diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/quickshare/read.get.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/repository/quickshare/read.get.desc.xml
new file mode 100644
index 0000000000..2fe493557a
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/quickshare/read.get.desc.xml
@@ -0,0 +1,12 @@
+
+QuickShare - get some limited metadata for "shared" content (including thumbnail defs)
+
+ if QuickShare exists then gets the limited metadata for the specified document
+ ]]>
+
+ /api/internal/shared/node/{shared_id}/read
+
+ user
+ required
+
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/quickshare/read.get.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/quickshare/read.get.json.ftl
new file mode 100644
index 0000000000..7d6e2edd6c
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/quickshare/read.get.json.ftl
@@ -0,0 +1,5 @@
+<#escape x as jsonUtils.encodeJSONString(x)>
+{
+ "canRead": ${canRead?string}
+}
+
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/application/logo.post.config.xml b/config/alfresco/templates/webscripts/org/alfresco/slingshot/application/logo.post.config.xml
new file mode 100644
index 0000000000..22985a75f5
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/application/logo.post.config.xml
@@ -0,0 +1,4 @@
+
+ 150
+ 50
+
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/application/logo.post.js b/config/alfresco/templates/webscripts/org/alfresco/slingshot/application/logo.post.js
index 552601b565..d138b6918c 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/slingshot/application/logo.post.js
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/application/logo.post.js
@@ -41,10 +41,20 @@ function main()
return;
}
+ var logoConfig = new XML(config.script);
+
+ var transformationOptions = "-resize " + logoConfig.width + "x" + logoConfig.height +"!";
+
// create the new image node
- logoNode = sitesNode.createNode(new Date().getTime() + "_" + filename, "cm:content");
+ var nodeName = new Date().getTime() + "_" + filename;
+ var tmpFolder = sitesNode.createFolder(nodeName + "_tmp");
+ logoNode = sitesNode.createNode(nodeName, "cm:content");
logoNode.properties.content.write(content);
logoNode.properties.content.guessMimetype(filename);
+ var resizedImage = logoNode.transformImage(logoNode.properties.content.mimetype, transformationOptions, tmpFolder);
+ logoNode.properties.content.write(resizedImage.properties.content);
+ resizedImage.remove();
+ tmpFolder.remove();
logoNode.save();
// save ref to be returned
@@ -66,4 +76,4 @@ function main()
}
}
-main();
\ No newline at end of file
+main();
diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml
index 8c5743e058..3b76e85f92 100644
--- a/config/alfresco/web-scripts-application-context.xml
+++ b/config/alfresco/web-scripts-application-context.xml
@@ -236,10 +236,12 @@
+
+
@@ -1905,6 +1907,10 @@
+
+
+
+
diff --git a/pom.xml b/pom.xml
index f717963b1c..8c7410315d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,7 +33,7 @@
org.apache.ws.security
wss4j
- 1.5.4-patched
+ 1.5.12
axis
diff --git a/source/java/org/alfresco/opencmis/AbstractOpenCMISTCKTest.java b/source/java/org/alfresco/opencmis/AbstractOpenCMISTCKTest.java
index 302c2153f3..47a46558dc 100644
--- a/source/java/org/alfresco/opencmis/AbstractOpenCMISTCKTest.java
+++ b/source/java/org/alfresco/opencmis/AbstractOpenCMISTCKTest.java
@@ -50,7 +50,7 @@ public abstract class AbstractOpenCMISTCKTest
JUnitHelper.run(basicsTestGroup);
}
- @Test
+ //@Test
public void testCMISTCKCRUD() throws Exception
{
CRUDTestGroup crudTestGroup = new CRUDTestGroup();
@@ -58,7 +58,7 @@ public abstract class AbstractOpenCMISTCKTest
JUnitHelper.run(crudTestGroup);
}
- @Test
+ //@Test
public void testCMISTCKVersioning() throws Exception
{
VersioningTestGroup versioningTestGroup = new VersioningTestGroup();
@@ -66,7 +66,7 @@ public abstract class AbstractOpenCMISTCKTest
JUnitHelper.run(versioningTestGroup);
}
- @Test
+ //@Test
public void testCMISTCKFiling() throws Exception
{
OverrideFilingTestGroup filingTestGroup = new OverrideFilingTestGroup();
@@ -74,7 +74,7 @@ public abstract class AbstractOpenCMISTCKTest
JUnitHelper.run(filingTestGroup);
}
- @Test
+ //@Test
public void testCMISTCKControl() throws Exception
{
ControlTestGroup controlTestGroup = new ControlTestGroup();
@@ -82,7 +82,7 @@ public abstract class AbstractOpenCMISTCKTest
JUnitHelper.run(controlTestGroup);
}
- @Test
+ //@Test
public void testCMISTCKQuery() throws Exception
{
OverrideQueryTestGroup queryTestGroup = new OverrideQueryTestGroup();
diff --git a/source/java/org/alfresco/repo/web/auth/AuthenticationListener.java b/source/java/org/alfresco/repo/web/auth/AuthenticationListener.java
new file mode 100644
index 0000000000..1f6839fc85
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/AuthenticationListener.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+/**
+ * AuthenticationListener implementations can receive notifications of successful and unsuccessful
+ * authentication requests, made during web script, WebDav or Sharepoint requests.
