inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.2 to HEAD

Browse Source 
15495: ETHREEOH-2149: Fix up setting of the content language filter in all authentication filters
      - Some new thread initialization was added to AuthenticationHelper concerning setting the locale for MLText properties
      - Unfortunately this was not propagated to the more exotic authentication filters
      - Now all web client authentication filters use shared code in AuthenticationHelper
      - Retired the NovellIChainsHTTPRequestAuthenticationFilter because it was broken and can be replaced by the superior HTTPRequestAuthenticationFilter


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15735 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
2009-08-13 14:02:22 +00:00
parent aade07414e
commit 984b493d9b
6 changed files with 213 additions and 639 deletions
Download Patch File Download Diff File Expand all files Collapse all files

294
source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2005-2007 Alfresco Software Limited. * Copyright (C) 2005-2009 Alfresco Software Limited.
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License * modify it under the terms of the GNU General Public License
@@ -18,7 +18,7 @@
* As a special exception to the terms and conditions of version 2.0 of * As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre * the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's * and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing * FLOSS exception. You should have received a copy of the text describing
* the FLOSS exception, and it is also available here: * the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" * http://www.alfresco.com/legal/licensing"
*/ */
@@ -51,7 +51,7 @@ import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.web.app.Application; import org.alfresco.web.app.Application;
import org.alfresco.web.bean.LoginBean; import org.alfresco.web.bean.LoginBean;
import org.alfresco.web.bean.repository.User; import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.ClientConfigElement; import org.alfresco.web.bean.users.UserPreferencesBean;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.WebApplicationContext;
@@ -91,6 +91,52 @@ public final class AuthenticationHelper
private static Log logger = LogFactory.getLog(AuthenticationHelper.class); private static Log logger = LogFactory.getLog(AuthenticationHelper.class);
/**
* Does all the stuff you need to do after successfully authenticating/validating a user ticket to set up the request
* thread. A useful utility method for an authentication filter.
*
* @param sc
* the servlet context
* @param req
* the request
* @param res
* the response
*/
public static void setupThread(ServletContext sc, HttpServletRequest req, HttpServletResponse res)
{
// setup faces context
FacesContext fc = FacesHelper.getFacesContext(req, res, sc);
// Set the current locale and language
if (Application.getClientConfig(fc).isLanguageSelect())
{
I18NUtil.setLocale(Application.getLanguage(req.getSession()));
}
else
{
// Set the current thread locale (also for JSF context)
fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(req, sc));
}
// Programatically retrieve the UserPreferencesBean from JSF
UserPreferencesBean userPreferencesBean = (UserPreferencesBean) fc.getApplication().createValueBinding(
"#{UserPreferencesBean}").getValue(fc);
if (userPreferencesBean != null)
{
String contentFilterLanguageStr = userPreferencesBean.getContentFilterLanguage();
if (contentFilterLanguageStr != null)
{
// Set the locale for the method interceptor for MLText properties
I18NUtil.setContentLocale(I18NUtil.parseLocale(contentFilterLanguageStr));
}
else
{
// Nothing has been selected, so remove the content filter
I18NUtil.setContentLocale(null);
}
}
}
/** /**
* Helper to authenticate the current user using session based Ticket information. * Helper to authenticate the current user using session based Ticket information.
