inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.1.N (5.1.2) to 5.2.N (5.2.1)

Browse Source 
129145 kroast: Merged 5.0.N (5.0.4) to 5.1.N (5.1.2)
      128659 cpopa: Merged 5.0.2 (5.0.2.22) to 5.0.N (5.0.4)
         128657 cpopa: MNT-15376 : NTLM authentication sometimes fails with IE10+ (chrome OK) - concurrent socket threads   
            - Reuse the previously created NTLM details cache when a type1 request is being reissued on the same session.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@129220 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2016-08-08 11:20:34 +00:00
parent b8da5e77a8
commit 9122a9129f
1 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
View File

@@ -193,11 +193,11 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
// Check if an NTLM authorization header was received // Check if an NTLM authorization header was received
if ( authHdr != null) if (authHdr != null)
{ {
// Check for an NTLM authorization header // Check for an NTLM authorization header
if ( authHdr.startsWith(AUTH_NTLM)) if (authHdr.startsWith(AUTH_NTLM))
reqAuth = true; reqAuth = true;
else if ( authHdr.startsWith( "Negotiate")) else if ( authHdr.startsWith( "Negotiate"))
{ {
@@ -252,7 +252,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
// If there is no login page configured (WebDAV) then just keep requesting the user details from the client // If there is no login page configured (WebDAV) then just keep requesting the user details from the client
if ( hasLoginPage()) if (hasLoginPage())
redirectToLoginPage(sreq, sresp); redirectToLoginPage(sreq, sresp);
else else
restartLoginChallenge(context, sreq, sresp); restartLoginChallenge(context, sreq, sresp);
@@ -264,7 +264,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
{ {
// Check for a ticket based logon, if enabled // Check for a ticket based logon, if enabled
if ( allowsTicketLogons()) if (allowsTicketLogons())
{ {
// Check if the request includes an authentication ticket // Check if the request includes an authentication ticket
@@ -288,6 +288,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
} }
else else
{ {
HttpSession session = sreq.getSession();
// Decode the received NTLM blob and validate // Decode the received NTLM blob and validate
final byte[] ntlmByts = Base64.decodeBase64(authHdr.substring(5).getBytes()); final byte[] ntlmByts = Base64.decodeBase64(authHdr.substring(5).getBytes());
int ntlmTyp = NTLMMessage.isNTLMType(ntlmByts); int ntlmTyp = NTLMMessage.isNTLMType(ntlmByts);
@@ -295,21 +296,27 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
{ {
// Process the type 1 NTLM message // Process the type 1 NTLM message
Type1NTLMMessage type1Msg = new Type1NTLMMessage(ntlmByts); Type1NTLMMessage type1Msg = new Type1NTLMMessage(ntlmByts);
synchronized (session)
{
processType1(type1Msg, sreq, sresp); processType1(type1Msg, sreq, sresp);
}
return false; return false;
} }
else if (ntlmTyp == NTLM.Type3) else if (ntlmTyp == NTLM.Type3)
{ {
// Process the type 3 NTLM message // Process the type 3 NTLM message
Type3NTLMMessage type3Msg = new Type3NTLMMessage(ntlmByts); Type3NTLMMessage type3Msg = new Type3NTLMMessage(ntlmByts);
synchronized (session)
{
return processType3(type3Msg, context, sreq, sresp); return processType3(type3Msg, context, sreq, sresp);
} }
}
else else
{ {
if (getLogger().isDebugEnabled()) if (getLogger().isDebugEnabled())
getLogger().debug("NTLM blob not handled, redirecting to login page."); getLogger().debug("NTLM blob not handled, redirecting to login page.");
if ( hasLoginPage()) if (hasLoginPage())
redirectToLoginPage(sreq, sresp); redirectToLoginPage(sreq, sresp);
else else
restartLoginChallenge(context, sreq, sresp); restartLoginChallenge(context, sreq, sresp);
@@ -339,8 +346,9 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
ntlmDetails = (NTLMLogonDetails)session.getAttribute(NTLM_AUTH_DETAILS); ntlmDetails = (NTLMLogonDetails)session.getAttribute(NTLM_AUTH_DETAILS);
// Check if cached logon details are available // Check if cached logon details are available
if (ntlmDetails != null && ntlmDetails.hasType2Message() && if (ntlmDetails != null &&
ntlmDetails.hasNTLMHashedPassword() && ntlmDetails.hasAuthenticationToken()) ntlmDetails.hasType2Message() &&
((nltmAuthenticator.getNTLMMode() == NTLMMode.PASS_THROUGH && ntlmDetails.hasAuthenticationToken()) || !ntlmDetails.hasAuthenticationToken()))
{ {
// Get the authentication server type2 response // Get the authentication server type2 response
Type2NTLMMessage cachedType2 = ntlmDetails.getType2Message(); Type2NTLMMessage cachedType2 = ntlmDetails.getType2Message();