Merged V4.1-BUG-FIX (4.1.8) to V4.2-BUG-FIX (4.2.1)

58290: Merged V4.1.7 (4.1.7) to V4.1-BUG-FIX (4.1.8) 58183: Merged DEV to V4.1.7 (4.1.7) 58123: MNT-9992 : Using CMIS authentication using "ROLE_TICKET" or user "null" of "" does not work any more. Added authentication using ticket in AuthenticationFilter. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/V4.2-BUG-FIX/root@58315 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-21 18:09:20 +00:00 · 2013-11-26 18:05:54 +00:00
parent b3d21d17b2
commit ac461f16bd
1 changed files with 17 additions and 4 deletions
--- a/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/AuthenticationFilter.java
@@ -40,6 +40,8 @@ import javax.servlet.http.HttpServletResponse;

 import org.alfresco.repo.SessionUser;
 import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.Authorization;
 import org.alfresco.repo.web.auth.BasicAuthCredentials;
 import org.alfresco.repo.web.auth.TicketCredentials;
 import org.alfresco.repo.web.filter.beans.DependencyInjectedFilter;
@@ -161,10 +163,21 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De
                            password = "";
                        }
    
-                        // Authenticate the user
-
-                        authenticationService.authenticate(username, password.toCharArray());
-                        authenticationListener.userAuthenticated(new BasicAuthCredentials(username, password));
+                        // First check if we already are authenticated
+                        if (AuthenticationUtil.getFullyAuthenticatedUser() == null)
+                        {
+                            // We have to go to the repo and authenticate
+                            Authorization auth = new Authorization(username, password);
+                            if (auth.isTicket())
+                            {
+                                authenticationService.validate(auth.getTicket());
+                            }
+                            else
+                            {
+                                authenticationService.authenticate(username, password.toCharArray());
+                                authenticationListener.userAuthenticated(new BasicAuthCredentials(username, password));
+                        }
+                        
                        user = createUserEnvironment(httpReq.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), false);
                        
                        // Success so break out