* <p> * <p>
@@ -151,48 +197,15 @@ public final class AuthenticationHelper
if (allowGuest == true && (authCookie == null || forceGuest)) if (allowGuest == true && (authCookie == null || forceGuest))
{ {
// no previous authentication or forced Guest - attempt Guest access // no previous authentication or forced Guest - attempt Guest access
UserTransaction tx = null;
try try
{ {
auth.authenticateAsGuest(); auth.authenticateAsGuest();
// if we get here then Guest access was allowed and successful // if we get here then Guest access was allowed and successful
ServiceRegistry services = BaseServlet.getServiceRegistry(sc); setUser(sc, req, PermissionService.GUEST_AUTHORITY, false);
tx = services.getTransactionService().getUserTransaction();
tx.begin();
NodeService nodeService = services.getNodeService(); // Set up the thread context
PersonService personService = (PersonService)wc.getBean(PERSON_SERVICE); setupThread(sc, req, res);
NodeRef guestRef = personService.getPerson(PermissionService.GUEST_AUTHORITY);
user = new User(PermissionService.GUEST_AUTHORITY, auth.getCurrentTicket(), guestRef);
NodeRef guestHomeRef = (NodeRef)nodeService.getProperty(guestRef, ContentModel.PROP_HOMEFOLDER);
// check that the home space node exists - else Guest cannot proceed
if (guestHomeRef == null || nodeService.exists(guestHomeRef) == false)
{
// cannot login as Guest as Home is missing - return to login screen
logger.warn("Unable to locate Guest Home space - may have been deleted?");
throw new AuthenticationException("");
}
user.setHomeSpaceId(guestHomeRef.getId());
tx.commit();
tx = null; // clear this so we know not to rollback
// store the User object in the Session - the authentication servlet will then proceed
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
// Set the current locale and language
FacesContext fc = FacesHelper.getFacesContext(req, res, sc);
if (Application.getClientConfig(fc).isLanguageSelect())
{
I18NUtil.setLocale(Application.getLanguage(req.getSession()));
}
else
{
// Set the current thread locale (also for JSF context)
fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(req, sc));
}
// remove the session invalidated flag // remove the session invalidated flag
session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED); session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
@@ -220,10 +233,6 @@ public final class AuthenticationHelper
unprotAuthService.clearCurrentSecurityContext(); unprotAuthService.clearCurrentSecurityContext();
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e); throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
} }
finally
{
try { if (tx != null) {tx.rollback();} } catch (Exception tex) {}
}
} }
} }
@@ -248,35 +257,9 @@ public final class AuthenticationHelper
{ {
setUsernameCookie(req, res, loginBean.getUsernameInternal()); setUsernameCookie(req, res, loginBean.getUsernameInternal());
} }
// setup faces context // Set up the thread context
FacesContext fc = FacesHelper.getFacesContext(req, res, sc); setupThread(sc, req, res);
// Set the current locale and language
if (Application.getClientConfig(fc).isLanguageSelect())
{
I18NUtil.setLocale(Application.getLanguage(req.getSession()));
}
else
{
// Set the current thread locale (also for JSF context)
fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(req, sc));
}
if (loginBean != null && (loginBean.getUserPreferencesBean() != null))
{
String contentFilterLanguageStr = loginBean.getUserPreferencesBean().getContentFilterLanguage();
if (contentFilterLanguageStr != null)
{
// Set the locale for the method interceptor for MLText properties
I18NUtil.setContentLocale(I18NUtil.parseLocale(contentFilterLanguageStr));
}
else
{
// Nothing has been selected, so remove the content filter
I18NUtil.setContentLocale(null);
}
}
return AuthenticationStatus.Success; return AuthenticationStatus.Success;
} }
@@ -294,7 +277,6 @@ public final class AuthenticationHelper
// setup the authentication context // setup the authentication context
WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context); WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
AuthenticationService auth = (AuthenticationService)wc.getBean(AUTHENTICATION_SERVICE); AuthenticationService auth = (AuthenticationService)wc.getBean(AUTHENTICATION_SERVICE);
UserTransaction tx = null;
