mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)
80925: Merged EOL (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud) 80870: ACE-2091 EOL Explorer. - Move of WebClient configuration, message bundles and extension points to Thor private module - Added handling to SSO endpoints to handle optional WebClient config service - Tested: Enterprise build, Cloud build, build unit tests, NTLM SSO/Cookie SSO path git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@83133 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
@@ -46,10 +46,11 @@ import org.springframework.context.ApplicationEvent;
|
||||
* <p>
|
||||
* Note that this filter is only active when the system is running in a servlet container -
|
||||
* the AlfrescoFacesPortlet will be used for a JSR-168 Portal environment.
|
||||
*
|
||||
* @deprecated 5.0 not exposed in web-client web.xml
|
||||
*/
|
||||
public class AuthenticationFilter extends AbstractLifecycleBean implements DependencyInjectedFilter
|
||||
{
|
||||
|
||||
private String loginPage;
|
||||
private ConfigService configService;
|
||||
|
||||
|
@@ -109,11 +109,17 @@ public final class AuthenticationHelper
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("Setting up the request thread.");
|
||||
// setup faces context
|
||||
FacesContext fc = Application.inPortalServer() ? AlfrescoFacesPortlet.getFacesContext(req) : FacesHelper
|
||||
.getFacesContext(req, res, sc);
|
||||
FacesContext fc = Application.inPortalServer() ? AlfrescoFacesPortlet.getFacesContext(req) : FacesHelper.getFacesContext(req, res, sc);
|
||||
|
||||
// Set the current locale and language (overriding the one already decoded from the Accept-Language header
|
||||
I18NUtil.setLocale(Application.getLanguage(req.getSession(), Application.getClientConfig(fc).isLanguageSelect() && useInterfaceLanguage));
|
||||
if (WebApplicationContextUtils.getRequiredWebApplicationContext(sc).containsBean(Application.BEAN_CONFIG_SERVICE))
|
||||
{
|
||||
I18NUtil.setLocale(Application.getLanguage(req.getSession(), Application.getClientConfig(fc).isLanguageSelect() && useInterfaceLanguage));
|
||||
}
|
||||
else
|
||||
{
|
||||
Application.getLanguage(req.getSession(), false);
|
||||
}
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("The general locale is : " + I18NUtil.getLocale());
|
||||
|
||||
|
@@ -237,52 +237,56 @@ public abstract class BaseServlet extends HttpServlet
|
||||
public static void redirectToLoginPage(HttpServletRequest req, HttpServletResponse res, ServletContext sc, boolean sendRedirect)
|
||||
throws IOException
|
||||
{
|
||||
// authentication failed - so end servlet execution and redirect to login page
|
||||
StringBuilder redirectURL = new StringBuilder(1024).append(req.getContextPath()).append(FACES_SERVLET).append(
|
||||
Application.getLoginPage(sc));
|
||||
|
||||
// Pass the full requested URL as a parameter so the login page knows where to redirect to later
|
||||
String uri = req.getRequestURI();
|
||||
|
||||
// if we find a JSF servlet reference in the URI then we need to check if the rest of the
|
||||
// JSP specified is valid for a redirect operation after Login has occured.
|
||||
int jspIndex;
|
||||
if (uri.indexOf(req.getContextPath() + FACES_SERVLET) == -1
|
||||
|| uri.length() > (jspIndex = uri.indexOf(BaseServlet.FACES_SERVLET) + BaseServlet.FACES_SERVLET.length())
|
||||
&& BaseServlet.validRedirectJSP(uri.substring(jspIndex)))
|
||||
{
|
||||
if (redirectURL.indexOf("?") == -1)
|
||||
{
|
||||
redirectURL.append('?');
|
||||
}
|
||||
else
|
||||
{
|
||||
redirectURL.append('&');
|
||||
}
|
||||
redirectURL.append(LoginOutcomeBean.PARAM_REDIRECT_URL);
|
||||
redirectURL.append('=');
|
||||
String url = uri;
|
||||
|
||||
// Append the query string if necessary
|
||||
String queryString = req.getQueryString();
|
||||
if (queryString != null)
|
||||
{
|
||||
// Strip out leading ticket arguments
|
||||
queryString = queryString.replaceAll("(?<=^|&)" + ARG_TICKET + "(=[^&=]*)?&", "");
|
||||
// Strip out trailing ticket arguments
|
||||
queryString = queryString.replaceAll("(^|&)" + ARG_TICKET + "(=[^&=]*)?(?=&|$)", "");
|
||||
if (queryString.length() != 0)
|
||||
{
|
||||
url += "?" + queryString;
|
||||
}
|
||||
}
|
||||
redirectURL.append(URLEncoder.encode(url, "UTF-8"));
|
||||
}
|
||||
final String uri = req.getRequestURI();
|
||||
String redirectURL = uri;
|
||||
|
||||
// authentication failed - so end servlet execution and redirect to login page
|
||||
if (WebApplicationContextUtils.getRequiredWebApplicationContext(sc).containsBean(Application.BEAN_CONFIG_SERVICE))
|
||||
{
|
||||
StringBuilder redirect = new StringBuilder(128)
|
||||
.append(req.getContextPath()).append(FACES_SERVLET).append(Application.getLoginPage(sc));
|
||||
|
||||
// if we find a JSF servlet reference in the URI then we need to check if the rest of the
|
||||
// JSP specified is valid for a redirect operation after Login has occured.
