Merged V3.2 to HEAD

16062: ETHREEOH-2792: Support login via external SSO systems (such as CAS) in Alfresco Share
      - In Alfresco, new "external" authentication subsystem maps user identity from HttpServletRequest.getRemoteUser() or configured header
      - In Share, the UserFactory also recognizes HttpServletRequest.getRemoteUser() - no special filters required
      - User ID propagated to Alfresco through X-Alfresco-Remote-User HTTP header
      - This can be done securely via the use of an SSL client certificate that identifies the Share application to Alfresco as a special 'proxy' user
      - New <keystore> section added to webscript-framework-config that allows specification of the keystore holding the client certificate and trusted CAs
      - Support for SSL authentication and propagation of Cookies through redirects added to RemoteClient so that initial redirects through sign on pages are supported
      - TODO: Wiki


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/subsystems/Authentication/external/external-authentication-context.xml

@@ -0,0 +1,63 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+   <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl"
+      parent="authenticationComponentBase">
+      <property name="nodeService">
+         <ref bean="nodeService" />
+      </property>
+      <property name="personService">
+         <ref bean="personService" />
+      </property>
+      <property name="transactionService">
+         <ref bean="transactionService" />
+      </property>
+      <property name="defaultAdministratorUserNameList">
+         <value>${external.authentication.defaultAdministratorUserNames}</value>
+      </property>
+   </bean>
+
+   <!-- Wrapped version to be used within subsystem -->
+   <bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
+      <property name="proxyInterfaces">
+         <list>
+            <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
+         </list>
+      </property>
+      <property name="transactionManager">
+         <ref bean="transactionManager" />
+      </property>
+      <property name="target">
+         <ref bean="authenticationComponent" />
+      </property>
+      <property name="transactionAttributes">
+         <props>
+            <prop key="*">${server.transaction.mode.default}</prop>
+         </props>
+      </property>
+   </bean>
+
+   <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao">
+      <property name="allowSetEnabled" value="true" />
+      <property name="allowGetEnabled" value="true" />
+      <property name="allowDeleteUser" value="true" />
+      <property name="allowCreateUser" value="true" />
+   </bean>
+
+   <!-- Authentication service for chaining -->
+   <bean id="localAuthenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
+      <property name="authenticationDao">
+         <ref bean="authenticationDao" />
+      </property>
+      <property name="ticketComponent">
+         <ref bean="ticketComponent" />
+      </property>
+      <property name="authenticationComponent">
+         <ref bean="authenticationComponent" />
+      </property>
+      <property name="sysAdminParams">
+         <ref bean="sysAdminParams" />
+      </property>
+   </bean>
+
+</beans>

config/alfresco/subsystems/Authentication/external/external-authentication.properties

@@ -0,0 +1 @@
+external.authentication.defaultAdministratorUserNames=

source/java/org/alfresco/repo/security/authentication/SimpleAcceptOrRejectAllAuthenticationComponentImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -18,7 +18,7 @@
  * As a special exception to the terms and conditions of version 2.0 of 
  * the GPL, you may redistribute this Program in connection with Free/Libre 
  * and Open Source Software ("FLOSS") applications as described in Alfresco's 
- * FLOSS exception.  You should have recieved a copy of the text describing 
+ * FLOSS exception.  You should have received a copy of the text describing 
  * the FLOSS exception, and it is also available here: 
  * http://www.alfresco.com/legal/licensing"
  */
@@ -45,6 +45,7 @@ import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
 public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends AbstractAuthenticationComponent implements NLTMAuthenticator
 {
     private boolean accept = false;
+    private boolean supportNtlm = false;
 
     public SimpleAcceptOrRejectAllAuthenticationComponentImpl()
     {
@@ -56,6 +57,11 @@ public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends Abstract
         this.accept = accept;
     }
             
+    public void setSupportNtlm(boolean supportNtlm)
+    {
+        this.supportNtlm = supportNtlm;
+    }
+
    public void authenticateImpl(String userName, char[] password) throws AuthenticationException
     {
         if(accept)
@@ -89,7 +95,7 @@ public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends Abstract
 
     public NTLMMode getNTLMMode()
     {
-        return NTLMMode.MD4_PROVIDER;
+        return supportNtlm ? NTLMMode.MD4_PROVIDER : NTLMMode.NONE;
     }
     
     /**