Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

80925: Merged EOL (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud)
      80870: ACE-2091 EOL Explorer.
       - Move of WebClient configuration, message bundles and extension points to Thor private module
       - Added handling to SSO endpoints to handle optional WebClient config service
       - Tested: Enterprise build, Cloud build, build unit tests, NTLM SSO/Cookie SSO path


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@83133 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Erik Winlof
2014-09-04 05:54:57 +00:00
parent 90c223c2c3
commit 6722639949
239 changed files with 73 additions and 47626 deletions

View File

@@ -46,10 +46,11 @@ import org.springframework.context.ApplicationEvent;
* <p>
* Note that this filter is only active when the system is running in a servlet container -
* the AlfrescoFacesPortlet will be used for a JSR-168 Portal environment.
*
* @deprecated 5.0 not exposed in web-client web.xml
*/
public class AuthenticationFilter extends AbstractLifecycleBean implements DependencyInjectedFilter
{
private String loginPage;
private ConfigService configService;

View File

@@ -109,11 +109,17 @@ public final class AuthenticationHelper
if (logger.isDebugEnabled())
logger.debug("Setting up the request thread.");
// setup faces context
FacesContext fc = Application.inPortalServer() ? AlfrescoFacesPortlet.getFacesContext(req) : FacesHelper
.getFacesContext(req, res, sc);
FacesContext fc = Application.inPortalServer() ? AlfrescoFacesPortlet.getFacesContext(req) : FacesHelper.getFacesContext(req, res, sc);
// Set the current locale and language (overriding the one already decoded from the Accept-Language header
I18NUtil.setLocale(Application.getLanguage(req.getSession(), Application.getClientConfig(fc).isLanguageSelect() && useInterfaceLanguage));
if (WebApplicationContextUtils.getRequiredWebApplicationContext(sc).containsBean(Application.BEAN_CONFIG_SERVICE))
{
I18NUtil.setLocale(Application.getLanguage(req.getSession(), Application.getClientConfig(fc).isLanguageSelect() && useInterfaceLanguage));
}
else
{
Application.getLanguage(req.getSession(), false);
}
if (logger.isDebugEnabled())
logger.debug("The general locale is : " + I18NUtil.getLocale());

View File

@@ -237,52 +237,56 @@ public abstract class BaseServlet extends HttpServlet
public static void redirectToLoginPage(HttpServletRequest req, HttpServletResponse res, ServletContext sc, boolean sendRedirect)
throws IOException
{
// authentication failed - so end servlet execution and redirect to login page
StringBuilder redirectURL = new StringBuilder(1024).append(req.getContextPath()).append(FACES_SERVLET).append(
Application.getLoginPage(sc));
// Pass the full requested URL as a parameter so the login page knows where to redirect to later
String uri = req.getRequestURI();
// if we find a JSF servlet reference in the URI then we need to check if the rest of the
// JSP specified is valid for a redirect operation after Login has occured.
int jspIndex;
if (uri.indexOf(req.getContextPath() + FACES_SERVLET) == -1
|| uri.length() > (jspIndex = uri.indexOf(BaseServlet.FACES_SERVLET) + BaseServlet.FACES_SERVLET.length())
&& BaseServlet.validRedirectJSP(uri.substring(jspIndex)))
{
if (redirectURL.indexOf("?") == -1)
{
redirectURL.append('?');
}
else
{
redirectURL.append('&');
}
redirectURL.append(LoginOutcomeBean.PARAM_REDIRECT_URL);
redirectURL.append('=');
String url = uri;
// Append the query string if necessary
String queryString = req.getQueryString();
if (queryString != null)
{
// Strip out leading ticket arguments
queryString = queryString.replaceAll("(?<=^|&)" + ARG_TICKET + "(=[^&=]*)?&", "");
// Strip out trailing ticket arguments
queryString = queryString.replaceAll("(^|&)" + ARG_TICKET + "(=[^&=]*)?(?=&|$)", "");
if (queryString.length() != 0)
{
url += "?" + queryString;
}
}
redirectURL.append(URLEncoder.encode(url, "UTF-8"));
}
final String uri = req.getRequestURI();
String redirectURL = uri;
// authentication failed - so end servlet execution and redirect to login page
if (WebApplicationContextUtils.getRequiredWebApplicationContext(sc).containsBean(Application.BEAN_CONFIG_SERVICE))
{
StringBuilder redirect = new StringBuilder(128)
.append(req.getContextPath()).append(FACES_SERVLET).append(Application.getLoginPage(sc));
// if we find a JSF servlet reference in the URI then we need to check if the rest of the
// JSP specified is valid for a redirect operation after Login has occured.
int jspIndex;
if (uri.indexOf(req.getContextPath() + FACES_SERVLET) == -1
|| uri.length() > (jspIndex = uri.indexOf(BaseServlet.FACES_SERVLET) + BaseServlet.FACES_SERVLET.length())
&& BaseServlet.validRedirectJSP(uri.substring(jspIndex)))
{
if (redirect.indexOf("?") == -1)
{
redirect.append('?');
}
else
{
redirect.append('&');
}
redirect.append(LoginOutcomeBean.PARAM_REDIRECT_URL);
redirect.append('=');
String url = uri;
// Append the query string if necessary
String queryString = req.getQueryString();
if (queryString != null)
{
// Strip out leading ticket arguments
queryString = queryString.replaceAll("(?<=^|&)" + ARG_TICKET + "(=[^&=]*)?&", "");
// Strip out trailing ticket arguments
queryString = queryString.replaceAll("(^|&)" + ARG_TICKET + "(=[^&=]*)?(?=&|$)", "");
if (queryString.length() != 0)
{
url += "?" + queryString;
}
}
redirect.append(URLEncoder.encode(url, "UTF-8"));
}
redirectURL = redirect.toString();
}
// If external authentication isn't in use (e.g. proxied share authentication), it's safe to return a redirect to the client
if (sendRedirect)
{
res.sendRedirect(redirectURL.toString());
res.sendRedirect(redirectURL);
}
// Otherwise, we must signal to the client with an unauthorized status code and rely on a browser refresh to do
// the redirect for failover login (as we do with NTLM, Kerberos)
@@ -290,7 +294,7 @@ public abstract class BaseServlet extends HttpServlet
{
res.setContentType("text/html; charset=UTF-8");
res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final PrintWriter out = res.getWriter();
out.println("<html><head>");
out.println("<meta http-equiv=\"Refresh\" content=\"0; url=" + redirectURL + "\">");

