diff --git a/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml b/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml index ce92eb2665..be8320d530 100644 --- a/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml +++ b/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml @@ -24,6 +24,9 @@ + + + @@ -78,6 +81,9 @@ + + + @@ -111,6 +117,9 @@ + + + diff --git a/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml b/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml index ed659b2456..9441c7c448 100644 --- a/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml +++ b/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml @@ -24,6 +24,9 @@ + + + @@ -93,6 +96,9 @@ + + + @@ -129,6 +135,9 @@ + + + diff --git a/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml b/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml index ce92eb2665..d134ee30ae 100644 --- a/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml +++ b/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml @@ -24,6 +24,9 @@ + + + @@ -84,6 +87,9 @@ + + + @@ -111,6 +117,9 @@ + + + diff --git a/config/alfresco/web-client-application-context.xml b/config/alfresco/web-client-application-context.xml index ae51db026d..04fd6f74ab 100644 --- a/config/alfresco/web-client-application-context.xml +++ b/config/alfresco/web-client-application-context.xml @@ -195,6 +195,8 @@ + + @@ -271,6 +273,8 @@ + + @@ -287,6 +291,9 @@ + + + @@ -309,6 +316,8 @@ + + @@ -327,6 +336,9 @@ + + + diff --git a/source/java/org/alfresco/web/app/servlet/BaseDownloadContentServlet.java b/source/java/org/alfresco/web/app/servlet/BaseDownloadContentServlet.java index 6e3a180830..c1df8971e6 100644 --- a/source/java/org/alfresco/web/app/servlet/BaseDownloadContentServlet.java +++ b/source/java/org/alfresco/web/app/servlet/BaseDownloadContentServlet.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * diff --git a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java index aa33478c86..cf8b7a9cc4 100644 --- a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -25,8 +25,10 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.alfresco.repo.SessionUser; +import org.alfresco.repo.web.auth.WebCredentials; import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.web.app.Application; @@ -103,12 +105,27 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override - protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res) + protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res, WebCredentials credentials) { + super.onValidate(sc, req, res, credentials); + // Set the locale using the session AuthenticationHelper.setupThread(sc, req, res, !req.getServletPath().equals("/wcs") && !req.getServletPath().equals("/wcservice")); } + /* (non-Javadoc) + * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession) + */ + @Override + protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials) + throws IOException + { + super.onValidateFailed(sc, req, res, session, credentials); + + // Redirect to the login page if user validation fails + redirectToLoginPage(req, res); + } + /* (non-Javadoc) * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onLoginComplete(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ diff --git a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java index ebd35bea75..475b59d34b 100644 --- a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -25,8 +25,10 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.alfresco.repo.SessionUser; +import org.alfresco.repo.web.auth.WebCredentials; import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.web.app.Application; @@ -97,12 +99,27 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidate(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override - protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res) + protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res, WebCredentials credentials) { + super.onValidate(sc, req, res, credentials); + // Set the locale using the session AuthenticationHelper.setupThread(sc, req, res, !req.getServletPath().equals("/wcs") && !req.getServletPath().equals("/wcservice")); } + /* (non-Javadoc) + * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession) + */ + @Override + protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials) + throws IOException + { + super.onValidateFailed(sc, req, res, session, credentials); + + // Redirect to the login page if user validation fails + redirectToLoginPage(req, res); + } + /* (non-Javadoc) * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onLoginComplete(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ diff --git a/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java index b66586d337..9548e1eae1 100644 --- a/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java +++ b/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -28,6 +28,9 @@ import javax.servlet.http.HttpSession; import org.alfresco.repo.SessionUser; import org.alfresco.repo.security.authentication.AuthenticationException; +import org.alfresco.repo.web.auth.AuthenticationListener; +import org.alfresco.repo.web.auth.BasicAuthCredentials; +import org.alfresco.repo.web.auth.TicketCredentials; import org.alfresco.repo.webdav.auth.SharepointConstants; import org.alfresco.web.bean.repository.User; import org.apache.commons.codec.binary.Base64; @@ -44,6 +47,16 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im private final static String HEADER_AUTHORIZATION = "Authorization"; private final static String BASIC_START = "Basic"; + + private AuthenticationListener authenticationListener; + + /** + * Set the authentication listener + */ + public void setAuthenticationListener(AuthenticationListener authenticationListener) + { + this.authenticationListener = authenticationListener; + } /* * (non-Javadoc) @@ -118,6 +131,8 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im if (logger.isDebugEnabled()) logger.debug("Authenticated user '" + username + "'"); + + authenticationListener.userAuthenticated(new BasicAuthCredentials(username, password)); request.getSession() .setAttribute( @@ -129,7 +144,7 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im } catch (AuthenticationException ex) { - // Do nothing, user object will be null + authenticationListener.authenticationFailed(new BasicAuthCredentials(username, password), ex); } } } @@ -138,10 +153,12 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im try { authenticationService.validate(user.getTicket()); + authenticationListener.userAuthenticated(new TicketCredentials(user.getTicket())); return true; } catch (AuthenticationException ex) { + authenticationListener.authenticationFailed(new TicketCredentials(user.getTicket()), ex); session.invalidate(); } } diff --git a/source/java/org/alfresco/web/sharepoint/auth/kerberos/KerberosAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/kerberos/KerberosAuthenticationHandler.java index e65c820076..fabfe8d3b2 100644 --- a/source/java/org/alfresco/web/sharepoint/auth/kerberos/KerberosAuthenticationHandler.java +++ b/source/java/org/alfresco/web/sharepoint/auth/kerberos/KerberosAuthenticationHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.alfresco.repo.SessionUser; +import org.alfresco.repo.web.auth.WebCredentials; import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter; import org.alfresco.repo.webdav.auth.SharepointConstants; import org.alfresco.service.cmr.repository.NodeRef; @@ -50,6 +51,19 @@ public class KerberosAuthenticationHandler extends BaseKerberosAuthenticationFil setUserAttributeName(SharepointConstants.USER_SESSION_ATTRIBUTE); super.init(); } + + /* (non-Javadoc) + * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession) + */ + @Override + protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials) + throws IOException + { + super.onValidateFailed(sc, req, res, session, credentials); + + // Restart the login challenge process if validation fails + restartLoginChallenge(sc, req, res); + } /* (non-Javadoc) * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) diff --git a/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java index e8d11bf014..d899fcb33f 100644 --- a/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java +++ b/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.alfresco.repo.SessionUser; +import org.alfresco.repo.web.auth.WebCredentials; import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter; import org.alfresco.repo.webdav.auth.SharepointConstants; import org.alfresco.service.cmr.repository.NodeRef; @@ -50,6 +51,19 @@ public class NtlmAuthenticationHandler extends BaseNTLMAuthenticationFilter setUserAttributeName(SharepointConstants.USER_SESSION_ATTRIBUTE); super.init(); } + + /* (non-Javadoc) + * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession) + */ + @Override + protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials) + throws IOException + { + super.onValidateFailed(sc, req, res, session, credentials); + + // Restart the login challenge process if validation fails + restartLoginChallenge(sc, req, res); + } /* (non-Javadoc) * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)