mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
Big honkin' merge from head. Sheesh!
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@3617 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
@@ -91,7 +91,7 @@ public class AlfrescoAuthenticator extends CifsAuthenticator
|
||||
if ( client.isGuest())
|
||||
m_authComponent.setGuestUserAsCurrentUser();
|
||||
else
|
||||
m_authComponent.setCurrentUser(client.getUserName());
|
||||
m_authComponent.setCurrentUser(mapUserNameToPerson(client.getUserName()));
|
||||
|
||||
// Debug
|
||||
|
||||
@@ -229,7 +229,7 @@ public class AlfrescoAuthenticator extends CifsAuthenticator
|
||||
|
||||
// Set the current user to be authenticated, save the authentication token
|
||||
|
||||
client.setAuthenticationToken( m_authComponent.setCurrentUser(client.getUserName()));
|
||||
client.setAuthenticationToken( m_authComponent.setCurrentUser(mapUserNameToPerson(client.getUserName())));
|
||||
|
||||
// Get the users home folder node, if available
|
||||
|
||||
|
||||
@@ -890,4 +890,50 @@ public abstract class CifsAuthenticator
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Map the case insensitive logon name to the internal person object user name
|
||||
*
|
||||
* @param userName String
|
||||
* @return String
|
||||
*/
|
||||
protected final String mapUserNameToPerson(String userName)
|
||||
{
|
||||
// Get the home folder for the user
|
||||
|
||||
UserTransaction tx = m_transactionService.getUserTransaction();
|
||||
String personName = null;
|
||||
|
||||
try
|
||||
{
|
||||
tx.begin();
|
||||
personName = m_personService.getUserIdentifier( userName);
|
||||
tx.commit();
|
||||
}
|
||||
catch (Throwable ex)
|
||||
{
|
||||
try
|
||||
{
|
||||
tx.rollback();
|
||||
}
|
||||
catch (Throwable ex2)
|
||||
{
|
||||
logger.error("Failed to rollback transaction", ex2);
|
||||
}
|
||||
|
||||
// Re-throw the exception
|
||||
|
||||
if (ex instanceof RuntimeException)
|
||||
{
|
||||
throw (RuntimeException) ex;
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new RuntimeException("Error during execution of transaction.", ex);
|
||||
}
|
||||
}
|
||||
|
||||
// Return the person name
|
||||
|
||||
return personName;
|
||||
}
|
||||
}
|
||||
@@ -1106,7 +1106,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
m_authComponent.setCurrentUser( krbDetails.getUserName());
|
||||
m_authComponent.setCurrentUser( mapUserNameToPerson(krbDetails.getUserName()));
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1236,7 +1236,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
m_authComponent.setCurrentUser( userName);
|
||||
m_authComponent.setCurrentUser( mapUserNameToPerson(userName));
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1368,7 +1368,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
m_authComponent.setCurrentUser( client.getUserName());
|
||||
m_authComponent.setCurrentUser( mapUserNameToPerson( client.getUserName()));
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1479,7 +1479,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
m_authComponent.setCurrentUser( userName);
|
||||
m_authComponent.setCurrentUser( mapUserNameToPerson( userName));
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1602,7 +1602,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
m_authComponent.setCurrentUser( client.getUserName());
|
||||
m_authComponent.setCurrentUser( mapUserNameToPerson( client.getUserName()));
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1765,7 +1765,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
m_authComponent.setCurrentUser( userName);
|
||||
m_authComponent.setCurrentUser( mapUserNameToPerson( userName));
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ import java.security.NoSuchAlgorithmException;
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
import org.alfresco.filesys.server.SrvSession;
|
||||
import org.alfresco.filesys.server.auth.AuthContext;
|
||||
import org.alfresco.filesys.server.auth.CifsAuthenticator;
|
||||
import org.alfresco.filesys.server.auth.ClientInfo;
|
||||
import org.alfresco.filesys.server.auth.NTLanManAuthContext;
|
||||
@@ -182,26 +183,22 @@ public class AlfrescoAuthenticator extends CifsAuthenticator
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a challenge key
|
||||
* Return an authentication context for the new session
