mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V2.2 to HEAD
19977: (RECORD ONLY) Merged PATCHES/V2.2.7 to V2.2
19778: (RECORD ONLY) Incremented version label
19976: Merged PATCHES/V2.2.7 to V2.2
19776: ALF-2011: Audit doesn't take into account CIFS authentication
- Now that we've backported the ticket granting auditing, converted the Alfresco CIFS authenticators to use ticket-based authentication, rather than directly manipulating ACEGI
- Needs thorough testing with password, NTLM, Passthru and Kerberos
19891: ALF-2011: Audit doesn't take into account CIFS authentication
Since each child of the CifsAuthenticator is not a Spring configured bean it has no Transaction interceptor. The Transaction wrapping functionality was added into the CifsAuthenticator.setCurrentUser() to fix a Transaction Synchronization issue after successful authentication of the user.
Several little corrections added into the InMemoryTicketComponentImpl to allow "Null user". "Missing ticket for null" exceptions will be thrown instead of the NullPointerException
19903: ALF-2011: Minor cleanup/formatting only
19975: (RECORD ONLY) Merged PATCHES/V2.2.7 to V2.2
19769: ALF-2011: Backported dependencies
ALF-2360: Merged V3.1 to PATCHES/V2.2.7
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
ALF-2361: Merged V3.2 to PATCHES/V2.2.7
17456: Fix for: ETHREEOH-1465: It's impossible to get the login history for a given user (Audit)
- all authentication routes (SSO and password) can now audit getting a new ticket for a session. SSO does not authenticate via the alfresco AuthenticationService API
- you can now use auditing to track new sessions for users.
19834: (RECORD ONLY) Increment version (from 2.2.7 to 2.2.8)
19833: (RECORD ONLY) Merged PATCHES/V2.2.7 to BRANCHES/V2.2:
19832: Merged BRANCHES/V3.1 to PATCHES/V2.2.7:
17255: Fixed ETHREEOH-3180: Error appears when trying to search resources on Manage Task page
19578: (RECORD ONLY) Merged V3.0 to V2.2
19574: Merged V3.1 to V3.0
19573: Merged V3.2 to V3.1
19539: Merged HEAD to V3.2
19538: Build fix - fix build speed
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20011 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -284,6 +284,10 @@
|
||||
<property name="authenticationComponent">
|
||||
<ref bean="authenticationComponent" />
|
||||
</property>
|
||||
|
||||
<property name="authenticationService">
|
||||
<ref bean="authenticationService" />
|
||||
</property>
|
||||
</bean>
|
||||
</property>
|
||||
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
package org.alfresco.filesys.alfresco;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
import org.alfresco.jlan.server.auth.ClientInfo;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
|
||||
@@ -31,10 +29,6 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
*/
|
||||
public class AlfrescoClientInfo extends ClientInfo {
|
||||
|
||||
// Authentication token
|
||||
|
||||
private Authentication m_authToken;
|
||||
|
||||
// Authentication ticket, used for web access without having to re-authenticate
|
||||
|
||||
private String m_authTicket;
|
||||
@@ -62,26 +56,6 @@ public class AlfrescoClientInfo extends ClientInfo {
|
||||
super(user, pwd);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the client has an authentication token
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public final boolean hasAuthenticationToken()
|
||||
{
|
||||
return m_authToken != null ? true : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the authentication token
|
||||
*
|
||||
* @return Authentication
|
||||
*/
|
||||
public final Authentication getAuthenticationToken()
|
||||
{
|
||||
return m_authToken;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the client has an authentication ticket
|
||||
*
|
||||
@@ -122,16 +96,6 @@ public class AlfrescoClientInfo extends ClientInfo {
|
||||
return m_homeNode;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the authentication toekn
|
||||
*
|
||||
* @param token Authentication
|
||||
*/
|
||||
public final void setAuthenticationToken(Authentication token)
|
||||
{
|
||||
m_authToken = token;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the authentication ticket
|
||||
*
|
||||
|
||||
@@ -20,8 +20,6 @@ package org.alfresco.filesys.auth.cifs;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
