mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-21 18:09:20 +00:00
Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)
71601: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 70356: MNT-11233: DEV to V4.2-BUG-FIX (4.2.3) 67973: MNT-11233: Alfresco CMIS API /alfresco/api/-default-/cmis/versions/1.1/atom cannot be used with external authentication - Move RemoteUserMapper from Web-Client to Repository project. Use RemoteUserMapper in PublicApiAuthenticator to retrieve remote user from request. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74695 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
@@ -87,6 +87,9 @@
|
|||||||
<constructor-arg type="java.lang.String" value="${alfresco.authentication.gateway.outboundHeaders}"/>
|
<constructor-arg type="java.lang.String" value="${alfresco.authentication.gateway.outboundHeaders}"/>
|
||||||
</bean>
|
</bean>
|
||||||
</property>
|
</property>
|
||||||
|
<property name="remoteUserMapper">
|
||||||
|
<ref bean="RemoteUserMapper" />
|
||||||
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="apiBootstrapBean" class="org.alfresco.rest.framework.core.ApiBootstrap">
|
<bean id="apiBootstrapBean" class="org.alfresco.rest.framework.core.ApiBootstrap">
|
||||||
|
@@ -33,6 +33,7 @@ import org.alfresco.repo.management.subsystems.ActivateableBean;
|
|||||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||||
|
import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
|
||||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||||
import org.alfresco.repo.web.auth.AuthenticationListener;
|
import org.alfresco.repo.web.auth.AuthenticationListener;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
|
@@ -1,38 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
||||||
*
|
|
||||||
* This file is part of Alfresco
|
|
||||||
*
|
|
||||||
* Alfresco is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Lesser General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* Alfresco is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU Lesser General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU Lesser General Public License
|
|
||||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
package org.alfresco.repo.webdav.auth;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* An interface for objects capable of extracting an externally authenticated user ID from an HTTP request.
|
|
||||||
*
|
|
||||||
* @author dward
|
|
||||||
*/
|
|
||||||
public interface RemoteUserMapper
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Gets an externally authenticated user ID from an HTTP request.
|
|
||||||
*
|
|
||||||
* @param request
|
|
||||||
* the request
|
|
||||||
* @return the user ID or <code>null</code> if the user is unauthenticated
|
|
||||||
*/
|
|
||||||
public String getRemoteUser(HttpServletRequest request);
|
|
||||||
}
|
|
@@ -7,8 +7,10 @@ import java.util.Locale;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.alfresco.repo.management.subsystems.ActivateableBean;
|
||||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||||
|
import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
|
||||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||||
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
||||||
import org.alfresco.repo.web.auth.AuthenticationListener;
|
import org.alfresco.repo.web.auth.AuthenticationListener;
|
||||||
@@ -36,10 +38,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
|||||||
private static Log logger = LogFactory.getLog(PublicApiAuthenticatorFactory.class);
|
private static Log logger = LogFactory.getLog(PublicApiAuthenticatorFactory.class);
|
||||||
|
|
||||||
public static final String DEFAULT_AUTHENTICATOR_KEY_HEADER = "X-Alfresco-Authenticator-Key";
|
public static final String DEFAULT_AUTHENTICATOR_KEY_HEADER = "X-Alfresco-Authenticator-Key";
|
||||||
public static final String DEFAULT_REMOTE_USER_HEADER = "X-Alfresco-Remote-User";
|
|
||||||
|
|
||||||
private String authenticatorKeyHeader = DEFAULT_AUTHENTICATOR_KEY_HEADER;
|
private String authenticatorKeyHeader = DEFAULT_AUTHENTICATOR_KEY_HEADER;
|
||||||
private String remoteUserHeader = DEFAULT_REMOTE_USER_HEADER;
|
private RemoteUserMapper remoteUserMapper;
|
||||||
private RetryingTransactionHelper retryingTransactionHelper;
|
private RetryingTransactionHelper retryingTransactionHelper;
|
||||||
private TenantAuthentication tenantAuthentication;
|
private TenantAuthentication tenantAuthentication;
|
||||||
private Set<String> validAuthenticatorKeys = Collections.emptySet();
|
private Set<String> validAuthenticatorKeys = Collections.emptySet();
|
||||||
@@ -76,10 +77,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
|||||||
this.outboundHeaderNames = outboundHeaders;
|
this.outboundHeaderNames = outboundHeaders;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper)
|
||||||
public void setRemoteUserHeader(String remoteUserHeader)
|
|
||||||
{
|
{
|
||||||
this.remoteUserHeader = remoteUserHeader;
|
this.remoteUserMapper = remoteUserMapper;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setTenantAuthentication(TenantAuthentication service)
|
public void setTenantAuthentication(TenantAuthentication service)
|
||||||
@@ -160,6 +160,30 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
|||||||
this.proxyListener = proxyListener;
|
this.proxyListener = proxyListener;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private String getRemoteUser()
|
||||||
|
{
|
||||||
|
String userId = null;
|
||||||
|
|
||||||
|
// If the remote user mapper is configured, we may be able to map in an externally authenticated user
|
||||||
|
if (remoteUserMapper != null && !(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive())
|
||||||
|
{
|
||||||
|
userId = remoteUserMapper.getRemoteUser(this.servletReq.getHttpServletRequest());
|
||||||
|
}
|
||||||
|
if (logger.isDebugEnabled())
|
||||||
|
{
|
||||||
|
if (userId == null)
|
||||||
|
{
|
||||||
|
logger.debug("No external user ID in request.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
logger.debug("Extracted external user ID from request: " + userId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return userId;
|
||||||
|
}
|
||||||
|
|
||||||
/* (non-Javadoc)
|
/* (non-Javadoc)
|
||||||
* @see org.alfresco.web.scripts.Authenticator#authenticate(org.alfresco.web.scripts.Description.RequiredAuthentication, boolean)
|
* @see org.alfresco.web.scripts.Authenticator#authenticate(org.alfresco.web.scripts.Description.RequiredAuthentication, boolean)
|
||||||
*/
|
*/
|
||||||
@@ -169,7 +193,7 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
|||||||
try
|
try
|
||||||
{
|
{
|
||||||
String authenticatorKey = servletReq.getHeader(authenticatorKeyHeader);
|
String authenticatorKey = servletReq.getHeader(authenticatorKeyHeader);
|
||||||
String remoteUser = servletReq.getHeader(remoteUserHeader);
|
String remoteUser = getRemoteUser();
|
||||||
if (authenticatorKey != null &&
|
if (authenticatorKey != null &&
|
||||||
remoteUser != null)
|
remoteUser != null)
|
||||||
{
|
{
|
||||||
|
Reference in New Issue
Block a user