inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring webscript authentication to deal with redirecting etc. when no valid authentication for the script is available

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5718 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2007-05-18 09:25:38 +00:00
parent 23d297ac26
commit b56f065c94
9 changed files with 47 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java
View File

@@ -60,7 +60,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator
/* (non-Javadoc) /* (non-Javadoc)
* @see org.aopalliance.intercept.MethodInterceptor#invoke(org.aopalliance.intercept.MethodInvocation) * @see org.aopalliance.intercept.MethodInterceptor#invoke(org.aopalliance.intercept.MethodInvocation)
*/ */
public void authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res) public boolean authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res)
{ {
boolean authorized = false; boolean authorized = false;
@@ -146,6 +146,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator
res.setStatus(401); res.setStatus(401);
res.setHeader("WWW-Authenticate", "Basic realm=\"Alfresco\""); res.setHeader("WWW-Authenticate", "Basic realm=\"Alfresco\"");
} }
return authorized;
} }
} }

9
source/java/org/alfresco/web/scripts/WebClientAuthenticator.java
View File

@@ -38,7 +38,6 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.ServletContextAware; import org.springframework.web.context.ServletContextAware;
/** /**
* Alfresco Web Client Authentication Interceptor * Alfresco Web Client Authentication Interceptor
* *
@@ -64,17 +63,15 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se
/* (non-Javadoc) /* (non-Javadoc)
* @see org.alfresco.web.scripts.WebScriptServletAuthenticator#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) * @see org.alfresco.web.scripts.WebScriptServletAuthenticator#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/ */
public void authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res) public boolean authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res)
{ {
AuthenticationStatus status = null; AuthenticationStatus status = null;
try try
{ {
// //
// validate credentials // validate credentials
// //
String ticket = req.getParameter("ticket"); String ticket = req.getParameter("ticket");
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
@@ -110,7 +107,6 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se
// //
// if not authorized, redirect to login page // if not authorized, redirect to login page
// //
if (status == null || status == AuthenticationStatus.Failure) if (status == null || status == AuthenticationStatus.Failure)
{ {
// authentication failed - now need to display the login page to the user, if asked to // authentication failed - now need to display the login page to the user, if asked to
@@ -124,6 +120,7 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se
{ {
throw new WebScriptException("Failed to authenticate", e); throw new WebScriptException("Failed to authenticate", e);
} }
return !(status == null || status == AuthenticationStatus.Failure);
} }
} }

18
source/java/org/alfresco/web/scripts/WebScriptRuntime.java
View File

@@ -202,7 +202,6 @@ public abstract class WebScriptRuntime
// //
// Determine if user already authenticated // Determine if user already authenticated
// //
currentUser = AuthenticationUtil.getCurrentUserName(); currentUser = AuthenticationUtil.getCurrentUserName();
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
{ {
@@ -214,19 +213,18 @@ public abstract class WebScriptRuntime
// //
// Apply appropriate authentication to Web Script invocation // Apply appropriate authentication to Web Script invocation
// //
if (authenticate(required, isGuest))
authenticate(required, isGuest); {
//
// // Execute Web Script
// Execute Web Script wrappedExecute(scriptReq, scriptRes);
wrappedExecute(scriptReq, scriptRes); }
} }
finally finally
{ {
// //
// Reset authentication for current thread // Reset authentication for current thread
// //
AuthenticationUtil.clearCurrentSecurityContext(); AuthenticationUtil.clearCurrentSecurityContext();
if (currentUser != null) if (currentUser != null)
{ {
@@ -293,8 +291,10 @@ public abstract class WebScriptRuntime
* *
* @param required required level of authentication * @param required required level of authentication
* @param isGuest is the request accessed as Guest * @param isGuest is the request accessed as Guest
*
* @return true if authorised, false otherwise
*/ */
protected abstract void authenticate(RequiredAuthentication required, boolean isGuest); protected abstract boolean authenticate(RequiredAuthentication required, boolean isGuest);
/** /**
* Pre-execution hook * Pre-execution hook

23
source/java/org/alfresco/web/scripts/WebScriptServletAuthenticator.java
View File

@@ -29,7 +29,6 @@ import javax.servlet.http.HttpServletResponse;
import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication; import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication;
/** /**
* Web Script Authenticator for the HTTP Servlet environment * Web Script Authenticator for the HTTP Servlet environment
* *
@@ -37,15 +36,15 @@ import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication;
*/ */
public interface WebScriptServletAuthenticator public interface WebScriptServletAuthenticator
{ {
/**
/** * Authenticate Web Script execution
* Authenticate Web Script execution *
* * @param required required level of authentication
* @param required required level of authentication * @param isGuest is Guest accessing the web script
* @param isGuest is Guest accessing the web script * @param req http servlet request
* @param req http servlet request * @param res http servlet response
* @param res http servlet response *
*/ * @return true if authorised to execute the script, false otherwise
public void authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res); */
public boolean authenticate(RequiredAuthentication required, boolean isGuest, HttpServletRequest req, HttpServletResponse res);
} }

