diff --git a/source/java/org/alfresco/repo/web/scripts/portlet/WebClientPortletAuthenticatorFactory.java b/source/java/org/alfresco/repo/web/scripts/portlet/WebClientPortletAuthenticatorFactory.java index 24e312c518..2fd8a91279 100644 --- a/source/java/org/alfresco/repo/web/scripts/portlet/WebClientPortletAuthenticatorFactory.java +++ b/source/java/org/alfresco/repo/web/scripts/portlet/WebClientPortletAuthenticatorFactory.java @@ -29,6 +29,7 @@ import javax.portlet.RenderRequest; import javax.portlet.RenderResponse; import javax.transaction.UserTransaction; +import org.alfresco.repo.SessionUser; import org.alfresco.repo.model.Repository; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.repository.NodeRef; @@ -216,7 +217,8 @@ public class WebClientPortletAuthenticatorFactory implements PortletAuthenticato */ private User getWebClientUser(PortletSession session) { - return (User)session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER, PortletSession.APPLICATION_SCOPE); + SessionUser user = (SessionUser)session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER, PortletSession.APPLICATION_SCOPE); + return user instanceof User ? (User)user : null; } } diff --git a/source/java/org/alfresco/web/app/ContextListener.java b/source/java/org/alfresco/web/app/ContextListener.java index 80619e6203..bc509447b2 100644 --- a/source/java/org/alfresco/web/app/ContextListener.java +++ b/source/java/org/alfresco/web/app/ContextListener.java @@ -34,6 +34,7 @@ import javax.servlet.http.HttpSessionListener; import javax.transaction.UserTransaction; import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.repo.SessionUser; import org.alfresco.repo.cache.InternalEhCacheManagerFactoryBean; import org.alfresco.repo.security.authentication.AuthenticationContext; import org.alfresco.service.ServiceRegistry; @@ -46,7 +47,6 @@ import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.transaction.TransactionService; import org.alfresco.web.app.servlet.AuthenticationHelper; import org.alfresco.web.bean.repository.Repository; -import org.alfresco.web.bean.repository.User; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.web.context.WebApplicationContext; @@ -186,7 +186,7 @@ public class ContextListener implements ServletContextListener, HttpSessionListe } if (userKey != null) { - User user = (User)event.getSession().getAttribute(userKey); + SessionUser user = (SessionUser)event.getSession().getAttribute(userKey); if (user != null) { // invalidate ticket and clear the Security context for this thread diff --git a/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java b/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java index 87a6c7c124..26c2ef082f 100644 --- a/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java +++ b/source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java @@ -43,6 +43,7 @@ import javax.portlet.UnavailableException; import org.alfresco.config.ConfigService; import org.alfresco.i18n.I18NUtil; +import org.alfresco.repo.SessionUser; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.util.TempFileProvider; @@ -162,7 +163,8 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet } else { - User user = (User)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER); + SessionUser sessionUser = (SessionUser)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER); + User user = sessionUser instanceof User ? (User)sessionUser : null; if (user != null) { // setup the authentication context @@ -267,7 +269,8 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet String viewId = request.getParameter(VIEW_ID); // keep track of last view id so we can use it as return page from multi-part requests request.getPortletSession().setAttribute(SESSION_LAST_VIEW_ID, viewId); - User user = (User)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER); + SessionUser sessionUser = (SessionUser)request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER); + User user = sessionUser instanceof User ? (User)sessionUser : null; if (user == null && (viewId == null || viewId.equals(getLoginPage()) == false)) { if (AuthenticationHelper.portalGuestAuthenticate(ctx, session, auth) == AuthenticationStatus.Guest) diff --git a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java index ad66ea56ed..2f75780f98 100644 --- a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java +++ b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java @@ -34,16 +34,17 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import javax.transaction.UserTransaction; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.i18n.I18NUtil; import org.alfresco.model.ContentModel; +import org.alfresco.repo.SessionUser; import