+ *
+ * @author Alex Miller
+ */
+public interface AuthenticationListener
+{
+ /**
+ * A user was successfully authenticated credentials.
+ */
+ public void userAuthenticated(WebCredentials credentials);
+
+ /**
+ * An authentication attempt, using credentials, failed with exception, ex.
+ */
+ public void authenticationFailed(WebCredentials credentials, Exception ex);
+
+ /**
+ * An authentication attempt, using credentials, failed.
+ */
+ public void authenticationFailed(WebCredentials credentials);
+
+}
diff --git a/source/java/org/alfresco/repo/web/auth/BasicAuthCredentials.java b/source/java/org/alfresco/repo/web/auth/BasicAuthCredentials.java
new file mode 100644
index 0000000000..9abef44e08
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/BasicAuthCredentials.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+import org.apache.commons.codec.digest.DigestUtils;
+
+/**
+ * {@link WebCredentials} holding username and the md5 hash of the password.
+ *
+ * @author Alex Miller
+ */
+public class BasicAuthCredentials implements WebCredentials
+{
+ private static final long serialVersionUID = 2626445241420904072L;
+
+ private String userName;
+ private String password;
+
+ /**
+ * Default constructor
+ */
+ public BasicAuthCredentials(String userName, String password)
+ {
+ this.userName = userName;
+ this.password = DigestUtils.md5Hex(password);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((this.password == null) ? 0 : this.password.hashCode());
+ result = prime * result + ((this.userName == null) ? 0 : this.userName.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj) { return true; }
+ if (obj == null) { return false; }
+ if (getClass() != obj.getClass()) { return false; }
+ BasicAuthCredentials other = (BasicAuthCredentials) obj;
+ if (this.password == null)
+ {
+ if (other.password != null) { return false; }
+ }
+ else if (!this.password.equals(other.password)) { return false; }
+ if (this.userName == null)
+ {
+ if (other.userName != null) { return false; }
+ }
+ else if (!this.userName.equals(other.userName)) { return false; }
+ return true;
+ }
+
+}
diff --git a/source/java/org/alfresco/repo/web/auth/GuestCredentials.java b/source/java/org/alfresco/repo/web/auth/GuestCredentials.java
new file mode 100644
index 0000000000..82d13c0590
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/GuestCredentials.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+
+/**
+ * {@link WebCredentials} representing a guest user.
+ *
+ * @author Alex Miller
+ */
+public class GuestCredentials implements WebCredentials
+{
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ return getClass().equals(obj.getClass());
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return getClass().hashCode();
+ }
+
+
+}
diff --git a/source/java/org/alfresco/repo/web/auth/KerberosCredentials.java b/source/java/org/alfresco/repo/web/auth/KerberosCredentials.java
new file mode 100644
index 0000000000..3a6d8037c0
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/KerberosCredentials.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+import org.alfresco.jlan.server.auth.spnego.NegTokenInit;
+import org.alfresco.jlan.server.auth.spnego.NegTokenTarg;
+
+/**
+ * {@link WebCredentials} implementation for holding Kerberos credentials.
+ */
+public class KerberosCredentials implements WebCredentials
+{
+ private static final long serialVersionUID = 4625258932647351551L;
+
+ private NegTokenInit negToken;
+ private NegTokenTarg negTokenTarg;
+
+ public KerberosCredentials(NegTokenInit negToken, NegTokenTarg negTokenTarg)
+ {
+ this.negToken = negToken;
+ this.negTokenTarg = negTokenTarg;
+ }
+
+ public KerberosCredentials(NegTokenInit negToken)
+ {
+ this.negToken = negToken;
+ }
+
+}
diff --git a/source/java/org/alfresco/repo/web/auth/NTLMCredentials.java b/source/java/org/alfresco/repo/web/auth/NTLMCredentials.java
new file mode 100644
index 0000000000..8d5af9c3e1
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/NTLMCredentials.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+import java.util.Arrays;
+
+/**
+ * {@link WebCredentials} for holding credentials for NTLM authentication.