HttpSession session = httpRequest.getSession(); HttpSession session = httpRequest.getSession();
try try
{ {
@@ -306,28 +288,7 @@ public final class AuthenticationHelper
// need to create the User instance if not already available // need to create the User instance if not already available
String currentUsername = auth.getCurrentUserName(); String currentUsername = auth.getCurrentUserName();
ServiceRegistry services = BaseServlet.getServiceRegistry(context); setUser(context, httpRequest, currentUsername, false);
tx = services.getTransactionService().getUserTransaction();
tx.begin();
NodeService nodeService = services.getNodeService();
PersonService personService = (PersonService)wc.getBean(PERSON_SERVICE);
NodeRef personRef = personService.getPerson(currentUsername);
user = new User(currentUsername, auth.getCurrentTicket(), personRef);
NodeRef homeRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
// check that the home space node exists - else Login cannot proceed
if (nodeService.exists(homeRef) == false)
{
throw new InvalidNodeRefException(homeRef);
}
user.setHomeSpaceId(homeRef.getId());
tx.commit();
tx = null; // clear this so we know not to rollback
// store the User object in the Session - the authentication servlet will then proceed
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
} }
} }
catch (AuthenticationException authErr) catch (AuthenticationException authErr)
@@ -343,28 +304,107 @@ public final class AuthenticationHelper
unprotAuthService.clearCurrentSecurityContext(); unprotAuthService.clearCurrentSecurityContext();
return AuthenticationStatus.Failure; return AuthenticationStatus.Failure;
} }
finally
{
try { if (tx != null) {tx.rollback();} } catch (Exception tex) {}
}
// Set the current locale // Set up the thread context
FacesContext fc = FacesHelper.getFacesContext(httpRequest, httpResponse, context); setupThread(context, httpRequest, httpResponse);
// Set the current locale and language
if (Application.getClientConfig(fc).isLanguageSelect())
{
I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession()));
}
else
{
// Set the current thread locale (also for JSF context)
fc.getViewRoot().setLocale(BaseServlet.setLanguageFromRequestHeader(httpRequest, context));
}
return AuthenticationStatus.Success; return AuthenticationStatus.Success;
} }
/**
* Creates an object for an authenticated user and stores it in the session.
*
* @param context
* the servlet context
* @param req
* the request
* @param currentUsername
* the current user name
* @param externalAuth
* was this user authenticated externally?
* @return the user object
*/
public static User setUser(ServletContext context, HttpServletRequest req, String currentUsername,
boolean externalAuth)
{
WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
User user = createUser(wc, auth, currentUsername, externalAuth);
// store the User object in the Session - the authentication servlet will then proceed
HttpSession session = req.getSession(true);
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
if (externalAuth)
{
session.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);
}
return user;
}
/**
* Creates an object for an authentication user.
*
* @param wc
* the web application context
* @param auth
* the authentication service
* @param currentUsername
* the current user name
* @param externalAuth
* was this user authenticated externally?
* @return the user object
*/
private static User createUser(WebApplicationContext wc, AuthenticationService auth, String currentUsername,
boolean externalAuth)
{
UserTransaction tx = null;
ServiceRegistry services = (ServiceRegistry) wc.getBean(ServiceRegistry.SERVICE_REGISTRY);
try
{
tx = services.getTransactionService().getUserTransaction();
tx.begin();
NodeService nodeService = services.getNodeService();
PersonService personService = (PersonService) wc.getBean(PERSON_SERVICE);
NodeRef personRef = personService.getPerson(currentUsername);
User user = new User(currentUsername, auth.getCurrentTicket(), personRef);
NodeRef homeRef = (NodeRef) nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
// check that the home space node exists - else Login cannot proceed
if (nodeService.exists(homeRef) == false)
{
throw new InvalidNodeRefException(homeRef);
}
user.setHomeSpaceId(homeRef.getId());
tx.commit();
return user;
}
catch (Exception ex)
