From 7aff26a0214e0f6233f5525522a37bd9e04411a4 Mon Sep 17 00:00:00 2001
From: Jan Vonka <jan.vonka@alfresco.com>
Date: Fri, 15 Jul 2011 16:33:21 +0000
Subject: [PATCH] ALF-9403: MT - cannot access via Alfresco Explorer (or Share)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@29088 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../AuthenticationComponentImpl.java          | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java
index bbf85b5fcc..763c386b67 100644
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java
@@ -26,6 +26,7 @@ import java.util.Set;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.AuthenticationManager;
 import net.sf.acegisecurity.UserDetails;
+import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.alfresco.error.AlfrescoRuntimeException;
@@ -119,9 +120,32 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
     @Override
     protected UserDetails getUserDetails(String userName)
     {
-        return this.authenticationDao.loadUserByUsername(userName);
+        if (AuthenticationUtil.isMtEnabled())
+        {
+            // ALF-9403 - "manual" runAs to avoid clearing ticket, eg. when called via "validate" (->setCurrentUser->CheckCurrentUser)
+            Authentication originalFullAuthentication = AuthenticationUtil.getFullAuthentication();
+            try
+            {
+                if (originalFullAuthentication == null)
+                {
+                    AuthenticationUtil.setFullyAuthenticatedUser(getSystemUserName(getUserDomain(userName)));
+                }
+                return authenticationDao.loadUserByUsername(userName);
+            }
+            finally
+            {
+                if (originalFullAuthentication == null)
+                {
+                    ContextHolder.setContext(null); // note: does not clear ticket (unlike AuthenticationUtil.clearCurrentSecurityContext())
+                }
+            }
+        }
+        else
+        {
+            return authenticationDao.loadUserByUsername(userName);
+        }
     }
-
+    
     /**
      * Get the password hash from the DAO
      */