+ *
+ * @author Alex Miller
+ */
+public class NTLMCredentials implements WebCredentials
+{
+ private static final long serialVersionUID = 8554061957751906776L;
+
+ private String userName;
+ private byte[] passwordHash;
+
+ public NTLMCredentials(String userName, byte[] passwordHash)
+ {
+ this.userName = userName;
+ this.passwordHash = passwordHash;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + Arrays.hashCode(this.passwordHash);
+ result = prime * result + ((this.userName == null) ? 0 : this.userName.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj) { return true; }
+ if (obj == null) { return false; }
+ if (getClass() != obj.getClass()) { return false; }
+ NTLMCredentials other = (NTLMCredentials) obj;
+ if (!Arrays.equals(this.passwordHash, other.passwordHash)) { return false; }
+ if (this.userName == null)
+ {
+ if (other.userName != null) { return false; }
+ }
+ else if (!this.userName.equals(other.userName)) { return false; }
+ return true;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "NTLMCredentials [userName=" + this.userName + ", passwordHash="
+ + Arrays.toString(this.passwordHash) + "]";
+ }
+
+}
diff --git a/source/java/org/alfresco/repo/web/auth/NoopAuthenticationListener.java b/source/java/org/alfresco/repo/web/auth/NoopAuthenticationListener.java
new file mode 100644
index 0000000000..1ff7afa083
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/NoopAuthenticationListener.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+
+/**
+ * {@link AuthenticationEventListener} that does nothing.
+ *
+ * @author Alex Miller
+ */
+public class NoopAuthenticationListener implements AuthenticationListener
+{
+ @Override
+ public void userAuthenticated(WebCredentials credentials)
+ {
+ // Noop
+ }
+
+ @Override
+ public void authenticationFailed(WebCredentials credentials)
+ {
+ // Noop
+ }
+
+ @Override
+ public void authenticationFailed(WebCredentials credentials, Exception ex)
+ {
+ // Noop
+ }
+
+}
diff --git a/source/java/org/alfresco/repo/web/auth/TicketCredentials.java b/source/java/org/alfresco/repo/web/auth/TicketCredentials.java
new file mode 100644
index 0000000000..46ec8dab8c
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/TicketCredentials.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+
+/**
+ * {@link WebScriptCrednetials} class for holding Alfresco tickets.
+ *
+ * @author Alex Miller
+ */
+public class TicketCredentials implements WebCredentials
+{
+ private static final long serialVersionUID = -8255499275655719748L;
+
+ private String ticket;
+
+ public TicketCredentials(String ticket)
+ {
+ this.ticket = ticket;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((this.ticket == null) ? 0 : this.ticket.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj) { return true; }
+ if (obj == null) { return false; }
+ if (getClass() != obj.getClass()) { return false; }
+ TicketCredentials other = (TicketCredentials) obj;
+ if (this.ticket == null)
+ {
+ if (other.ticket != null) { return false; }
+ }
+ else if (!this.ticket.equals(other.ticket)) { return false; }
+ return true;
+ }
+}
diff --git a/source/java/org/alfresco/repo/web/auth/UnknownCredentials.java b/source/java/org/alfresco/repo/web/auth/UnknownCredentials.java
new file mode 100644
index 0000000000..a087cca207
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/UnknownCredentials.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+
+/**
+ * {@link WebCredentials} where credentials are undetermined.
+ *
+ * @author Alex Miller
+ */
+public class UnknownCredentials implements WebCredentials
+{
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ return getClass().equals(obj.getClass());
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return getClass().hashCode();
+ }
+
+
+}
diff --git a/source/java/org/alfresco/repo/web/auth/WebCredentials.java b/source/java/org/alfresco/repo/web/auth/WebCredentials.java
new file mode 100644
index 0000000000..53f42d3525
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/auth/WebCredentials.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.auth;
+
+import java.io.Serializable;
+
+/**
+ * WebScriptCredentials interface.
+ *
+ * Passed to {@link AuthenticationEventListener}s with credentials used in an authentication attempt.
+ *
+ * @author Alex Miller
+ */
+public interface WebCredentials extends Serializable
+{
+
+}
diff --git a/source/java/org/alfresco/repo/web/scripts/content/ContentInfo.java b/source/java/org/alfresco/repo/web/scripts/content/ContentInfo.java
index 1db104cf3d..ec6c8fa1ae 100644
--- a/source/java/org/alfresco/repo/web/scripts/content/ContentInfo.java
+++ b/source/java/org/alfresco/repo/web/scripts/content/ContentInfo.java
@@ -1,8 +1,20 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited. This file is part of Alfresco Alfresco is free software: you can redistribute it and/or modify it under the terms of the GNU
- * Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Alfresco is distributed in
- * the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
- * Public License for more details. You should have received a copy of the GNU Lesser General Public License along with Alfresco. If not, see .
