diff --git a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java index 0a05d78236..3457f69e4f 100644 --- a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java +++ b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -18,7 +18,7 @@ * As a special exception to the terms and conditions of version 2.0 of * the GPL, you may redistribute this Program in connection with Free/Libre * and Open Source Software ("FLOSS") applications as described in Alfresco's - * FLOSS exception. You should have recieved a copy of the text describing + * FLOSS exception. You should have received a copy of the text describing * the FLOSS exception, and it is also available here: * http://www.alfresco.com/legal/licensing" */ @@ -51,7 +51,7 @@ import org.alfresco.service.cmr.security.PersonService; import org.alfresco.web.app.Application; import org.alfresco.web.bean.LoginBean; import org.alfresco.web.bean.repository.User; -import org.alfresco.web.config.ClientConfigElement; +import org.alfresco.web.bean.users.UserPreferencesBean; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.web.context.WebApplicationContext; @@ -91,6 +91,52 @@ public final class AuthenticationHelper private static Log logger = LogFactory.getLog(AuthenticationHelper.class); + /** + * Does all the stuff you need to do after successfully authenticating/validating a user ticket to set up the request + * thread. A useful utility method for an authentication filter. + * + * @param sc + * the servlet context + * @param req + * the request + * @param res + * the response + */ + public static void setupThread(ServletContext sc, HttpServletRequest req, HttpServletResponse res) + { + // setup faces context + FacesContext fc = FacesHelper.getFacesContext(req, res, sc); + + // Set the current locale and language + if (Application.getClientConfig(fc).isLanguageSelect()) + { + I18NUtil.setLocale(Application.getLanguage(req.getSession())); + } + else + { + // Set the current thread locale (also for JSF context) + fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(req, sc)); + } + + // Programatically retrieve the UserPreferencesBean from JSF + UserPreferencesBean userPreferencesBean = (UserPreferencesBean) fc.getApplication().createValueBinding( + "#{UserPreferencesBean}").getValue(fc); + if (userPreferencesBean != null) + { + String contentFilterLanguageStr = userPreferencesBean.getContentFilterLanguage(); + if (contentFilterLanguageStr != null) + { + // Set the locale for the method interceptor for MLText properties + I18NUtil.setContentLocale(I18NUtil.parseLocale(contentFilterLanguageStr)); + } + else + { + // Nothing has been selected, so remove the content filter + I18NUtil.setContentLocale(null); + } + } + } + /** * Helper to authenticate the current user using session based Ticket information. *

@@ -151,48 +197,15 @@ public final class AuthenticationHelper if (allowGuest == true && (authCookie == null || forceGuest)) { // no previous authentication or forced Guest - attempt Guest access - UserTransaction tx = null; try { auth.authenticateAsGuest(); // if we get here then Guest access was allowed and successful - ServiceRegistry services = BaseServlet.getServiceRegistry(sc); - tx = services.getTransactionService().getUserTransaction(); - tx.begin(); + setUser(sc, req, PermissionService.GUEST_AUTHORITY, false); - NodeService nodeService = services.getNodeService(); - PersonService personService = (PersonService)wc.getBean(PERSON_SERVICE); - NodeRef guestRef = personService.getPerson(PermissionService.GUEST_AUTHORITY); - user = new User(PermissionService.GUEST_AUTHORITY, auth.getCurrentTicket(), guestRef); - NodeRef guestHomeRef = (NodeRef)nodeService.getProperty(guestRef, ContentModel.PROP_HOMEFOLDER); - - // check that the home space node exists - else Guest cannot proceed - if (guestHomeRef == null || nodeService.exists(guestHomeRef) == false) - { - // cannot login as Guest as Home is missing - return to login screen - logger.warn("Unable to locate Guest Home space - may have been deleted?"); - throw new AuthenticationException(""); - } - user.setHomeSpaceId(guestHomeRef.getId()); - - tx.commit(); - tx = null; // clear this so we know not to rollback - - // store the User object in the Session - the authentication servlet will then proceed - session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); - - // Set the current locale and language - FacesContext fc = FacesHelper.getFacesContext(req, res, sc); - if (Application.getClientConfig(fc).isLanguageSelect()) - { - I18NUtil.setLocale(Application.getLanguage(req.getSession())); - } - else - { - // Set the current thread locale (also for JSF context) - fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(req, sc)); - } + // Set up the thread context + setupThread(sc, req, res); // remove the session invalidated flag