mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
Guest and LDAP progress
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2127 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
@@ -17,6 +17,7 @@
|
||||
package org.alfresco.repo.security.authentication;
|
||||
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
@@ -30,11 +31,9 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
|
||||
/**
|
||||
* This class abstract the support required to set up and query the Acegi
|
||||
* context for security enforcement.
|
||||
* This class abstract the support required to set up and query the Acegi context for security enforcement.
|
||||
*
|
||||
* There are some simple default method implementations to support simple
|
||||
* authentication.
|
||||
* There are some simple default method implementations to support simple authentication.
|
||||
*
|
||||
* @author Andy Hind
|
||||
*/
|
||||
@@ -45,11 +44,18 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
|
||||
private static final String SYSTEM_USER_NAME = "System";
|
||||
|
||||
private Boolean allowGuestLogin = null;
|
||||
|
||||
public AbstractAuthenticationComponent()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
public void setAllowGuestLogin(Boolean allowGuestLogin)
|
||||
{
|
||||
this.allowGuestLogin = allowGuestLogin;
|
||||
}
|
||||
|
||||
/**
|
||||
* Explicitly set the current user to be authenticated.
|
||||
*
|
||||
@@ -59,11 +65,11 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
*/
|
||||
public Authentication setCurrentUser(String userName) throws AuthenticationException
|
||||
{
|
||||
if(userName == null)
|
||||
if (userName == null)
|
||||
{
|
||||
throw new AuthenticationException("Null user name");
|
||||
}
|
||||
|
||||
|
||||
try
|
||||
{
|
||||
UserDetails ud = null;
|
||||
@@ -73,6 +79,11 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
|
||||
ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas);
|
||||
}
|
||||
else if (userName.equals(PermissionService.GUEST))
|
||||
{
|
||||
GrantedAuthority[] gas = new GrantedAuthority[0];
|
||||
ud = new User(PermissionService.GUEST, "", true, true, true, true, gas);
|
||||
}
|
||||
else
|
||||
{
|
||||
ud = getUserDetails(userName);
|
||||
@@ -199,6 +210,46 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
return SYSTEM_USER_NAME;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the name of the Guest User
|
||||
*/
|
||||
public String getGuestUserName()
|
||||
{
|
||||
return PermissionService.GUEST;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the guest user as the current user.
|
||||
*/
|
||||
public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
|
||||
{
|
||||
if (allowGuestLogin == null)
|
||||
{
|
||||
if(implementationAllowsGuestLogin())
|
||||
{
|
||||
return setCurrentUser(PermissionService.GUEST);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new AuthenticationException("Guest authentication is not allowed");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if(allowGuestLogin.booleanValue())
|
||||
{
|
||||
return setCurrentUser(PermissionService.GUEST);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new AuthenticationException("Guest authentication is not allowed");
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
protected abstract boolean implementationAllowsGuestLogin();
|
||||
|
||||
/**
|
||||
* Remove the current security information
|
||||
*/
|
||||
@@ -224,8 +275,7 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the NTML mode - none - supports MD4 hash to integrate - or it can
|
||||
* asct as an NTLM authentication
|
||||
* Get the NTML mode - none - supports MD4 hash to integrate - or it can asct as an NTLM authentication
|
||||
*/
|
||||
public NTLMMode getNTLMMode()
|
||||
{
|
||||
|
||||
@@ -72,6 +72,14 @@ public interface AuthenticationComponent
|
||||
public Authentication setSystemUserAsCurrentUser();
|
||||
|
||||
|
||||
/**
|
||||
* Set the guest user as the current user.
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public Authentication setGuestUserAsCurrentUser();
|
||||
|
||||
|
||||
/**
|
||||
* Get the name of the system user
|
||||
*
|
||||
@@ -79,6 +87,14 @@ public interface AuthenticationComponent
|
||||
*/
|
||||
public String getSystemUserName();
|
||||
|
||||
|
||||
/**
|
||||
* Get the name of the guest user
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getGuestUserName();
|
||||
|
||||
/**
|
||||
* Get the current user name.
|
||||
*
|
||||
|
||||
@@ -96,5 +96,12 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
|
||||
{
|
||||
return NTLMMode.MD4_PROVIDER;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean implementationAllowsGuestLogin()
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -147,4 +147,10 @@ public class AuthenticationServiceImpl implements AuthenticationService
|
||||
return false;
|
||||
}
|
||||
|
||||
public void authenticateAsGuest() throws AuthenticationException
|
||||
{
|
||||
authenticationComponent.setGuestUserAsCurrentUser();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -751,6 +751,12 @@ public class AuthenticationTest extends TestCase
|
||||
// assertNull(dao.getUserOrNull("Andy"));
|
||||
}
|
||||
|
||||
public void testAbstractAuthenticationComponentGuestUserSupport()
|
||||
{
|
||||
authenticationComponent.setGuestUserAsCurrentUser();
|
||||
assertEquals(authenticationComponent.getCurrentUserName(), authenticationComponent.getGuestUserName());
|
||||
}
|
||||
|
||||
|
||||
public void testPassThroughLogin()
|
||||
{
|
||||
|
||||
@@ -16,6 +16,8 @@
|
||||
*/
|
||||
package org.alfresco.repo.security.authentication;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
/**
|
||||
* This implementation of an AuthenticationComponent can be configured to accept or reject all attempts to login.
|
||||
*
|
||||
@@ -54,4 +56,12 @@ public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends Abstract
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean implementationAllowsGuestLogin()
|
||||
{
|
||||
return accept;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -1003,8 +1003,8 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
|
||||
// Default deny
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -186,7 +186,7 @@ public class PersonServiceImpl implements PersonService
|
||||
{
|
||||
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
|
||||
properties.put(ContentModel.PROP_USERNAME, userName);
|
||||
properties.put(ContentModel.PROP_HOMEFOLDER, getCompanyHome());
|
||||
properties.put(ContentModel.PROP_HOMEFOLDER, getHomeFolder());
|
||||
properties.put(ContentModel.PROP_FIRSTNAME, userName);
|
||||
properties.put(ContentModel.PROP_LASTNAME, "");
|
||||
properties.put(ContentModel.PROP_EMAIL, "");
|
||||
@@ -194,6 +194,11 @@ public class PersonServiceImpl implements PersonService
|
||||
return properties;
|
||||
}
|
||||
|
||||
private NodeRef getHomeFolder()
|
||||
{
|
||||
return getCompanyHome();
|
||||
}
|
||||
|
||||
public NodeRef createPerson(Map<QName, Serializable> properties)
|
||||
{
|
||||
String caseSensitiveUserName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
|
||||
|
||||
Reference in New Issue
Block a user