|
||||
import org.alfresco.jlan.server.SrvSession;
|
||||
import org.alfresco.jlan.server.auth.AuthContext;
|
||||
@@ -31,6 +29,7 @@ import org.alfresco.jlan.server.auth.NTLanManAuthContext;
|
||||
import org.alfresco.jlan.server.core.SharedDevice;
|
||||
import org.alfresco.jlan.smb.server.SMBSrvSession;
|
||||
import org.alfresco.jlan.util.HexDump;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.security.authentication.NTLMMode;
|
||||
import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
@@ -111,11 +110,13 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
|
||||
|
||||
// Check if the client is already authenticated, and it is not a null logon
|
||||
|
||||
if ( alfClient.getAuthenticationToken() != null && client.getLogonType() != ClientInfo.LogonNull)
|
||||
try
|
||||
{
|
||||
if ( alfClient.hasAuthenticationTicket() && client.getLogonType() != ClientInfo.LogonNull)
|
||||
{
|
||||
// Use the existing authentication token
|
||||
|
||||
getAuthenticationComponent().setCurrentUser(client.getUserName());
|
||||
getAuthenticationService().validate(alfClient.getAuthenticationTicket(), null);
|
||||
|
||||
// Debug
|
||||
|
||||
@@ -126,6 +127,12 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
|
||||
|
||||
return client.getLogonType() != ClientInfo.LogonGuest ? AUTH_ALLOW : AUTH_GUEST;
|
||||
}
|
||||
}
|
||||
catch (AuthenticationException ex)
|
||||
{
|
||||
// Ticket no longer valid or maximum tickets exceeded
|
||||
alfClient.setAuthenticationTicket(null);
|
||||
}
|
||||
|
||||
// Check if this is a guest logon
|
||||
|
||||
@@ -379,7 +386,8 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
|
||||
// Set the current user to be authenticated, save the authentication token
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser(client.getUserName()));
|
||||
getAuthenticationComponent().setCurrentUser(client.getUserName());
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// Get the users home folder node, if available
|
||||
|
||||
@@ -393,6 +401,10 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
|
||||
|
||||
return ICifsAuthenticator.AUTH_ALLOW;
|
||||
}
|
||||
catch (AuthenticationException ex)
|
||||
{
|
||||
// Ticket no longer valid or maximum tickets exceeded
|
||||
}
|
||||
catch (NoSuchAlgorithmException ex)
|
||||
{
|
||||
}
|
||||
@@ -461,13 +473,14 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
|
||||
|
||||
// Authenticate the user
|
||||
|
||||
Authentication genAuthToken = null;
|
||||
String ticket = null;
|
||||
|
||||
try
|
||||
{
|
||||
// Run the second stage of the passthru authentication
|
||||
|
||||
genAuthToken = getNTLMAuthenticator().authenticate( authToken);
|
||||
getNTLMAuthenticator().authenticate( authToken);
|
||||
ticket = getAuthenticationService().getCurrentTicket();
|
||||
|
||||
// Check if the user has been logged on as a guest
|
||||
|
||||
@@ -500,10 +513,10 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
|
||||
client.setLogonType( ClientInfo.LogonNormal);
|
||||
}
|
||||
|
||||
// Set the current user to be authenticated, save the authentication token
|
||||
// Set the current user to be authenticated, save the authentication ticket
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( genAuthToken);
|
||||
alfClient.setAuthenticationTicket(ticket);
|
||||
|
||||
// Get the users home folder node, if available
|
||||
|
||||
@@ -512,7 +525,11 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Auth token " + genAuthToken);
|
||||
logger.debug("Auth ticket " + ticket);
|
||||
}
|
||||
catch (AuthenticationException ex)
|
||||
{
|
||||
// Ticket no longer valid or maximum tickets exceeded
|
||||
}
|
||||
catch ( Exception ex)
|
||||
{
|
||||
|
||||
@@ -18,9 +18,6 @@
|
||||
*/
|
||||
package org.alfresco.filesys.auth.cifs;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
import org.alfresco.filesys.AlfrescoConfigSection;
|
||||
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
|
||||
import org.alfresco.filesys.repo.ContentContext;
|
||||
@@ -37,6 +34,8 @@ import org.alfresco.jlan.server.filesys.SrvDiskInfo;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.management.subsystems.ActivateableBean;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.authentication.MD4PasswordEncoder;