{
logger.error(ex);
try
{
tx.rollback();
}
catch (Exception ex2)
{
logger.error("Failed to rollback transaction", ex2);
}
if (ex instanceof RuntimeException)
{
throw (RuntimeException) ex;
}
else
{
throw new RuntimeException("Failed to set authenticated user", ex);
}
}
}
/** /**
* For no previous authentication or forced Guest - attempt Guest access * For no previous authentication or forced Guest - attempt Guest access
* *
@@ -373,31 +413,11 @@ public final class AuthenticationHelper
*/ */
public static AuthenticationStatus portalGuestAuthenticate(WebApplicationContext ctx, PortletSession session, AuthenticationService auth) public static AuthenticationStatus portalGuestAuthenticate(WebApplicationContext ctx, PortletSession session, AuthenticationService auth)
{ {
UserTransaction tx = null;
try try
{ {
auth.authenticateAsGuest(); auth.authenticateAsGuest();
// if we get here then Guest access was allowed and successful User user = createUser(ctx, auth, PermissionService.GUEST_AUTHORITY, false);
ServiceRegistry services = (ServiceRegistry)ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
tx = services.getTransactionService().getUserTransaction();
tx.begin();
NodeService nodeService = services.getNodeService();
PersonService personService = (PersonService)ctx.getBean(PERSON_SERVICE);
NodeRef guestRef = personService.getPerson(PermissionService.GUEST_AUTHORITY);
User user = new User(PermissionService.GUEST_AUTHORITY, auth.getCurrentTicket(), guestRef);
NodeRef guestHomeRef = (NodeRef)nodeService.getProperty(guestRef, ContentModel.PROP_HOMEFOLDER);
// check that the home space node exists - else Guest cannot proceed
if (nodeService.exists(guestHomeRef) == false)
{
throw new InvalidNodeRefException(guestHomeRef);
}
user.setHomeSpaceId(guestHomeRef.getId());
tx.commit();
tx = null; // clear this so we know not to rollback
// store the User object in the Session - the authentication servlet will then proceed // store the User object in the Session - the authentication servlet will then proceed
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
@@ -431,10 +451,6 @@ public final class AuthenticationHelper
unprotAuthService.clearCurrentSecurityContext(); unprotAuthService.clearCurrentSecurityContext();
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e); throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
} }
finally
{
try { if (tx != null) {tx.rollback();} } catch (Exception tex) {}
}
return AuthenticationStatus.Failure; return AuthenticationStatus.Failure;
} }
@@ -461,7 +477,7 @@ public final class AuthenticationHelper
// naff solution as we need to enumerate all session keys until we find the one that // naff solution as we need to enumerate all session keys until we find the one that
// should match our User objects - this is weak but we don't know how the underlying // should match our User objects - this is weak but we don't know how the underlying
// Portal vendor has decided to encode the objects in the session // Portal vendor has decided to encode the objects in the session
Enumeration enumNames = session.getAttributeNames(); Enumeration<?> enumNames = session.getAttributeNames();
while (enumNames.hasMoreElements()) while (enumNames.hasMoreElements())
{ {
String name = (String)enumNames.nextElement(); String name = (String)enumNames.nextElement();

149
source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java
View File

@@ -1,24 +1,30 @@
/* /*
* Copyright (C) 2005-2006 Alfresco, Inc. * Copyright (C) 2005-2009 Alfresco Software Limited.
* *
* Licensed under the Mozilla Public License version 1.1 * This program is free software; you can redistribute it and/or
* with a permitted attribution clause. You may obtain a * modify it under the terms of the GNU General Public License
* copy of the License at * as published by the Free Software Foundation; either version 2
* * of the License, or (at your option) any later version.
* http://www.alfresco.org/legal/license.txt
* * This program is distributed in the hope that it will be useful,
* Unless required by applicable law or agreed to in writing, * but WITHOUT ANY WARRANTY; without even the implied warranty of
* software distributed under the License is distributed on an * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, * GNU General Public License for more details.