|
||||
int jspIndex;
|
||||
if (uri.indexOf(req.getContextPath() + FACES_SERVLET) == -1
|
||||
|| uri.length() > (jspIndex = uri.indexOf(BaseServlet.FACES_SERVLET) + BaseServlet.FACES_SERVLET.length())
|
||||
&& BaseServlet.validRedirectJSP(uri.substring(jspIndex)))
|
||||
{
|
||||
if (redirect.indexOf("?") == -1)
|
||||
{
|
||||
redirect.append('?');
|
||||
}
|
||||
else
|
||||
{
|
||||
redirect.append('&');
|
||||
}
|
||||
redirect.append(LoginOutcomeBean.PARAM_REDIRECT_URL);
|
||||
redirect.append('=');
|
||||
String url = uri;
|
||||
|
||||
// Append the query string if necessary
|
||||
String queryString = req.getQueryString();
|
||||
if (queryString != null)
|
||||
{
|
||||
// Strip out leading ticket arguments
|
||||
queryString = queryString.replaceAll("(?<=^|&)" + ARG_TICKET + "(=[^&=]*)?&", "");
|
||||
// Strip out trailing ticket arguments
|
||||
queryString = queryString.replaceAll("(^|&)" + ARG_TICKET + "(=[^&=]*)?(?=&|$)", "");
|
||||
if (queryString.length() != 0)
|
||||
{
|
||||
url += "?" + queryString;
|
||||
}
|
||||
}
|
||||
redirect.append(URLEncoder.encode(url, "UTF-8"));
|
||||
}
|
||||
redirectURL = redirect.toString();
|
||||
}
|
||||
// If external authentication isn't in use (e.g. proxied share authentication), it's safe to return a redirect to the client
|
||||
if (sendRedirect)
|
||||
{
|
||||
res.sendRedirect(redirectURL.toString());
|
||||
res.sendRedirect(redirectURL);
|
||||
}
|
||||
// Otherwise, we must signal to the client with an unauthorized status code and rely on a browser refresh to do
|
||||
// the redirect for failover login (as we do with NTLM, Kerberos)
|
||||
@@ -290,7 +294,7 @@ public abstract class BaseServlet extends HttpServlet
|
||||
{
|
||||
res.setContentType("text/html; charset=UTF-8");
|
||||
res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
|
||||
|
||||
final PrintWriter out = res.getWriter();
|
||||
out.println("<html><head>");
|
||||
out.println("<meta http-equiv=\"Refresh\" content=\"0; url=" + redirectURL + "\">");
|
||||
|
@@ -20,7 +20,6 @@ package org.alfresco.web.app.servlet;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.faces.context.FacesContext;
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -31,14 +30,9 @@ import org.alfresco.repo.SessionUser;
|
||||
import org.alfresco.repo.web.auth.WebCredentials;
|
||||
import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.web.app.Application;
|
||||
import org.alfresco.web.bean.NavigationBean;
|
||||
import org.alfresco.web.bean.repository.PreferencesService;
|
||||
import org.alfresco.web.bean.repository.User;
|
||||
import org.alfresco.web.config.ClientConfigElement;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.extensions.config.ConfigService;
|
||||
|
||||
/**
|
||||
* Kerberos Authentication Filter Class
|
||||
@@ -51,17 +45,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
|
||||
|
||||
private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);
|
||||
|
||||
// Various services required by Kerberos authenticator
|
||||
private ConfigService m_configService;
|
||||
|
||||
/**
|
||||
* @param configService the configService to set
|
||||
*/
|
||||
public void setConfigService(ConfigService configService)
|
||||
{
|
||||
m_configService = configService;
|
||||
}
|
||||
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter#init()
|
||||
@@ -72,14 +55,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
|
||||
// Call the base Kerberos filter initialization
|
||||
super.init();
|
||||
|
||||
ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement(
|
||||
ClientConfigElement.CONFIG_ELEMENT_ID);
|
||||
|
||||
if (clientConfig != null)
|
||||
{
|
||||
setLoginPage(clientConfig.getLoginPage());
|
||||
}
|
||||
|
||||
// Use the web client user attribute name
|
||||