org.alfresco.repo.management.subsystems.ActivateableBean; import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.permissions.AccessDeniedException; +import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.service.ServiceRegistry; import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; @@ -174,11 +175,11 @@ public final class AuthenticationHelper ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean forceGuest, boolean allowGuest) throws IOException { - HttpSession session = req.getSession(); - // retrieve the User object User user = getUser(sc, req, res); + HttpSession session = req.getSession(); + // get the login bean if we're not in the portal LoginBean loginBean = null; if (Application.inPortalServer() == false) @@ -207,7 +208,7 @@ public final class AuthenticationHelper auth.authenticateAsGuest(); // if we get here then Guest access was allowed and successful - setUser(sc, req, AuthenticationUtil.getGuestUserName(), false); + setUser(sc, req, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(), false); // Set up the thread context setupThread(sc, req, res); @@ -245,18 +246,7 @@ public final class AuthenticationHelper return AuthenticationStatus.Failure; } else - { - try - { - auth.validate(user.getTicket()); - } - catch (AuthenticationException authErr) - { - // expired ticket - session.removeAttribute(AUTHENTICATION_USER); - return AuthenticationStatus.Failure; - } - + { // set last authentication username cookie value if (loginBean != null) { @@ -287,13 +277,11 @@ public final class AuthenticationHelper { auth.validate(ticket); - User user = (User)session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER); - if (user == null) + // We may have previously been authenticated via WebDAV so we may need to 'promote' the user object + SessionUser user = (SessionUser)session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER); + if (user == null || !(user instanceof User)) { - // need to create the User instance if not already available - String currentUsername = auth.getCurrentUserName(); - - setUser(context, httpRequest, currentUsername, false); + setUser(context, httpRequest, auth.getCurrentUserName(), ticket, false); } } catch (AuthenticationException authErr) @@ -325,90 +313,81 @@ public final class AuthenticationHelper * the request * @param currentUsername * the current user name + * @param ticket + * a validated ticket * @param externalAuth * was this user authenticated externally? * @return the user object */ public static User setUser(ServletContext context, HttpServletRequest req, String currentUsername, - boolean externalAuth) + String ticket, boolean externalAuth) { WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context); - AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE); - User user = createUser(wc, auth, currentUsername, externalAuth); + User user = createUser(wc, currentUsername, ticket); // store the User object in the Session - the authentication servlet will then proceed HttpSession session = req.getSession(true); session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); - if (externalAuth) - { - session.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE); - } + setExternalAuth(session, externalAuth); return user; } /** - * Creates an object for an authentication user. + * Sets or clears the external authentication flag on the session * - * @param wc - * the web application context - * @param auth - * the authentication service - * @param currentUsername - * the current user name + * @param session + * the session * @param externalAuth - * was this user authenticated externally? - * @return the user object + * was the user authenticated externally? */ - private static User createUser(WebApplicationContext wc, AuthenticationService auth, String currentUsername, - boolean externalAuth) + private static void setExternalAuth(HttpSession session, boolean externalAuth) { - UserTransaction tx = null; - ServiceRegistry services = (ServiceRegistry) wc.getBean(ServiceRegistry.SERVICE_REGISTRY); - try + if (externalAuth) { - tx = services.getTransactionService().getUserTransaction(); - tx.begin(); - - NodeService nodeService = services.getNodeService(); - PersonService personService = (PersonService) wc.getBean(PERSON_SERVICE); - NodeRef personRef = personService.getPerson(currentUsername); - User user = new User(currentUsername, auth.getCurrentTicket(), personRef); - NodeRef homeRef = (NodeRef) nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER); - - // check that the home space node exists - else Login cannot proceed - if (nodeService.exists(homeRef) == false) - { - throw new InvalidNodeRefException(homeRef); - } - user.setHomeSpaceId(homeRef.getId()); - - tx.commit(); - - return user; + session.