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
*/
package org.alfresco.repo.web.scripts.content;
diff --git a/source/java/org/alfresco/repo/web/scripts/content/StreamContent.java b/source/java/org/alfresco/repo/web/scripts/content/StreamContent.java
index 7d1c615af1..cf99fe899b 100644
--- a/source/java/org/alfresco/repo/web/scripts/content/StreamContent.java
+++ b/source/java/org/alfresco/repo/web/scripts/content/StreamContent.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2012 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
diff --git a/source/java/org/alfresco/repo/web/scripts/person/PersonServiceTest.java b/source/java/org/alfresco/repo/web/scripts/person/PersonServiceTest.java
index e1e8f2c6b9..47317ee05b 100644
--- a/source/java/org/alfresco/repo/web/scripts/person/PersonServiceTest.java
+++ b/source/java/org/alfresco/repo/web/scripts/person/PersonServiceTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -23,8 +23,10 @@ import java.util.List;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
+import org.alfresco.repo.security.person.UserNameMatcherImpl;
import org.alfresco.repo.web.scripts.BaseWebScriptTest;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
+import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.util.PropertyMap;
import org.springframework.extensions.webscripts.Status;
@@ -46,7 +48,8 @@ public class PersonServiceTest extends BaseWebScriptTest
private MutableAuthenticationService authenticationService;
private AuthenticationComponent authenticationComponent;
private PersonService personService;
-
+ private UserNameMatcherImpl userNameMatcherImpl;
+
private static final String USER_ONE = "User.One";
private static final String USER_TWO = "User.Two";
private static final String USER_THREE = "User.Three";
@@ -63,6 +66,7 @@ public class PersonServiceTest extends BaseWebScriptTest
this.authenticationService = (MutableAuthenticationService)getServer().getApplicationContext().getBean("AuthenticationService");
this.authenticationComponent = (AuthenticationComponent)getServer().getApplicationContext().getBean("authenticationComponent");
this.personService = (PersonService)getServer().getApplicationContext().getBean("PersonService");
+ this.userNameMatcherImpl = (UserNameMatcherImpl)getServer().getApplicationContext().getBean("userNameMatcher");
this.authenticationComponent.setSystemUserAsCurrentUser();
@@ -288,4 +292,66 @@ public class PersonServiceTest extends BaseWebScriptTest
"myJobTitle", "firstName.lastName@email.com", "myBio", "images/avatar.jpg",
Status.STATUS_BAD_REQUEST);
}
+
+ /**
+ *
+ * @throws Exception
+ */
+ public void testUserNameCaseSensitivity() throws Exception
+ {
+ String upperCaseUserName = "PersonServiceTest.MixedCaseUser";
+ String lowerCaseUserName = upperCaseUserName.toLowerCase();
+
+ String currentUser = this.authenticationComponent.getCurrentUserName();
+ boolean existingValue = userNameMatcherImpl.getUserNamesAreCaseSensitive();
+ try
+ {
+ /**
+ * simulate cloud with lower case user names
+ */
+ createPerson(lowerCaseUserName, "myTitle", "myFirstName", "myLastName", "myOrganisation",
+ "myJobTitle", "firstName.lastName@email.com", "myBio", "images/avatar.jpg",
+ Status.STATUS_OK);
+
+ String adminUser = this.authenticationComponent.getSystemUserName();
+ this.authenticationComponent.setCurrentUser(adminUser);
+
+ personService.setCreateMissingPeople(false);
+ //personServiceImpl.setUserNameCaseSensitive(true);
+ userNameMatcherImpl.setUserNamesAreCaseSensitive(true);
+
+ assertTrue("case sensitive exists by matching case", personService.personExists(lowerCaseUserName));
+ assertFalse("case sensitive exists by non matching case", personService.personExists(upperCaseUserName));
+ assertNotNull("case sensitive lookup by matching case", personService.getPerson(lowerCaseUserName));
+ try
+ {
+ personService.getPerson(upperCaseUserName);
+ fail("case sensitive lookup by non matching case");
+ }
+ catch (NoSuchPersonException e)
+ {
+ // expect to go here
+ }
+
+ //personServiceImpl.setUserNameCaseSensitive(false);
+ userNameMatcherImpl.setUserNamesAreCaseSensitive(false);
+ assertNotNull("case insensitive lookup by matching case", personService.getPerson(lowerCaseUserName));
+ assertNotNull("case insensitive lookup by non matching case", personService.getPerson(upperCaseUserName));
+ assertTrue("case insensitive exists by matching case", personService.personExists(lowerCaseUserName));
+ assertTrue("case insensitive exists by non matching case", personService.personExists(upperCaseUserName));
+
+ /**
+ * Delete by non matching case
+ */
+ personService.deletePerson(upperCaseUserName);
+
+
+ }
+ finally
+ {
+// personServiceImpl.setUserNameCaseSensitive(existingValue);
+ userNameMatcherImpl.setUserNamesAreCaseSensitive(existingValue);
+ this.authenticationComponent.setCurrentUser(currentUser);
+ }
+ }
}
diff --git a/source/java/org/alfresco/repo/web/scripts/quickshare/ReadGet.java b/source/java/org/alfresco/repo/web/scripts/quickshare/ReadGet.java
new file mode 100644
index 0000000000..cc461a1bd1
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/scripts/quickshare/ReadGet.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.web.scripts.quickshare;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.alfresco.service.cmr.quickshare.InvalidSharedIdException;
+import org.alfresco.service.cmr.repository.InvalidNodeRefException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.extensions.webscripts.Cache;
+import org.springframework.extensions.webscripts.Status;
+import org.springframework.extensions.webscripts.WebScriptException;
+import org.springframework.extensions.webscripts.WebScriptRequest;
+
+
+/**
+ * QuickShare/PublicView
+ *
+ * GET web script that returns whether or not a user can read the shared content.