* either express or implied. See the License for the specific
* language governing permissions and limitations under the * You should have received a copy of the GNU General Public License
* License. * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have received a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/ */
package org.alfresco.web.app.servlet; package org.alfresco.web.app.servlet;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import java.util.Locale;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException; import java.util.regex.PatternSyntaxException;
@@ -33,23 +39,11 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigService;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent; import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.web.app.Application; import org.alfresco.web.app.Application;
import org.alfresco.web.bean.LoginBean;
import org.alfresco.web.bean.repository.User; import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.LanguagesConfigElement;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.WebApplicationContext;
@@ -61,12 +55,8 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
* *
* @author Andy Hind * @author Andy Hind
*/ */
public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilter implements Filter public class HTTPRequestAuthenticationFilter implements Filter
{ {
private static final String LOCALE = "locale";
public static final String MESSAGE_BUNDLE = "alfresco.messages.webclient";
private static Log logger = LogFactory.getLog(HTTPRequestAuthenticationFilter.class); private static Log logger = LogFactory.getLog(HTTPRequestAuthenticationFilter.class);
private ServletContext context; private ServletContext context;
@@ -75,16 +65,6 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte
private AuthenticationComponent authComponent; private AuthenticationComponent authComponent;
private AuthenticationService authService;
private TransactionService transactionService;
private PersonService personService;
private NodeService nodeService;
private List<String> m_languages;
private String httpServletRequestAuthHeaderName; private String httpServletRequestAuthHeaderName;
// By default match everything if this is not set // By default match everything if this is not set
@@ -203,14 +183,14 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte
// Set the current locale // Set the current locale
authComponent.clearCurrentSecurityContext(); authComponent.clearCurrentSecurityContext();
authComponent.setCurrentUser(user.getUserName()); authComponent.setCurrentUser(user.getUserName());
I18NUtil.setLocale(Application.getLanguage(httpSess)); AuthenticationHelper.setupThread(this.context, req, resp);
chain.doFilter(sreq, sresp); chain.doFilter(sreq, sresp);
return; return;
} }
else else
{ {
// No match // No match
setAuthenticatedUser(req, httpSess, userName); setAuthenticatedUser(req, resp, userName);
} }
} }
catch (AuthenticationException ex) catch (AuthenticationException ex)
@@ -220,7 +200,7 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte
} }
} }
setAuthenticatedUser(req, httpSess, userName); setAuthenticatedUser(req, resp, userName);
// Redirect the login page as it is never seen as we always login by name // Redirect the login page as it is never seen as we always login by name
if (req.getRequestURI().endsWith(getLoginPage()) == true) if (req.getRequestURI().endsWith(getLoginPage()) == true)
@@ -242,69 +222,24 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte
* Set the authenticated user. It does not check that the user exists at the moment. * Set the authenticated user. It does not check that the user exists at the moment.
* *
* @param req * @param req
* @param httpSess * the request
* @param res
* the response
* @param userName * @param userName
* the user name
*/ */
private void setAuthenticatedUser(HttpServletRequest req, HttpSession httpSess, String userName) private void setAuthenticatedUser(HttpServletRequest req, HttpServletResponse res,
String userName)
{ {
// Set the authentication // Set the authentication
authComponent.clearCurrentSecurityContext(); authComponent.clearCurrentSecurityContext();
authComponent.setCurrentUser(userName); authComponent.setCurrentUser(userName);
// Set up the user information // Set up the user information
UserTransaction tx = transactionService.getUserTransaction(); AuthenticationHelper.setUser(context, req, userName, true);
NodeRef homeSpaceRef = null;
User user;
try
{
tx.begin();
user = new User(userName, authService.getCurrentTicket(), personService.getPerson(userName));
homeSpaceRef = (NodeRef) nodeService.getProperty(personService.getPerson(userName),
ContentModel.PROP_HOMEFOLDER);
user.setHomeSpaceId(homeSpaceRef.getId());
tx.commit();
}
catch (Throwable ex)
{
logger.error(ex);
try
{
tx.rollback();
}
catch (Exception ex2)
{
logger.error("Failed to rollback transaction", ex2);
}
if (ex instanceof RuntimeException)
{
throw (RuntimeException) ex;
}
else
{
throw new RuntimeException("Failed to set authenticated user", ex);
}
}
// Store the user
httpSess.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
httpSess.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);
// Set the current locale from the Accept-Lanaguage header if available
Locale userLocale = parseAcceptLanguageHeader(req, m_languages);
if (userLocale != null)
{
httpSess.setAttribute(LOCALE, userLocale);
httpSess.removeAttribute(MESSAGE_BUNDLE);
}
// Set the locale using the session // Set the locale using the session
AuthenticationHelper.setupThread(this.context, req, res);
I18NUtil.setLocale(Application.getLanguage(httpSess));
