diff --git a/config/alfresco/public-rest-context.xml b/config/alfresco/public-rest-context.xml index 099dec843b..907167b608 100644 --- a/config/alfresco/public-rest-context.xml +++ b/config/alfresco/public-rest-context.xml @@ -87,6 +87,9 @@ + + + diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java index 2f22f80255..e809bae8db 100644 --- a/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java +++ b/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java @@ -33,6 +33,7 @@ import org.alfresco.repo.management.subsystems.ActivateableBean; import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.external.RemoteUserMapper; import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.web.auth.AuthenticationListener; import org.alfresco.service.cmr.repository.NodeRef; diff --git a/source/java/org/alfresco/repo/webdav/auth/RemoteUserMapper.java b/source/java/org/alfresco/repo/webdav/auth/RemoteUserMapper.java deleted file mode 100644 index 0684019a7b..0000000000 --- a/source/java/org/alfresco/repo/webdav/auth/RemoteUserMapper.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2005-2010 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.repo.webdav.auth; - -import javax.servlet.http.HttpServletRequest; - -/** - * An interface for objects capable of extracting an externally authenticated user ID from an HTTP request. - * - * @author dward - */ -public interface RemoteUserMapper -{ - /** - * Gets an externally authenticated user ID from an HTTP request. - * - * @param request - * the request - * @return the user ID or null if the user is unauthenticated - */ - public String getRemoteUser(HttpServletRequest request); -} diff --git a/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java b/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java index 167c75fa73..eaf4070783 100644 --- a/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java +++ b/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java @@ -7,8 +7,10 @@ import java.util.Locale; import java.util.Map; import java.util.Set; +import org.alfresco.repo.management.subsystems.ActivateableBean; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.authentication.external.RemoteUserMapper; import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.repo.web.auth.AuthenticationListener; @@ -36,10 +38,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory private static Log logger = LogFactory.getLog(PublicApiAuthenticatorFactory.class); public static final String DEFAULT_AUTHENTICATOR_KEY_HEADER = "X-Alfresco-Authenticator-Key"; - public static final String DEFAULT_REMOTE_USER_HEADER = "X-Alfresco-Remote-User"; private String authenticatorKeyHeader = DEFAULT_AUTHENTICATOR_KEY_HEADER; - private String remoteUserHeader = DEFAULT_REMOTE_USER_HEADER; + private RemoteUserMapper remoteUserMapper; private RetryingTransactionHelper retryingTransactionHelper; private TenantAuthentication tenantAuthentication; private Set validAuthenticatorKeys = Collections.emptySet(); @@ -76,10 +77,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory this.outboundHeaderNames = outboundHeaders; } - - public void setRemoteUserHeader(String remoteUserHeader) + public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper) { - this.remoteUserHeader = remoteUserHeader; + this.remoteUserMapper = remoteUserMapper; } public void setTenantAuthentication(TenantAuthentication service) @@ -160,6 +160,30 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory this.proxyListener = proxyListener; } + private String getRemoteUser() + { + String userId = null; + + // If the remote user mapper is configured, we may be able to map in an externally authenticated user + if (remoteUserMapper != null && !(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive()) + { + userId = remoteUserMapper.getRemoteUser(this.servletReq.getHttpServletRequest()); + } + if (logger.isDebugEnabled()) + { + if (userId == null) + { + logger.debug("No external user ID in request."); + } + else + { + logger.debug("Extracted external user ID from request: " + userId); + } + } + + return userId; + } + /* (non-Javadoc) * @see org.alfresco.web.scripts.Authenticator#authenticate(org.alfresco.web.scripts.Description.RequiredAuthentication, boolean) */ @@ -169,7 +193,7 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory try { String authenticatorKey = servletReq.getHeader(authenticatorKeyHeader); - String remoteUser = servletReq.getHeader(remoteUserHeader); + String remoteUser = getRemoteUser(); if (authenticatorKey != null && remoteUser != null) {