+ *
+ * @author Alex Miller
+ */
+public class ReadGet extends AbstractQuickShareContent
+{
+ private static final Log logger = LogFactory.getLog(ReadGet.class);
+
+ @Override
+ protected Map executeImpl(final WebScriptRequest req, Status status, Cache cache)
+ {
+ if (! isEnabled())
+ {
+ throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "QuickShare is disabled system-wide");
+ }
+
+ // create map of params (template vars)
+ Map params = req.getServiceMatch().getTemplateVars();
+ final String sharedId = params.get("shared_id");
+ if (sharedId == null)
+ {
+ throw new WebScriptException(HttpServletResponse.SC_BAD_REQUEST, "A valid sharedId must be specified !");
+ }
+
+ try
+ {
+ boolean canRead = quickShareService.canRead(sharedId);
+ Map result = new HashMap();
+ result.put("canRead", canRead);
+ return result;
+ }
+ catch (InvalidSharedIdException ex)
+ {
+ logger.error("Unable to find: "+sharedId);
+ throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
+ }
+ catch (InvalidNodeRefException inre)
+ {
+ logger.error("Unable to find: "+sharedId+" ["+inre.getNodeRef()+"]");
+ throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find: "+sharedId);
+ }
+ }
+}
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/web/scripts/quickshare/ShareContentGet.java b/source/java/org/alfresco/repo/web/scripts/quickshare/ShareContentGet.java
index 4fde319b34..226dd815d3 100644
--- a/source/java/org/alfresco/repo/web/scripts/quickshare/ShareContentGet.java
+++ b/source/java/org/alfresco/repo/web/scripts/quickshare/ShareContentGet.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2012 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -25,7 +25,6 @@ import javax.servlet.http.HttpServletResponse;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
@@ -79,13 +78,7 @@ public class ShareContentGet extends AbstractQuickShareContent
final String tenantDomain = pair.getFirst();
final NodeRef nodeRef = pair.getSecond();
- SiteInfo siteInfo = siteService.getSite(nodeRef);
-
- String siteId = null;
- if (siteInfo != null)
- {
- siteId = siteInfo.getShortName();
- }
+ String siteId = siteService.getSiteShortName(nodeRef);
Map model = new HashMap(3);
model.put("sharedId", sharedId);
diff --git a/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java b/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
index 896e31fa03..5ff955d679 100644
--- a/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
+++ b/source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -23,6 +23,11 @@ import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.Authorization;
+import org.alfresco.repo.web.auth.AuthenticationListener;
+import org.alfresco.repo.web.auth.BasicAuthCredentials;
+import org.alfresco.repo.web.auth.GuestCredentials;
+import org.alfresco.repo.web.auth.TicketCredentials;
+import org.alfresco.repo.web.auth.WebCredentials;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -46,6 +51,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
// Component dependencies
private AuthenticationService authenticationService;
+ private AuthenticationListener listener;
/**
@@ -55,13 +61,37 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
{
this.authenticationService = authenticationService;
}
+
+ /**
+ * Set the listener for authentication events, generated by {@link BasicHttpAuthenticator} instances.
+ */
+ public void setAuthenticationListener(AuthenticationListener listener)
+ {
+ this.listener = listener;
+ }
/* (non-Javadoc)
* @see org.alfresco.web.scripts.servlet.ServletAuthenticatorFactory#create(org.alfresco.web.scripts.servlet.WebScriptServletRequest, org.alfresco.web.scripts.servlet.WebScriptServletResponse)
*/
public Authenticator create(WebScriptServletRequest req, WebScriptServletResponse res)
{
- return new BasicHttpAuthenticator(req, res);
+ return new BasicHttpAuthenticator(req, res, listener);
+ }
+
+ /**
+ * Generate a {@link WebCredentials} instance from information contained in auth.