session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED); @@ -220,10 +233,6 @@ public final class AuthenticationHelper unprotAuthService.clearCurrentSecurityContext(); throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e); } - finally - { - try { if (tx != null) {tx.rollback();} } catch (Exception tex) {} - } } } @@ -248,35 +257,9 @@ public final class AuthenticationHelper { setUsernameCookie(req, res, loginBean.getUsernameInternal()); } - - // setup faces context - FacesContext fc = FacesHelper.getFacesContext(req, res, sc); - - // Set the current locale and language - if (Application.getClientConfig(fc).isLanguageSelect()) - { - I18NUtil.setLocale(Application.getLanguage(req.getSession())); - } - else - { - // Set the current thread locale (also for JSF context) - fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(req, sc)); - } - - if (loginBean != null && (loginBean.getUserPreferencesBean() != null)) - { - String contentFilterLanguageStr = loginBean.getUserPreferencesBean().getContentFilterLanguage(); - if (contentFilterLanguageStr != null) - { - // Set the locale for the method interceptor for MLText properties - I18NUtil.setContentLocale(I18NUtil.parseLocale(contentFilterLanguageStr)); - } - else - { - // Nothing has been selected, so remove the content filter - I18NUtil.setContentLocale(null); - } - } + + // Set up the thread context + setupThread(sc, req, res); return AuthenticationStatus.Success; } @@ -294,7 +277,6 @@ public final class AuthenticationHelper // setup the authentication context WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context); AuthenticationService auth = (AuthenticationService)wc.getBean(AUTHENTICATION_SERVICE); - UserTransaction tx = null; HttpSession session = httpRequest.getSession(); try { @@ -306,28 +288,7 @@ public final class AuthenticationHelper // need to create the User instance if not already available String currentUsername = auth.getCurrentUserName(); - ServiceRegistry services = BaseServlet.getServiceRegistry(context); - tx = services.getTransactionService().getUserTransaction(); - tx.begin(); - - NodeService nodeService = services.getNodeService(); - PersonService personService = (PersonService)wc.getBean(PERSON_SERVICE); - NodeRef personRef = personService.getPerson(currentUsername); - user = new User(currentUsername, auth.getCurrentTicket(), personRef); - NodeRef homeRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER); - - // check that the home space node exists - else Login cannot proceed - if (nodeService.exists(homeRef) == false) - { - throw new InvalidNodeRefException(homeRef); - } - user.setHomeSpaceId(homeRef.getId()); - - tx.commit(); - tx = null; // clear this so we know not to rollback - - // store the User object in the Session - the authentication servlet will then proceed - session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); + setUser(context, httpRequest, currentUsername, false); } } catch (AuthenticationException authErr) @@ -343,28 +304,107 @@ public final class AuthenticationHelper unprotAuthService.clearCurrentSecurityContext(); return AuthenticationStatus.Failure; } - finally - { - try { if (tx != null) {tx.rollback();} } catch (Exception tex) {} - } - // Set the current locale - FacesContext fc = FacesHelper.getFacesContext(httpRequest, httpResponse, context); - - // Set the current locale and language - if (Application.getClientConfig(fc).isLanguageSelect()) - { - I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession())); - } - else - { - // Set the current thread locale (also for JSF context) - fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(httpRequest, context)); - } + // Set up the thread context + setupThread(context, httpRequest, httpResponse); return AuthenticationStatus.Success; } - + + /** + * Creates an object for an authenticated user and stores it in the session. + * + * @param context + * the servlet context + * @param req + * the request + * @param currentUsername + * the current user name + * @param externalAuth + * was this user authenticated externally? + * @return the user object + */ + public static User setUser(ServletContext context, HttpServletRequest req, String currentUsername, + boolean externalAuth) + { + WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context); + AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE); + + User user = createUser(wc, auth, currentUsername, externalAuth); + // store the User object in the Session - the authentication servlet will then proceed + HttpSession session = req.getSession(true); + session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); + if (externalAuth) + { + session.