mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged 1.4 to HEAD
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4145 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4146 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4159 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4160 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4164 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4165 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4165 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4166 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4176 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4178 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4179 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4181 . svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4145 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@4146 . git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4630 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
@@ -28,16 +28,22 @@ import javax.servlet.ServletRequest;
|
|||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import javax.servlet.http.HttpSession;
|
||||||
|
import javax.transaction.UserTransaction;
|
||||||
|
|
||||||
import org.alfresco.model.ContentModel;
|
import org.alfresco.model.ContentModel;
|
||||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||||
import org.alfresco.service.ServiceRegistry;
|
import org.alfresco.service.ServiceRegistry;
|
||||||
|
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
import org.alfresco.service.cmr.repository.NodeService;
|
import org.alfresco.service.cmr.repository.NodeService;
|
||||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||||
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
||||||
import org.alfresco.service.cmr.security.PersonService;
|
import org.alfresco.service.cmr.security.PersonService;
|
||||||
|
import org.alfresco.service.transaction.TransactionService;
|
||||||
import org.apache.commons.codec.binary.Base64;
|
import org.apache.commons.codec.binary.Base64;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.springframework.web.context.WebApplicationContext;
|
import org.springframework.web.context.WebApplicationContext;
|
||||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||||
|
|
||||||
@@ -48,10 +54,18 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
|
|||||||
*/
|
*/
|
||||||
public class AuthenticationFilter implements Filter
|
public class AuthenticationFilter implements Filter
|
||||||
{
|
{
|
||||||
|
// Debug logging
|
||||||
|
|
||||||
|
private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class);
|
||||||
|
|
||||||
// Authenticated user session object name
|
// Authenticated user session object name
|
||||||
|
|
||||||
public final static String AUTHENTICATION_USER = "_alfDAVAuthTicket";
|
public final static String AUTHENTICATION_USER = "_alfDAVAuthTicket";
|
||||||
|
|
||||||
|
// Allow an authenitcation ticket to be passed as part of a request to bypass authentication
|
||||||
|
|
||||||
|
private static final String ARG_TICKET = "ticket";
|
||||||
|
|
||||||
// Servlet context
|
// Servlet context
|
||||||
|
|
||||||
private ServletContext m_context;
|
private ServletContext m_context;
|
||||||
@@ -61,6 +75,7 @@ public class AuthenticationFilter implements Filter
|
|||||||
private AuthenticationService m_authService;
|
private AuthenticationService m_authService;
|
||||||
private PersonService m_personService;
|
private PersonService m_personService;
|
||||||
private NodeService m_nodeService;
|
private NodeService m_nodeService;
|
||||||
|
private TransactionService m_transactionService;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initialize the filter
|
* Initialize the filter
|
||||||
@@ -81,6 +96,7 @@ public class AuthenticationFilter implements Filter
|
|||||||
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
|
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
|
||||||
m_nodeService = serviceRegistry.getNodeService();
|
m_nodeService = serviceRegistry.getNodeService();
|
||||||
m_authService = serviceRegistry.getAuthenticationService();
|
m_authService = serviceRegistry.getAuthenticationService();
|
||||||
|
m_transactionService = serviceRegistry.getTransactionService();
|
||||||
m_personService = (PersonService) ctx.getBean("PersonService"); // transactional and permission-checked
|
m_personService = (PersonService) ctx.getBean("PersonService"); // transactional and permission-checked
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -137,12 +153,16 @@ public class AuthenticationFilter implements Filter
|
|||||||
try
|
try
|
||||||
{
|
{
|
||||||
// Authenticate the user
|
// Authenticate the user
|
||||||
m_authService.authenticate(username, password.toCharArray());
|
|
||||||
|
m_authService.authenticate(username, password.toCharArray());
|
||||||
|
|
||||||
// Get the user node and home folder
|
// Get the user node and home folder
|
||||||
|
|
||||||
NodeRef personNodeRef = m_personService.getPerson(username);
|
NodeRef personNodeRef = m_personService.getPerson(username);
|
||||||
NodeRef homeSpaceRef = (NodeRef) m_nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
|
NodeRef homeSpaceRef = (NodeRef) m_nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
|
||||||
|
|
||||||
// Setup User object and Home space ID etc.
|
// Setup User object and Home space ID etc.