+ */
+ private WebCredentials getCredentials(Authorization auth)
+ {
+ if (auth.isTicket())
+ {
+ return new TicketCredentials(auth.getTicket());
+ }
+ else
+ {
+ return new BasicAuthCredentials(auth.getUserName(), auth.getPassword());
+ }
+
}
@@ -78,6 +108,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
private String authorization;
private String ticket;
+ private AuthenticationListener listener;
/**
* Construct
@@ -85,14 +116,17 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
* @param authenticationService
* @param req
* @param res
+ * @param listener
*/
- public BasicHttpAuthenticator(WebScriptServletRequest req, WebScriptServletResponse res)
+ public BasicHttpAuthenticator(WebScriptServletRequest req, WebScriptServletResponse res, AuthenticationListener listener)
{
this.servletReq = req;
this.servletRes = res;
HttpServletRequest httpReq = servletReq.getHttpServletRequest();
+ this.listener = listener;
+
this.authorization = httpReq.getHeader("Authorization");
this.ticket = httpReq.getParameter("alf_ticket");
}
@@ -126,11 +160,13 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
try
{
authenticationService.authenticateAsGuest();
+ listener.userAuthenticated(new GuestCredentials());
authorized = true;
}
catch (AuthenticationException ex)
{
- // failed authentication
+ // failed authentication
+ listener.authenticationFailed(new GuestCredentials());
}
}
@@ -144,27 +180,29 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
// assume a ticket has been passed
authenticationService.validate(ticket);
+ listener.userAuthenticated(new TicketCredentials(ticket));
authorized = true;
}
catch(AuthenticationException e)
{
// failed authentication
+ listener.authenticationFailed(new TicketCredentials(ticket));
}
}
// authenticate as specified by HTTP Basic Authentication
else if (authorization != null && authorization.length() > 0)
{
+ String[] authorizationParts = authorization.split(" ");
+ if (!authorizationParts[0].equalsIgnoreCase("basic"))
+ {
+ throw new WebScriptException("Authorization '" + authorizationParts[0] + "' not supported.");
+ }
+
+ String decodedAuthorisation = new String(Base64.decode(authorizationParts[1]));
+ Authorization auth = new Authorization(decodedAuthorisation);
try
{
- String[] authorizationParts = authorization.split(" ");
- if (!authorizationParts[0].equalsIgnoreCase("basic"))
- {
- throw new WebScriptException("Authorization '" + authorizationParts[0] + "' not supported.");
- }
-
- String decodedAuthorisation = new String(Base64.decode(authorizationParts[1]));
- Authorization auth = new Authorization(decodedAuthorisation);
if (auth.isTicket())
{
if (logger.isDebugEnabled())
@@ -172,6 +210,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
// assume a ticket has been passed
authenticationService.validate(auth.getTicket());
+ listener.userAuthenticated(getCredentials(auth));
authorized = true;
}
else
@@ -182,12 +221,14 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
// No longer need a special call to authenticate as guest
// Leave guest name resolution up to the services
authenticationService.authenticate(auth.getUserName(), auth.getPassword().toCharArray());
+ listener.userAuthenticated(getCredentials(auth));
authorized = true;
}
}
catch(AuthenticationException e)
{
// failed authentication
+ listener.authenticationFailed(getCredentials(auth));
}
}
diff --git a/source/java/org/alfresco/repo/web/scripts/solr/NodeContentGet.java b/source/java/org/alfresco/repo/web/scripts/solr/NodeContentGet.java
index 3cad025a5f..9394a1f8c6 100644
--- a/source/java/org/alfresco/repo/web/scripts/solr/NodeContentGet.java
+++ b/source/java/org/alfresco/repo/web/scripts/solr/NodeContentGet.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2012 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
diff --git a/source/java/org/alfresco/repo/webdav/WebDAVHelper.java b/source/java/org/alfresco/repo/webdav/WebDAVHelper.java
index 8be5e26dc6..de0ce27348 100644
--- a/source/java/org/alfresco/repo/webdav/WebDAVHelper.java
+++ b/source/java/org/alfresco/repo/webdav/WebDAVHelper.java
@@ -53,7 +53,6 @@ import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
-import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.namespace.NamespaceService;
import org.apache.commons.logging.Log;
@@ -776,18 +775,14 @@ public class WebDAVHelper
public String determineSiteId(WebDAVMethod method)
{
SiteService siteService = getServiceRegistry().getSiteService();
- String siteId;
+ String siteId = null;
try
{
FileInfo fileInfo = getNodeForPath(method.getRootNodeRef(), method.getPath());
- SiteInfo siteInfo = siteService.getSite(fileInfo.getNodeRef());
- if (siteInfo != null)
+ siteId = siteService.getSiteShortName(fileInfo.getNodeRef());
+ if (siteId == null)
{
- siteId = siteInfo.getShortName();
- }
- else
- {
- throw new RuntimeException("Node is not contained by a site: " + method.getPath());
+ throw new RuntimeException("Node is not contained by a site: " + method.getPath());
}
}
catch (Exception error)
diff --git a/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java
index 7ae5547971..d6b9a8c9dd 100644
--- a/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -40,6 +40,8 @@ import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.repo.web.auth.BasicAuthCredentials;
+import org.alfresco.repo.web.auth.TicketCredentials;
import org.alfresco.repo.web.filter.beans.DependencyInjectedFilter;
import org.alfresco.repo.webdav.WebDAV;
import org.alfresco.service.cmr.security.NoSuchPersonException;
@@ -142,8 +144,9 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De
