diff --git a/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java b/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java index 9c3fd2252b..a607cfccb3 100644 --- a/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java +++ b/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java @@ -60,7 +60,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator /* (non-Javadoc) * @see org.aopalliance.intercept.MethodInterceptor#invoke(org.aopalliance.intercept.MethodInvocation) */ - public void authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res) + public boolean authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res) { boolean authorized = false; @@ -146,6 +146,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator res.setStatus(401); res.setHeader("WWW-Authenticate", "Basic realm=\"Alfresco\""); } + return authorized; } } diff --git a/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java b/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java index 3f7e6f1133..4531b9b881 100644 --- a/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java +++ b/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java @@ -38,7 +38,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.web.context.ServletContextAware; - /** * Alfresco Web Client Authentication Interceptor * @@ -64,17 +63,15 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se /* (non-Javadoc) * @see org.alfresco.web.scripts.WebScriptServletAuthenticator#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - public void authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res) + public boolean authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res) { AuthenticationStatus status = null; try { - // // validate credentials // - String ticket = req.getParameter("ticket"); if (logger.isDebugEnabled()) @@ -110,7 +107,6 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se // // if not authorized, redirect to login page // - if (status == null || status == AuthenticationStatus.Failure) { // authentication failed - now need to display the login page to the user, if asked to @@ -124,6 +120,7 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se { throw new WebScriptException("Failed to authenticate", e); } + + return !(status == null || status == AuthenticationStatus.Failure); } - } diff --git a/source/java/org/alfresco/web/scripts/WebScriptRuntime.java b/source/java/org/alfresco/web/scripts/WebScriptRuntime.java index 52d8884316..7b1ac2ef1e 100644 --- a/source/java/org/alfresco/web/scripts/WebScriptRuntime.java +++ b/source/java/org/alfresco/web/scripts/WebScriptRuntime.java @@ -202,7 +202,6 @@ public abstract class WebScriptRuntime // // Determine if user already authenticated // - currentUser = AuthenticationUtil.getCurrentUserName(); if (logger.isDebugEnabled()) { @@ -214,19 +213,18 @@ public abstract class WebScriptRuntime // // Apply appropriate authentication to Web Script invocation // - - authenticate(required, isGuest); - - // - // Execute Web Script - wrappedExecute(scriptReq, scriptRes); + if (authenticate(required, isGuest)) + { + // + // Execute Web Script + wrappedExecute(scriptReq, scriptRes); + } } finally { // // Reset authentication for current thread // - AuthenticationUtil.clearCurrentSecurityContext(); if (currentUser != null) { @@ -293,8 +291,10 @@ public abstract class WebScriptRuntime * * @param required required level of authentication * @param isGuest is the request accessed as Guest + * + * @return true if authorised, false otherwise */ - protected abstract void authenticate(RequiredAuthentication required, boolean isGuest); + protected abstract boolean authenticate(RequiredAuthentication required, boolean isGuest); /** * Pre-execution hook diff --git a/source/java/org/alfresco/web/scripts/WebScriptServletAuthenticator.java b/source/java/org/alfresco/web/scripts/WebScriptServletAuthenticator.java index fbf932eb73..98099025d9 100644 --- a/source/java/org/alfresco/web/scripts/WebScriptServletAuthenticator.java +++ b/source/java/org/alfresco/web/scripts/WebScriptServletAuthenticator.java @@ -29,7 +29,6 @@ import javax.servlet.http.HttpServletResponse; import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication; - /** * Web Script Authenticator for the HTTP Servlet environment * @@ -37,15 +36,15 @@ import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication; */ public interface WebScriptServletAuthenticator { - - /** - * Authenticate Web Script execution - * - * @param required required level of authentication - * @param isGuest is Guest accessing the web script - * @param req http servlet request - * @param res http servlet response - */ - public void authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res); - + /** + * Authenticate Web Script execution + * + * @param required required level of authentication + * @param isGuest is Guest accessing the web script + * @param req http servlet request + * @param res http servlet response + * + * @return true if authorised to