Forced Guest access for client URLs

Several fixes for Guest access in the web-client

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2179 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/web/app/servlet/AuthenticationFilter.java

@@ -65,7 +65,7 @@ public class AuthenticationFilter implements Filter
       if (httpReq.getRequestURI().endsWith(getLoginPage()) == false)
       {
          AuthenticationStatus status =
-               AuthenticationHelper.authenticate(this.context, httpReq, (HttpServletResponse)res);
+               AuthenticationHelper.authenticate(this.context, httpReq, (HttpServletResponse)res, false);
          
          if (status == AuthenticationStatus.Success || status == AuthenticationStatus.Guest)
          {

source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java

@@ -29,13 +29,13 @@ import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.i18n.I18NUtil;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.InvalidNodeRefException;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
-import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.web.app.Application;
 import org.alfresco.web.app.portlet.AlfrescoFacesPortlet;
 import org.alfresco.web.bean.LoginBean;
@@ -55,7 +55,6 @@ public final class AuthenticationHelper
    public static final String SESSION_INVALIDATED = "_alfSessionInvalid";
    public static final String LOGIN_BEAN = "LoginBean";
    
-   private static final String AUTHENTICATION_SERVICE = "authenticationService";
    private static final String COOKIE_ALFUSER = "alfUser";
    
    /**
@@ -67,7 +66,7 @@ public final class AuthenticationHelper
     * @return AuthenticationStatus result.
     */
    public static AuthenticationStatus authenticate(
-         ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse)
+         ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse, boolean guest)
          throws IOException
    {
       HttpSession session = httpRequest.getSession();
@@ -86,29 +85,29 @@ public final class AuthenticationHelper
       }
       
       // setup the authentication context
-      WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
-      AuthenticationService auth = (AuthenticationService)ctx.getBean(AUTHENTICATION_SERVICE);
+      WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
+      AuthenticationService auth = (AuthenticationService)wc.getBean(ServletHelper.AUTHENTICATION_SERVICE);
       
-      if (user == null)
+      if (user == null || guest)
       {
          if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) == null)
          {
             Cookie authCookie = getAuthCookie(httpRequest);
-            if (authCookie == null)
+            if (authCookie == null || guest)
             {
-               // TODO: "forced" guest access on URLs!
-               // no previous authentication - attempt Guest access first
+               // no previous authentication or forced Guest - attempt Guest access
                UserTransaction tx = null;
                try
                {
                   auth.authenticateAsGuest();
                   
                   // if we get here then Guest access was allowed and successful
-                  tx = ((TransactionService)ctx.getBean("TransactionService")).getUserTransaction();
+                  ServiceRegistry services = ServletHelper.getServiceRegistry(context);
+                  tx = services.getTransactionService().getUserTransaction();
                   tx.begin();
                   
-                  PersonService personService = (PersonService)ctx.getBean("personService");
-                  NodeService nodeService = (NodeService)ctx.getBean("nodeService");
+                  NodeService nodeService = services.getNodeService();
+                  PersonService personService = (PersonService)wc.getBean(ServletHelper.PERSON_SERVICE);
                   NodeRef guestRef = personService.getPerson(PermissionService.GUEST);
                   user = new User(PermissionService.GUEST, auth.getCurrentTicket(), guestRef);
                   NodeRef guestHomeRef = (NodeRef)nodeService.getProperty(guestRef, ContentModel.PROP_HOMEFOLDER);
@@ -128,11 +127,8 @@ public final class AuthenticationHelper
                   // Set the current locale
                   I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession()));
                   
+                  // it is the responsibilty of the caller to handle the Guest return status
                   return AuthenticationStatus.Guest;
-                  
-                  // TODO: What now? Any redirects can be performed directly from the appropriate 
-                  //       servlet entry points, as we are now authenticated and don't
-                  //       need to go through the Login screen to gain authentication.
                }
                catch (AuthenticationException guestError)
                {
@@ -188,8 +184,8 @@ public final class AuthenticationHelper
          throws IOException
    {
       // setup the authentication context
-      WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
-      AuthenticationService auth = (AuthenticationService)ctx.getBean(AUTHENTICATION_SERVICE);
+      WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
+      AuthenticationService auth = (AuthenticationService)wc.getBean(ServletHelper.AUTHENTICATION_SERVICE);
       try
       {
          auth.validate(ticket);

source/java/org/alfresco/web/app/servlet/DownloadContentServlet.java

@@ -45,8 +45,6 @@ import org.alfresco.web.bean.LoginBean;
 import org.alfresco.web.ui.common.Utils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
 
 /**
  * Servlet responsible for streaming node content from the repo directly to the response stream.
@@ -87,7 +85,6 @@ public class DownloadContentServlet extends HttpServlet
    
    private static final String ARG_PROPERTY = "property";
    private static final String ARG_ATTACH   = "attach";
-   private static final String ARG_TICKET   = "ticket";
    
