inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
94075: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)
      94040: MNT-13150: Merged dev. 5.0.N (5.0.1) to 5.0.N (5.0.1)
          94034: MNT-13150: Web Scripts ignores correct credential provided by user, continues to use expired or invalid ALF_TICKET and at the same time repeatedly prompts for another credential input
              - Basic authentication handling has been added in order URL ticket is not valid. Additional debug logging has been added to report about invalid ticket


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@95039 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2015-01-31 15:31:31 +00:00
parent 10971d5415
commit 8c5fa86309
1 changed files with 43 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2013 Alfresco Software Limited.
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -149,7 +149,9 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
logger.debug("HTTP Authorization provided: " + (authorization != null && authorization.length() > 0));
logger.debug("URL ticket provided: " + (ticket != null && ticket.length() > 0));
}
boolean doNotReportUrlTicketAuthenticationFailed = true;
// If they requested explicit guest authentication,
// Authenticate as guest (if allowed)
if (isGuest && RequiredAuthentication.guest == required)
@@ -171,23 +173,16 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
}
// authenticate as specified by explicit ticket on url
else if (ticket != null && ticket.length() > 0)
else if ((null != ticket) && (ticket.length() > 0) && (doNotReportUrlTicketAuthenticationFailed = isTicketValid()))
{
try
if (logger.isDebugEnabled())
{
if (logger.isDebugEnabled())
logger.debug("Authenticating (URL argument) ticket " + ticket);
// assume a ticket has been passed
authenticationService.validate(ticket);
listener.userAuthenticated(new TicketCredentials(ticket));
authorized = true;
}
catch(AuthenticationException e)
{
// failed authentication
listener.authenticationFailed(new TicketCredentials(ticket));
logger.debug("Authenticating (URL argument) ticket " + ticket);
}
// assume a ticket has been passed
listener.userAuthenticated(new TicketCredentials(ticket));
authorized = true;
}
// authenticate as specified by HTTP Basic Authentication
@@ -238,6 +233,11 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
if (!authorized)
{
if(!doNotReportUrlTicketAuthenticationFailed)
{
listener.authenticationFailed(new TicketCredentials(ticket));
}
if (logger.isDebugEnabled())
logger.debug("Requesting authorization credentials");
@@ -246,7 +246,33 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
}
return authorized;
}
/**
* Checks if a user ticket is still valid
*
* @return {@link Boolean} value: <code>true</code> if the ticket is still valid, <code>false</code> if the ticket is not valid any more
*/
private boolean isTicketValid()
{
try
{
authenticationService.validate(ticket);
return true;
}
catch (AuthenticationException e)
{
if (logger.isDebugEnabled())
{
logger.debug("User ticket is not valid. Passing to the Basic authentication handling. Reqeust information:\n"
+ " ticket: " + ticket + "\n"
+ " request: " + servletReq.getQueryString() + "\n"
+ " error: " + e, e);
}
return false;
}
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.Authenticator#emptyCredentials()
*/