} }
@@ -317,22 +252,8 @@ public class HTTPRequestAuthenticationFilter extends AbstractAuthenticationFilte
// Setup the authentication context // Setup the authentication context
WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context); WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
nodeService = serviceRegistry.getNodeService();
authService = serviceRegistry.getAuthenticationService();
transactionService = serviceRegistry.getTransactionService();
personService = (PersonService) ctx.getBean("PersonService"); // transactional and permission-checked
authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
ConfigService configServiceService = (ConfigService) ctx.getBean("webClientConfigService");
LanguagesConfigElement configElement = (LanguagesConfigElement) configServiceService.getConfig("Languages")
.getConfigElement(LanguagesConfigElement.CONFIG_ELEMENT_ID);
m_languages = configElement.getLanguages();
httpServletRequestAuthHeaderName = config.getInitParameter("httpServletRequestAuthHeaderName"); httpServletRequestAuthHeaderName = config.getInitParameter("httpServletRequestAuthHeaderName");
if(httpServletRequestAuthHeaderName == null) if(httpServletRequestAuthHeaderName == null)
{ {

47
source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java
View File

@@ -25,23 +25,19 @@
package org.alfresco.web.app.servlet; package org.alfresco.web.app.servlet;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import java.util.Locale;
import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.alfresco.config.ConfigService; import org.alfresco.config.ConfigService;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.repo.SessionUser; import org.alfresco.repo.SessionUser;
import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter; import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.web.app.Application;
import org.alfresco.web.bean.repository.User; import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.ClientConfigElement; import org.alfresco.web.config.ClientConfigElement;
import org.alfresco.web.config.LanguagesConfigElement;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@@ -55,21 +51,10 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
// Debug logging // Debug logging
private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class); private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);
// Constants
//
// Locale object stored in the session
private static final String LOCALE = "locale";
public static final String MESSAGE_BUNDLE = "alfresco.messages.webclient";
// Various services required by Kerberos authenticator // Various services required by Kerberos authenticator
private ConfigService m_configService; private ConfigService m_configService;
// List of available locales (from the web-client configuration)
private List<String> m_languages;
/** /**
* @param configService the configService to set * @param configService the configService to set
*/ */
@@ -88,12 +73,6 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
// Call the base Kerberos filter initialization // Call the base Kerberos filter initialization
super.init(); super.init();
// Get a list of the available locales
LanguagesConfigElement config = (LanguagesConfigElement) m_configService.getConfig("Languages")
.getConfigElement(LanguagesConfigElement.CONFIG_ELEMENT_ID);
m_languages = config.getLanguages();
ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement( ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement(
ClientConfigElement.CONFIG_ELEMENT_ID); ClientConfigElement.CONFIG_ELEMENT_ID);
@@ -117,24 +96,16 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
return user; return user;
} }
/* (non-Javadoc) /*
* @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpSession) * (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidate(javax.servlet.ServletContext,
* javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/ */
@Override @Override
protected void onValidate(HttpServletRequest req, HttpSession session) protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res)
{ {
// Set the current locale from the Accept-Lanaguage header if available
Locale userLocale = AbstractAuthenticationFilter.parseAcceptLanguageHeader(req, m_languages);
if (userLocale != null)
{
session.setAttribute(LOCALE, userLocale);
session.removeAttribute(MESSAGE_BUNDLE);
}
// Set the locale using the session // Set the locale using the session
AuthenticationHelper.setupThread(sc, req, res);
I18NUtil.setLocale(Application.getLanguage(session));
} }
/* (non-Javadoc) /* (non-Javadoc)

31
source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java
View File

@@ -25,20 +25,17 @@
package org.alfresco.web.app.servlet; package org.alfresco.web.app.servlet;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import java.util.Locale;
import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.alfresco.config.ConfigService; import org.alfresco.config.ConfigService;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.repo.SessionUser; import org.alfresco.repo.SessionUser;
import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter; import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.web.app.Application;
import org.alfresco.web.bean.repository.User; import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.ClientConfigElement; import org.alfresco.web.config.ClientConfigElement;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@@ -51,18 +48,11 @@ import org.apache.commons.logging.LogFactory;
*/ */
public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
{ {
// Locale object stored in the session
