mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V3.0 to HEAD
12349: Tweaked the Hibernate session helper to prevent initially-large sessions from drowning the flush code 12452: MT - fix ETHREEOH-1056 12453: MT - fix ETHREEOH-886 12460: MT - fix ETHREEOH-1013 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12536 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
@@ -1,112 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2008 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have recieved a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
package org.alfresco.web.app.servlet;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.web.scripts.Authenticator;
|
||||
import org.alfresco.web.scripts.Description.RequiredAuthentication;
|
||||
import org.alfresco.web.scripts.servlet.ServletAuthenticatorFactory;
|
||||
import org.alfresco.web.scripts.servlet.WebScriptServletRequest;
|
||||
import org.alfresco.web.scripts.servlet.WebScriptServletResponse;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
|
||||
/**
|
||||
* In case of MT-context, this servlet filter will force authentication prior to WebScript binding, even for WebScripts
|
||||
* that do not require authentication.
|
||||
*
|
||||
* In future releases, consider updating the HTTP API such that an optional tenant context could be specified as part of
|
||||
* the URL, hence not requiring pre-authentication in that case.
|
||||
*/
|
||||
public class MTWebScriptAuthenticationFilter implements Filter
|
||||
{
|
||||
private FilterConfig config;
|
||||
|
||||
private ApplicationContext appContext;
|
||||
|
||||
/**
|
||||
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
|
||||
*/
|
||||
public void init(FilterConfig config) throws ServletException
|
||||
{
|
||||
this.config = config;
|
||||
this.appContext = WebApplicationContextUtils.getRequiredWebApplicationContext(config.getServletContext());
|
||||
}
|
||||
|
||||
/**
|
||||
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
|
||||
*/
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
|
||||
throws IOException, ServletException
|
||||
{
|
||||
if (AuthenticationUtil.isMtEnabled())
|
||||
{
|
||||
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
|
||||
if (currentUser == null)
|
||||
{
|
||||
// retrieve authenticator factory
|
||||
String authenticatorId = config.getInitParameter("authenticator");
|
||||
if (authenticatorId != null && authenticatorId.length() > 0)
|
||||
{
|
||||
Object bean = appContext.getBean(authenticatorId);
|
||||
if (bean == null || !(bean instanceof ServletAuthenticatorFactory))
|
||||
{
|
||||
throw new ServletException("Initialisation parameter 'authenticator' does not refer to a servlet authenticator factory (" + authenticatorId + ")");
|
||||
}
|
||||
|
||||
ServletAuthenticatorFactory authenticatorFactory = (ServletAuthenticatorFactory)bean;
|
||||
|
||||
if ((req instanceof HttpServletRequest) && (res instanceof HttpServletResponse))
|
||||
{
|
||||
Authenticator authenticator = authenticatorFactory.create(new WebScriptServletRequest(null, (HttpServletRequest)req, null, null), new WebScriptServletResponse(null, (HttpServletResponse)res));
|
||||
authenticator.authenticate(RequiredAuthentication.user, false);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// continue filter chaining
|
||||
chain.doFilter(req, res);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see javax.servlet.Filter#destroy()
|
||||
*/
|
||||
public void destroy()
|
||||
{
|
||||
// nothing to do
|
||||
}
|
||||
}
|
||||
@@ -123,23 +123,6 @@
|
||||
<filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>MT WebScript Basic Authentication Filter</filter-name>
|
||||
<filter-class>org.alfresco.web.app.servlet.MTWebScriptAuthenticationFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>authenticator</param-name>
|
||||
<param-value>webscripts.authenticator.basic</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>MT WebScript WC Authentication Filter</filter-name>
|
||||
<filter-class>org.alfresco.web.app.servlet.MTWebScriptAuthenticationFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>authenticator</param-name>
|
||||
<param-value>webscripts.authenticator.webclient</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<!-- For NTLM authentication support enable the following mappings -->
|
||||
<!-- after enabling the NTLMAuthenticationFilter filter class above -->
|
||||
@@ -241,20 +224,6 @@
|
||||
</filter-mapping>
|
||||
|
||||
|
||||
<!-- for MT-context, force auth prior to WebScript binding
|
||||
for ST-context, pass through (or can explicitly comment out) -->
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>MT WebScript Basic Authentication Filter</filter-name>
|
||||
<servlet-name>apiServlet</servlet-name>
|
||||
</filter-mapping>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>MT WebScript WC Authentication Filter</filter-name>
|
||||
<servlet-name>wcapiServlet</servlet-name>
|
||||
</filter-mapping>
|
||||
|
||||
|
||||
<listener>
|
||||
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
|
||||
</listener>
|
||||
|
||||
Reference in New Issue
Block a user