Beefing up public_api Authentication rest scripts. Add unit test. Add JSON. Add post for login. Fixed NPE in validate ticket.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12606 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-01-07 16:38:17 +00:00
parent 11ee05b4c8
commit 8e224cb5fe
13 changed files with 496 additions and 42 deletions
--- a/source/java/org/alfresco/repo/web/scripts/bean/AbstractLoginBean.java
+++ b/source/java/org/alfresco/repo/web/scripts/bean/AbstractLoginBean.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.web.scripts.bean;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.service.cmr.security.AuthenticationService;
+import org.alfresco.web.scripts.DeclarativeWebScript;
+import org.alfresco.web.scripts.Status;
+import org.alfresco.web.scripts.WebScriptException;
+import org.alfresco.web.scripts.WebScriptRequest;
+
+
+/**
+ * common code between Get based login and POST based login
+ */
+/* package scope */ abstract class AbstractLoginBean extends DeclarativeWebScript
+{
+    // dependencies
+    private AuthenticationService authenticationService;
+    
+    /**
+     * @param authenticationService
+     */
+    public void setAuthenticationService(AuthenticationService authenticationService)
+    {
+        this.authenticationService = authenticationService;
+    }
+
+    
+    /* (non-Javadoc)
+     * @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse)
+     */
+    @Override
+    protected Map<String, Object> executeImpl(WebScriptRequest req, Status status) 
+    {
+    	return null;
+    }
+    
+    protected Map<String, Object> login(String username, String password)
+    {
+
+        try
+        {
+            // get ticket
+            authenticationService.authenticate(username, password.toCharArray());
+
+            // add ticket to model for javascript and template access
+            Map<String, Object> model = new HashMap<String, Object>(7, 1.0f);
+            model.put("ticket",  authenticationService.getCurrentTicket());
+            return model;
+        }
+        catch(AuthenticationException e)
+        {
+            throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Login failed");
+        }
+        finally
+        {
+            authenticationService.clearCurrentSecurityContext();
+        }
+    }
+}
--- a/source/java/org/alfresco/repo/web/scripts/bean/Login.java
+++ b/source/java/org/alfresco/repo/web/scripts/bean/Login.java
@@ -42,24 +42,11 @@ import org.alfresco.web.scripts.WebScriptRequest;
 * 
 * @author davidc
 */
-public class Login extends DeclarativeWebScript
-{
-    // dependencies
-    private AuthenticationService authenticationService;
-    
-    /**
-     * @param authenticationService
-     */
-    public void setAuthenticationService(AuthenticationService authenticationService)
-    {
-        this.authenticationService = authenticationService;
-    }
-    
-    
+public class Login extends AbstractLoginBean
+{   
    /* (non-Javadoc)
     * @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse)
     */
-    @Override
    protected Map<String, Object> executeImpl(WebScriptRequest req, Status status)
    {
        // extract username and password
@@ -74,24 +61,7 @@ public class Login extends DeclarativeWebScript
            throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "Password not specified");
        }

-        try
-        {
-            // get ticket
-            authenticationService.authenticate(username, password.toCharArray());
-
-            // add ticket to model for javascript and template access
-            Map<String, Object> model = new HashMap<String, Object>(7, 1.0f);
-            model.put("ticket",  authenticationService.getCurrentTicket());
-            return model;
-        }
-        catch(AuthenticationException e)
-        {
-            throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Login failed");
-        }
-        finally
-        {
-            authenticationService.clearCurrentSecurityContext();
-        }
+        return login(username, password);
    }

 }
--- a/source/java/org/alfresco/repo/web/scripts/bean/LoginPost.java
+++ b/source/java/org/alfresco/repo/web/scripts/bean/LoginPost.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.web.scripts.bean;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.util.Content;
+import org.alfresco.web.scripts.Status;
+import org.alfresco.web.scripts.WebScriptException;
+import org.alfresco.web.scripts.WebScriptRequest;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+
+/**
+ * Post based login script
+ * 
+ */
+public class LoginPost extends AbstractLoginBean
+{
+    
+    /* (non-Javadoc)
+     * @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse)
+     */
+    protected Map<String, Object> executeImpl(WebScriptRequest req, Status status)
+    {
+        // Extract user and password from JSON POST
+        Content c = req.getContent();
+        if (c == null)
+        {
+            throw new WebScriptException(Status.STATUS_BAD_REQUEST,
+                    "Missing POST body.");
+        }
+        // TODO accept xml type.
+        
+        // extract username and password from JSON object
+        JSONObject json;
+		try {
+			json = new JSONObject(c.getContent());
+	        String username = json.getString("username");
+	        String password = json.getString("password");
+	        
+	        if (username == null || username.length() == 0)
+	        {
+	            throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "Username not specified");
+	        }
+
+	        if (password == null)
+	        {
+	            throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "Password not specified");
+	        }
+
+	        return login(username, password);
+		} 
+        catch (JSONException jErr)
+        {
+            throw new WebScriptException(Status.STATUS_BAD_REQUEST,
+                    "Unable to parse JSON POST body: " + jErr.getMessage());
+        }
+        catch (IOException ioErr)
+        {
+            throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
+                    "Unable to retrieve POST body: " + ioErr.getMessage());
+        }
+    }
+}
--- a/source/java/org/alfresco/repo/web/scripts/bean/LoginTicket.java
+++ b/source/java/org/alfresco/repo/web/scripts/bean/LoginTicket.java
@@ -77,9 +77,12 @@ public class LoginTicket extends DeclarativeWebScript
        try
        {
            String ticketUser = ticketComponent.validateTicket(ticket);
+            
+            String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();

-            // do not go any further if tickets are different
-            if (!AuthenticationUtil.getFullyAuthenticatedUser().equals(ticketUser))
+            // do not go any further if tickets are different 
+            // or the user is not fully authenticated
+            if (currentUser == null || !currentUser.equals(ticketUser))
            {
                status.setRedirect(true);
                status.setCode(HttpServletResponse.SC_NOT_FOUND);