inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-21 18:09:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged BRANCHES/DEV/V4.0-BUG-FIX to HEAD:

Browse Source 
35474: ALF-13773 WebScript permission checking for Guest vs User should work for HTTP Auth and Alf_Ticket based ways of identifying the user a Guest, and not just for the ?guest=true URL parameter


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@35477 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Nick Burch
2012-04-20 13:48:00 +00:00
parent 6739429ab7
commit d67b66bebf
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
View File

@@ -301,6 +301,17 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
// //
if (auth == null || auth.authenticate(required, isGuest)) if (auth == null || auth.authenticate(required, isGuest))
{ {
// The user will now have been authenticated, based on HTTP Auth, Ticket etc
// Check that the user they authenticated as has appropriate access to the script
// Check to see if they supplied HTTP Auth or Ticket as guest, on a script that needs more
isGuest = authorityService.isGuestAuthority(AuthenticationUtil.getFullyAuthenticatedUser());
if (isGuest && (required == RequiredAuthentication.user || required == RequiredAuthentication.admin))
{
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires user authentication; however, a guest has attempted access.");
}
// Check to see if they're admin or system on an Admin only script
if (required == RequiredAuthentication.admin && !(authorityService.hasAdminAuthority() || AuthenticationUtil.getFullyAuthenticatedUser().equals(AuthenticationUtil.getSystemUserName()))) if (required == RequiredAuthentication.admin && !(authorityService.hasAdminAuthority() || AuthenticationUtil.getFullyAuthenticatedUser().equals(AuthenticationUtil.getSystemUserName())))
{ {
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires admin authentication; however, a non-admin has attempted access."); throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires admin authentication; however, a non-admin has attempted access.");

3
source/java/org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.java
View File

@@ -116,7 +116,8 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
logger.debug("URL ticket provided: " + (ticket != null && ticket.length() > 0)); logger.debug("URL ticket provided: " + (ticket != null && ticket.length() > 0));
} }
// authenticate as guest, if service allows // If they requested explicit guest authentication,
// Authenticate as guest (if allowed)
if (isGuest && RequiredAuthentication.guest == required) if (isGuest && RequiredAuthentication.guest == required)
{ {
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())