inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.3-BUG-FIX to HEAD

Browse Source 
22588: Merged V3.3 to V3.3-BUG-FIX
      22535: ALF-4472: Possible fix for Sharepoint Basic Authentication Issues
         - Forgot to make basic authentication handler force a login when necessary
         - Also use cached session information when present
         - Aligns with NTLM and Kerberos handlers


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@22589 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
2010-09-16 12:45:46 +00:00
parent 7a012c7d1b
commit ae9f23673b
1 changed files with 83 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
View File

@@ -33,10 +33,11 @@ import org.alfresco.web.bean.repository.User;
import org.apache.commons.codec.binary.Base64;
/**
* <p>BASIC web authentication implementation.</p>
* <p>
* BASIC web authentication implementation.
* </p>
*
* @author PavelYur
*
*/
public class BasicAuthenticationHandler extends AbstractAuthenticationHandler implements SharepointConstants
{
@@ -44,68 +45,96 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
private final static String BASIC_START = "BASIC";
/* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#authenticateRequest(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
/*
* (non-Javadoc)
* @see
* org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#authenticateRequest(javax.servlet.ServletContext,
* javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
public boolean authenticateRequest(ServletContext context, HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
String authHdr = request.getHeader(HEADER_AUTHORIZATION);
if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
if (isUserAuthenticated(context, request))
{
String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes()));
String username = null;
String password = null;
return true;
}
else
{
// Unlike multi-stage authentication protocols like Kerberos / NTLM we have only one possible response to an
// unauthenticated user
restartLoginChallenge(context, request, response);
return false;
}
}
int pos = basicAuth.indexOf(":");
if (pos != -1)
/**
* Returns <code>true</code> if the user is authenticated and their details are cached in the session
*
* @param context
* the servlet context
* @param request
* the servlet request
* @return <code>true</code>, if the user is authenticated
* @throws IOException
* Signals that an I/O exception has occurred.
* @throws ServletException
* On other errors.
*/
public boolean isUserAuthenticated(ServletContext context, HttpServletRequest request) throws IOException,
ServletException
{
String authHdr = request.getHeader(HEADER_AUTHORIZATION);
HttpSession session = request.getSession(false);
SessionUser user = session == null ? null : (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
if (user == null)
{
if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
{
username = basicAuth.substring(0, pos);
password = basicAuth.substring(pos + 1);
}
else
{
username = basicAuth;
password = "";
}
String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes()));
String username = null;
String password = null;
try
{
if (logger.isDebugEnabled())
logger.debug("Authenticating user '" + username + "'");
int pos = basicAuth.indexOf(":");
if (pos != -1)
{
username = basicAuth.substring(0, pos);
password = basicAuth.substring(pos + 1);
}
else
{
username = basicAuth;
password = "";
}
authenticationService.authenticate(username, password.toCharArray());
try
{
if (logger.isDebugEnabled())
logger.debug("Authenticating user '" + username + "'");
// Normalize the user ID taking into account case sensitivity settings
username = authenticationService.getCurrentUserName();
authenticationService.authenticate(username, password.toCharArray());
if (logger.isDebugEnabled())
logger.debug("Authenticated user '" + username + "'");
// Normalize the user ID taking into account case sensitivity settings
username = authenticationService.getCurrentUserName();
request.getSession().setAttribute(USER_SESSION_ATTRIBUTE, new User(username, authenticationService.getCurrentTicket(), personService.getPerson(username)));
if (logger.isDebugEnabled())
logger.debug("Authenticated user '" + username + "'");
return true;
}
catch (AuthenticationException ex)
{
// Do nothing, user object will be null
request.getSession()
.setAttribute(
USER_SESSION_ATTRIBUTE,
new User(username, authenticationService.getCurrentTicket(), personService
.getPerson(username)));
return true;
}
catch (AuthenticationException ex)
{
// Do nothing, user object will be null
}
}
}
else
{
HttpSession session = request.getSession(false);
if (session == null)
{
return false;
}
SessionUser user = (SessionUser) session
.getAttribute(USER_SESSION_ATTRIBUTE);
if (user == null)
{
return false;
}
try
{
authenticationService.validate(user.getTicket());
@@ -120,7 +149,6 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler im
return false;
}
@Override
public String getWWWAuthenticate()
{