From 670b2f80d26c8538c2e25a16cfa17ac7c304ecee Mon Sep 17 00:00:00 2001 From: Kevin Roast Date: Mon, 12 Dec 2005 18:02:07 +0000 Subject: [PATCH] . Fix to Jboss portlet issues: - an out-of-date ticket could be used by the client to call repo services - after failing to validate an out-of-date ticket, the User object was not being removed from the Session git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2029 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../web/app/portlet/AlfrescoFacesPortlet.java | 63 ++++++++++++++++--- 1 file changed, 55 insertions(+), 8 deletions(-) diff --git a/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java b/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java index ee8ed65ea3..013c2cf07f 100644 --- a/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java +++ b/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java @@ -33,6 +33,7 @@ import javax.portlet.RenderRequest; import javax.portlet.RenderResponse; import org.alfresco.i18n.I18NUtil; +import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.util.TempFileProvider; import org.alfresco.web.app.Application; @@ -77,7 +78,12 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet */ public void processAction(ActionRequest request, ActionResponse response) throws PortletException, IOException - { + { + Application.setInPortalServer(true); + + // Set the current locale + I18NUtil.setLocale(Application.getLanguage(request.getPortletSession())); + boolean isMultipart = PortletFileUpload.isMultipartContent(request); try @@ -142,8 +148,32 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet } else { - // do the normal JSF processing - super.processAction(request, response); + String viewId = request.getParameter(VIEW_ID); + User user = (User)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER); + if (user != null) + { + // setup the authentication context + try + { + WebApplicationContext ctx = (WebApplicationContext)getPortletContext().getAttribute( + WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE); + AuthenticationService auth = (AuthenticationService)ctx.getBean("authenticationService"); + auth.validate(user.getTicket()); + + // do the normal JSF processing + super.processAction(request, response); + } + catch (AuthenticationException authErr) + { + // remove User object as it's now useless + request.getPortletSession().removeAttribute(AuthenticationHelper.AUTHENTICATION_USER); + } + } + else + { + // do the normal JSF processing as we may be on the login page + super.processAction(request, response); + } } } catch (Throwable e) @@ -180,6 +210,9 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet { Application.setInPortalServer(true); + // Set the current locale + I18NUtil.setLocale(Application.getLanguage(request.getPortletSession())); + if (request.getParameter(ERROR_OCCURRED) != null) { String errorPage = Application.getErrorPage(getPortletContext()); @@ -193,14 +226,14 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet } else { - // if we have no User object in the session then a timeout must have occured + // if we have no User object in the session then an HTTP Session timeout must have occured // use the viewId to check that we are not already on the login page String viewId = request.getParameter(VIEW_ID); User user = (User)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER); if (user == null && (viewId == null || viewId.equals(getLoginPage()) == false)) { if (logger.isDebugEnabled()) - logger.debug("No valid login, requesting login page. ViewId: " + viewId); + logger.debug("No valid User login, requesting login page. ViewId: " + viewId); // login page redirect response.setContentType("text/html"); @@ -213,6 +246,9 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet { if (user != null) { + if (logger.isDebugEnabled()) + logger.debug("Validating ticket: " + user.getTicket()); + // setup the authentication context WebApplicationContext ctx = (WebApplicationContext)getPortletContext().getAttribute( WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE); @@ -220,12 +256,23 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet auth.validate(user.getTicket()); } - // Set the current locale - I18NUtil.setLocale(Application.getLanguage(request.getPortletSession())); - // do the normal JSF processing super.facesRender(request, response); } + catch (AuthenticationException authErr) + { + // ticket is no longer valid! + if (logger.isDebugEnabled()) + logger.debug("Invalid ticket, requesting login page."); + + // remove User object as it's now useless + request.getPortletSession().removeAttribute(AuthenticationHelper.AUTHENTICATION_USER); + + // login page redirect + response.setContentType("text/html"); + request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true"); + nonFacesRequest(request, response); + } catch (Throwable e) { if (getErrorPage() != null)