inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix to webscript authenticators to correctly respect guest/user descriptor for webclient and http auth.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5751 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2007-05-22 15:39:00 +00:00
parent 927767365f
commit 582188c7dd
3 changed files with 37 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
View File

@@ -98,18 +98,36 @@ public final class AuthenticationHelper
* User information is looked up in the Session. If found the ticket is retrieved and validated. * User information is looked up in the Session. If found the ticket is retrieved and validated.
* If no User info is found or the ticket is invalid then a redirect is performed to the login page. * If no User info is found or the ticket is invalid then a redirect is performed to the login page.
* *
* @param guest True to force a Guest login attempt * @param forceGuest True to force a Guest login attempt
* *
* @return AuthenticationStatus result. * @return AuthenticationStatus result.
*/ */
public static AuthenticationStatus authenticate( public static AuthenticationStatus authenticate(
ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse, boolean guest) ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean forceGuest)
throws IOException throws IOException
{ {
HttpSession session = httpRequest.getSession(); return authenticate(sc, req, res, forceGuest, true);
}
/**
* Helper to authenticate the current user using session based Ticket information.
* <p>
* User information is looked up in the Session. If found the ticket is retrieved and validated.
* If no User info is found or the ticket is invalid then a redirect is performed to the login page.
*
* @param forceGuest True to force a Guest login attempt
* @param allowGuest True to allow the Guest user if no user object represent
*
* @return AuthenticationStatus result.
*/
public static AuthenticationStatus authenticate(
ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean forceGuest, boolean allowGuest)
throws IOException
{
HttpSession session = req.getSession();
// retrieve the User object // retrieve the User object
User user = getUser(httpRequest, httpResponse); User user = getUser(req, res);
// get the login bean if we're not in the portal // get the login bean if we're not in the portal
LoginBean loginBean = null; LoginBean loginBean = null;
@@ -119,10 +137,10 @@ public final class AuthenticationHelper
} }
// setup the authentication context // setup the authentication context
WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context); WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc);
AuthenticationService auth = (AuthenticationService)wc.getBean(AUTHENTICATION_SERVICE); AuthenticationService auth = (AuthenticationService)wc.getBean(AUTHENTICATION_SERVICE);
if (user == null || guest) if (user == null || forceGuest)
{ {
// Check for the session invalidated flag - this is set by the Logout action in the LoginBean // Check for the session invalidated flag - this is set by the Logout action in the LoginBean
// it signals a forced Logout and means we should not immediately attempt a relogin as Guest. // it signals a forced Logout and means we should not immediately attempt a relogin as Guest.
@@ -130,8 +148,8 @@ public final class AuthenticationHelper
// the last stored username string is cleared. // the last stored username string is cleared.
if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) == null) if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) == null)
{ {
Cookie authCookie = getAuthCookie(httpRequest); Cookie authCookie = getAuthCookie(req);
if (authCookie == null || guest) if (allowGuest == true && (authCookie == null || forceGuest))
{ {
// no previous authentication or forced Guest - attempt Guest access // no previous authentication or forced Guest - attempt Guest access
UserTransaction tx = null; UserTransaction tx = null;
@@ -140,7 +158,7 @@ public final class AuthenticationHelper
auth.authenticateAsGuest(); auth.authenticateAsGuest();
// if we get here then Guest access was allowed and successful // if we get here then Guest access was allowed and successful
ServiceRegistry services = BaseServlet.getServiceRegistry(context); ServiceRegistry services = BaseServlet.getServiceRegistry(sc);
tx = services.getTransactionService().getUserTransaction(); tx = services.getTransactionService().getUserTransaction();
tx.begin(); tx.begin();
@@ -166,7 +184,7 @@ public final class AuthenticationHelper
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
// Set the current locale // Set the current locale
I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession())); I18NUtil.setLocale(Application.getLanguage(req.getSession()));
// remove the session invalidated flag // remove the session invalidated flag
session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED); session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
@@ -219,14 +237,14 @@ public final class AuthenticationHelper
// set last authentication username cookie value // set last authentication username cookie value
if (loginBean != null) if (loginBean != null)
{ {
setUsernameCookie(httpRequest, httpResponse, loginBean.getUsernameInternal()); setUsernameCookie(req, res, loginBean.getUsernameInternal());
} }
// Set the current locale // Set the current locale
I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession())); I18NUtil.setLocale(Application.getLanguage(req.getSession()));
// setup faces context // setup faces context
FacesHelper.getFacesContext(httpRequest, httpResponse, context); FacesHelper.getFacesContext(req, res, sc);
if (loginBean != null && (loginBean.getUserPreferencesBean() != null)) if (loginBean != null && (loginBean.getUserPreferencesBean() != null))
{ {

2
source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java
View File

@@ -76,7 +76,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator
} }
// authenticate as guest, if service allows // authenticate as guest, if service allows
if (isGuest) if (isGuest && RequiredAuthentication.guest == required)
{ {
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
logger.debug("Authenticating as Guest"); logger.debug("Authenticating as Guest");

4
source/java/org/alfresco/web/scripts/WebClientAuthenticator.java
View File

@@ -88,7 +88,7 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se
} }
else else
{ {
if (isGuest) if (isGuest && RequiredAuthentication.guest == required)
{ {
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
logger.debug("Authenticating as Guest"); logger.debug("Authenticating as Guest");
@@ -100,7 +100,7 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
logger.debug("Authenticating session"); logger.debug("Authenticating session");
status = AuthenticationHelper.authenticate(context, req, res, false); status = AuthenticationHelper.authenticate(context, req, res, false, false);
} }
} }