View File

@@ -20,7 +20,6 @@ package org.alfresco.web.app.servlet;
import java.io.IOException;
import javax.faces.context.FacesContext;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -31,14 +30,9 @@ import org.alfresco.repo.SessionUser;
import org.alfresco.repo.web.auth.WebCredentials;
import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.web.app.Application;
import org.alfresco.web.bean.NavigationBean;
import org.alfresco.web.bean.repository.PreferencesService;
import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.ClientConfigElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.config.ConfigService;
/**
* Kerberos Authentication Filter Class
@@ -51,17 +45,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);
// Various services required by Kerberos authenticator
private ConfigService m_configService;
/**
* @param configService the configService to set
*/
public void setConfigService(ConfigService configService)
{
m_configService = configService;
}
/* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter#init()
@@ -72,14 +55,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
// Call the base Kerberos filter initialization
super.init();
ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement(
ClientConfigElement.CONFIG_ELEMENT_ID);
if (clientConfig != null)
{
setLoginPage(clientConfig.getLoginPage());
}
// Use the web client user attribute name
setUserAttributeName(AuthenticationHelper.AUTHENTICATION_USER);
}
@@ -92,9 +67,8 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef)
{
// Create a web client user object
User user = new User( userName, ticket, personNode);
user.setHomeSpaceId( homeSpaceRef.getId());
User user = new User(userName, ticket, personNode);
user.setHomeSpaceId(homeSpaceRef.getId());
return user;
}
@@ -133,48 +107,8 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
protected boolean onLoginComplete(ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean userInit)
throws IOException
{
// If the original URL requested was the login page then redirect to the browse view
String requestURI = req.getRequestURI();
if (requestURI.startsWith(req.getContextPath() + BaseServlet.FACES_SERVLET) && (userInit || requestURI.endsWith(getLoginPage())))
{
if (logger.isDebugEnabled() && requestURI.endsWith(getLoginPage()))
logger.debug("Login page requested - redirecting to initially configured page");
if (logger.isDebugEnabled() && userInit)
logger.debug("Session reinitialised - redirecting to initially configured page");
FacesContext fc = FacesHelper.getFacesContext(req, res, sc);
ConfigService configService = Application.getConfigService(fc);
ClientConfigElement configElement = (ClientConfigElement)configService.getGlobalConfig().getConfigElement("client");
String location = configElement.getInitialLocation();
String preference = (String)PreferencesService.getPreferences(fc).getValue("start-location");
if (preference != null)
{
location = preference;
}
if (NavigationBean.LOCATION_MYALFRESCO.equals(location))
{
// Clear previous location - Fixes the issue ADB-61
NavigationBean navigationBean = (NavigationBean)FacesHelper.getManagedBean(fc, "NavigationBean");
if (navigationBean != null)
{
navigationBean.setLocation(null);
navigationBean.setToolbarLocation(null);
}
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + "/jsp/dashboards/container.jsp");
}
else
{
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + FacesHelper.BROWSE_VIEW_ID);
}
return false;
}
else
{
return true;
}
return true;
}
/* (non-Javadoc)
@@ -187,7 +121,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
BaseServlet.redirectToLoginPage(req, resp, context, false);
}
/* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#getLogger()
*/

