diff --git a/source/java/org/alfresco/repo/web/scripts/TestWebScriptRepoServer.java b/source/java/org/alfresco/repo/web/scripts/TestWebScriptRepoServer.java index 44523d42ba..0c0063f662 100644 --- a/source/java/org/alfresco/repo/web/scripts/TestWebScriptRepoServer.java +++ b/source/java/org/alfresco/repo/web/scripts/TestWebScriptRepoServer.java @@ -196,7 +196,7 @@ public class TestWebScriptRepoServer extends TestWebScriptServer { public Object execute() throws Exception { - authenticationService.validate(username); + authenticationService.validate(username, null); return null; } }); diff --git a/source/java/org/alfresco/repo/web/scripts/bean/LoginTicket.java b/source/java/org/alfresco/repo/web/scripts/bean/LoginTicket.java index 9620d956f1..9698763a7d 100644 --- a/source/java/org/alfresco/repo/web/scripts/bean/LoginTicket.java +++ b/source/java/org/alfresco/repo/web/scripts/bean/LoginTicket.java @@ -76,7 +76,7 @@ public class LoginTicket extends DeclarativeWebScript try { - String ticketUser = ticketComponent.validateTicket(ticket); + String ticketUser = ticketComponent.validateTicket(ticket, null); String currentUser = AuthenticationUtil.getFullyAuthenticatedUser(); diff --git a/source/java/org/alfresco/repo/web/scripts/bean/LoginTicketDelete.java b/source/java/org/alfresco/repo/web/scripts/bean/LoginTicketDelete.java index d3049e9412..3262f72c49 100644 --- a/source/java/org/alfresco/repo/web/scripts/bean/LoginTicketDelete.java +++ b/source/java/org/alfresco/repo/web/scripts/bean/LoginTicketDelete.java @@ -86,7 +86,7 @@ public class LoginTicketDelete extends DeclarativeWebScript try { - String ticketUser = ticketComponent.validateTicket(ticket); + String ticketUser = ticketComponent.validateTicket(ticket, null); // do not go any further if tickets are different if (!AuthenticationUtil.getFullyAuthenticatedUser().equals(ticketUser)) @@ -97,7 +97,7 @@ public class LoginTicketDelete extends DeclarativeWebScript else { // delete the ticket - authenticationService.invalidateTicket(ticket); + authenticationService.invalidateTicket(ticket, null); status.setMessage("Deleted Ticket " + ticket); } } diff --git a/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java b/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java index ce3286c7c5..ee8ab10813 100644 --- a/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java +++ b/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java @@ -140,7 +140,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor logger.debug("Authenticating (URL argument) ticket " + ticket); // assume a ticket has been passed - authenticationService.validate(ticket); + authenticationService.validate(ticket, null); authorized = true; } catch(AuthenticationException e) @@ -168,7 +168,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor logger.debug("Authenticating (BASIC HTTP) ticket " + parts[0]); // assume a ticket has been passed - authenticationService.validate(parts[0]); + authenticationService.validate(parts[0], null); authorized = true; } else diff --git a/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java index f79fb3aa83..8feb746d6d 100644 --- a/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java +++ b/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java @@ -34,6 +34,7 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.alfresco.repo.SessionUser; import org.alfresco.repo.security.authentication.AuthenticationException; @@ -115,8 +116,9 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De // Authenticate the user authenticationService.authenticate(username, password.toCharArray()); - - user = createUserEnvironment(httpReq.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), false); + HttpSession session = httpReq.getSession(); + user = createUserEnvironment(session, authenticationService.getCurrentUserName(), + authenticationService.getCurrentTicket(session.getId()), false); } catch ( AuthenticationException ex) { @@ -149,13 +151,14 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De // Validate the ticket - authenticationService.validate(ticket); + HttpSession session = httpReq.getSession(); + authenticationService.validate(ticket, session.getId()); // Need to create the User instance if not already available String currentUsername = authenticationService.getCurrentUserName(); - user = createUserEnvironment(httpReq.getSession(), currentUsername, ticket, false); + user = createUserEnvironment(session, currentUsername, ticket, false); } } diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java index 98b63061e2..f2c730986f 100644 --- a/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java +++ b/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java @@ -160,7 +160,7 @@ public abstract class BaseAuthenticationFilter { try { - authenticationService.validate(sessionUser.getTicket()); + authenticationService.validate(sessionUser.getTicket(), session.getId()); setExternalAuth(session, externalAuth); } catch (AuthenticationException e) diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java index 22ca9e432f..e960b23b98 100644 --- a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java +++ b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java @@ -601,7 +601,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication catch (AuthenticationException ex) { if (logger.isDebugEnabled()) - logger.debug("Failed to validate user " + user.getUserName(), ex); + logger.debug("Failed to validate user " + userName, ex); onValidateFailed(req, res, session); return; diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java index 25653f91a5..aac3039e1b 100644 --- a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java +++ b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java @@ -163,7 +163,7 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt public SessionUser execute() throws Throwable { authenticationComponent.setCurrentUser(userName); - return createUserEnvironment(session, userName, authenticationService.getCurrentTicket(), true); + return createUserEnvironment(session, userName, authenticationService.getCurrentTicket(session.getId()), true); } }); } @@ -288,8 +288,10 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt // If we don't yet have a valid cached user, validate the ticket and create one if ( user == null ) { - authenticationService.validate(ticket); - user = createUserEnvironment(req.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), true); + HttpSession session = req.getSession(); + String sessionId = session.getId(); + authenticationService.validate(ticket, sessionId); + user = createUserEnvironment(session, authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(sessionId), true); } // Indicate the ticket parameter was specified, and valid diff --git a/source/java/org/alfresco/repo/webdav/auth/HTTPRequestAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/HTTPRequestAuthenticationFilter.java index 08d6d80362..a2d591055e 100644 --- a/source/java/org/alfresco/repo/webdav/auth/HTTPRequestAuthenticationFilter.java +++ b/source/java/org/alfresco/repo/webdav/auth/HTTPRequestAuthenticationFilter.java @@ -39,6 +39,7 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.alfresco.repo.SessionUser; import org.alfresco.repo.security.authentication.AuthenticationComponent; @@ -219,8 +220,9 @@ public class HTTPRequestAuthenticationFilter extends BaseAuthenticationFilter im m_authComponent.clearCurrentSecurityContext(); m_authComponent.setCurrentUser(userName); - return createUserEnvironment(httpReq.getSession(), userName, authenticationService - .getCurrentTicket(), true); + HttpSession session = httpReq.getSession(); + return createUserEnvironment(session, userName, authenticationService + .getCurrentTicket(session.getId()), true); } catch (AuthenticationException ex) { @@ -251,12 +253,12 @@ public class HTTPRequestAuthenticationFilter extends BaseAuthenticationFilter im try { + HttpSession session = httpReq.getSession(); // Validate the ticket - authenticationService.validate(ticket); + authenticationService.validate(ticket, session.getId()); // Need to create the User instance if not already available - user = createUserEnvironment(httpReq.getSession(), authenticationService.getCurrentUserName(), - ticket, true); + user = createUserEnvironment(session, authenticationService.getCurrentUserName(), ticket, true); } catch (AuthenticationException authErr) { diff --git a/source/java/org/alfresco/repo/webservice/authentication/AuthenticationWebService.java b/source/java/org/alfresco/repo/webservice/authentication/AuthenticationWebService.java index a5aff690e0..07d8a93cd8 100644 --- a/source/java/org/alfresco/repo/webservice/authentication/AuthenticationWebService.java +++ b/source/java/org/alfresco/repo/webservice/authentication/AuthenticationWebService.java @@ -116,7 +116,7 @@ public class AuthenticationWebService implements AuthenticationServiceSoapPort public Object execute() throws Throwable { AuthenticationWebService.this.authenticationComponent.setSystemUserAsCurrentUser(); - AuthenticationWebService.this.authenticationService.invalidateTicket(ticket); + AuthenticationWebService.this.authenticationService.invalidateTicket(ticket, null); AuthenticationWebService.this.authenticationService.clearCurrentSecurityContext(); if (logger.isDebugEnabled()) diff --git a/source/java/org/alfresco/repo/webservice/axis/TicketCallbackHandler.java b/source/java/org/alfresco/repo/webservice/axis/TicketCallbackHandler.java index 44f6cc5f64..1d740dd1dc 100644 --- a/source/java/org/alfresco/repo/webservice/axis/TicketCallbackHandler.java +++ b/source/java/org/alfresco/repo/webservice/axis/TicketCallbackHandler.java @@ -80,7 +80,7 @@ public class TicketCallbackHandler implements CallbackHandler // ensure the ticket is valid try { - this.authenticationService.validate(ticket); + this.authenticationService.validate(ticket, null); } catch (AuthenticationException ae) {