diff --git a/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java b/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java index 5dd802c000..c3afddc45f 100644 --- a/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java +++ b/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java @@ -47,6 +47,21 @@ public class AlfrescoAuthenticator extends SrvAuthenticator setEncryptedPasswords(true); } + /** + * Validate that the authentication component supports the required mode + * + * @return boolean + */ + protected boolean validateAuthenticationMode() + { + // Make sure the authentication component supports MD4 hashed passwords or passthru mode + + if ( m_authComponent.getNTLMMode() != NTLMMode.MD4_PROVIDER && + m_authComponent.getNTLMMode() != NTLMMode.PASS_THROUGH) + return false; + return true; + } + /** * Authenticate a user * diff --git a/source/java/org/alfresco/filesys/server/auth/SrvAuthenticator.java b/source/java/org/alfresco/filesys/server/auth/SrvAuthenticator.java index bcee3d2d56..29283800fc 100644 --- a/source/java/org/alfresco/filesys/server/auth/SrvAuthenticator.java +++ b/source/java/org/alfresco/filesys/server/auth/SrvAuthenticator.java @@ -228,10 +228,6 @@ public abstract class SrvAuthenticator if ( m_authComponent == null) throw new InvalidConfigurationException("Authentication component not available"); - if ( m_authComponent.getNTLMMode() != NTLMMode.MD4_PROVIDER && - m_authComponent.getNTLMMode() != NTLMMode.PASS_THROUGH) - throw new InvalidConfigurationException("Required authentication mode not available"); - // Get hold of various services m_nodeService = config.getNodeService(); @@ -242,8 +238,23 @@ public abstract class SrvAuthenticator // Set the guest user name setGuestUserName( m_authComponent.getGuestUserName()); + + // Check that the authentication component is the required type for this authenticator + + if ( validateAuthenticationMode() == false) + throw new InvalidConfigurationException("Required authentication mode not available"); } + /** + * Validate that the authentication component supports the required mode + * + * @return boolean + */ + protected boolean validateAuthenticationMode() + { + return true; + } + /** * Encrypt the plain text password with the specified encryption key using the specified * encryption algorithm. diff --git a/source/java/org/alfresco/filesys/server/config/ServerConfiguration.java b/source/java/org/alfresco/filesys/server/config/ServerConfiguration.java index af587535e6..63204e6871 100644 --- a/source/java/org/alfresco/filesys/server/config/ServerConfiguration.java +++ b/source/java/org/alfresco/filesys/server/config/ServerConfiguration.java @@ -73,6 +73,7 @@ import org.alfresco.filesys.smb.DialectSelector; import org.alfresco.filesys.smb.ServerType; import org.alfresco.filesys.util.IPAddress; import org.alfresco.repo.security.authentication.AuthenticationComponent; +import org.alfresco.repo.security.authentication.NTLMMode; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.PersonService; @@ -516,7 +517,7 @@ public class ServerConfiguration implements ApplicationListener { // Configuration error - logger.error("CIFS server configuration error, " + ex.getMessage(), ex); + logger.error("File server configuration error, " + ex.getMessage(), ex); // Disable the CIFS server @@ -1531,6 +1532,10 @@ public class ServerConfiguration implements ApplicationListener if (authType == null) throw new AlfrescoRuntimeException("Authenticator type not specified"); + // Get the authentication component type + + NTLMMode ntlmMode = m_authenticationComponent.getNTLMMode(); + // Set the authenticator class to use SrvAuthenticator auth = null; @@ -1538,6 +1543,11 @@ public class ServerConfiguration implements ApplicationListener auth = new LocalAuthenticator(); else if (authType.equalsIgnoreCase("passthru")) { + // Check if the appropriate authentication component type is configured + + if ( ntlmMode != NTLMMode.NONE) + throw new AlfrescoRuntimeException("Wrong authentication setup for passthru authenticator"); + // Load the passthru authenticator dynamically auth = loadAuthenticatorClass("org.alfresco.filesys.server.auth.passthru.PassthruAuthenticator"); @@ -1554,6 +1564,11 @@ public class ServerConfiguration implements ApplicationListener } else if (authType.equalsIgnoreCase("alfresco")) { + // Standard authenticator requires MD4 or passthru based authentication + + if ( ntlmMode == NTLMMode.NONE) + throw new AlfrescoRuntimeException("Wrong authentication setup for alfresco authenticator"); + // Load the Alfresco authenticator dynamically auth = loadAuthenticatorClass("org.alfresco.filesys.server.auth.ntlm.AlfrescoAuthenticator");