From f32360afb1e47528a2ff96dba53e2a1f1ce877ee Mon Sep 17 00:00:00 2001 From: Alan Davis Date: Sat, 31 Jan 2015 11:07:31 +0000 Subject: [PATCH] Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud) 90921: MNT-12765 - No endpoints can be configured in Share that use external-auth and a different URL - as they will be redirected down the URL for 'alfresco' endpoint. Merged PROPERTY_GROUP_PROTOTYPING (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud) 90742: Refactoring of SSO paths - Added Session User authentication support to RemoteUserAuthenticatorFactory - so can use cookie based auth for example with Public API route. - Tidy up of common duplicated code constants e.g. _alfAuthTicket - Added Global Authentication Filter around the /api/* endpoint to allow SSO active over Public API git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94744 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../org/alfresco/web/app/servlet/AuthenticationHelper.java | 3 ++- .../web/app/servlet/WebscriptCookieAuthenticationFilter.java | 4 +--- source/web/WEB-INF/web.xml | 5 +++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java index 0f51878b33..97094ae45d 100644 --- a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java +++ b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java @@ -38,6 +38,7 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.external.RemoteUserMapper; import org.alfresco.repo.security.permissions.AccessDeniedException; import org.alfresco.repo.transaction.RetryingTransactionHelper; +import org.alfresco.repo.webdav.auth.AuthenticationDriver; import org.alfresco.service.ServiceRegistry; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; @@ -72,7 +73,7 @@ import org.springframework.web.context.support.WebApplicationContextUtils; public final class AuthenticationHelper { /** session variables */ - public static final String AUTHENTICATION_USER = "_alfAuthTicket"; + public static final String AUTHENTICATION_USER = AuthenticationDriver.AUTHENTICATION_USER; public static final String SESSION_USERNAME = "_alfLastUser"; public static final String SESSION_INVALIDATED = "_alfSessionInvalid"; diff --git a/source/java/org/alfresco/web/app/servlet/WebscriptCookieAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/WebscriptCookieAuthenticationFilter.java index 257c0f8a45..e68ee73c05 100644 --- a/source/java/org/alfresco/web/app/servlet/WebscriptCookieAuthenticationFilter.java +++ b/source/java/org/alfresco/web/app/servlet/WebscriptCookieAuthenticationFilter.java @@ -22,14 +22,13 @@ import org.apache.commons.logging.LogFactory; /** * WebScript aware Authentication Filter. Directly handles login script calls, allowing Surf to establish a cookie * for a manual login, rather than the usual stateless ticket based logins. - * + *

* This functionality has been extracted from the WebScriptSSOAuthenticationFilter so that they can work independently. * * @author Gethin James */ public class WebscriptCookieAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter { - private static final Log logger = LogFactory.getLog(WebscriptCookieAuthenticationFilter.class); private static final String API_LOGIN = "/api/login"; @@ -42,7 +41,6 @@ public class WebscriptCookieAuthenticationFilter extends BaseAuthenticationFilte @Override public void doFilter(ServletContext context, ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException, ServletException { - // Get the HTTP request/response HttpServletRequest req = (HttpServletRequest)sreq; HttpServletResponse res = (HttpServletResponse)sresp; diff --git a/source/web/WEB-INF/web.xml b/source/web/WEB-INF/web.xml index b601d1751f..b4f59c3781 100644 --- a/source/web/WEB-INF/web.xml +++ b/source/web/WEB-INF/web.xml @@ -193,6 +193,11 @@ Global Authentication Filter /wcs/* + + + Global Authentication Filter + /api/* + WebDAV Authentication Filter