|
||||
import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
|
||||
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
|
||||
@@ -51,6 +50,7 @@ import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.DisposableBean;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
|
||||
/**
|
||||
* CIFS Authenticator Base Class
|
||||
@@ -309,9 +309,9 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator implements
|
||||
// Get a guest authentication token
|
||||
|
||||
getAuthenticationService().authenticateAsGuest();
|
||||
Authentication authToken = getAuthenticationComponent().getCurrentAuthentication();
|
||||
String ticket = getAuthenticationService().getCurrentTicket();
|
||||
|
||||
alfClient.setAuthenticationToken( authToken);
|
||||
alfClient.setAuthenticationTicket(ticket);
|
||||
|
||||
// Set the home folder for the guest user
|
||||
|
||||
@@ -373,6 +373,11 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator implements
|
||||
* @return String
|
||||
*/
|
||||
protected final String mapUserNameToPerson(final String userName)
|
||||
{
|
||||
// Do the lookup as the system user
|
||||
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>()
|
||||
{
|
||||
public String doWork() throws Exception
|
||||
{
|
||||
return doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<String>()
|
||||
{
|
||||
@@ -396,6 +401,8 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator implements
|
||||
}
|
||||
});
|
||||
}
|
||||
}, AuthenticationUtil.getSystemUserName());
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the current authenticated user context for this thread.
|
||||
@@ -403,10 +410,14 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator implements
|
||||
* @param client
|
||||
* ClientInfo
|
||||
*/
|
||||
public void setCurrentUser(ClientInfo client) {
|
||||
public void setCurrentUser(final ClientInfo client) {
|
||||
|
||||
// Check the account type and setup the authentication context
|
||||
|
||||
doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Object>()
|
||||
{
|
||||
public Object execute() throws Throwable
|
||||
{
|
||||
if (client == null || client.isNullSession())
|
||||
{
|
||||
// Clear the authentication, null user should not be allowed to do any service calls
|
||||
@@ -418,7 +429,23 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator implements
|
||||
// Set the authentication context for the request
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
getAuthenticationComponent().setCurrentAuthentication(alfClient.getAuthenticationToken());
|
||||
if (alfClient.hasAuthenticationTicket())
|
||||
{
|
||||
try
|
||||
{
|
||||
getAuthenticationService().validate(alfClient.getAuthenticationTicket(), null);
|
||||
}
|
||||
catch (AuthenticationException e)
|
||||
{
|
||||
// Ticket no longer valid or maximum tickets exceeded
|
||||
alfClient.setAuthenticationTicket(null);
|
||||
getAuthenticationComponent().clearCurrentSecurityContext();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
getAuthenticationComponent().clearCurrentSecurityContext();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -426,6 +453,9 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator implements
|
||||
|
||||
getAuthenticationComponent().setGuestUserAsCurrentUser();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -36,7 +36,6 @@ import javax.security.auth.login.LoginContext;
|
||||
import javax.security.auth.login.LoginException;
|
||||
import javax.security.sasl.RealmCallback;
|
||||
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
|
||||
import org.alfresco.jlan.debug.Debug;
|
||||
@@ -70,10 +69,12 @@ import org.alfresco.jlan.smb.server.SMBSrvSession;
|
||||
import org.alfresco.jlan.smb.server.VirtualCircuit;
|
||||
import org.alfresco.jlan.util.DataPacker;
|
||||
import org.alfresco.jlan.util.HexDump;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.security.authentication.NTLMMode;
|
||||
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
import org.ietf.jgss.Oid;
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
|
||||
/**
|
||||
* Enterprise CIFS Authenticator Class
|
||||
@@ -1491,14 +1492,21 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
}
|
||||