|
||||||
|
|
||||||
user = new WebDAVUser(username, m_authService.getCurrentTicket(), homeSpaceRef);
|
user = new WebDAVUser(username, m_authService.getCurrentTicket(), homeSpaceRef);
|
||||||
|
|
||||||
httpReq.getSession().setAttribute(AUTHENTICATION_USER, user);
|
httpReq.getSession().setAttribute(AUTHENTICATION_USER, user);
|
||||||
@@ -156,6 +176,82 @@ public class AuthenticationFilter implements Filter
|
|||||||
// Do nothing, user object will be null
|
// Do nothing, user object will be null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// Check if the request includes an authentication ticket
|
||||||
|
|
||||||
|
String ticket = req.getParameter( ARG_TICKET);
|
||||||
|
|
||||||
|
if ( ticket != null && ticket.length() > 0)
|
||||||
|
{
|
||||||
|
// Debug
|
||||||
|
|
||||||
|
if ( logger.isDebugEnabled())
|
||||||
|
logger.debug("Logon via ticket from " + req.getRemoteHost() + " (" +
|
||||||
|
req.getRemoteAddr() + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);
|
||||||
|
|
||||||
|
UserTransaction tx = null;
|
||||||
|
try
|
||||||
|
{
|
||||||
|
// Validate the ticket
|
||||||
|
|
||||||
|
m_authService.validate(ticket);
|
||||||
|
|
||||||
|
// Need to create the User instance if not already available
|
||||||
|
|
||||||
|
String currentUsername = m_authService.getCurrentUserName();
|
||||||
|
|
||||||
|
// Start a transaction
|
||||||
|
|
||||||
|
tx = m_transactionService.getUserTransaction();
|
||||||
|
tx.begin();
|
||||||
|
|
||||||
|
NodeRef personRef = m_personService.getPerson(currentUsername);
|
||||||
|
user = new WebDAVUser( currentUsername, m_authService.getCurrentTicket(), personRef);
|
||||||
|
NodeRef homeRef = (NodeRef) m_nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
|
||||||
|
|
||||||
|
// Check that the home space node exists - else Login cannot proceed
|
||||||
|
|
||||||
|
if (m_nodeService.exists(homeRef) == false)
|
||||||
|
{
|
||||||
|
throw new InvalidNodeRefException(homeRef);
|
||||||
|
}
|
||||||
|
user.setHomeNode(homeRef);
|
||||||
|
|
||||||
|
tx.commit();
|
||||||
|
tx = null;
|
||||||
|
|
||||||
|
// Store the User object in the Session - the authentication servlet will then proceed
|
||||||
|
|
||||||
|
httpReq.getSession().setAttribute( AUTHENTICATION_USER, user);
|
||||||
|
}
|
||||||
|
catch (AuthenticationException authErr)
|
||||||
|
{
|
||||||
|
// Clear the user object to signal authentication failure
|
||||||
|
|
||||||
|
user = null;
|
||||||
|
}
|
||||||
|
catch (Throwable e)
|
||||||
|
{
|
||||||
|
// Clear the user object to signal authentication failure
|
||||||
|
|
||||||
|
user = null;
|
||||||
|
}
|
||||||
|
finally
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (tx != null)
|
||||||
|
{
|
||||||
|
tx.rollback();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception tex)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Check if the user is authenticated, if not then prompt again
|
// Check if the user is authenticated, if not then prompt again
|
||||||
|
|
||||||
|
|||||||
@@ -54,6 +54,7 @@ import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
|
|||||||
import org.alfresco.repo.security.authentication.NTLMMode;
|
import org.alfresco.repo.security.authentication.NTLMMode;
|
||||||
import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
|
import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
|
||||||
import org.alfresco.service.ServiceRegistry;
|
import org.alfresco.service.ServiceRegistry;
|
||||||
|
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
import org.alfresco.service.cmr.repository.NodeService;
|
import org.alfresco.service.cmr.repository.NodeService;
|
||||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||||
@@ -81,6 +82,10 @@ public class NTLMAuthenticationFilter implements Filter
|
|||||||
|
|
||||||
public final static String AUTHENTICATION_USER = "_alfDAVAuthTicket";
|
public final static String AUTHENTICATION_USER = "_alfDAVAuthTicket";
|
||||||
|
|
||||||
|
// Allow an authenitcation ticket to be passed as part of a request to bypass authentication
|
||||||
|
|
||||||
|
private static final String ARG_TICKET = "ticket";
|
||||||
|
|
||||||
// NTLM flags mask, used to mask out features that are not supported
|
// NTLM flags mask, used to mask out features that are not supported
|
||||||
|
|
||||||
private static final int NTLM_FLAGS = NTLM.Flag56Bit + NTLM.FlagLanManKey + NTLM.FlagNegotiateNTLM +
|