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE); } - catch (Exception ex) + else { - logger.error(ex); - - try - { - tx.rollback(); - } - catch (Exception ex2) - { - logger.error("Failed to rollback transaction", ex2); - } - - if (ex instanceof RuntimeException) - { - throw (RuntimeException) ex; - } - else - { - throw new RuntimeException("Failed to set authenticated user", ex); - } + session.removeAttribute(LoginBean.LOGIN_EXTERNAL_AUTH); } } + + /** + * Creates an object for an authentication user. + * + * @param wc + * the web application context + * @param currentUsername + * the current user name + * @param ticket + * a validated ticket + * @return the user object + */ + private static User createUser(final WebApplicationContext wc, final String currentUsername, final String ticket) + { + final ServiceRegistry services = (ServiceRegistry) wc.getBean(ServiceRegistry.SERVICE_REGISTRY); + return services.getTransactionService().getRetryingTransactionHelper().doInTransaction( + new RetryingTransactionHelper.RetryingTransactionCallback() + { + + public User execute() throws Throwable + { + NodeService nodeService = services.getNodeService(); + PersonService personService = (PersonService) wc.getBean(PERSON_SERVICE); + NodeRef personRef = personService.getPerson(currentUsername); + User user = new User(currentUsername, ticket, personRef); + NodeRef homeRef = (NodeRef) nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER); + + // check that the home space node exists - else Login cannot proceed + if (nodeService.exists(homeRef) == false) + { + throw new InvalidNodeRefException(homeRef); + } + user.setHomeSpaceId(homeRef.getId()); + return user; + } + }); + } /** * For no previous authentication or forced Guest - attempt Guest access @@ -422,7 +401,7 @@ public final class AuthenticationHelper { auth.authenticateAsGuest(); - User user = createUser(ctx, auth, AuthenticationUtil.getGuestUserName(), false); + User user = createUser(ctx, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket()); // store the User object in the Session - the authentication servlet will then proceed session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); @@ -461,19 +440,23 @@ public final class AuthenticationHelper } /** - * Attempts to retrieve the User object stored in the current session. - * - * @param httpRequest The HTTP request - * @param httpResponse The HTTP response - * @return The User object representing the current user or null if it could not be found - */ + * Attempts to retrieve the User object stored in the current session. + * + * @param sc + * the servlet context + * @param httpRequest + * The HTTP request + * @param httpResponse + * The HTTP response + * @return The User object representing the current user or null if it could not be found + */ @SuppressWarnings("unchecked") - public static User getUser(ServletContext sc, HttpServletRequest httpRequest, HttpServletResponse httpResponse) + public static User getUser(final ServletContext sc, final HttpServletRequest httpRequest, HttpServletResponse httpResponse) { String userId = null; // If the remote user mapper is configured, we may be able to map in an externally authenticated user - WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc); + final WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc); RemoteUserMapper remoteUserMapper = (RemoteUserMapper) wc.getBean(REMOTE_USER_MAPPER); if (!(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive()) { @@ -484,9 +467,11 @@ public final class AuthenticationHelper User user = null; // examine the appropriate session to try and find the User object + SessionUser sessionUser = null; + String sessionUserAttrib = null; if (Application.inPortalServer() == false) { - user = (User) session.getAttribute(AUTHENTICATION_USER); + sessionUserAttrib = AUTHENTICATION_USER; } else { @@ -499,31 +484,62 @@ public final class AuthenticationHelper String name = enumNames.nextElement(); if (name.endsWith(AUTHENTICATION_USER)) { - user = (User) session.getAttribute(name); + sessionUserAttrib = name; break; } } } + // Make sure the ticket is valid, the person exists, and the cached user is of the right type (WebDAV users have + // been known to leak in but shouldn't now) + if (sessionUserAttrib != null && (sessionUser = (SessionUser) session.getAttribute(sessionUserAttrib)) != null) + { + AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE); + try + { + auth.validate(sessionUser.getTicket()); + if (sessionUser instanceof User) + { + user = (User)sessionUser; + setExternalAuth(session, userId != null); + } + else + { + user = setUser(sc, httpRequest, sessionUser.getUserName(), sessionUser.getTicket(), userId != null); + } + } + catch (AuthenticationException authErr) + { + session.removeAttribute(sessionUserAttrib); + if (!Application.inPortalServer()) + { + session.invalidate(); + } + } + } + // If the remote user mapper is configured, we may be able to map in an externally authenticated user if (userId != null) { // We have a previously-cached user with the wrong identity - replace them if (user != null && !user.getUserName().equals(userId)) { - user = null; + session.removeAttribute(sessionUserAttrib); + if (!Application.inPortalServer()) + { + session.invalidate(); + } + user = null; } if (user == null) { // If we have been authenticated by other means, just propagate through the user identity - if (userId != null) - { - AuthenticationComponent authenticationComponent = (AuthenticationComponent) wc - .getBean(AUTHENTICATION_COMPONENT); - authenticationComponent.setCurrentUser(userId); - user = setUser(sc, httpRequest, userId, true); - } + AuthenticationComponent authenticationComponent = (AuthenticationComponent) wc + .getBean(AUTHENTICATION_COMPONENT); + authenticationComponent.setCurrentUser(userId); + AuthenticationService authenticationService = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE); + user = setUser(sc, httpRequest, userId, authenticationService.getCurrentTicket(), true); } } return user; diff --git a/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java index 5491b6d482..7b0e4dae3b 100644 --- a/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java @@ -38,10 +38,10 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.repo.security.authentication.AuthenticationException; +import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.web.app.Application; import org.alfresco.web.bean.repository.User; import org.apache.commons.logging.Log; @@ -64,6 +64,8 @@ public class HTTPRequestAuthenticationFilter implements Filter private String loginPage; private AuthenticationComponent authComponent; + + private AuthenticationService authenticationService; private String httpServletRequestAuthHeaderName; @@ -97,8 +99,6 @@ public class HTTPRequestAuthenticationFilter implements Filter HttpServletRequest req = (HttpServletRequest) sreq; HttpServletResponse resp = (HttpServletResponse) sresp; - HttpSession httpSess = req.getSession(true); - // Check for the auth header String authHdr = req.getHeader(httpServletRequestAuthHeaderName); @@ -164,7 +164,7 @@ public class HTTPRequestAuthenticationFilter implements Filter // See if there is a user in the session and test if it matches - User user = (User) httpSess.getAttribute(AuthenticationHelper.AUTHENTICATION_USER); + User user = AuthenticationHelper.getUser(this.context, req, resp); if (user != null) { @@ -236,7 +236,7 @@ public class HTTPRequestAuthenticationFilter implements Filter authComponent.setCurrentUser(userName); // Set up the user information - AuthenticationHelper.setUser(context, req, userName, true); + AuthenticationHelper.setUser(context, req, userName, authenticationService.getCurrentTicket(), true); // Set the locale using the session AuthenticationHelper.setupThread(this.context, req, res); @@ -253,6 +253,7 @@ public class HTTPRequestAuthenticationFilter implements Filter WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context); authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); + authenticationService = (AuthenticationService) ctx.getBean("AuthenticationService"); httpServletRequestAuthHeaderName = config.getInitParameter("httpServletRequestAuthHeaderName"); if(httpServletRequestAuthHeaderName == null) diff --git a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java index 4a10a8e110..8ce848d7f5 100644 --- a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java @@ -80,18 +80,22 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt { setLoginPage(clientConfig.getLoginPage()); } + + // Use the web client user attribute name + setUserAttributeName(AuthenticationHelper.AUTHENTICATION_USER); } - /* (non-Javadoc) - * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, java.lang.String) - */ - @Override - protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, String homeSpace) { - + + /* (non-Javadoc) + * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef) + { // Create a web client user object User user = new User( userName, ticket, personNode); - user.setHomeSpaceId( homeSpace); + user.setHomeSpaceId( homeSpaceRef.getId()); return user; } diff --git a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java index 669f992c92..b85cad5722 100644 --- a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java @@ -77,18 +77,22 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter { setLoginPage(clientConfig.getLoginPage()); } + + // Use