6
source/java/org/alfresco/web/scripts/WebScriptServletRuntime.java
View File

@@ -100,11 +100,13 @@ public class WebScriptServletRuntime extends WebScriptRuntime
* @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean) * @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean)
*/ */
@Override @Override
protected void authenticate(RequiredAuthentication required, boolean isGuest) protected boolean authenticate(RequiredAuthentication required, boolean isGuest)
{ {
boolean authorised = true;
if (authenticator != null) if (authenticator != null)
{ {
authenticator.authenticate(required, isGuest, req, res); authorised = authenticator.authenticate(required, isGuest, req, res);
} }
return authorised;
} }
} }

3
source/java/org/alfresco/web/scripts/jsf/UIWebScript.java
View File

@@ -235,10 +235,11 @@ public class UIWebScript extends SelfRenderingComponent
* @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean) * @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean)
*/ */
@Override @Override
protected void authenticate(RequiredAuthentication required, boolean isGuest) protected boolean authenticate(RequiredAuthentication required, boolean isGuest)
{ {
// JSF component already in an authenticated environment as the // JSF component already in an authenticated environment as the
// /faces servlet filter (or JSF portlet wrapper) is called first // /faces servlet filter (or JSF portlet wrapper) is called first
return true;
} }
/** /**

4
source/java/org/alfresco/web/scripts/portlet/WebClientPortletAuthenticator.java
View File

@@ -73,7 +73,7 @@ public class WebClientPortletAuthenticator implements WebScriptPortletAuthentica
/* (non-Javadoc) /* (non-Javadoc)
* @see org.alfresco.web.scripts.portlet.WebScriptPortletAuthenticator#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean, javax.portlet.RenderRequest, javax.portlet.RenderResponse) * @see org.alfresco.web.scripts.portlet.WebScriptPortletAuthenticator#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean, javax.portlet.RenderRequest, javax.portlet.RenderResponse)
*/ */
public void authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res) public boolean authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res)
{ {
PortletSession session = req.getPortletSession(); PortletSession session = req.getPortletSession();
String portalUser = req.getRemoteUser(); String portalUser = req.getRemoteUser();
@@ -115,6 +115,8 @@ public class WebClientPortletAuthenticator implements WebScriptPortletAuthentica
removeSessionInvalidated(session); removeSessionInvalidated(session);
} }
} }
return true;
} }
/** /**

4
source/java/org/alfresco/web/scripts/portlet/WebScriptPortlet.java
View File

@@ -254,9 +254,9 @@ public class WebScriptPortlet implements Portlet
* @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean) * @see org.alfresco.web.scripts.WebScriptRuntime#authenticate(org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication, boolean)
*/ */
@Override @Override
protected void authenticate(RequiredAuthentication required, boolean isGuest) protected boolean authenticate(RequiredAuthentication required, boolean isGuest)
{ {
authenticator.authenticate(required, isGuest, req, res); return authenticator.authenticate(required, isGuest, req, res);
} }
/* (non-Javadoc) /* (non-Javadoc)

23
source/java/org/alfresco/web/scripts/portlet/WebScriptPortletAuthenticator.java
View File

@@ -29,7 +29,6 @@ import javax.portlet.RenderResponse;
import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication; import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication;
/** /**
* Web Script Authenticator for the JSR-168 environment * Web Script Authenticator for the JSR-168 environment
* *
@@ -37,15 +36,15 @@ import org.alfresco.web.scripts.WebScriptDescription.RequiredAuthentication;
*/ */
public interface WebScriptPortletAuthenticator public interface WebScriptPortletAuthenticator
{ {
/**
/** * Authenticate Web Script execution
* Authenticate Web Script execution *
* * @param required required level of authentication
* @param required required level of authentication * @param isGuest is Guest accessing the web script
* @param isGuest is Guest accessing the web script * @param req portlet render request
* @param req portlet render request * @param res portlet render response
* @param res portlet render response *
*/ * @return true if authorised, false otherwise
public void authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res); */
public boolean authenticate(RequiredAuthentication required, boolean isGuest, RenderRequest req, RenderResponse res);
} }