Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

90921: MNT-12765 - No endpoints can be configured in Share that use external-auth and a different URL - as they will be redirected down the URL for 'alfresco' endpoint.
   Merged PROPERTY_GROUP_PROTOTYPING (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud)
      90742: Refactoring of SSO paths
       - Added Session User authentication support to RemoteUserAuthenticatorFactory - so can use cookie based auth for example with Public API route.
       - Tidy up of common duplicated code constants e.g. _alfAuthTicket
       - Added Global Authentication Filter around the /api/* endpoint to allow SSO active over Public API


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94744 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java

@@ -38,6 +38,7 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
 import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
+import org.alfresco.repo.webdav.auth.AuthenticationDriver;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -72,7 +73,7 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
 public final class AuthenticationHelper
 {
    /** session variables */
-   public static final String AUTHENTICATION_USER = "_alfAuthTicket";
+   public static final String AUTHENTICATION_USER = AuthenticationDriver.AUTHENTICATION_USER;
    public static final String SESSION_USERNAME = "_alfLastUser";
    public static final String SESSION_INVALIDATED = "_alfSessionInvalid";
    

source/java/org/alfresco/web/app/servlet/WebscriptCookieAuthenticationFilter.java

@@ -22,14 +22,13 @@ import org.apache.commons.logging.LogFactory;
 /**
  * WebScript aware Authentication Filter. Directly handles login script calls, allowing Surf to establish a cookie
  * for a manual login, rather than the usual stateless ticket based logins.
- * 
+ * <p>
  * This functionality has been extracted from the WebScriptSSOAuthenticationFilter so that they can work independently.
  * 
  * @author Gethin James
  */
 public class WebscriptCookieAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter
 {
-
     private static final Log logger = LogFactory.getLog(WebscriptCookieAuthenticationFilter.class);
     private static final String API_LOGIN = "/api/login";
     
@@ -42,7 +41,6 @@ public class WebscriptCookieAuthenticationFilter extends BaseAuthenticationFilte
     @Override
     public void doFilter(ServletContext context, ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException, ServletException
     {
-        
         // Get the HTTP request/response
         HttpServletRequest req = (HttpServletRequest)sreq;
         HttpServletResponse res = (HttpServletResponse)sresp;

source/web/WEB-INF/web.xml

@@ -194,6 +194,11 @@
       <url-pattern>/wcs/*</url-pattern>
    </filter-mapping>
    
+   <filter-mapping>
+      <filter-name>Global Authentication Filter</filter-name>
+      <url-pattern>/api/*</url-pattern>
+   </filter-mapping>
+
    <filter-mapping>
       <filter-name>WebDAV Authentication Filter</filter-name>
       <url-pattern>/webdav/*</url-pattern>