mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V3.2 to HEAD
17475: ETHREEOH-3295: Fix to AuthorityMigrationPatch
- Forces transaction retry if worker thread reaches child authority before a parent authority
- Tested on Kev's 3.1.1 repository with ~20,000 bulk loaded users and ~2,000 Share sites
- Now completes in 5 minutes as opposed to 45
17461: ETHREEOH-3268: Added MutableAuthenticationService.isAuthenticationCreationAllowed () to allow conditional display of external user invitation UI
17450: ETHREEOH-2762: Correction to previous fix. Do not generate new name when working copy copied back on check in.
17440: ETHREEOH-3295: Fixed logging in FixNameCrcValuesPatch
17439: ETHREEOH-2762: Improved behaviour when a working copy is copied
- Working copy aspect already removed the working copy aspect on copy
- Now derives a new name from the node checked out from and a UUID, preserving the extension
17438: ETHREEOH-2690: Fix sequencing of jgroups system property setting
- declared dependency between internalEHCacheManager and jgroupsPropertySetter
17436: ETHREEOH-3295: Further performance improvements to AuthorityMigrationPatch
- authority created at same time as all its parent associations to save lots of reindexing, as per LDAP sync
- multi-threaded BatchProcessor (as used by LDAP sync, FixNameCrcValuesPatch) used to process work in 2 threads in batches of 20, report progress every 100 entries and handle transaction retries
- BatchProcessor now promoted to its own package
17394: Fix for license issue in local enterprise builds.
- Replace Community with Enterprise in version.properties during enterprise war building
17365: ETHREEOH-3229: Visited and fixed all SearchService result set leaks
17362: ETHREEOH-3254: Eliminate needless ping to LDAP server in LDAPAuthenticationComponentImpl.implementationAllowsGuestLogin()
17348: ETHREEOH-3003: Fix NPE in Hyperic when LicenseDescriptor has null fields
17316: Merged V3.1 to V3.2
17315: ETHREEOH-3092: PersonService won't let you create duplicate persons anymore.
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
17312: ETHREEOH-3219: Enable resolution of JMX server password file path on JBoss 5
17299: Merged V3.2 to V3.1 (Record only)
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
- thanks Kev!
17292: ETHREEOH-1842: Ticket association with HttpSession IDs tracked so that we don't invalidate a ticket in use by multiple sessions prematurely
- AuthenticationService validate, getCurrentTicket, etc. methods now take optional sessionId arguments
17269: Fix failing unit test
- reinstate original behaviour of AbstractChainingAuthenticationService.getAuthenticationEnabled()
17268: Fix InvitationService
- Runs as system to do privileged AuthenticationService actions
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18105 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -93,7 +93,7 @@ public final class AuthenticationHelper
|
||||
private static final String PERSON_SERVICE = "personService";
|
||||
|
||||
/** cookie names */
|
||||
private static final String COOKIE_ALFUSER = "alfUser";
|
||||
private static final String COOKIE_ALFUSER = "alfUser0";
|
||||
|
||||
private static Log logger = LogFactory.getLog(AuthenticationHelper.class);
|
||||
|
||||
@@ -209,7 +209,7 @@ public final class AuthenticationHelper
|
||||
auth.authenticateAsGuest();
|
||||
|
||||
// if we get here then Guest access was allowed and successful
|
||||
setUser(sc, req, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(), false);
|
||||
setUser(sc, req, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(session.getId()), false);
|
||||
|
||||
// Set up the thread context
|
||||
setupThread(sc, req, res);
|
||||
@@ -228,7 +228,8 @@ public final class AuthenticationHelper
|
||||
{
|
||||
// Guest is unable to access either properties on Person
|
||||
AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
|
||||
String sessionId = session.getId();
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
|
||||
unprotAuthService.clearCurrentSecurityContext();
|
||||
logger.warn("Unable to login as Guest: " + accessError.getMessage());
|
||||
}
|
||||
@@ -236,7 +237,8 @@ public final class AuthenticationHelper
|
||||
{
|
||||
// Some other kind of serious failure to report