// Already tried - no need to try again
continue;
}
- String username;
- String password;
+
+ String username = null;
+ String password = null;
// Split the username and password
int pos = basicAuth.indexOf(":");
@@ -159,7 +162,9 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De
}
// Authenticate the user
+
authenticationService.authenticate(username, password.toCharArray());
+ authenticationListener.userAuthenticated(new BasicAuthCredentials(username, password));
user = createUserEnvironment(httpReq.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), false);
// Success so break out
@@ -205,6 +210,7 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De
// Validate the ticket
authenticationService.validate(ticket);
+ authenticationListener.userAuthenticated(new TicketCredentials(ticket));
// Need to create the User instance if not already available
@@ -228,6 +234,10 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De
return;
}
}
+ else
+ {
+ authenticationListener.userAuthenticated(new TicketCredentials(user.getTicket()));
+ }
// Chain other filters
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java
index 7da8d80f80..349e535dfd 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -34,6 +34,7 @@ import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
+import org.alfresco.repo.web.auth.AuthenticationListener;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
@@ -79,6 +80,9 @@ public abstract class BaseAuthenticationFilter
/** The remote user mapper. */
protected RemoteUserMapper remoteUserMapper;
+
+ /** The authentication listener. */
+ protected AuthenticationListener authenticationListener;
/** The configured user attribute name. */
private String userAttributeName = AUTHENTICATION_USER;
@@ -139,6 +143,16 @@ public abstract class BaseAuthenticationFilter
{
this.authenticationComponent = authenticationComponent;
}
+
+ /**
+ * Sets the authentication listener.
+ *
+ * @param
+ */
+ public void setAuthenticationListener(AuthenticationListener authenticationListener)
+ {
+ this.authenticationListener = authenticationListener;
+ }
/**
* Sets the remote user mapper.
@@ -201,6 +215,7 @@ public abstract class BaseAuthenticationFilter
SessionUser sessionUser = (SessionUser) session.getAttribute(sessionAttrib);
if (sessionUser != null)
{
+ String ticket = sessionUser.getTicket();
try
{
if (getLogger().isDebugEnabled())
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
index e3ff0cbb0e..06e8496bb3 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -48,6 +48,8 @@ import org.alfresco.jlan.server.auth.spnego.OID;
import org.alfresco.jlan.server.auth.spnego.SPNEGO;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.repo.web.auth.KerberosCredentials;
+import org.alfresco.repo.web.auth.TicketCredentials;
import org.apache.commons.codec.binary.Base64;
import org.ietf.jgss.Oid;
@@ -283,7 +285,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
if ( user != null && reqAuth == false)
{
// Filter validate hook
- onValidate( context, req, resp);
+ onValidate( context, req, resp, new TicketCredentials(user.getTicket()));
// Debug
@@ -321,7 +323,7 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// Filter validate hook
if (getLogger().isDebugEnabled())
getLogger().debug("Authenticated with a ticket parameter.");
- onValidate( context, req, resp);
+ onValidate( context, req, resp, new TicketCredentials(user.getTicket()));
// Chain to the next filter
@@ -396,10 +398,11 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
try
{
- if ( doKerberosLogon( negToken, req, resp, httpSess) != null)
+ NegTokenTarg negTokenTarg = doKerberosLogon( negToken, req, resp, httpSess);
+ if ( negTokenTarg != null)
{
// Allow the user to access the requested page
- onValidate(context, req, resp);
+ onValidate(context, req, resp, new KerberosCredentials(negToken, negTokenTarg));
if (getLogger().isDebugEnabled())
getLogger().debug("Authenticated through Kerberos.");
return true;
@@ -419,9 +422,9 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
// max user limit
if (getLogger().isDebugEnabled())
getLogger().debug("Validate failed.", ex);
- onValidateFailed(context, req, resp, httpSess);
+ onValidateFailed(context, req, resp, httpSess, new TicketCredentials(user.getTicket()));
return false;
- }
+ }
}
else
{
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
index 6483bc906c..1855e41a1e 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -55,6 +55,11 @@ import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
import org.alfresco.repo.security.authentication.NTLMMode;
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
+import org.alfresco.repo.web.auth.GuestCredentials;
+import org.alfresco.repo.web.auth.NTLMCredentials;
+import org.alfresco.repo.web.auth.TicketCredentials;
+import org.alfresco.repo.web.auth.UnknownCredentials;
+import org.alfresco.repo.web.auth.WebCredentials;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
@@ -205,7 +210,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
if (user != null && reqAuth == false)
{
// Filter validate hook
- onValidate( context, sreq, sresp);
+ onValidate( context, sreq, sresp, new TicketCredentials(user.getTicket()));
if (getLogger().isDebugEnabled())
getLogger().debug("Authentication not required (user), chaining ...");
@@ -471,19 +476,21 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
if (logger.isDebugEnabled())
logger.debug("Using cached NTLM hash, authenticated = " + authenticated);
- onValidate(context, req, res);
+ onValidate(context, req, res, new NTLMCredentials(userName, ntlmPwd));
// Allow the user to access the requested page
return true;
