Web Scripts:

- fix issues integrating with Flex (rename of tunnel url arguments) - add admin to required authentication levels - support json callback method (for browser based ajax requests) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5856 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2007-06-05 18:17:59 +00:00
parent d28bbd41c5
commit 61b6952524
12 changed files with 95 additions and 21 deletions
--- a/source/java/org/alfresco/web/scripts/WebScriptRuntime.java
+++ b/source/java/org/alfresco/web/scripts/WebScriptRuntime.java
@@ -28,13 +28,13 @@ import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;

-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.alfresco.i18n.I18NUtil;
 import org.alfresco.repo.content.MimetypeMap;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.transaction.TransactionUtil;
+import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication;
 import org.alfresco.web.scripts.WebScriptDescription.RequiredTransaction;
@@ -62,6 +62,7 @@ public abstract class WebScriptRuntime
    /** Component Dependencies */
    private WebScriptRegistry registry;
    private TransactionService transactionService;
+    private AuthorityService authorityService;

    /**
     * Construct
@@ -69,10 +70,11 @@ public abstract class WebScriptRuntime
     * @param registry  web script registry
     * @param transactionService  transaction service
     */
-    public WebScriptRuntime(WebScriptRegistry registry, TransactionService transactionService)
+    public WebScriptRuntime(WebScriptRegistry registry, TransactionService transactionService, AuthorityService authorityService)
    {
        this.registry = registry;
        this.transactionService = transactionService;
+        this.authorityService = authorityService;
    }
    
    /**
@@ -265,7 +267,7 @@ public abstract class WebScriptRuntime
        {
            wrappedExecute(scriptReq, scriptRes);
        }
-        else if (required == RequiredAuthentication.user && isGuest)
+        else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest)
        {
            throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires user authentication; however, a guest has attempted access.");
        }
@@ -291,6 +293,11 @@ public abstract class WebScriptRuntime
                //
                if (authenticate(required, isGuest))
                {
+                    if (required == RequiredAuthentication.admin && !authorityService.hasAdminAuthority())
+                    {
+                        throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires admin authentication; however, a non-admin has attempted access.");
+                    }
+                    
                    // Execute Web Script
                    wrappedExecute(scriptReq, scriptRes);
                }