execute the script, false otherwise + */ + public boolean authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res); } diff --git a/source/java/org/alfresco/web/scripts/WebScriptServletRuntime.java b/source/java/org/alfresco/web/scripts/WebScriptServletRuntime.java index c9640286f9..7c551e3c59 100644 --- a/source/java/org/alfresco/web/scripts/WebScriptServletRuntime.java +++ b/source/java/org/alfresco/web/scripts/WebScriptServletRuntime.java @@ -100,11 +100,13 @@ public class WebScriptServletRuntime extends WebScriptRuntime * @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean) */ @Override - protected void authenticate(RequiredAuthentication required, boolean isGuest) + protected boolean authenticate(RequiredAuthentication required, boolean isGuest) { + boolean authorised = true; if (authenticator != null) { - authenticator.authenticate(required, isGuest, req, res); + authorised = authenticator.authenticate(required, isGuest, req, res); } + return authorised; } } diff --git a/source/java/org/alfresco/web/scripts/jsf/UIWebScript.java b/source/java/org/alfresco/web/scripts/jsf/UIWebScript.java index 8a377ef730..7b9cdef015 100644 --- a/source/java/org/alfresco/web/scripts/jsf/UIWebScript.java +++ b/source/java/org/alfresco/web/scripts/jsf/UIWebScript.java @@ -235,10 +235,11 @@ public class UIWebScript extends SelfRenderingComponent * @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean) */ @Override - protected void authenticate(RequiredAuthentication required, boolean isGuest) + protected boolean authenticate(RequiredAuthentication required, boolean isGuest) { // JSF component already in an authenticated environment as the // /faces servlet filter (or JSF portlet wrapper) is called first + return true; } /** diff --git a/source/java/org/alfresco/web/scripts/portlet/WebClientPortletAuthenticator.java b/source/java/org/alfresco/web/scripts/portlet/WebClientPortletAuthenticator.java index 0788729c6f..697fded6c7 100644 --- a/source/java/org/alfresco/web/scripts/portlet/WebClientPortletAuthenticator.java +++ b/source/java/org/alfresco/web/scripts/portlet/WebClientPortletAuthenticator.java @@ -73,7 +73,7 @@ public class WebClientPortletAuthenticator implements WebScriptPortletAuthentica /* (non-Javadoc) * @see org.alfresco.web.scripts.portlet.WebScriptPortletAuthenticator#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean, javax.portlet.RenderRequest, javax.portlet.RenderResponse) */ - public void authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res) + public boolean authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res) { PortletSession session = req.getPortletSession(); String portalUser = req.getRemoteUser(); @@ -115,6 +115,8 @@ public class WebClientPortletAuthenticator implements WebScriptPortletAuthentica removeSessionInvalidated(session); } } + + return true; } /** diff --git a/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java b/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java index 07a9acdf0a..b75a3e981b 100644 --- a/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java +++ b/source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java @@ -254,9 +254,9 @@ public class WebScriptPortlet implements Portlet * @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean) */ @Override - protected void authenticate(RequiredAuthentication required, boolean isGuest) + protected boolean authenticate(RequiredAuthentication required, boolean isGuest) { - authenticator.authenticate(required, isGuest, req, res); + return authenticator.authenticate(required, isGuest, req, res); } /* (non-Javadoc) diff --git a/source/java/org/alfresco/web/scripts/portlet/WebScriptPortletAuthenticator.java b/source/java/org/alfresco/web/scripts/portlet/WebScriptPortletAuthenticator.java index 4cdcb8c311..f66722a1f6 100644 --- a/source/java/org/alfresco/web/scripts/portlet/WebScriptPortletAuthenticator.java +++ b/source/java/org/alfresco/web/scripts/portlet/WebScriptPortletAuthenticator.java @@ -29,7 +29,6 @@ import javax.portlet.RenderResponse; import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication; - /** * Web Script Authenticator for the JSR-168 environment * @@ -37,15 +36,15 @@ import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication; */ public interface WebScriptPortletAuthenticator { - - /** - * Authenticate Web Script execution - * - * @param required required level of authentication - * @param isGuest is Guest accessing the web script - * @param req portlet render request - * @param res portlet render response - */ - public void authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res); - + /** + * Authenticate Web Script execution + * + * @param required required level of authentication + * @param isGuest is Guest accessing the web script + * @param req portlet render request + * @param res portlet render response + * + * @return true if authorised, false otherwise + */ + public boolean authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res); }