,12 @@
            <property name="personService">
               <ref bean="PersonService" />
            </property>
+            <property name="remoteUserMapper">
+               <ref bean="RemoteUserMapper" />
+            </property>
+            <property name="authenticationComponent">
+               <ref bean="AuthenticationComponent" />
+            </property>			
         </bean>
      </property>
   </bean>
--- a/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
+++ b/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
@@ -27,10 +27,11 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

 import org.alfresco.repo.SessionUser;
+import org.alfresco.repo.management.subsystems.ActivateableBean;
+import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.web.auth.AuthenticationListener;
 import org.alfresco.repo.web.auth.BasicAuthCredentials;
-import org.alfresco.repo.web.auth.TicketCredentials;
 import org.alfresco.repo.webdav.auth.SharepointConstants;
 import org.alfresco.web.bean.repository.User;
 import org.apache.commons.codec.binary.Base64;
@@ -49,6 +50,8 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
    private final static String BASIC_START = "Basic";
    
    private AuthenticationListener authenticationListener;
+    protected RemoteUserMapper remoteUserMapper;
+    protected AuthenticationComponent authenticationComponent;
    
    /**
     * Set the authentication listener
@@ -98,8 +101,8 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
    {
        String authHdr = request.getHeader(HEADER_AUTHORIZATION);
        HttpSession session = request.getSession(false);
-        SessionUser user = session == null ? null : (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
-        if (user == null)
+        SessionUser sessionUser = session == null ? null : (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
+        if (sessionUser == null)
        {
            if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
            {
@@ -147,18 +150,33 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
                    authenticationListener.authenticationFailed(new BasicAuthCredentials(username, password), ex);
                }
            }
+            else
+            {
+                if (remoteUserMapper != null && (!(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive()))
+                {
+                    String userId = remoteUserMapper.getRemoteUser(request);
+                    if (userId != null)
+                    {
+                        // authenticated by other
+                        authenticationComponent.setCurrentUser(userId);
+
+                        request.getSession().setAttribute(USER_SESSION_ATTRIBUTE, new User(userId, authenticationService.getCurrentTicket(), personService.getPerson(userId)));
+                        return true;
+                    }
+                }
+            }
        }
        else
        {
            try
            {
-                authenticationService.validate(user.getTicket());
-                authenticationListener.userAuthenticated(new TicketCredentials(user.getTicket()));
+                authenticationService.validate(sessionUser.getTicket());
+                authenticationListener.userAuthenticated(new TicketCredentials(sessionUser.getTicket()));
                return true;
            }
            catch (AuthenticationException ex)
            {
-                authenticationListener.authenticationFailed(new TicketCredentials(user.getTicket()), ex);
+                authenticationListener.authenticationFailed(new TicketCredentials(sessionUser.getTicket()), ex);
                session.invalidate();
            }
        }
@@ -171,4 +189,16 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
    {
        return "Basic realm=\"Alfresco Server\"";
    }
+
+    public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper)
+    {
+        this.remoteUserMapper = remoteUserMapper;
+    }
+
+    public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)
+    {
+        this.authenticationComponent = authenticationComponent;
+    }
+    
+    
 }