Refactor subsystems for authentication chaining

- An authentication chain of size 1 configured by default - DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain. - SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication - SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported). - SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain - CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only) - Rationalization of subsystem configuration folder structure and JMX object naming - Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances - Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime. - New AuthenticationChainTest unit test git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-04-21 13:29:08 +00:00
parent bf949d306b
commit d2180c5eaa
77 changed files with 3556 additions and 1371 deletions
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java
@@ -29,13 +29,15 @@ import java.io.StringWriter;
 import java.util.Collections;
 import java.util.Set;

+import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.AuthenticationManager;
 import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;

-import org.alfresco.service.Managed;
+import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;

-public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
+public class AuthenticationComponentImpl extends AbstractAuthenticationComponent implements NLTMAuthenticator
 {
    private MutableAuthenticationDao authenticationDao;

@@ -61,7 +63,6 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
     * 
     * @param authenticationDao
     */
-    @Managed(category = "Security")
    public void setAuthenticationDao(MutableAuthenticationDao authenticationDao)
    {
        this.authenticationDao = authenticationDao;
@@ -107,16 +108,22 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
    /**
     * Get the password hash from the DAO
     */
-    @Override
    public String getMD4HashedPassword(String userName)
    {
        return this.authenticationDao.getMD4HashedPassword(userName);
    }

+    /**
+     * The default is not to support Authentication token base authentication
+     */
+    public Authentication authenticate(Authentication token) throws AuthenticationException
+    {
+        throw new AlfrescoRuntimeException("Authentication via token not supported");
+    }
+    
    /**
     * This implementation supported MD4 password hashes.
     */
-    @Override
    public NTLMMode getNTLMMode()
    {
        return NTLMMode.MD4_PROVIDER;