From 4632be07029cd860764f719a67388b72d1c46225 Mon Sep 17 00:00:00 2001
From: Alan Davis <alan.davis@alfresco.com>
Date: Tue, 11 Feb 2014 21:00:08 +0000
Subject: [PATCH] Merged HEAD-BUG-FIX (4.3/Cloud) to HEAD (4.3/Cloud)    57508:
 Merged V4.2-BUG-FIX (4.2.1) to HEAD-BUG-FIX (Cloud/4.3)       57359: Merged
 V4.1-BUG-FIX (4.1.7) to V4.2-BUG-FIX (4.2.1)          57305: Fix for MNT-9779

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@61838 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../BaseKerberosAuthenticationFilter.java     |  11 +-
 .../auth/KerberosAuthenticationFilter.java    | 125 +++++++++++-------
 2 files changed, 87 insertions(+), 49 deletions(-)

diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
index 06e8496bb3..e24fd35fb8 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
@@ -279,6 +279,10 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
         // Check if the user is already authenticated        
         SessionUser user = getSessionUser(context, req, resp, true);
         HttpSession httpSess = req.getSession(true);
+        if (user == null)
+        {
+            user = (SessionUser) httpSess.getAttribute("_alfAuthTicket");
+        }
         
         // If the user has been validated and we do not require re-authentication then continue to
         // the next filter
@@ -298,7 +302,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
         }
 
         // Check if the login page is being accessed, do not intercept the login page
-        if (hasLoginPage() && req.getRequestURI().endsWith(getLoginPage()))
+        if (checkLoginPage(req, resp))
         {
             if (getLogger().isDebugEnabled())
                 getLogger().debug("Login page requested, chaining ...");
@@ -461,6 +465,11 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
         return false;
     }
 
+    protected boolean checkLoginPage(HttpServletRequest req, HttpServletResponse resp)
+    {
+        return (hasLoginPage() && req.getRequestURI().endsWith(getLoginPage()));
+    }
+
     /**
      * JAAS callback handler
      * 
diff --git a/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
index 5ea90e0a4e..b9da6c7a12 100644
--- a/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
@@ -1,5 +1,5 @@
-/*
- * Copyright (C) 2005-2013 Alfresco Software Limited.
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
  *
  * This file is part of Alfresco
  *
@@ -14,49 +14,78 @@
  * GNU Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.repo.webdav.auth;
-
-import java.io.IOException;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.alfresco.repo.web.auth.WebCredentials;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-/**
- * WebDAV Kerberos Authentication Filter Class
- * 
- * @author GKSpencer
- */
-public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilter
-{
-    // Debug logging
-    
-    private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);    
-
-    /* (non-Javadoc)
-     * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
-     */
-    @Override
-    protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials)
-        throws IOException
-    {
-        super.onValidateFailed(sc, req, res, session, credentials);
-        // Restart the login challenge process if validation fails
-        restartLoginChallenge(sc, req, res);
-    }
-    
-	/* (non-Javadoc)
-	 * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#getLogger()
-	 */
-	@Override
-	protected Log getLogger() {
-		return logger;
-	}
-}
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.repo.webdav.auth;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.alfresco.repo.web.auth.WebCredentials;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * WebDAV Kerberos Authentication Filter Class
+ * 
+ * @author GKSpencer
+ */
+public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilter
+{
+    // Debug logging
+    private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);
+
+    /* (non-Javadoc)
+     * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+     */
+    @Override
+    protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials)
+        throws IOException
+    {
+        super.onValidateFailed(sc, req, res, session, credentials);
+        // Restart the login challenge process if validation fails
+        restartLoginChallenge(sc, req, res);
+    }
+    
+    /* (non-Javadoc)
+     * 
+     * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#getLogger()
+     */
+    @Override
+    protected Log getLogger()
+    {
+        return logger;
+    }
+
+    @Override
+    protected boolean checkLoginPage(HttpServletRequest req, HttpServletResponse resp)
+    {
+        return (req.getRequestURI().endsWith("/jsp/login.jsp"));
+    }
+    
+    /**
+     * Writes link to login page and refresh tag which cause user
+     * to be redirected to the login page.
+     *
+     * @param context ServletContext
+     * @param resp HttpServletResponse
+     * @param httpSess HttpSession
+     * @throws IOException
+     */
+    protected void writeLoginPageLink(ServletContext context, HttpServletRequest req, HttpServletResponse resp) throws IOException
+    {
+        resp.setContentType(MIME_HTML_TEXT);
+
+        final PrintWriter out = resp.getWriter();
+        out.println("<html><head>");
+        out.println("<meta http-equiv=\"Refresh\" content=\"0; url=" + req.getContextPath() + "/faces/jsp/login.jsp?_alfRedirect=%2Falfresco%2Fwebdav\">");
+        out.println("</head><body><p>Please <a href=\"" + req.getContextPath() + "/faces/jsp/login.jsp?_alfRedirect=%2Falfresco%2Fwebdav\">log in</a>.</p>");
+        out.println("</body></html>");
+        out.close();
+    }
+}