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE); + } + return user; + } + + /** + * Creates an object for an authentication user. + * + * @param wc + * the web application context + * @param auth + * the authentication service + * @param currentUsername + * the current user name + * @param externalAuth + * was this user authenticated externally? + * @return the user object + */ + private static User createUser(WebApplicationContext wc, AuthenticationService auth, String currentUsername, + boolean externalAuth) + { + UserTransaction tx = null; + ServiceRegistry services = (ServiceRegistry) wc.getBean(ServiceRegistry.SERVICE_REGISTRY); + try + { + tx = services.getTransactionService().getUserTransaction(); + tx.begin(); + + NodeService nodeService = services.getNodeService(); + PersonService personService = (PersonService) wc.getBean(PERSON_SERVICE); + NodeRef personRef = personService.getPerson(currentUsername); + User user = new User(currentUsername, auth.getCurrentTicket(), personRef); + NodeRef homeRef = (NodeRef) nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER); + + // check that the home space node exists - else Login cannot proceed + if (nodeService.exists(homeRef) == false) + { + throw new InvalidNodeRefException(homeRef); + } + user.setHomeSpaceId(homeRef.getId()); + + tx.commit(); + + return user; + } + catch (Exception ex) + { + logger.error(ex); + + try + { + tx.rollback(); + } + catch (Exception ex2) + { + logger.error("Failed to rollback transaction", ex2); + } + + if (ex instanceof RuntimeException) + { + throw (RuntimeException) ex; + } + else + { + throw new RuntimeException("Failed to set authenticated user", ex); + } + } + } + /** * For no previous authentication or forced Guest - attempt Guest access * @@ -373,31 +413,11 @@ public final class AuthenticationHelper */ public static AuthenticationStatus portalGuestAuthenticate(WebApplicationContext ctx, PortletSession session, AuthenticationService auth) { - UserTransaction tx = null; try { auth.authenticateAsGuest(); - // if we get here then Guest access was allowed and successful - ServiceRegistry services = (ServiceRegistry)ctx.getBean(ServiceRegistry.SERVICE_REGISTRY); - tx = services.getTransactionService().getUserTransaction(); - tx.begin(); - - NodeService nodeService = services.getNodeService(); - PersonService personService = (PersonService)ctx.getBean(PERSON_SERVICE); - NodeRef guestRef = personService.getPerson(PermissionService.GUEST_AUTHORITY); - User user = new User(PermissionService.GUEST_AUTHORITY, auth.getCurrentTicket(), guestRef); - NodeRef guestHomeRef = (NodeRef)nodeService.getProperty(guestRef, ContentModel.PROP_HOMEFOLDER); - - // check that the home space node exists - else Guest cannot proceed - if (nodeService.exists(guestHomeRef) == false) - { - throw new InvalidNodeRefException(guestHomeRef); - } - user.setHomeSpaceId(guestHomeRef.getId()); - - tx.commit(); - tx = null; // clear this so we know not to rollback + User user = createUser(ctx, auth, PermissionService.GUEST_AUTHORITY, false); // store the User object in the Session - the authentication servlet will then proceed session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); @@ -431,10 +451,6 @@ public final class AuthenticationHelper unprotAuthService.clearCurrentSecurityContext(); throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e); } - finally - { - try { if (tx != null) {tx.rollback();} } catch (Exception tex) {} - } return AuthenticationStatus.Failure; } @@ -461,7 +477,7 @@ public final class AuthenticationHelper // naff solution as we need to enumerate all session keys until we find the one that // should match our User objects - this is weak but we don't know how the underlying // Portal vendor has decided to encode the objects in the session - Enumeration enumNames = session.getAttributeNames(); + Enumeration enumNames = session.getAttributeNames(); while (enumNames.hasMoreElements()) { String name = (String)enumNames.nextElement(); diff --git a/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java index f0ad0da29f..5491b6d482 100644 --- a/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java @@ -1,24 +1,30 @@ /* - * Copyright (C) 2005-2006 Alfresco, Inc. + * Copyright (C) 2005-2009 Alfresco Software Limited. * - * Licensed under the Mozilla Public License version 1.1 - * with a permitted attribution clause. You may obtain a - * copy of the License at - * - * http://www.alfresco.org/legal/license.txt - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, - * either express or implied. See the License for the specific - * language governing permissions and limitations under the - * License. + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + * As a special exception to the terms and conditions of version 2.0 of + * the GPL, you may redistribute this Program in connection with Free/Libre + * and Open Source Software ("FLOSS") applications as described in Alfresco's + * FLOSS exception. You should have received a copy of the