else
|
||||
{
|
||||
// Use the system user to do the user name lookup
|
||||
|
||||
getAuthenticationComponent().setSystemUserAsCurrentUser();
|
||||
|
||||
// Set the current user to be authenticated, save the authentication token
|
||||
|
||||
try
|
||||
{
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser( mapUserNameToPerson(krbDetails.getUserName())));
|
||||
getAuthenticationComponent().setCurrentUser( mapUserNameToPerson(krbDetails.getUserName()));
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket() );
|
||||
}
|
||||
catch (AuthenticationException e)
|
||||
{
|
||||
// Invalid user or max tickets exceeded. Return a logon failure status
|
||||
|
||||
throw new SMBSrvException( SMBStatus.NTLogonFailure, SMBStatus.ErrDos, SMBStatus.DOSAccessDenied);
|
||||
|
||||
}
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1654,8 +1662,18 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
try
|
||||
{
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser( mapUserNameToPerson(userName)));
|
||||
getAuthenticationComponent().setCurrentUser( mapUserNameToPerson(userName));
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
}
|
||||
catch (AuthenticationException e)
|
||||
{
|
||||
// Invalid user or max tickets exceeded. Return a logon failure status
|
||||
|
||||
throw new SMBSrvException(SMBStatus.NTLogonFailure, SMBStatus.ErrDos, SMBStatus.DOSAccessDenied);
|
||||
}
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1787,9 +1805,18 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
try
|
||||
{
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( client.getUserName())));
|
||||
getAuthenticationComponent().setCurrentUser( mapUserNameToPerson(client.getUserName()));
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
}
|
||||
catch (AuthenticationException e)
|
||||
{
|
||||
// Invalid user or max tickets exceeded. Return a logon failure status
|
||||
|
||||
throw new SMBSrvException(SMBStatus.NTLogonFailure, SMBStatus.ErrDos, SMBStatus.DOSAccessDenied);
|
||||
}
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
client.setGuest( false);
|
||||
@@ -1900,7 +1927,8 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( userName)));
|
||||
getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( userName));
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -1915,7 +1943,14 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
{
|
||||
// Log the error
|
||||
|
||||
if (ex instanceof AuthenticationException)
|
||||
{
|
||||
logger.debug(ex);
|
||||
}
|
||||
else
|
||||
{
|
||||
logger.error(ex);
|
||||
}
|
||||
|
||||
// Return a logon failure
|
||||
|
||||
@@ -2024,7 +2059,8 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( client.getUserName())));
|
||||
getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( client.getUserName()));
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
@@ -2038,7 +2074,14 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
{
|
||||
// Log the error
|
||||
|
||||
if (ex instanceof AuthenticationException)
|
||||
{
|
||||
logger.debug(ex);
|
||||
}
|
||||
else
|
||||
{
|
||||
logger.error(ex);
|
||||
}
|
||||
|
||||
// Return a logon failure
|
||||
|
||||
@@ -2187,8 +2230,18 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
|
||||
|
||||
// Setup the Acegi authenticated user
|
||||
|
||||
try
|
||||
{
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( userName)));
|
||||
getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( userName));
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
}
|
||||
catch (AuthenticationException e)
|
||||
{
|
||||
// Invalid user or max tickets exceeded. Return a logon failure status
|
||||
|
||||
throw new SMBSrvException(SMBStatus.NTLogonFailure, SMBStatus.ErrDos, SMBStatus.DOSAccessDenied);
|
||||
}
|
||||
|
||||
// Store the full user name in the client information, indicate that this is not a guest logon
|
||||
|
||||
|
||||
@@ -22,7 +22,6 @@ import java.util.ArrayList;
|
||||
import java.util.Hashtable;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
|
||||
import org.alfresco.filesys.auth.PassthruServerFactory;
|
||||
@@ -57,12 +56,14 @@ import org.alfresco.jlan.util.DataPacker;
|
||||
import org.alfresco.jlan.util.HexDump;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.security.authentication.NTLMMode;
