Web Scripts: Basic HTTP Authenticator - allow ticket to be passed as URL argument - alf_ticket=xxx

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6001 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java

@@ -69,10 +69,12 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator
         // 
 
         String authorization = req.getHeader("Authorization");
+        String ticket = req.getParameter("alf_ticket");
         
         if (logger.isDebugEnabled())
         {
             logger.debug("HTTP Authorization provided: " + (authorization != null && authorization.length() > 0));
+            logger.debug("URL ticket provided: " + (ticket != null && ticket.length() > 0));
         }
         
         // authenticate as guest, if service allows
@@ -85,6 +87,24 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator
             authorized = true;
         }
         
+        // authenticate as specified by explicit ticket on url
+        else if (ticket != null && ticket.length() > 0)
+        {
+            try
+            {
+                if (logger.isDebugEnabled())
+                    logger.debug("Authenticating (URL argument) ticket " + ticket);
+    
+                // assume a ticket has been passed
+                authenticationService.validate(ticket);
+                authorized = true;
+            }
+            catch(AuthenticationException e)
+            {
+                // failed authentication
+            }
+        }
+        
         // authenticate as specified by HTTP Basic Authentication
         else if (authorization != null && authorization.length() > 0)
         {
@@ -101,7 +121,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator
                 if (parts.length == 1)
                 {
                     if (logger.isDebugEnabled())
-                        logger.debug("Authenticating ticket " + parts[0]);
+                        logger.debug("Authenticating (BASIC HTTP) ticket " + parts[0]);
 
                     // assume a ticket has been passed
                     authenticationService.validate(parts[0]);
@@ -110,7 +130,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator
                 else
                 {
                     if (logger.isDebugEnabled())
-                        logger.debug("Authenticating user " + parts[0]);
+                        logger.debug("Authenticating (BASIC HTTP) user " + parts[0]);
 
                     // assume username and password passed
                     if (parts[0].equals(AuthenticationUtil.getGuestUserName()))

source/java/org/alfresco/web/scripts/DeclarativeWebScriptRegistry.java

@@ -160,7 +160,7 @@ public class DeclarativeWebScriptRegistry extends AbstractLifecycleBean
         finally
         {
             if (logger.isInfoEnabled())
-                logger.info("Registered " + webscriptsById.size() + " Web Scripts " + webscriptsByURL.size() + ", URLs (in " + (System.currentTimeMillis() - startTime) + "ms)");
+                logger.info("Registered " + webscriptsById.size() + " Web Scripts, " + webscriptsByURL.size() + " URLs (in " + (System.currentTimeMillis() - startTime) + "ms)");
         }        
     }