text describing + * the FLOSS exception, and it is also available here: + * http://www.alfresco.com/legal/licensing" */ package org.alfresco.web.app.servlet; import java.io.IOException; -import java.util.List; -import java.util.Locale; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.regex.PatternSyntaxException; @@ -33,23 +39,11 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import javax.transaction.UserTransaction; -import org.alfresco.config.ConfigService; -import org.alfresco.i18n.I18NUtil; -import org.alfresco.model.ContentModel; import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.repo.security.authentication.AuthenticationException; -import org.alfresco.service.ServiceRegistry; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.security.AuthenticationService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.transaction.TransactionService; import org.alfresco.web.app.Application; -import org.alfresco.web.bean.LoginBean; import org.alfresco.web.bean.repository.User; -import org.alfresco.web.config.LanguagesConfigElement; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.web.context.WebApplicationContext; @@ -61,12 +55,8 @@ import org.springframework.web.context.support.WebApplicationContextUtils; * * @author Andy Hind */ -public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilter implements Filter +public class HTTPRequestAuthenticationFilter implements Filter { - private static final String LOCALE = "locale"; - - public static final String MESSAGE_BUNDLE = "alfresco.messages.webclient"; - private static Log logger = LogFactory.getLog(HTTPRequestAuthenticationFilter.class); private ServletContext context; @@ -75,16 +65,6 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte private AuthenticationComponent authComponent; - private AuthenticationService authService; - - private TransactionService transactionService; - - private PersonService personService; - - private NodeService nodeService; - - private List m_languages; - private String httpServletRequestAuthHeaderName; // By default match everything if this is not set @@ -203,14 +183,14 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte // Set the current locale authComponent.clearCurrentSecurityContext(); authComponent.setCurrentUser(user.getUserName()); - I18NUtil.setLocale(Application.getLanguage(httpSess)); + AuthenticationHelper.setupThread(this.context, req, resp); chain.doFilter(sreq, sresp); return; } else { // No match - setAuthenticatedUser(req, httpSess, userName); + setAuthenticatedUser(req, resp, userName); } } catch (AuthenticationException ex) @@ -220,7 +200,7 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte } } - setAuthenticatedUser(req, httpSess, userName); + setAuthenticatedUser(req, resp, userName); // Redirect the login page as it is never seen as we always login by name if (req.getRequestURI().endsWith(getLoginPage()) == true) @@ -242,69 +222,24 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte * Set the authenticated user. It does not check that the user exists at the moment. * * @param req - * @param httpSess + * the request + * @param res + * the response * @param userName + * the user name */ - private void setAuthenticatedUser(HttpServletRequest req, HttpSession httpSess, String userName) + private void setAuthenticatedUser(HttpServletRequest req, HttpServletResponse res, + String userName) { // Set the authentication authComponent.clearCurrentSecurityContext(); authComponent.setCurrentUser(userName); - + // Set up the user information - UserTransaction tx = transactionService.getUserTransaction(); - NodeRef homeSpaceRef = null; - User user; - try - { - tx.begin(); - user = new User(userName, authService.getCurrentTicket(), personService.getPerson(userName)); - homeSpaceRef = (NodeRef) nodeService.getProperty(personService.getPerson(userName), - ContentModel.PROP_HOMEFOLDER); - user.setHomeSpaceId(homeSpaceRef.getId()); - tx.commit(); - } - catch (Throwable ex) - { - logger.error(ex); - - try - { - tx.rollback(); - } - catch (Exception ex2) - { - logger.error("Failed to rollback transaction", ex2); - } - - if (ex instanceof RuntimeException) - { - throw (RuntimeException) ex; - } - else - { - throw new RuntimeException("Failed to set authenticated user", ex); - } - } - - // Store the user - - httpSess.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); - httpSess.