|
||||
*
|
||||
* @param sess SrvSession
|
||||
* @return byte[]
|
||||
* @return AuthContext
|
||||
*/
|
||||
public byte[] getChallengeKey(SrvSession sess)
|
||||
public AuthContext getAuthContext( SMBSrvSession sess)
|
||||
{
|
||||
// In MD4 mode we generate the challenge locally
|
||||
|
||||
byte[] key = null;
|
||||
|
||||
// Check if the client is already authenticated, and it is not a null logon
|
||||
|
||||
|
||||
AuthContext authCtx = null;
|
||||
|
||||
if ( sess.hasAuthenticationContext() && sess.hasAuthenticationToken() &&
|
||||
sess.getClientInformation().getLogonType() != ClientInfo.LogonNull)
|
||||
{
|
||||
// Return the previous challenge, user is already authenticated
|
||||
|
||||
NTLanManAuthContext authCtx = (NTLanManAuthContext) sess.getAuthenticationContext();
|
||||
key = authCtx.getChallenge();
|
||||
authCtx = (NTLanManAuthContext) sess.getAuthenticationContext();
|
||||
|
||||
// DEBUG
|
||||
|
||||
@@ -210,11 +207,10 @@ public class AlfrescoAuthenticator extends CifsAuthenticator
|
||||
}
|
||||
else if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
|
||||
{
|
||||
// Generate a new challenge key, pack the key and return
|
||||
|
||||
key = new byte[8];
|
||||
|
||||
DataPacker.putIntelLong(m_random.nextLong(), key, 0);
|
||||
// Create a new authentication context for the session
|
||||
|
||||
authCtx = new NTLanManAuthContext();
|
||||
sess.setAuthenticationContext( authCtx);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -233,14 +229,17 @@ public class AlfrescoAuthenticator extends CifsAuthenticator
|
||||
// Get the challenge from the token
|
||||
|
||||
if ( authToken.getChallenge() != null)
|
||||
key = authToken.getChallenge().getBytes();
|
||||
{
|
||||
authCtx = new NTLanManAuthContext( authToken.getChallenge().getBytes());
|
||||
sess.setAuthenticationContext( authCtx);
|
||||
}
|
||||
}
|
||||
|
||||
// Return the challenge
|
||||
// Return the authentication context
|
||||
|
||||
return key;
|
||||
return authCtx;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Perform MD4 user authentication
|
||||
*
|
||||
|
||||
@@ -125,7 +125,7 @@ public class PassthruAuthenticator extends CifsAuthenticator implements SessionL
|
||||
{
|
||||
// Use the existing authentication token
|
||||
|
||||
m_authComponent.setCurrentUser(client.getUserName());
|
||||
m_authComponent.setCurrentUser( mapUserNameToPerson( client.getUserName()));
|
||||
|
||||
// Debug
|
||||
|
||||
@@ -220,42 +220,28 @@ public class PassthruAuthenticator extends CifsAuthenticator implements SessionL
|
||||
// Map the passthru username to an Alfresco person
|
||||
|
||||
String username = client.getUserName();
|
||||
NodeRef userNode = m_personService.getPerson( username);
|
||||
String personName = m_personService.getUserIdentifier( username);
|
||||
|
||||
if ( userNode != null)
|
||||
if ( personName != null)
|
||||
{
|
||||
// Get the person name and use that as the current user to line up with permission checks
|
||||
|
||||
String personName = (String) m_nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
|
||||
// Use the person name as the current user
|
||||
|
||||
m_authComponent.setCurrentUser(personName);
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Setting current user using person " + personName + " (username " + username + ")");
|
||||
|
||||
// Allow the user full access to the server
|
||||
|
||||
authSts = CifsAuthenticator.AUTH_ALLOW;
|
||||
|
||||
// Debug
|
||||
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("Passthru authenticate user=" + client.getUserName() + ", FULL");
|
||||
}
|
||||
else
|
||||
{
|
||||
// Set using the user name, lowercase the name if the person service is case insensitive
|
||||
|
||||
if ( m_personService.getUserNamesAreCaseSensitive() == false)
|
||||
username = username.toLowerCase();
|
||||
m_authComponent.setCurrentUser( username);
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Setting current user using username " + username);
|
||||
}
|
||||
|
||||
// Allow the user full access to the server
|
||||
|
||||
authSts = CifsAuthenticator.AUTH_ALLOW;
|
||||
|
||||
// Debug
|
||||
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("Passthru authenticate user=" + client.getUserName() + ", FULL");
|
||||
}
|
||||
finally
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user