the web client user attribute name + setUserAttributeName(AuthenticationHelper.AUTHENTICATION_USER); } + /* (non-Javadoc) - * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, java.lang.String) - */ - @Override - protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, String homeSpace) { - + * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef) + */ + @Override + protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef) + { // Create a web client user object User user = new User( userName, ticket, personNode); - user.setHomeSpaceId( homeSpace); + user.setHomeSpaceId( homeSpaceRef.getId()); return user; } diff --git a/source/java/org/alfresco/web/bean/LoginBean.java b/source/java/org/alfresco/web/bean/LoginBean.java index 7c4df32930..be17e78fd4 100644 --- a/source/java/org/alfresco/web/bean/LoginBean.java +++ b/source/java/org/alfresco/web/bean/LoginBean.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -37,6 +37,7 @@ import javax.faces.validator.ValidatorException; import javax.servlet.http.HttpServletRequest; import org.alfresco.model.ContentModel; +import org.alfresco.repo.SessionUser; import org.alfresco.repo.security.authentication.AuthenticationDisallowedException; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.repo.security.authentication.AuthenticationMaxUsersException; @@ -63,8 +64,20 @@ import org.apache.commons.logging.LogFactory; */ public class LoginBean implements Serializable { - // ------------------------------------------------------------------------------ - // Managed bean properties + /** + * The default outcome of the logout action. + */ + private static final String OUTCOME_LOGOUT = "logout"; + + /** + * The outcome of the logout action when the user has been signed on by SSO. + */ + private static final String OUTCOME_RELOGIN = "relogin"; + + /** + * The name of the form parameter carrying the outcome to the logout action. + */ + private static final String PARAM_OUTCOME = "outcome"; private static final long serialVersionUID = 7417882503323795282L; @@ -143,13 +156,13 @@ public class LoginBean implements Serializable } /** - * @return true if the default Alfresco authentication process is being used, else false + * @return "logout" if the default Alfresco authentication process is being used, else "relogin" * if an external authorisation mechanism is present. */ - public boolean isAlfrescoAuth() + public String getLogoutOutcome() { - Map session = FacesContext.getCurrentInstance().getExternalContext().getSessionMap(); - return (session.get(LOGIN_EXTERNAL_AUTH) == null); + Map session = FacesContext.getCurrentInstance().getExternalContext().getSessionMap(); + return session.get(LOGIN_EXTERNAL_AUTH) == null ? OUTCOME_LOGOUT : OUTCOME_RELOGIN; } /** @@ -388,9 +401,15 @@ public class LoginBean implements Serializable public String logout() { FacesContext context = FacesContext.getCurrentInstance(); - - // need to capture this value before invalidating the session - boolean externalAuth = isAlfrescoAuth(); + + // The outcome is decided in advance (before session expiry) and included as a parameter + Map params = context.getExternalContext().getRequestParameterMap(); + String outcome = (String)params.get(PARAM_OUTCOME); + if (outcome == null) + { + outcome = OUTCOME_LOGOUT; + } + Locale language = Application.getLanguage(context); // Invalidate Session for this user. @@ -404,7 +423,7 @@ public class LoginBean implements Serializable else { Map session = context.getExternalContext().getSessionMap(); - User user = (User)session.get(AuthenticationHelper.AUTHENTICATION_USER); + SessionUser user = (SessionUser)session.get(AuthenticationHelper.AUTHENTICATION_USER); if (user != null) { // invalidate ticket and clear the Security context for this thread @@ -428,7 +447,7 @@ public class LoginBean implements Serializable // set language to last used on the login page Application.setLanguage(context, language.toString()); - return externalAuth ? "logout" : "relogin"; + return outcome; } diff --git a/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java index 9c53ea80d2..dda8a35b5d 100644 --- a/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java +++ b/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java @@ -436,6 +436,7 @@ public class NtlmAuthenticationHandler extends AbstractAuthenticationHandler imp if (user == null) { user = createUserEnvironment(session, userName); + session.setAttribute(USER_SESSION_ATTRIBUTE, user); } else { diff --git a/source/web/jsp/parts/titlebar.jsp b/source/web/jsp/parts/titlebar.jsp index 3f57e709cd..84ed01ab0a 100644 --- a/source/web/jsp/parts/titlebar.jsp +++ b/source/web/jsp/parts/titlebar.jsp @@ -102,7 +102,9 @@   - + + +