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE); - - // Set the current locale from the Accept-Lanaguage header if available - - Locale userLocale = parseAcceptLanguageHeader(req, m_languages); - - if (userLocale != null) - { - httpSess.setAttribute(LOCALE, userLocale); - httpSess.removeAttribute(MESSAGE_BUNDLE); - } + AuthenticationHelper.setUser(context, req, userName, true); // Set the locale using the session - - I18NUtil.setLocale(Application.getLanguage(httpSess)); + AuthenticationHelper.setupThread(this.context, req, res); } @@ -317,22 +252,8 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte // Setup the authentication context WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context); - - ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY); - nodeService = serviceRegistry.getNodeService(); - authService = serviceRegistry.getAuthenticationService(); - transactionService = serviceRegistry.getTransactionService(); - personService = (PersonService) ctx.getBean("PersonService"); // transactional and permission-checked authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); - - - ConfigService configServiceService = (ConfigService) ctx.getBean("webClientConfigService"); - LanguagesConfigElement configElement = (LanguagesConfigElement) configServiceService.getConfig("Languages") - .getConfigElement(LanguagesConfigElement.CONFIG_ELEMENT_ID); - - m_languages = configElement.getLanguages(); - - + httpServletRequestAuthHeaderName = config.getInitParameter("httpServletRequestAuthHeaderName"); if(httpServletRequestAuthHeaderName == null) { diff --git a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java index 8d371a74f0..4a10a8e110 100644 --- a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java @@ -25,23 +25,19 @@ package org.alfresco.web.app.servlet; import java.io.IOException; -import java.util.List; -import java.util.Locale; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.alfresco.config.ConfigService; -import org.alfresco.i18n.I18NUtil; import org.alfresco.repo.SessionUser; import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.web.app.Application; import org.alfresco.web.bean.repository.User; import org.alfresco.web.config.ClientConfigElement; -import org.alfresco.web.config.LanguagesConfigElement; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -55,21 +51,10 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt // Debug logging private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class); - - // Constants - // - // Locale object stored in the session - - private static final String LOCALE = "locale"; - public static final String MESSAGE_BUNDLE = "alfresco.messages.webclient"; - + // Various services required by Kerberos authenticator private ConfigService m_configService; - // List of available locales (from the web-client configuration) - - private List m_languages; - /** * @param configService the configService to set */ @@ -88,12 +73,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt // Call the base Kerberos filter initialization super.init(); - // Get a list of the available locales - LanguagesConfigElement config = (LanguagesConfigElement) m_configService.getConfig("Languages") - .getConfigElement(LanguagesConfigElement.CONFIG_ELEMENT_ID); - - m_languages = config.getLanguages(); - ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement( ClientConfigElement.CONFIG_ELEMENT_ID); @@ -117,24 +96,16 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt return user; } - /* (non-Javadoc) - * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpSession) + /* + * (non-Javadoc) + * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidate(javax.servlet.ServletContext, + * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override - protected void onValidate(HttpServletRequest req, HttpSession session) - { - // Set the current locale from the Accept-Lanaguage header if available - - Locale userLocale = AbstractAuthenticationFilter.parseAcceptLanguageHeader(req, m_languages); - if (userLocale != null) - { - session.setAttribute(LOCALE, userLocale); - session.removeAttribute(MESSAGE_BUNDLE); - } - + protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res) + { // Set the locale using the session - - I18NUtil.setLocale(Application.getLanguage(session)); + AuthenticationHelper.setupThread(sc, req, res); } /* (non-Javadoc) diff --git a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java index f102bc97b0..669f992c92 100644 --- a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java @@ -25,20 +25,17 @@ package org.alfresco.web.app.servlet; import java.io.IOException; -import java.util.List; -import java.util.Locale; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.alfresco.config.ConfigService; -import org.alfresco.i18n.I18NUtil; import org.alfresco.repo.SessionUser; import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.web.app.Application; import org.alfresco.web.bean.repository.User; import org.alfresco.web.config.ClientConfigElement; import org.apache.commons.logging.Log; @@ -51,18 +48,11 @@ import org.apache.commons.logging.LogFactory; */ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter { - // Locale object stored in the session - private static final String LOCALE = "locale"; - private