diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml index e686bb7d96..2b8c459ea1 100644 --- a/config/alfresco/public-services-security-context.xml +++ b/config/alfresco/public-services-security-context.xml @@ -635,7 +635,7 @@ - + @@ -657,6 +657,7 @@ org.alfresco.service.cmr.security.AuthenticationService.getCurrentTicket=ACL_ALLOW org.alfresco.service.cmr.security.AuthenticationService.clearCurrentSecurityContext=ACL_ALLOW org.alfresco.service.cmr.security.AuthenticationService.isCurrentUserTheSystemUser=ACL_ALLOW + org.alfresco.service.cmr.security.AuthenticationService.guestUserAuthenticationAllowed=ACL_ALLOW org.alfresco.service.cmr.security.AuthenticationService.getDomains=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.security.AuthenticationService.getDomainsThatAllowUserCreation=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.security.AuthenticationService.getDomainsThatAllowUserDeletion=ACL_METHOD.ROLE_ADMINISTRATOR diff --git a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java index 0143e9683b..47ea21acd4 100644 --- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java +++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java @@ -257,6 +257,21 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC } protected abstract boolean implementationAllowsGuestLogin(); + + /** + * @return true if Guest user authentication is allowed, false otherwise + */ + public boolean guestUserAuthenticationAllowed() + { + if (allowGuestLogin == null) + { + return (implementationAllowsGuestLogin()); + } + else + { + return (allowGuestLogin.booleanValue()); + } + } /** * Remove the current security information diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java index c3fba1c921..d423fd0cfb 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java @@ -84,6 +84,14 @@ public interface AuthenticationComponent public Authentication setGuestUserAsCurrentUser(); + /** + * True if Guest user authentication is allowed, false otherwise + * + * @return + */ + public boolean guestUserAuthenticationAllowed(); + + /** * Get the name of the system user * diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java index 151f8c9c9d..e90f94fa48 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java @@ -168,6 +168,10 @@ public class AuthenticationServiceImpl implements AuthenticationService authenticationComponent.setGuestUserAsCurrentUser(); } + public boolean guestUserAuthenticationAllowed() + { + return authenticationComponent.guestUserAuthenticationAllowed(); + } public boolean getAllowsUserCreation() { diff --git a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceImpl.java b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceImpl.java index 409d87f13d..c5f36fb472 100644 --- a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceImpl.java @@ -181,6 +181,19 @@ public class ChainingAuthenticationServiceImpl implements AuthenticationService } throw new AuthenticationException("Guest authentication not supported"); } + + public boolean guestUserAuthenticationAllowed() + { + for (AuthenticationService authService : getUsableAuthenticationServices()) + { + if (authService.guestUserAuthenticationAllowed()) + { + return true; + } + } + // it isn't allowed in any of the authentication components + return false; + } public boolean authenticationExists(String userName) { diff --git a/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java b/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java index 817109ffd5..9ffdce367b 100644 --- a/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java @@ -229,6 +229,11 @@ public class TestAuthenticationServiceImpl implements AuthenticationService throw new AuthenticationException("Guest access denied"); } } + + public boolean guestUserAuthenticationAllowed() + { + return allowGuest; + } public boolean authenticationExists(String userName) { diff --git a/source/java/org/alfresco/service/cmr/security/AuthenticationService.java b/source/java/org/alfresco/service/cmr/security/AuthenticationService.java index de4177e5e6..61d54c712e 100644 --- a/source/java/org/alfresco/service/cmr/security/AuthenticationService.java +++ b/source/java/org/alfresco/service/cmr/security/AuthenticationService.java @@ -110,6 +110,14 @@ public interface AuthenticationService @Auditable public void authenticateAsGuest() throws AuthenticationException; + /** + * Check if Guest user authentication is allowed. + * + * @return true if Guest user authentication is allowed, false otherwise + */ + @Auditable + public boolean guestUserAuthenticationAllowed(); + /** * Check if the given authentication exists. *