Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)

71601: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 70356: MNT-11233: DEV to V4.2-BUG-FIX (4.2.3) 67973: MNT-11233: Alfresco CMIS API /alfresco/api/-default-/cmis/versions/1.1/atom cannot be used with external authentication - Move RemoteUserMapper from Web-Client to Repository project. Use RemoteUserMapper in PublicApiAuthenticator to retrieve remote user from request. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74695 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-21 18:09:20 +00:00 · 2014-06-25 15:31:06 +00:00
parent caf168e07e
commit 66827fb67c
4 changed files with 34 additions and 44 deletions
--- a/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java
+++ b/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java
@@ -7,8 +7,10 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Set;

+import org.alfresco.repo.management.subsystems.ActivateableBean;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.repo.web.auth.AuthenticationListener;
@@ -36,10 +38,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
    private static Log logger = LogFactory.getLog(PublicApiAuthenticatorFactory.class);
    
    public static final String DEFAULT_AUTHENTICATOR_KEY_HEADER = "X-Alfresco-Authenticator-Key"; 
-    public static final String DEFAULT_REMOTE_USER_HEADER = "X-Alfresco-Remote-User"; 
    
    private String authenticatorKeyHeader = DEFAULT_AUTHENTICATOR_KEY_HEADER;
-    private String remoteUserHeader = DEFAULT_REMOTE_USER_HEADER;
+    private RemoteUserMapper remoteUserMapper;
    private RetryingTransactionHelper retryingTransactionHelper;
    private TenantAuthentication tenantAuthentication;
    private Set<String> validAuthenticatorKeys = Collections.emptySet();
@@ -76,10 +77,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
        this.outboundHeaderNames = outboundHeaders;
    }

-    
-    public void setRemoteUserHeader(String remoteUserHeader)
+    public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper)
    {
-        this.remoteUserHeader = remoteUserHeader;
+        this.remoteUserMapper = remoteUserMapper;
    }
    
    public void setTenantAuthentication(TenantAuthentication service)
@@ -160,6 +160,30 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
            this.proxyListener = proxyListener; 
        }
    
+        private String getRemoteUser()
+        {
+            String userId = null;
+
+            // If the remote user mapper is configured, we may be able to map in an externally authenticated user
+            if (remoteUserMapper != null && !(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive())
+            {
+                userId = remoteUserMapper.getRemoteUser(this.servletReq.getHttpServletRequest());
+            }
+            if (logger.isDebugEnabled())
+            {
+                if (userId == null)
+                {
+                    logger.debug("No external user ID in request.");
+                }
+                else
+                {
+                    logger.debug("Extracted external user ID from request: " + userId);
+                }
+            }
+
+            return userId;
+        }
+
        /* (non-Javadoc)
         * @see org.alfresco.web.scripts.Authenticator#authenticate(org.alfresco.web.scripts.Description.RequiredAuthentication, boolean)
         */
@@ -169,7 +193,7 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
            try
            {
                String authenticatorKey = servletReq.getHeader(authenticatorKeyHeader);
-                String remoteUser = servletReq.getHeader(remoteUserHeader);
+                String remoteUser = getRemoteUser();
                if (authenticatorKey != null && 
                    remoteUser != null)
                {