|
||||
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
|
||||
/**
|
||||
* Passthru Authenticator Class
|
||||
@@ -183,11 +184,11 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements
|
||||
{
|
||||
// Check if the client is already authenticated, and it is not a null logon
|
||||
|
||||
if ( alfClient.getAuthenticationToken() != null && client.getLogonType() != ClientInfo.LogonNull)
|
||||
if ( alfClient.hasAuthenticationTicket() && client.getLogonType() != ClientInfo.LogonNull)
|
||||
{
|
||||
// Use the existing authentication token
|
||||
|
||||
getAuthenticationComponent().setCurrentUser( mapUserNameToPerson( client.getUserName()));
|
||||
getAuthenticationService().validate(alfClient.getAuthenticationTicket(), null);
|
||||
|
||||
// Debug
|
||||
|
||||
@@ -276,7 +277,8 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements
|
||||
{
|
||||
// Use the person name as the current user
|
||||
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().setCurrentUser(personName));
|
||||
getAuthenticationComponent().setCurrentUser(personName);
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// DEBUG
|
||||
|
||||
@@ -296,6 +298,10 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements
|
||||
logger.debug("Failed to find person matching user " + username);
|
||||
}
|
||||
}
|
||||
catch (AuthenticationException ex)
|
||||
{
|
||||
logger.debug("User invalid or max tickets exceeded", ex);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
||||
@@ -1018,7 +1024,7 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements
|
||||
// Get the authentication token and store
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken(getAuthenticationComponent().getCurrentAuthentication());
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// Indicate that the client is logged on
|
||||
|
||||
|
||||
@@ -21,8 +21,6 @@ package org.alfresco.filesys.auth.ftp;
|
||||
import javax.transaction.Status;
|
||||
import javax.transaction.UserTransaction;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
|
||||
import org.alfresco.jlan.ftp.FTPSrvSession;
|
||||
import org.alfresco.jlan.server.SrvSession;
|
||||
@@ -178,12 +176,12 @@ public class AlfrescoFtpAuthenticator extends FTPAuthenticatorBase {
|
||||
*/
|
||||
protected void doGuestLogon( AlfrescoClientInfo client, SrvSession sess)
|
||||
{
|
||||
// Get a guest authentication token
|
||||
// Get a guest authentication ticket
|
||||
|
||||
getAuthenticationService().authenticateAsGuest();
|
||||
Authentication authToken = getAuthenticationComponent().getCurrentAuthentication();
|
||||
String ticket = getAuthenticationService().getCurrentTicket();
|
||||
|
||||
client.setAuthenticationToken( authToken);
|
||||
client.setAuthenticationTicket( ticket);
|
||||
|
||||
// Mark the client as being a guest logon
|
||||
|
||||
|
||||
@@ -24,9 +24,6 @@ import java.net.InetAddress;
|
||||
import javax.transaction.Status;
|
||||
import javax.transaction.UserTransaction;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.filesys.ExtendedServerConfigurationAccessor;
|
||||
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
|
||||
@@ -45,6 +42,7 @@ import org.alfresco.jlan.util.IPAddress;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
import org.alfresco.repo.security.authentication.NTLMMode;
|
||||
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
|
||||
/**
|
||||
* Passthru FTP Authenticator Class
|
||||
@@ -331,9 +329,9 @@ public class PassthruFtpAuthenticator extends FTPAuthenticatorBase {
|
||||
// Get a guest authentication token
|
||||
|
||||
getAuthenticationService().authenticateAsGuest();
|
||||
Authentication authToken = getAuthenticationComponent().getCurrentAuthentication();
|
||||
String ticket = getAuthenticationService().getCurrentTicket();
|
||||
|
||||
client.setAuthenticationToken(authToken);
|
||||
client.setAuthenticationTicket(ticket);
|
||||
|
||||
// Mark the client as being a guest logon
|
||||
|
||||
@@ -395,7 +393,8 @@ public class PassthruFtpAuthenticator extends FTPAuthenticatorBase {
|
||||
// Set the current user to be authenticated, save the authentication token
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