private static final String LOCALE = "locale";
private static final String MESSAGE_BUNDLE = "alfresco.messages.webclient";
// Debug logging // Debug logging
private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class); private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class);
protected ConfigService m_configService; protected ConfigService m_configService;
// List of available locales (from the web-client configuration)
private List<String> m_languages;
/** /**
* @param configService the configService to set * @param configService the configService to set
*/ */
@@ -81,7 +71,6 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
// Call the base NTLM filter initialization // Call the base NTLM filter initialization
super.init(); super.init();
m_languages = config.getLanguages();
ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement( ClientConfigElement clientConfig = (ClientConfigElement) m_configService.getGlobalConfig().getConfigElement(
ClientConfigElement.CONFIG_ELEMENT_ID); ClientConfigElement.CONFIG_ELEMENT_ID);
if (clientConfig != null) if (clientConfig != null)
@@ -103,25 +92,15 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
return user; return user;
} }
/* (non-Javadoc) /* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpSession) * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidate(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/ */
@Override @Override
protected void onValidate(HttpServletRequest req, HttpSession session) protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res)
{ {
// Set the current locale from the Accept-Lanaguage header if available
Locale userLocale = AbstractAuthenticationFilter.parseAcceptLanguageHeader(req, m_languages);
if (userLocale != null)
{
session.setAttribute(LOCALE, userLocale);
session.removeAttribute(MESSAGE_BUNDLE);
}
// Set the locale using the session // Set the locale using the session
AuthenticationHelper.setupThread(sc, req, res);
I18NUtil.setLocale(Application.getLanguage(session));
} }
/* (non-Javadoc) /* (non-Javadoc)

321
source/java/org/alfresco/web/app/servlet/NovellIChainsHTTPRequestAuthenticationFilter.java
View File

@@ -1,321 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.web.app.servlet;
import java.io.IOException;
import java.util.List;
import java.util.Locale;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigService;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.web.app.Application;
import org.alfresco.web.bean.LoginBean;
import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.LanguagesConfigElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
* Sample authentication for Novell ICHAINS.
*
* @author Andy Hind
*/
public class NovellIChainsHTTPRequestAuthenticationFilter extends AbstractAuthenticationFilter implements Filter
{
private static final String LOCALE = "locale";
public static final String MESSAGE_BUNDLE = "alfresco.messages.webclient";
private static Log logger = LogFactory.getLog(NovellIChainsHTTPRequestAuthenticationFilter.class);
private ServletContext context;
private String loginPage;
private AuthenticationComponent authComponent;
private AuthenticationService authService;
private TransactionService transactionService;
private PersonService personService;
private NodeService nodeService;
private List<String> m_languages;
public NovellIChainsHTTPRequestAuthenticationFilter()
{
super();
}
public void destroy()
{
// Nothing to do
}
/**
* Run the filter
*
* @param sreq
* ServletRequest
* @param sresp
* ServletResponse
* @param chain
* FilterChain
* @exception IOException
* @exception ServletException
*/
public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException,
ServletException
{
// Get the HTTP request/response/session
HttpServletRequest req = (HttpServletRequest) sreq;
HttpServletResponse resp = (HttpServletResponse) sresp;
HttpSession httpSess = req.getSession(true);
// Check for the ICHAINS header
String authHdr = req.getHeader("x-user");
if(logger.isDebugEnabled())
{
if(authHdr == null)
{
logger.debug("x-user header not found.");
}
else
{
logger.debug("x-user header is <" + authHdr + ">");
}
}
// Throw an error if we have an unknown authentication
if ((authHdr == null) || (authHdr.length() < 1))
{
resp.sendRedirect(req.getContextPath() + "/jsp/noaccess.jsp");
return;
}
// Get the user
String userName = authHdr;
if(logger.isDebugEnabled())
{
logger.debug("User = "+ userName);
}
// See if there is a user in the session and test if it matches
User user = (User) httpSess.getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
if (user != null)
{
try
{
// Debug
if (logger.isDebugEnabled())
logger.debug("User " + user.getUserName() + " validate ticket");
// Validate the user ticket
if (user.getUserName().equals(userName))
{
// Set the current locale
authComponent.clearCurrentSecurityContext();
authComponent.setCurrentUser(user.getUserName());
I18NUtil.setLocale(Application.getLanguage(httpSess));
chain.doFilter(sreq, sresp);
return;
}
else
{
// No match
setAuthenticatedUser(req, httpSess, userName);
}
}
catch (AuthenticationException ex)
{
if (logger.isErrorEnabled())
logger.error("Failed to validate user " + user.getUserName(), ex);
}
}
setAuthenticatedUser(req, httpSess, userName);
// Redirect the login page as it is never seen as we always login by name
if (req.getRequestURI().endsWith(getLoginPage()) == true)
{
if (logger.isDebugEnabled())
logger.debug("Login page requested, chaining ...");
resp.sendRedirect(req.getContextPath() + "/faces/jsp/browse/browse.jsp");
return;
}
else
{
chain.doFilter(sreq, sresp);
return;
}
}
/**
* Set the authenticated user.
