mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-21 18:09:20 +00:00
Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)
71601: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 70356: MNT-11233: DEV to V4.2-BUG-FIX (4.2.3) 67973: MNT-11233: Alfresco CMIS API /alfresco/api/-default-/cmis/versions/1.1/atom cannot be used with external authentication - Move RemoteUserMapper from Web-Client to Repository project. Use RemoteUserMapper in PublicApiAuthenticator to retrieve remote user from request. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74695 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
@@ -87,6 +87,9 @@
|
||||
<constructor-arg type="java.lang.String" value="${alfresco.authentication.gateway.outboundHeaders}"/>
|
||||
</bean>
|
||||
</property>
|
||||
<property name="remoteUserMapper">
|
||||
<ref bean="RemoteUserMapper" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="apiBootstrapBean" class="org.alfresco.rest.framework.core.ApiBootstrap">
|
||||
|
@@ -33,6 +33,7 @@ import org.alfresco.repo.management.subsystems.ActivateableBean;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
import org.alfresco.repo.web.auth.AuthenticationListener;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
|
@@ -1,38 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
||||
*
|
||||
* This file is part of Alfresco
|
||||
*
|
||||
* Alfresco is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Alfresco is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
package org.alfresco.repo.webdav.auth;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
/**
|
||||
* An interface for objects capable of extracting an externally authenticated user ID from an HTTP request.
|
||||
*
|
||||
* @author dward
|
||||
*/
|
||||
public interface RemoteUserMapper
|
||||
{
|
||||
/**
|
||||
* Gets an externally authenticated user ID from an HTTP request.
|
||||
*
|
||||
* @param request
|
||||
* the request
|
||||
* @return the user ID or <code>null</code> if the user is unauthenticated
|
||||
*/
|
||||
public String getRemoteUser(HttpServletRequest request);
|
||||
}
|
@@ -7,8 +7,10 @@ import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.repo.management.subsystems.ActivateableBean;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
||||
import org.alfresco.repo.web.auth.AuthenticationListener;
|
||||
@@ -36,10 +38,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
||||
private static Log logger = LogFactory.getLog(PublicApiAuthenticatorFactory.class);
|
||||
|
||||
public static final String DEFAULT_AUTHENTICATOR_KEY_HEADER = "X-Alfresco-Authenticator-Key";
|
||||
public static final String DEFAULT_REMOTE_USER_HEADER = "X-Alfresco-Remote-User";
|
||||
|
||||
private String authenticatorKeyHeader = DEFAULT_AUTHENTICATOR_KEY_HEADER;
|
||||
private String remoteUserHeader = DEFAULT_REMOTE_USER_HEADER;
|
||||
private RemoteUserMapper remoteUserMapper;
|
||||
private RetryingTransactionHelper retryingTransactionHelper;
|
||||
private TenantAuthentication tenantAuthentication;
|
||||
private Set<String> validAuthenticatorKeys = Collections.emptySet();
|
||||
@@ -76,10 +77,9 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
||||
this.outboundHeaderNames = outboundHeaders;
|
||||
}
|
||||
|
||||
|
||||
public void setRemoteUserHeader(String remoteUserHeader)
|
||||
public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper)
|
||||
{
|
||||
this.remoteUserHeader = remoteUserHeader;
|
||||
this.remoteUserMapper = remoteUserMapper;
|
||||
}
|
||||
|
||||
public void setTenantAuthentication(TenantAuthentication service)
|
||||
@@ -160,6 +160,30 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
||||
this.proxyListener = proxyListener;
|
||||
}
|
||||
|
||||
private String getRemoteUser()
|
||||
{
|
||||
String userId = null;
|
||||
|
||||
// If the remote user mapper is configured, we may be able to map in an externally authenticated user
|
||||
if (remoteUserMapper != null && !(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive())
|
||||
{
|
||||
userId = remoteUserMapper.getRemoteUser(this.servletReq.getHttpServletRequest());
|
||||
}
|
||||
if (logger.isDebugEnabled())
|
||||
{
|
||||
if (userId == null)
|
||||
{
|
||||
logger.debug("No external user ID in request.");
|
||||
}
|
||||
else
|
||||
{
|
||||
logger.debug("Extracted external user ID from request: " + userId);
|
||||
}
|
||||
}
|
||||
|
||||
return userId;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.web.scripts.Authenticator#authenticate(org.alfresco.web.scripts.Description.RequiredAuthentication, boolean)
|
||||
*/
|
||||
@@ -169,7 +193,7 @@ public class PublicApiAuthenticatorFactory extends BasicHttpAuthenticatorFactory
|
||||
try
|
||||
{
|
||||
String authenticatorKey = servletReq.getHeader(authenticatorKeyHeader);
|
||||
String remoteUser = servletReq.getHeader(remoteUserHeader);
|
||||
String remoteUser = getRemoteUser();
|
||||
if (authenticatorKey != null &&
|
||||
remoteUser != null)
|
||||
{
|
||||
|
Reference in New Issue
Block a user