|
||||
AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
|
||||
String sessionId = session.getId();
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
|
||||
unprotAuthService.clearCurrentSecurityContext();
|
||||
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
|
||||
}
|
||||
@@ -277,7 +279,7 @@ public final class AuthenticationHelper
|
||||
HttpSession session = httpRequest.getSession();
|
||||
try
|
||||
{
|
||||
auth.validate(ticket);
|
||||
auth.validate(ticket, session.getId());
|
||||
|
||||
// We may have previously been authenticated via WebDAV so we may need to 'promote' the user object
|
||||
SessionUser user = (SessionUser)session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
|
||||
@@ -295,7 +297,8 @@ public final class AuthenticationHelper
|
||||
{
|
||||
// Some other kind of serious failure
|
||||
AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
|
||||
String sessionId = session.getId();
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
|
||||
unprotAuthService.clearCurrentSecurityContext();
|
||||
return AuthenticationStatus.Failure;
|
||||
}
|
||||
@@ -403,7 +406,7 @@ public final class AuthenticationHelper
|
||||
{
|
||||
auth.authenticateAsGuest();
|
||||
|
||||
User user = createUser(ctx, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket());
|
||||
User user = createUser(ctx, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(session.getId()));
|
||||
|
||||
// store the User object in the Session - the authentication servlet will then proceed
|
||||
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
|
||||
@@ -425,7 +428,8 @@ public final class AuthenticationHelper
|
||||
{
|
||||
// Guest is unable to access either properties on Person
|
||||
AuthenticationService unprotAuthService = (AuthenticationService)ctx.getBean(UNPROTECTED_AUTH_SERVICE);
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
|
||||
String sessionId = session.getId();
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
|
||||
unprotAuthService.clearCurrentSecurityContext();
|
||||
logger.warn("Unable to login as Guest: " + accessError.getMessage());
|
||||
}
|
||||
@@ -433,7 +437,8 @@ public final class AuthenticationHelper
|
||||
{
|
||||
// Some other kind of serious failure to report
|
||||
AuthenticationService unprotAuthService = (AuthenticationService)ctx.getBean(UNPROTECTED_AUTH_SERVICE);
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
|
||||
String sessionId = session.getId();
|
||||
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
|
||||
unprotAuthService.clearCurrentSecurityContext();
|
||||
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
|
||||
}
|
||||
@@ -499,7 +504,7 @@ public final class AuthenticationHelper
|
||||
AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
|
||||
try
|
||||
{
|
||||
auth.validate(sessionUser.getTicket());
|
||||
auth.validate(sessionUser.getTicket(), session.getId());
|
||||
if (sessionUser instanceof User)
|
||||
{
|
||||
user = (User)sessionUser;
|
||||
@@ -541,7 +546,8 @@ public final class AuthenticationHelper
|
||||
.getBean(AUTHENTICATION_COMPONENT);
|
||||
authenticationComponent.setCurrentUser(userId);
|
||||
AuthenticationService authenticationService = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
|
||||
user = setUser(sc, httpRequest, userId, authenticationService.getCurrentTicket(), true);
|
||||
session = httpRequest.getSession();
|
||||
user = setUser(sc, httpRequest, userId, authenticationService.getCurrentTicket(session.getId()), true);
|
||||
}
|
||||
}
|
||||
return user;
|
||||
@@ -606,4 +612,28 @@ public final class AuthenticationHelper
|
||||
}
|
||||
return authCookie;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the decoded auth cookie value.
|
||||
*
|
||||
* @param authCookie
|
||||
* the auth cookie
|
||||
* @return the auth cookie value
|
||||
*/
|
||||
public static String getAuthCookieValue(Cookie authCookie)
|
||||
{
|
||||
String authCookieValue = authCookie.getValue();
|
||||
if (authCookieValue == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
try
|
||||
{
|
||||
return new String(Base64.decode(authCookieValue), "UTF-8");
|
||||
}
|
||||
catch (UnsupportedEncodingException e)
|
||||
{
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user