*
* It does not check that the user exists at the moment.
*
* @param req
* @param httpSess
* @param userName
*/
private void setAuthenticatedUser(HttpServletRequest req, HttpSession httpSess, String userName)
{
// Set the authentication
authComponent.clearCurrentSecurityContext();
authComponent.setCurrentUser(userName);
// Set up the user information
UserTransaction tx = transactionService.getUserTransaction();
NodeRef homeSpaceRef = null;
User user;
try
{
tx.begin();
user = new User(userName, authService.getCurrentTicket(), personService.getPerson(userName));
homeSpaceRef = (NodeRef) nodeService.getProperty(personService.getPerson(userName),
ContentModel.PROP_HOMEFOLDER);
user.setHomeSpaceId(homeSpaceRef.getId());
tx.commit();
}
catch (Throwable ex)
{
logger.error(ex);
try
{
tx.rollback();
}
catch (Exception ex2)
{
logger.error("Failed to rollback transaction", ex2);
}
if(ex instanceof RuntimeException)
{
throw (RuntimeException)ex;
}
else
{
throw new RuntimeException("Failed to set authenticated user", ex);
}
}
// Store the user
httpSess.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
httpSess.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);
// Set the current locale from the Accept-Lanaguage header if available
Locale userLocale = parseAcceptLanguageHeader(req, m_languages);
if (userLocale != null)
{
httpSess.setAttribute(LOCALE, userLocale);
httpSess.removeAttribute(MESSAGE_BUNDLE);
}
// Set the locale using the session
I18NUtil.setLocale(Application.getLanguage(httpSess));
}
public void init(FilterConfig config) throws ServletException
{
this.context = config.getServletContext();
WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(context);
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
transactionService = serviceRegistry.getTransactionService();
nodeService = serviceRegistry.getNodeService();
authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authService = (AuthenticationService) ctx.getBean("authenticationService");
personService = (PersonService) ctx.getBean("personService");
// Get a list of the available locales
ConfigService configServiceService = (ConfigService) ctx.getBean("webClientConfigService");
LanguagesConfigElement configElement = (LanguagesConfigElement) configServiceService.
getConfig("Languages").getConfigElement(LanguagesConfigElement.CONFIG_ELEMENT_ID);
m_languages = configElement.getLanguages();
}
/**
* Return the login page address
*
* @return String
*/
private String getLoginPage()
{
if (loginPage == null)
{
loginPage = Application.getLoginPage(context);
}
return loginPage;
}
}

10
source/web/WEB-INF/web.xml
View File

@@ -105,7 +105,15 @@
<!-- For Novell IChain support use the following filter --> <!-- For Novell IChain support use the following filter -->
<!-- <!--
<filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class> <filter-class>org.alfresco.web.app.servlet.HTTPRequestAuthenticationFilter</filter-class>
<init-param>
<param-name>httpServletRequestAuthHeaderName</param-name>
<param-value>x-user</param-value>
</init-param>
<init-param>
<param-name>authPatternString</param-name>
<param-value>.*</param-value>
</init-param>
--> -->
</filter> </filter>