setUserAttributeName(AuthenticationHelper.AUTHENTICATION_USER);
|
||||
}
|
||||
@@ -92,9 +67,8 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
|
||||
protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef)
|
||||
{
|
||||
// Create a web client user object
|
||||
|
||||
User user = new User( userName, ticket, personNode);
|
||||
user.setHomeSpaceId( homeSpaceRef.getId());
|
||||
User user = new User(userName, ticket, personNode);
|
||||
user.setHomeSpaceId(homeSpaceRef.getId());
|
||||
|
||||
return user;
|
||||
}
|
||||
@@ -133,48 +107,8 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
|
||||
protected boolean onLoginComplete(ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean userInit)
|
||||
throws IOException
|
||||
{
|
||||
// If the original URL requested was the login page then redirect to the browse view
|
||||
String requestURI = req.getRequestURI();
|
||||
if (requestURI.startsWith(req.getContextPath() + BaseServlet.FACES_SERVLET) && (userInit || requestURI.endsWith(getLoginPage())))
|
||||
{
|
||||
if (logger.isDebugEnabled() && requestURI.endsWith(getLoginPage()))
|
||||
logger.debug("Login page requested - redirecting to initially configured page");
|
||||
if (logger.isDebugEnabled() && userInit)
|
||||
logger.debug("Session reinitialised - redirecting to initially configured page");
|
||||
|
||||
FacesContext fc = FacesHelper.getFacesContext(req, res, sc);
|
||||
ConfigService configService = Application.getConfigService(fc);
|
||||
ClientConfigElement configElement = (ClientConfigElement)configService.getGlobalConfig().getConfigElement("client");
|
||||
String location = configElement.getInitialLocation();
|
||||
|
||||
String preference = (String)PreferencesService.getPreferences(fc).getValue("start-location");
|
||||
if (preference != null)
|
||||
{
|
||||
location = preference;
|
||||
}
|
||||
|
||||
if (NavigationBean.LOCATION_MYALFRESCO.equals(location))
|
||||
{
|
||||
// Clear previous location - Fixes the issue ADB-61
|
||||
NavigationBean navigationBean = (NavigationBean)FacesHelper.getManagedBean(fc, "NavigationBean");
|
||||
if (navigationBean != null)
|
||||
{
|
||||
navigationBean.setLocation(null);
|
||||
navigationBean.setToolbarLocation(null);
|
||||
}
|
||||
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + "/jsp/dashboards/container.jsp");
|
||||
}
|
||||
else
|
||||
{
|
||||
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + FacesHelper.BROWSE_VIEW_ID);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
@@ -187,7 +121,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
|
||||
BaseServlet.redirectToLoginPage(req, resp, context, false);
|
||||
}
|
||||
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#getLogger()
|
||||
*/
|
||||
|
@@ -20,7 +20,6 @@ package org.alfresco.web.app.servlet;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.faces.context.FacesContext;
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -31,14 +30,9 @@ import org.alfresco.repo.SessionUser;
|
||||
import org.alfresco.repo.web.auth.WebCredentials;
|
||||
import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.web.app.Application;
|
||||
import org.alfresco.web.bean.NavigationBean;
|
||||
import org.alfresco.web.bean.repository.PreferencesService;
|
||||
import org.alfresco.web.bean.repository.User;
|
||||
import org.alfresco.web.config.ClientConfigElement;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.extensions.config.ConfigService;
|
||||
|
||||
/**
|
||||
* Web-client NTLM Authentication Filter Class
|
||||
@@ -49,16 +43,6 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
|
||||
{
|
||||
// Debug logging
|
||||
private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class);
|
||||
|
||||
protected ConfigService m_configService;
|
||||
|
||||
/**
|
||||
* @param configService the configService to set