alfClient.setAuthenticationToken(getAuthenticationComponent().setCurrentUser(client.getUserName()));
|
||||
getAuthenticationComponent().setCurrentUser(client.getUserName());
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// Passwords match, grant access
|
||||
|
||||
|
||||
@@ -39,6 +39,7 @@ import org.alfresco.jlan.server.auth.ClientInfo;
|
||||
import org.alfresco.jlan.server.config.InvalidConfigurationException;
|
||||
import org.alfresco.jlan.server.config.ServerConfiguration;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||
import org.alfresco.service.transaction.TransactionService;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
@@ -69,6 +70,8 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
|
||||
private AuthenticationComponent authenticationComponent;
|
||||
|
||||
private AuthenticationService authenticationService;
|
||||
|
||||
private TransactionService transactionService;
|
||||
|
||||
public void setUserMappings(List<UserMapping> userMappings)
|
||||
@@ -81,6 +84,11 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
this.authenticationComponent = authenticationComponent;
|
||||
}
|
||||
|
||||
public void setAuthenticationService (AuthenticationService authenticationService)
|
||||
{
|
||||
this.authenticationService = authenticationService;
|
||||
}
|
||||
|
||||
public void setTransactionService(TransactionService transactionService)
|
||||
{
|
||||
this.transactionService = transactionService;
|
||||
@@ -289,28 +297,28 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
|
||||
// Check if the authentication token has been set for the client
|
||||
|
||||
if ( alfClient.hasAuthenticationToken() == false)
|
||||
if ( !alfClient.hasAuthenticationTicket() )
|
||||
{
|
||||
// Set the current user and retrieve the authentication token
|
||||
|
||||
getAuthenticationComponent().setCurrentUser( client.getUserName());
|
||||
alfClient.setAuthenticationToken( getAuthenticationComponent().getCurrentAuthentication());
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set user name=" + client.getUserName() + ", token=" + alfClient.getAuthenticationToken());
|
||||
logger.debug("Set user name=" + client.getUserName() + ", ticket=" + alfClient.getAuthenticationTicket());
|
||||
}
|
||||
else
|
||||
{
|
||||
// Set the authentication context for the request
|
||||
|
||||
getAuthenticationComponent().setCurrentAuthentication( alfClient.getAuthenticationToken());
|
||||
getAuthenticationService().validate(alfClient.getAuthenticationTicket(), null);
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set user using auth token, token=" + alfClient.getAuthenticationToken());
|
||||
logger.debug("Set user using auth ticket, ticket=" + alfClient.getAuthenticationTicket());
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -375,6 +383,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
|
||||
// Copy over relevant bean properties for backward compatibility
|
||||
setAuthenticationComponent(alfrescoConfig.getAuthenticationComponent());
|
||||
setAuthenticationService(alfrescoConfig.getAuthenticationService());
|
||||
setTransactionService(alfrescoConfig.getTransactionService());
|
||||
|
||||
// Check for the user mappings
|
||||
@@ -524,6 +533,11 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
return this.authenticationComponent;
|
||||
}
|
||||
|
||||
protected AuthenticationService getAuthenticationService()
|
||||
{
|
||||
return this.authenticationService;
|
||||
}
|
||||
|
||||
protected TransactionService getTransactionService()
|
||||
{
|
||||
return this.transactionService;
|
||||
|
||||
@@ -145,10 +145,15 @@ public class InMemoryTicketComponentImpl implements TicketComponent
|
||||
*/
|
||||
private String getTicketKey(String ticketString)
|
||||
{
|
||||
if (ticketString.length() < GRANTED_AUTHORITY_TICKET_PREFIX.length())
|
||||
if (ticketString == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
else if (ticketString.length() < GRANTED_AUTHORITY_TICKET_PREFIX.length())
|
||||
{
|
||||
throw new AuthenticationException(ticketString + " is an invalid ticket format");
|
||||
}
|
||||
|
||||
String key = ticketString.substring(GRANTED_AUTHORITY_TICKET_PREFIX.length());
|
||||
return key;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user