inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.3-BUG-FIX to HEAD

Browse Source 
22588: Merged V3.3 to V3.3-BUG-FIX
      22535: ALF-4472: Possible fix for Sharepoint Basic Authentication Issues
         - Forgot to make basic authentication handler force a login when necessary
         - Also use cached session information when present
         - Aligns with NTLM and Kerberos handlers


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@22589 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
2010-09-16 12:45:46 +00:00
parent 7a012c7d1b
commit ae9f23673b
1 changed files with 83 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
View File

@@ -33,10 +33,11 @@ import org.alfresco.web.bean.repository.User;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
/** /**
* <p>BASIC web authentication implementation.</p> * <p>
* BASIC web authentication implementation.
* </p>
* *
* @author PavelYur * @author PavelYur
*
*/ */
public class BasicAuthenticationHandler extends AbstractAuthenticationHandler implements SharepointConstants public class BasicAuthenticationHandler extends AbstractAuthenticationHandler implements SharepointConstants
{ {
@@ -44,68 +45,96 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
private final static String BASIC_START = "BASIC"; private final static String BASIC_START = "BASIC";
/*
/* (non-Javadoc) * (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#authenticateRequest(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) * @see
* org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#authenticateRequest(javax.servlet.ServletContext,
* javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/ */
public boolean authenticateRequest(ServletContext context, HttpServletRequest request, HttpServletResponse response) public boolean authenticateRequest(ServletContext context, HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException throws IOException, ServletException
{ {
String authHdr = request.getHeader(HEADER_AUTHORIZATION); if (isUserAuthenticated(context, request))
if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
{ {
String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes())); return true;
String username = null; }
String password = null; else
{
// Unlike multi-stage authentication protocols like Kerberos / NTLM we have only one possible response to an
// unauthenticated user
restartLoginChallenge(context, request, response);
return false;
}
}
int pos = basicAuth.indexOf(":"); /**
if (pos != -1) * Returns <code>true</code> if the user is authenticated and their details are cached in the session
*
* @param context
* the servlet context
* @param request
* the servlet request
* @return <code>true</code>, if the user is authenticated
* @throws IOException
* Signals that an I/O exception has occurred.
* @throws ServletException
* On other errors.
*/
public boolean isUserAuthenticated(ServletContext context, HttpServletRequest request) throws IOException,
ServletException
{
String authHdr = request.getHeader(HEADER_AUTHORIZATION);
HttpSession session = request.getSession(false);
SessionUser user = session == null ? null : (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
if (user == null)
{
if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
{ {
username = basicAuth.substring(0, pos); String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes()));
password = basicAuth.substring(pos + 1); String username = null;
} String password = null;
else
{
username = basicAuth;
password = "";
}
try int pos = basicAuth.indexOf(":");
{ if (pos != -1)
if (logger.isDebugEnabled()) {
logger.debug("Authenticating user '" + username + "'"); username = basicAuth.substring(0, pos);
password = basicAuth.substring(pos + 1);
}
else
{
username = basicAuth;
password = "";
}
authenticationService.authenticate(username, password.toCharArray()); try
{
if (logger.isDebugEnabled())
logger.debug("Authenticating user '" + username + "'");
// Normalize the user ID taking into account case sensitivity settings authenticationService.authenticate(username, password.toCharArray());
username = authenticationService.getCurrentUserName();
if (logger.isDebugEnabled()) // Normalize the user ID taking into account case sensitivity settings
logger.debug("Authenticated user '" + username + "'"); username = authenticationService.getCurrentUserName();
request.getSession().setAttribute(USER_SESSION_ATTRIBUTE, new User(username, authenticationService.getCurrentTicket(), personService.getPerson(username))); if (logger.isDebugEnabled())
logger.debug("Authenticated user '" + username + "'");
return true; request.getSession()
} .setAttribute(
catch (AuthenticationException ex) USER_SESSION_ATTRIBUTE,
{ new User(username, authenticationService.getCurrentTicket(), personService
// Do nothing, user object will be null .getPerson(username)));
return true;
}
catch (AuthenticationException ex)
{
// Do nothing, user object will be null
}
} }
} }
else else
{ {
HttpSession session = request.getSession(false);
if (session == null)
{
return false;
}
SessionUser user = (SessionUser) session
.getAttribute(USER_SESSION_ATTRIBUTE);
if (user == null)
{
return false;
}
try try
{ {
authenticationService.validate(user.getTicket()); authenticationService.validate(user.getTicket());
@@ -120,7 +149,6 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
return false; return false;
} }
@Override @Override
public String getWWWAuthenticate() public String getWWWAuthenticate()
{ {