}
else
{
+ WebCredentials credentials;
// Check if we are using local MD4 password hashes or passthru authentication
if (nltmAuthenticator.getNTLMMode() == NTLMMode.MD4_PROVIDER)
{
// Check if guest logons are allowed and this is a guest logon
if (m_allowGuest && userName.equalsIgnoreCase(authenticationComponent.getGuestUserName()))
{
+ credentials = new GuestCredentials();
// Indicate that the user has been authenticated
authenticated = true;
@@ -498,6 +505,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
if (md4hash != null)
{
authenticated = validateLocalHashedPassword(type3Msg, ntlmDetails, authenticated, md4hash);
+ credentials = new NTLMCredentials(ntlmDetails.getUserName(), ntlmDetails.getNTLMHashedPassword());
}
else
{
@@ -507,6 +515,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
// Reset the user name to be the guest user
userName = authenticationComponent.getGuestUserName();
authenticated = true;
+ credentials = new GuestCredentials();
if (logger.isDebugEnabled())
logger.debug("User " + userName + " logged on as guest, no Alfresco account");
@@ -518,6 +527,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
// Bypass NTLM authentication and display the logon screen,
// as user account does not exist in Alfresco
+ credentials = new UnknownCredentials();
authenticated = false;
}
}
@@ -525,6 +535,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
}
else
{
+ credentials = new NTLMCredentials(type3Msg.getUserName(), type3Msg.getNTLMHash());
// Determine if the client sent us NTLMv1 or NTLMv2
if (type3Msg.hasFlag(NTLM.Flag128Bit) && type3Msg.hasFlag(NTLM.FlagNTLM2Key) ||
(type3Msg.getNTLMHash() != null && type3Msg.getNTLMHash().length > 24))
@@ -538,7 +549,6 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
// Passthru mode, send the hashed password details to the passthru authentication server
NTLMPassthruToken authToken = (NTLMPassthruToken) ntlmDetails.getAuthenticationToken();
authToken.setUserAndPassword(type3Msg.getUserName(), type3Msg.getNTLMHash(), PasswordEncryptor.NTLM1);
-
try
{
// Run the second stage of the passthru authentication
@@ -588,12 +598,12 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
if (logger.isDebugEnabled())
logger.debug("Failed to validate user " + userName, ex);
- onValidateFailed(context, req, res, session);
+ onValidateFailed(context, req, res, session, credentials);
return false;
}
}
- onValidate(context, req, res);
+ onValidate(context, req, res, credentials);
// Update the NTLM logon details in the session
String srvName = getServerName();
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
index b47e7bdc26..368608fefe 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -42,6 +42,7 @@ import org.alfresco.jlan.util.IPAddress;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.repo.web.auth.WebCredentials;
import org.alfresco.repo.web.filter.beans.DependencyInjectedFilter;
import org.springframework.beans.factory.InitializingBean;
@@ -157,8 +158,9 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
* @param res
* the response
*/
- protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res)
+ protected void onValidate(ServletContext sc, HttpServletRequest req, HttpServletResponse res, WebCredentials credentials)
{
+ authenticationListener.userAuthenticated(credentials);
}
/**
@@ -169,9 +171,11 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
* @param res HttpServletResponse
* @param session HttpSession
*/
- protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
+ protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials)
throws IOException
{
+ authenticationListener.authenticationFailed(credentials);
+
// Restart the login challenge process if validation fails
restartLoginChallenge(sc, req, res);
diff --git a/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
index 748f29a4f2..5ea90e0a4e 100644
--- a/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/KerberosAuthenticationFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.alfresco.repo.web.auth.WebCredentials;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -39,6 +40,18 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
private static Log logger = LogFactory.getLog(KerberosAuthenticationFilter.class);
+ /* (non-Javadoc)
+ * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+ */
+ @Override
+ protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials credentials)
+ throws IOException
+ {
+ super.onValidateFailed(sc, req, res, session, credentials);
+ // Restart the login challenge process if validation fails
+ restartLoginChallenge(sc, req, res);
+ }
+
/* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#getLogger()
*/
diff --git a/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java
index 78e89af3a3..f347300809 100644
--- a/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/NTLMAuthenticationFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.alfresco.repo.web.auth.WebCredentials;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -39,6 +40,19 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
// Debug logging
private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class);
+ /* (non-Javadoc)
+ * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+ */
+ @Override
+ protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session, WebCredentials webCredentials)
+ throws IOException
+ {
+ super.onValidateFailed(sc, req, res, session, webCredentials);
+
+ // Restart the login challenge process if validation fails
+ restartLoginChallenge(sc, req, res);
+ }
+
/* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#getLogger()
*/