private static final int NTLM_FLAGS = NTLM.Flag56Bit + NTLM.FlagLanManKey + NTLM.FlagNegotiateNTLM +
|
||||||
@@ -285,7 +290,86 @@ public class NTLMAuthenticationFilter implements Filter
|
|||||||
|
|
||||||
if ( authHdr == null) {
|
if ( authHdr == null) {
|
||||||
|
|
||||||
// Debug
|
// Check if the request includes an authentication ticket
|
||||||
|
|
||||||
|
String ticket = req.getParameter( ARG_TICKET);
|
||||||
|
|
||||||
|
if ( ticket != null && ticket.length() > 0)
|
||||||
|
{
|
||||||
|
// Debug
|
||||||
|
|
||||||
|
if ( logger.isDebugEnabled())
|
||||||
|
logger.debug("Logon via ticket from " + req.getRemoteHost() + " (" +
|
||||||
|
req.getRemoteAddr() + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);
|
||||||
|
|
||||||
|
UserTransaction tx = null;
|
||||||
|
try
|
||||||
|
{
|
||||||
|
// Validate the ticket
|
||||||
|
|
||||||
|
m_authService.validate(ticket);
|
||||||
|
|
||||||
|
// Need to create the User instance if not already available
|
||||||
|
|
||||||
|
String currentUsername = m_authService.getCurrentUserName();
|
||||||
|
|
||||||
|
// Start a transaction
|
||||||
|
|
||||||
|
tx = m_transactionService.getUserTransaction();
|
||||||
|
tx.begin();
|
||||||
|
|
||||||
|
NodeRef personRef = m_personService.getPerson(currentUsername);
|
||||||
|
user = new WebDAVUser( currentUsername, m_authService.getCurrentTicket(), personRef);
|
||||||
|
NodeRef homeRef = (NodeRef) m_nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
|
||||||
|
|
||||||
|
// Check that the home space node exists - else Login cannot proceed
|
||||||
|
|
||||||
|
if (m_nodeService.exists(homeRef) == false)
|
||||||
|
{
|
||||||
|
throw new InvalidNodeRefException(homeRef);
|
||||||
|
}
|
||||||
|
user.setHomeNode(homeRef);
|
||||||
|
|
||||||
|
tx.commit();
|
||||||
|
tx = null;
|
||||||
|
|
||||||
|
// Store the User object in the Session - the authentication servlet will then proceed
|
||||||
|
|
||||||
|
req.getSession().setAttribute( AUTHENTICATION_USER, user);
|
||||||
|
|
||||||
|
// Chain to the next filter
|
||||||
|
|
||||||
|
chain.doFilter(sreq, sresp);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
catch (AuthenticationException authErr)
|
||||||
|
{
|
||||||
|
// Clear the user object to signal authentication failure
|
||||||
|
|
||||||
|
user = null;
|
||||||
|
}
|
||||||
|
catch (Throwable e)
|
||||||
|
{
|
||||||
|
// Clear the user object to signal authentication failure
|
||||||
|
|
||||||
|
user = null;
|
||||||
|
}
|
||||||
|
finally
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (tx != null)
|
||||||
|
{
|
||||||
|
tx.rollback();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception tex)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Debug
|
||||||
|
|
||||||
if ( logger.isDebugEnabled())
|
if ( logger.isDebugEnabled())
|
||||||
logger.debug("New NTLM auth request from " + req.getRemoteHost() + " (" +
|
logger.debug("New NTLM auth request from " + req.getRemoteHost() + " (" +
|
||||||
|
|||||||
@@ -578,18 +578,14 @@ public class RepositoryWebService extends AbstractWebService implements
|
|||||||
// create the web service ClassDefinition type from the data dictionary TypeDefinition
|
// create the web service ClassDefinition type from the data dictionary TypeDefinition
|
||||||
ClassDefinition typeDef = Utils.setupClassDefObject(ddTypeDef);
|
ClassDefinition typeDef = Utils.setupClassDefObject(ddTypeDef);
|
||||||
|
|
||||||
// create the web service ClassDefinition types to represent the aspects
|
Set<QName> aspectsQNames = this.nodeService.getAspects(nodeRef);
|
||||||
ClassDefinition[] aspectDefs = null;
|
ClassDefinition[] aspectDefs = new ClassDefinition[aspectsQNames.size()];
|
||||||
List<AspectDefinition> aspects = ddTypeDef.getDefaultAspects();
|
int pos = 0;
|
||||||
if (aspects != null)
|
for (QName aspectQName : aspectsQNames)
|
||||||
{
|
{
|
||||||
aspectDefs = new ClassDefinition[aspects.size()];
|
AspectDefinition aspectDef = this.dictionaryService.getAspect(aspectQName);
|
||||||
int pos = 0;
|
aspectDefs[pos] = Utils.setupClassDefObject(aspectDef);
|
||||||
for (AspectDefinition ddAspectDef : aspects)
|
pos++;
|
||||||
{
|
|
||||||
aspectDefs[pos] = Utils.setupClassDefObject(ddAspectDef);
|
|
||||||
pos++;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return new NodeDefinition(typeDef, aspectDefs);
|
return new NodeDefinition(typeDef, aspectDefs);
|
||||||
|
|||||||
Reference in New Issue
Block a user