Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)

71601: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 70356: MNT-11233: DEV to V4.2-BUG-FIX (4.2.3) 67973: MNT-11233: Alfresco CMIS API /alfresco/api/-default-/cmis/versions/1.1/atom cannot be used with external authentication - Move RemoteUserMapper from Web-Client to Repository project. Use RemoteUserMapper in PublicApiAuthenticator to retrieve remote user from request. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74695 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-21 18:09:20 +00:00 · 2014-06-25 15:31:06 +00:00
parent caf168e07e
commit 66827fb67c
4 changed files with 34 additions and 44 deletions
--- a/config/alfresco/public-rest-context.xml
+++ b/config/alfresco/public-rest-context.xml
@@ -87,6 +87,9 @@
            <constructor-arg type="java.lang.String" value="${alfresco.authentication.gateway.outboundHeaders}"/>
         </bean>
      </property>
+      <property name="remoteUserMapper">
+         <ref bean="RemoteUserMapper" />
+      </property>
   </bean>

    <bean id="apiBootstrapBean" class="org.alfresco.rest.framework.core.ApiBootstrap">
--- a/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java
@@ -33,6 +33,7 @@ import org.alfresco.repo.management.subsystems.ActivateableBean;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
 import org.alfresco.repo.web.auth.AuthenticationListener;
 import org.alfresco.service.cmr.repository.NodeRef;
--- a/source/java/org/alfresco/repo/webdav/auth/RemoteUserMapper.java
+++ b/source/java/org/alfresco/repo/webdav/auth/RemoteUserMapper.java
@@ -1,38 +0,0 @@
-/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.repo.webdav.auth;
-
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * An interface for objects capable of extracting an externally authenticated user ID from an HTTP request.
- * 
- * @author dward
- */
-public interface RemoteUserMapper
-{
-   /**
-    * Gets an externally authenticated user ID from an HTTP request.
-    * 
-    * @param request
-    *           the request
-    * @return the user ID or <code>null</code> if the user is unauthenticated
-    */
-   public String getRemoteUser(HttpServletRequest request);
-}
--- a/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java
+++ b/source/java/org/alfresco/rest/api/PublicApiAuthenticatorFactory.java
@@ -7,8 +7,10 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Set;

+import org.alfresco.repo.management.subsystems.ActivateableBean;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.repo.web.auth.AuthenticationListener;
@@ -36,10 +38,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
    private static Log logger = LogFactory.getLog(PublicApiAuthenticatorFactory.class);
    
    public static final String DEFAULT_AUTHENTICATOR_KEY_HEADER = "X-Alfresco-Authenticator-Key"; 
-    public static final String DEFAULT_REMOTE_USER_HEADER = "X-Alfresco-Remote-User"; 
    
    private String authenticatorKeyHeader = DEFAULT_AUTHENTICATOR_KEY_HEADER;
-    private String remoteUserHeader = DEFAULT_REMOTE_USER_HEADER;
+    private RemoteUserMapper remoteUserMapper;
    private RetryingTransactionHelper retryingTransactionHelper;
    private TenantAuthentication tenantAuthentication;
    private Set<String> validAuthenticatorKeys = Collections.emptySet();
@@ -76,10 +77,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
        this.outboundHeaderNames = outboundHeaders;
    }

-    
-    public void setRemoteUserHeader(String remoteUserHeader)
+    public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper)
    {
-        this.remoteUserHeader = remoteUserHeader;
+        this.remoteUserMapper = remoteUserMapper;
    }
    
    public void setTenantAuthentication(TenantAuthentication service)
@@ -160,6 +160,30 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
            this.proxyListener = proxyListener; 
        }
    
+        private String getRemoteUser()
+        {
+            String userId = null;
+
+            // If the remote user mapper is configured, we may be able to map in an externally authenticated user
+            if (remoteUserMapper != null && !(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive())
+            {
+                userId = remoteUserMapper.getRemoteUser(this.servletReq.getHttpServletRequest());
+            }
+            if (logger.isDebugEnabled())
+            {
+                if (userId == null)
+                {
+                    logger.debug("No external user ID in request.");
+                }
+                else
+                {
+                    logger.debug("Extracted external user ID from request: " + userId);
+                }
+            }
+
+            return userId;
+        }
+
        /* (non-Javadoc)
         * @see org.alfresco.web.scripts.Authenticator#authenticate(org.alfresco.web.scripts.Description.RequiredAuthentication, boolean)
         */
@@ -169,7 +193,7 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
            try
            {
                String authenticatorKey = servletReq.getHeader(authenticatorKeyHeader);
-                String remoteUser = servletReq.getHeader(remoteUserHeader);
+                String remoteUser = getRemoteUser();
                if (authenticatorKey != null && 
                    remoteUser != null)
                {