|
||||
*/
|
||||
public void setConfigService(ConfigService configService)
|
||||
{
|
||||
m_configService = configService;
|
||||
}
|
||||
|
||||
|
||||
/* (non-Javadoc)
|
||||
@@ -69,13 +53,6 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
|
||||
{
|
||||
// Call the base NTLM filter initialization
|
||||
super.init();
|
||||
|
||||
ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement(
|
||||
ClientConfigElement.CONFIG_ELEMENT_ID);
|
||||
if (clientConfig != null)
|
||||
{
|
||||
setLoginPage(clientConfig.getLoginPage());
|
||||
}
|
||||
|
||||
// Use the web client user attribute name
|
||||
setUserAttributeName(AuthenticationHelper.AUTHENTICATION_USER);
|
||||
@@ -127,48 +104,8 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
|
||||
protected boolean onLoginComplete(ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean userInit)
|
||||
throws IOException
|
||||
{
|
||||
// If the original URL requested was the login page then redirect to the browse view
|
||||
String requestURI = req.getRequestURI();
|
||||
if (requestURI.startsWith(req.getContextPath() + BaseServlet.FACES_SERVLET) && (userInit || requestURI.endsWith(getLoginPage())))
|
||||
{
|
||||
if (logger.isDebugEnabled() && requestURI.endsWith(getLoginPage()))
|
||||
logger.debug("Login page requested - redirecting to initially configured page");
|
||||
if (logger.isDebugEnabled() && userInit)
|
||||
logger.debug("Session reinitialised - redirecting to initially configured page");
|
||||
|
||||
FacesContext fc = FacesHelper.getFacesContext(req, res, sc);
|
||||
ConfigService configService = Application.getConfigService(fc);
|
||||
ClientConfigElement configElement = (ClientConfigElement)configService.getGlobalConfig().getConfigElement("client");
|
||||
String location = configElement.getInitialLocation();
|
||||
|
||||
String preference = (String)PreferencesService.getPreferences(fc).getValue("start-location");
|
||||
if (preference != null)
|
||||
{
|
||||
location = preference;
|
||||
}
|
||||
|
||||
if (NavigationBean.LOCATION_MYALFRESCO.equals(location))
|
||||
{
|
||||
// Clear previous location - Fixes the issue ADB-61
|
||||
NavigationBean navigationBean = (NavigationBean)FacesHelper.getManagedBean(fc, "NavigationBean");
|
||||
if (navigationBean != null)
|
||||
{
|
||||
navigationBean.setLocation(null);
|
||||
navigationBean.setToolbarLocation(null);
|
||||
}
|
||||
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + "/jsp/dashboards/container.jsp");
|
||||
}
|
||||
else
|
||||
{
|
||||
res.sendRedirect(req.getContextPath() + BaseServlet.FACES_SERVLET + FacesHelper.BROWSE_VIEW_ID);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
|
@@ -34,7 +34,6 @@ import javax.servlet.jsp.tagext.TagSupport;
|
||||
import org.alfresco.web.app.Application;
|
||||
import org.alfresco.web.app.servlet.FacesHelper;
|
||||
import org.alfresco.web.bean.coci.CCProperties;
|
||||
import org.alfresco.web.config.ClientConfigElement;
|
||||
import org.alfresco.web.ui.common.Utils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
@@ -259,14 +258,6 @@ public class PageTag extends TagSupport
|
||||
|
||||
out.write("<script type=\"text/javascript\">"); // start - generate naked javascript code
|
||||
|
||||
// get client config to determine how the JavaScript setContextPath should behave
|
||||
ClientConfigElement clientConfig = Application.getClientConfig(pageContext.getServletContext());
|
||||
|
||||
// set the context path used by some Alfresco script objects
|
||||
if (clientConfig != null && clientConfig.getCheckContextAgainstPath())
|
||||
{
|
||||
out.write("setCheckContextAgainstPath(true);");
|
||||
}
|
||||
out.write("setContextPath('");
|
||||
out.write(reqPath);
|
||||
out.write("');");
|
||||
|
Reference in New Issue
Block a user