    /**
     * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -109,16 +106,22 @@ public class DownloadContentServlet extends HttpServlet
          if (logger.isDebugEnabled())
             logger.debug("Processing URL: " + uri + (req.getQueryString() != null ? ("?" + req.getQueryString()) : ""));
          
-         // see if a ticket has been supplied
+         // see if a ticket or guest parameter has been supplied
          AuthenticationStatus status;
-         String ticket = req.getParameter(ARG_TICKET);
-         if (ticket == null || ticket.length() == 0)
+         String ticket = req.getParameter(ServletHelper.ARG_TICKET);
+         if (ticket != null && ticket.length() != 0)
          {
-            status = AuthenticationHelper.authenticate(getServletContext(), req, res);
+            status = AuthenticationHelper.authenticate(getServletContext(), req, res, ticket);
          }
          else
          {
-            status = AuthenticationHelper.authenticate(getServletContext(), req, res, ticket);
+            boolean forceGuest = false;
+            String guest = req.getParameter(ServletHelper.ARG_GUEST);
+            if (guest != null)
+            {
+               forceGuest = Boolean.parseBoolean(guest);
+            }
+            status = AuthenticationHelper.authenticate(getServletContext(), req, res, forceGuest);
          }
          if (status == AuthenticationStatus.Failure)
          {
@@ -177,8 +180,7 @@ public class DownloadContentServlet extends HttpServlet
          }
          
          // get the services we need to retrieve the content
-         WebApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
-         ServiceRegistry serviceRegistry = (ServiceRegistry)context.getBean(ServiceRegistry.SERVICE_REGISTRY);
+         ServiceRegistry serviceRegistry = ServletHelper.getServiceRegistry(getServletContext());
          ContentService contentService = serviceRegistry.getContentService();
          
          // get the content reader

source/java/org/alfresco/web/app/servlet/ExternalAccessServlet.java

@@ -56,7 +56,13 @@ public class ExternalAccessServlet extends HttpServlet
    protected void service(HttpServletRequest req, HttpServletResponse res)
       throws ServletException, IOException
    {
-      AuthenticationStatus status = AuthenticationHelper.authenticate(getServletContext(), req, res);
+      boolean forceGuest = false;
+      String guest = req.getParameter(ServletHelper.ARG_GUEST);
+      if (guest != null)
+      {
+         forceGuest = Boolean.parseBoolean(guest);
+      }
+      AuthenticationStatus status = AuthenticationHelper.authenticate(getServletContext(), req, res, forceGuest);
       
       // The URL contains multiple parts
       // /alfresco/navigate/<outcome>

source/java/org/alfresco/web/app/servlet/ServletHelper.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.web.app.servlet;
+
+import javax.servlet.ServletContext;
+
+import org.alfresco.service.ServiceRegistry;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+
+/**
+ * Useful constant values and common methods for Alfresco servlets.
+ * 
+ * @author Kevin Roast
+ */
+public final class ServletHelper
+{
+   /** an existing Ticket can be passed to most servlet for non-session based authentication */
+   public static final String ARG_TICKET   = "ticket";
+   
+   /** forcing guess access is available on most servlets */
+   public static final String ARG_GUEST    = "guest";
+   
+   /** public service bean IDs **/
+   public static final String AUTHENTICATION_SERVICE = "authenticationService";
+   public static final String PERSON_SERVICE = "personService";
+   
+   /**
+    * Return the ServiceRegistry helper instance
+    * 
+    * @param sc      ServletContext
+    * 
+    * @return ServiceRegistry
+    */
+   public static ServiceRegistry getServiceRegistry(ServletContext sc)
+   {
+      WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc);
+      return (ServiceRegistry)wc.getBean(ServiceRegistry.SERVICE_REGISTRY);
+   }
+   
+   /**
+    * Private constructor
+    */
+   private ServletHelper()
+   {
+   }
+}

source/java/org/alfresco/web/app/servlet/TemplateContentServlet.java

@@ -43,8 +43,6 @@ import org.alfresco.web.bean.LoginBean;
 import org.alfresco.web.ui.repo.component.template.DefaultModelHelper;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
 
 /**
  * Servlet responsible for streaming content from a template processed against a node directly
@@ -79,7 +77,6 @@ public class TemplateContentServlet extends HttpServlet
    
    private static final String MSG_ERROR_CONTENT_MISSING = "error_content_missing";
    
-   private static final String ARG_TICKET   = "ticket";
    private static final String ARG_MIMETYPE = "mimetype";
    