static final String MESSAGE_BUNDLE = "alfresco.messages.webclient"; - // Debug logging private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class); protected ConfigService m_configService; - // List of available locales (from the web-client configuration) - private List m_languages; - /** * @param configService the configService to set */ @@ -81,7 +71,6 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter // Call the base NTLM filter initialization super.init(); - m_languages = config.getLanguages(); ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement( ClientConfigElement.CONFIG_ELEMENT_ID); if (clientConfig != null) @@ -103,25 +92,15 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter return user; } - + /* (non-Javadoc) - * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpSession) + * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidate(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override - protected void onValidate(HttpServletRequest req, HttpSession session) + protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res) { - // Set the current locale from the Accept-Lanaguage header if available - - Locale userLocale = AbstractAuthenticationFilter.parseAcceptLanguageHeader(req, m_languages); - if (userLocale != null) - { - session.setAttribute(LOCALE, userLocale); - session.removeAttribute(MESSAGE_BUNDLE); - } - // Set the locale using the session - - I18NUtil.setLocale(Application.getLanguage(session)); + AuthenticationHelper.setupThread(sc, req, res); } /* (non-Javadoc) diff --git a/source/java/org/alfresco/web/app/servlet/NovellIChainsHTTPRequestAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/NovellIChainsHTTPRequestAuthenticationFilter.java deleted file mode 100644 index 6f1161298b..0000000000 --- a/source/java/org/alfresco/web/app/servlet/NovellIChainsHTTPRequestAuthenticationFilter.java +++ /dev/null @@ -1,321 +0,0 @@ -/* - * Copyright (C) 2005-2007 Alfresco Software Limited. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - * As a special exception to the terms and conditions of version 2.0 of - * the GPL, you may redistribute this Program in connection with Free/Libre - * and Open Source Software ("FLOSS") applications as described in Alfresco's - * FLOSS exception. You should have recieved a copy of the text describing - * the FLOSS exception, and it is also available here: - * http://www.alfresco.com/legal/licensing" - */ -package org.alfresco.web.app.servlet; - -import java.io.IOException; -import java.util.List; -import java.util.Locale; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.transaction.UserTransaction; - -import org.alfresco.config.ConfigService; -import org.alfresco.i18n.I18NUtil; -import org.alfresco.model.ContentModel; -import org.alfresco.repo.security.authentication.AuthenticationComponent; -import org.alfresco.repo.security.authentication.AuthenticationException; -import org.alfresco.service.ServiceRegistry; -import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.security.AuthenticationService; -import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.transaction.TransactionService; -import org.alfresco.web.app.Application; -import org.alfresco.web.bean.LoginBean; -import org.alfresco.web.bean.repository.User; -import org.alfresco.web.config.LanguagesConfigElement; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; - -/** - * Sample authentication for Novell ICHAINS. - * - * @author Andy Hind - */ -public class NovellIChainsHTTPRequestAuthenticationFilter extends AbstractAuthenticationFilter implements Filter -{ - private static final String LOCALE = "locale"; - - public static final String MESSAGE_BUNDLE = "alfresco.messages.webclient"; - - private static Log logger = LogFactory.getLog(NovellIChainsHTTPRequestAuthenticationFilter.class); - - private ServletContext context; - - private String loginPage; - - private AuthenticationComponent authComponent; - - private AuthenticationService authService; - - private TransactionService transactionService; - - private PersonService personService; - - private NodeService nodeService; - - private List m_languages; - - public NovellIChainsHTTPRequestAuthenticationFilter() - { - super(); - } - - public void destroy() - { - // Nothing to do - } - - /** - * Run the filter - * - * @param sreq - * ServletRequest - * @param sresp - * ServletResponse - * @param chain - * FilterChain - * @exception IOException - * @exception ServletException - */ - public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException, - ServletException - { - // Get the HTTP request/response/session - - HttpServletRequest req = (HttpServletRequest) sreq; - HttpServletResponse resp = (HttpServletResponse) sresp; - - HttpSession httpSess = req.getSession(true); - - // Check for the ICHAINS header - - String authHdr = req.getHeader("x-user"); - if(logger.isDebugEnabled()) - { - if(authHdr == null) - { - logger.debug("x-user header not found."); - } - else - { - logger.debug("x-user header is <" + authHdr + ">"); - } - } - - // Throw an error if we have an unknown authentication - - if ((authHdr == null) || (authHdr.length() < 1)) - { - resp.sendRedirect(req.getContextPath() + "/jsp/noaccess.jsp"); - return; - } - - // Get the user - - String userName = authHdr; - - if(logger.isDebugEnabled()) - { - logger.debug("User = "+ userName); - } - - // See if there is a user in the session and test if it matches - - User user = (User) httpSess.getAttribute(AuthenticationHelper.AUTHENTICATION_USER); - - if (user != null) - { - try - { - // Debug - - if (logger.isDebugEnabled()) - logger.debug("User " + user.getUserName() + " validate ticket"); - - // Validate the user ticket - - if (user.getUserName().equals(userName)) - { - - // Set the current locale - authComponent.clearCurrentSecurityContext(); - authComponent.setCurrentUser(user.getUserName()); - I18NUtil.setLocale(Application.getLanguage(httpSess)); - chain.doFilter(sreq, sresp); - return; - } - else - { - // No match - setAuthenticatedUser(req, httpSess, userName); - } - } - catch (AuthenticationException ex) - { - if (logger.isErrorEnabled()) - logger.error("Failed to validate user " + user.getUserName(), ex); - } - } - - setAuthenticatedUser(req, httpSess, userName); - - // Redirect the login page as it is never seen as we always login by name - if (req.getRequestURI().endsWith(getLoginPage()) == true) - { - if (logger.isDebugEnabled()) - logger.debug("Login page requested, chaining ..."); - - resp.sendRedirect(req.getContextPath() + "/faces/jsp/browse/browse.jsp"); - return; - } - else - { - chain.doFilter(sreq, sresp); - return; - } - } - - /** - * Set the authenticated user. - * - * It does not check that the user exists at the moment. - * - * @param req - * @param httpSess - * @param userName - */ - private void setAuthenticatedUser(HttpServletRequest req, HttpSession httpSess, String userName) - { - // Set the authentication - authComponent.clearCurrentSecurityContext(); - authComponent.setCurrentUser(userName); - - - - // Set up the user information - UserTransaction tx = transactionService.getUserTransaction(); - NodeRef homeSpaceRef = null; - User user; - try - { - tx.begin(); - user = new User(userName, authService.getCurrentTicket(), personService.getPerson(userName)); - homeSpaceRef = (NodeRef) nodeService.getProperty(personService.getPerson(userName), - ContentModel.PROP_HOMEFOLDER); - user.setHomeSpaceId(homeSpaceRef.getId()); - tx.commit(); - } - catch (Throwable ex) - { - logger.error(ex); - - try - { - tx.rollback(); - } - catch (Exception ex2) - { - logger.error("Failed to rollback transaction", ex2); - } - - if(ex instanceof RuntimeException) - { - throw (RuntimeException)ex; - } - else - { - throw new RuntimeException("Failed to set authenticated user", ex); - } - } - - // Store the user - - httpSess.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); - httpSess.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE); - - // Set the current locale from the Accept-Lanaguage header if available - - Locale userLocale = parseAcceptLanguageHeader(req, m_languages); - - if (userLocale != null) - { - httpSess.setAttribute(LOCALE, userLocale); - httpSess.removeAttribute(MESSAGE_BUNDLE); - } - - // Set the locale using the session - - I18NUtil.setLocale(Application.getLanguage(httpSess)); - } - - public void init(FilterConfig config) throws ServletException - { - this.context = config.getServletContext(); - WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context); - ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY); - transactionService = serviceRegistry.getTransactionService(); - nodeService = serviceRegistry.getNodeService(); - - authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); - authService = (AuthenticationService) ctx.getBean("authenticationService"); - personService = (PersonService) ctx.getBean("personService"); - - // Get a list of the available locales - - ConfigService configServiceService = (ConfigService) ctx.getBean("webClientConfigService"); - LanguagesConfigElement configElement = (LanguagesConfigElement) configServiceService. - getConfig("Languages").getConfigElement(LanguagesConfigElement.CONFIG_ELEMENT_ID); - - m_languages = configElement.getLanguages(); - } - - /** - * Return the login page address - * - * @return String - */ - private String getLoginPage() - { - if (loginPage == null) - { - loginPage = Application.getLoginPage(context); - } - - return loginPage; - } - -} diff --git a/source/web/WEB-INF/web.xml b/source/web/WEB-INF/web.xml index bfd03cb0f4..ed556c1a2e 100644 --- a/source/web/WEB-INF/web.xml +++ b/source/web/WEB-INF/web.xml @@ -105,7 +105,15 @@