inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
94075: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)
      94040: MNT-13150: Merged dev. 5.0.N (5.0.1) to 5.0.N (5.0.1)
          94034: MNT-13150: Web Scripts ignores correct credential provided by user, continues to use expired or invalid ALF_TICKET and at the same time repeatedly prompts for another credential input
              - Basic authentication handling has been added in order URL ticket is not valid. Additional debug logging has been added to report about invalid ticket


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@95039 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2015-01-31 15:31:31 +00:00
parent 10971d5415
commit 8c5fa86309
1 changed files with 43 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2005-2013 Alfresco Software Limited. * Copyright (C) 2005-2015 Alfresco Software Limited.
* *
* This file is part of Alfresco * This file is part of Alfresco
* *
@@ -150,6 +150,8 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
logger.debug("URL ticket provided: " + (ticket != null && ticket.length() > 0)); logger.debug("URL ticket provided: " + (ticket != null && ticket.length() > 0));
} }
boolean doNotReportUrlTicketAuthenticationFailed = true;
// If they requested explicit guest authentication, // If they requested explicit guest authentication,
// Authenticate as guest (if allowed) // Authenticate as guest (if allowed)
if (isGuest && RequiredAuthentication.guest == required) if (isGuest && RequiredAuthentication.guest == required)
@@ -171,23 +173,16 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
} }
// authenticate as specified by explicit ticket on url // authenticate as specified by explicit ticket on url
else if (ticket != null && ticket.length() > 0) else if ((null != ticket) && (ticket.length() > 0) && (doNotReportUrlTicketAuthenticationFailed = isTicketValid()))
{ {
try if (logger.isDebugEnabled())
{ {
if (logger.isDebugEnabled()) logger.debug("Authenticating (URL argument) ticket " + ticket);
logger.debug("Authenticating (URL argument) ticket " + ticket); }
// assume a ticket has been passed // assume a ticket has been passed
authenticationService.validate(ticket); listener.userAuthenticated(new TicketCredentials(ticket));
listener.userAuthenticated(new TicketCredentials(ticket)); authorized = true;
authorized = true;
}
catch(AuthenticationException e)
{
// failed authentication
listener.authenticationFailed(new TicketCredentials(ticket));
}
} }
// authenticate as specified by HTTP Basic Authentication // authenticate as specified by HTTP Basic Authentication
@@ -238,6 +233,11 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
if (!authorized) if (!authorized)
{ {
if(!doNotReportUrlTicketAuthenticationFailed)
{
listener.authenticationFailed(new TicketCredentials(ticket));
}
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
logger.debug("Requesting authorization credentials"); logger.debug("Requesting authorization credentials");
@@ -247,6 +247,32 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
return authorized; return authorized;
} }
/**
* Checks if a user ticket is still valid
*
* @return {@link Boolean} value: <code>true</code> if the ticket is still valid, <code>false</code> if the ticket is not valid any more
*/
private boolean isTicketValid()
{
try
{
authenticationService.validate(ticket);
return true;
}
catch (AuthenticationException e)
{
if (logger.isDebugEnabled())
{
logger.debug("User ticket is not valid. Passing to the Basic authentication handling. Reqeust information:\n"
+ " ticket: " + ticket + "\n"
+ " request: " + servletReq.getQueryString() + "\n"
+ " error: " + e, e);
}
return false;
}
}
/* (non-Javadoc) /* (non-Javadoc)
* @see org.alfresco.web.scripts.Authenticator#emptyCredentials() * @see org.alfresco.web.scripts.Authenticator#emptyCredentials()
*/ */