    /**
@@ -97,14 +94,20 @@ public class TemplateContentServlet extends HttpServlet
          
          // see if a ticket has been supplied
          AuthenticationStatus status;
-         String ticket = req.getParameter(ARG_TICKET);
-         if (ticket == null || ticket.length() == 0)
+         String ticket = req.getParameter(ServletHelper.ARG_TICKET);
+         if (ticket != null && ticket.length() != 0)
          {
-            status = AuthenticationHelper.authenticate(getServletContext(), req, res);
+            status = AuthenticationHelper.authenticate(getServletContext(), req, res, ticket);
          }
          else
          {
-            status = AuthenticationHelper.authenticate(getServletContext(), req, res, ticket);
+            boolean forceGuest = false;
+            String guest = req.getParameter(ServletHelper.ARG_GUEST);
+            if (guest != null)
+            {
+               forceGuest = Boolean.parseBoolean(guest);
+            }
+            status = AuthenticationHelper.authenticate(getServletContext(), req, res, forceGuest);
          }
          if (status == AuthenticationStatus.Failure)
          {
@@ -130,7 +133,7 @@ public class TemplateContentServlet extends HttpServlet
          
          // get NodeRef to the template if supplied
          NodeRef templateRef = null;
-         if (tokenCount == 8)
+         if (tokenCount >= 8)
          {
             storeRef = new StoreRef(t.nextToken(), t.nextToken());
             templateRef = new NodeRef(storeRef, t.nextToken());
@@ -144,8 +147,7 @@ public class TemplateContentServlet extends HttpServlet
          res.setContentType(mimetype);
          
          // get the services we need to retrieve the content
-         WebApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
-         ServiceRegistry serviceRegistry = (ServiceRegistry)context.getBean(ServiceRegistry.SERVICE_REGISTRY);
+         ServiceRegistry serviceRegistry = ServletHelper.getServiceRegistry(getServletContext());
          NodeService nodeService = serviceRegistry.getNodeService();
          TemplateService templateService = serviceRegistry.getTemplateService();
          

source/java/org/alfresco/web/app/servlet/UploadFileServlet.java

@@ -59,7 +59,7 @@ public class UploadFileServlet extends HttpServlet
       
       try
       {
-         AuthenticationHelper.authenticate(getServletContext(), request, response);
+         AuthenticationHelper.authenticate(getServletContext(), request, response, false);
          
          if (isMultipart == false)
          {

source/java/org/alfresco/web/bean/AdvancedSearchBean.java

@@ -84,8 +84,6 @@ import org.alfresco.web.ui.repo.component.UISearchCustomProperties;
  */
 public class AdvancedSearchBean
 {
-   private static final String OUTCOME_BROWSE = "browse";
-
    /**
     * Default constructor
     */
@@ -1336,12 +1334,11 @@ public class AdvancedSearchBean
                         Application.getGlossaryFolderName(fc) + "/" +
                         Application.getSavedSearchesFolderName(fc);
          
-         NodeRef rootNodeRef = this.nodeService.getRootNode(Repository.getStoreRef());
          List<NodeRef> results = null;
          try
          {
             results = searchService.selectNodes(
-                  rootNodeRef,
+                  nodeService.getRootNode(Repository.getStoreRef()),
                   xpath,
                   null,
                   namespaceService,
@@ -1461,6 +1458,8 @@ public class AdvancedSearchBean
    private static final String MSG_ERROR_RESTORE_SEARCH = "error_restore_search";
    private static final String MSG_SELECT_SAVED_SEARCH = "select_saved_search";
    
+   private static final String OUTCOME_BROWSE = "browse";
+   
    private static final String PANEL_CUSTOM = "custom-panel";
    private static final String PANEL_ATTRS = "attrs-panel";
    private static final String PANEL_CATEGORIES = "categories-panel";

source/java/org/alfresco/web/bean/users/UserMembersBean.java

@@ -288,6 +288,7 @@ public abstract class UserMembersBean
                if (permission.getAccessStatus() == AccessStatus.ALLOWED &&
                    (permission.getAuthorityType() == AuthorityType.USER ||
                     permission.getAuthorityType() == AuthorityType.GROUP ||
+                    permission.getAuthorityType() == AuthorityType.GUEST ||
                     permission.getAuthorityType() == AuthorityType.EVERYONE))
                {
                   String authority = permission.getAuthority();

source/java/org/alfresco/web/bean/wizard/InviteUsersWizard.java

@@ -457,7 +457,7 @@ public abstract class InviteUsersWizard extends AbstractWizardBean
                   
                   // build a display label showing the user and their role for the space
                   AuthorityType authType = AuthorityType.getAuthorityType(authority);
-                  if (authType.equals(AuthorityType.USER))
+                  if (authType.equals(AuthorityType.USER) || authType.equals(AuthorityType.GUEST))
                   {
                      if (this.personService.personExists(authority) == true)
                      {