View File

@@ -20,7 +20,6 @@ package org.alfresco.web.app.servlet;
import java.io.IOException;
import javax.faces.context.FacesContext;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -31,14 +30,9 @@ import org.alfresco.repo.SessionUser;
import org.alfresco.repo.web.auth.WebCredentials;
import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.web.app.Application;
import org.alfresco.web.bean.NavigationBean;
import org.alfresco.web.bean.repository.PreferencesService;
import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.ClientConfigElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.config.ConfigService;
/**
* Web-client NTLM Authentication Filter Class
@@ -49,16 +43,6 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
{
// Debug logging
private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class);
protected ConfigService m_configService;
/**
* @param configService the configService to set
*/
public void setConfigService(ConfigService configService)
{
m_configService = configService;
}
/* (non-Javadoc)
@@ -69,13 +53,6 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
{
// Call the base NTLM filter initialization
super.init();
ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement(
ClientConfigElement.CONFIG_ELEMENT_ID);
if (clientConfig != null)
{
setLoginPage(clientConfig.getLoginPage());
}
// Use the web client user attribute name
setUserAttributeName(AuthenticationHelper.AUTHENTICATION_USER);
@@ -127,48 +104,8 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
protected boolean onLoginComplete(ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean userInit)
throws IOException
{
// If the original URL requested was the login page then redirect to the browse view
String requestURI = req.getRequestURI();
if (requestURI.startsWith(req.getContextPath() + BaseServlet.FACES_SERVLET) && (userInit || requestURI.endsWith(getLoginPage())))
{
if (logger.isDebugEnabled() && requestURI.endsWith(getLoginPage()))
logger.debug("Login page requested - redirecting to initially configured page");
if (logger.isDebugEnabled() && userInit)
logger.debug("Session reinitialised - redirecting to initially configured page");
FacesContext fc = FacesHelper.getFacesContext(req, res, sc);
ConfigService configService = Application.getConfigService(fc);
ClientConfigElement configElement = (ClientConfigElement)configService.getGlobalConfig().getConfigElement("client");
String location = configElement.getInitialLocation();
String preference = (String)PreferencesService.getPreferences(fc).getValue("start-location");
if (preference != null)
{
location = preference;
}
if (NavigationBean.LOCATION_MYALFRESCO.equals(location))
{
// Clear previous location - Fixes the issue ADB-61
NavigationBean navigationBean = (NavigationBean)FacesHelper.getManagedBean(fc, "NavigationBean");
if (navigationBean != null)
{
navigationBean.setLocation(null);
navigationBean.setToolbarLocation(null);
}
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + "/jsp/dashboards/container.jsp");
}
else
{
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + FacesHelper.BROWSE_VIEW_ID);
}
return false;
}
else
{
return true;
}
return true;
}
/* (non-Javadoc)

View File

@@ -34,7 +34,6 @@ import javax.servlet.jsp.tagext.TagSupport;
import org.alfresco.web.app.Application;
import org.alfresco.web.app.servlet.FacesHelper;
import org.alfresco.web.bean.coci.CCProperties;
import org.alfresco.web.config.ClientConfigElement;
import org.alfresco.web.ui.common.Utils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -259,14 +258,6 @@ public class PageTag extends TagSupport
out.write("<script type=\"text/javascript\">"); // start - generate naked javascript code
// get client config to determine how the JavaScript setContextPath should behave
ClientConfigElement clientConfig = Application.getClientConfig(pageContext.getServletContext());
// set the context path used by some Alfresco script objects
if (clientConfig != null && clientConfig.getCheckContextAgainstPath())
{
out.write("setCheckContextAgainstPath(true);");
}
out.write("setContextPath('");
out.write(reqPath);
out.write("');");