inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

MT - initial checkin for MT-enabled Web Scripts

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8293 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2008-02-15 15:29:27 +00:00
parent a450598ecb
commit f3969beff1
6 changed files with 1070 additions and 709 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/alfresco/web-scripts-application-context.xml
View File

@@ -37,6 +37,7 @@
<property name="fileFolderService" ref="fileFolderService" /> <property name="fileFolderService" ref="fileFolderService" />
<property name="searchService" ref="SearchService" /> <property name="searchService" ref="SearchService" />
<property name="permissionService" ref="PermissionService" /> <property name="permissionService" ref="PermissionService" />
<property name="tenantDeployerService" ref="tenantAdminService" />
</bean> </bean>
<bean name="webscripts.store.repo.extension" parent="webscripts.repostore"> <bean name="webscripts.store.repo.extension" parent="webscripts.repostore">
@@ -83,6 +84,7 @@
<property name="personService" ref="personService" /> <property name="personService" ref="personService" />
<property name="fileFolderService" ref="fileFolderService" /> <property name="fileFolderService" ref="fileFolderService" />
<property name="searchService" ref="searchService" /> <property name="searchService" ref="searchService" />
<property name="tenantDeployerService" ref="tenantAdminService" />
<property name="companyHomeStore"><value>${spaces.store}</value></property> <property name="companyHomeStore"><value>${spaces.store}</value></property>
<property name="companyHomePath"><value>/${spaces.company_home.childname}</value></property> <property name="companyHomePath"><value>/${spaces.company_home.childname}</value></property>
</bean> </bean>
@@ -115,6 +117,7 @@
<property name="descriptorService" ref="DescriptorService" /> <property name="descriptorService" ref="DescriptorService" />
<property name="searchPath" ref="webscripts.searchpath" /> <property name="searchPath" ref="webscripts.searchpath" />
<property name="configService" ref="web.config" /> <property name="configService" ref="web.config" />
<property name="tenantDeployerService" ref="tenantAdminService" />
</bean> </bean>

122
source/java/org/alfresco/repo/web/scripts/RepoStore.java
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2005-2007 Alfresco Software Limited. * Copyright (C) 2005-2008 Alfresco Software Limited.
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License * modify it under the terms of the GNU General Public License
@@ -31,11 +31,15 @@ import java.io.Reader;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantDeployer;
import org.alfresco.repo.tenant.TenantDeployerService;
import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.model.FileFolderService; import org.alfresco.service.cmr.model.FileFolderService;
@@ -65,13 +69,12 @@ import freemarker.cache.TemplateLoader;
* *
* @author davidc * @author davidc
*/ */
public class RepoStore implements Store public class RepoStore implements Store, TenantDeployer
{ {
protected boolean mustExist = false; protected boolean mustExist = false;
protected StoreRef repoStore; protected StoreRef repoStore;
protected String repoPath; protected String repoPath;
protected NodeRef baseNodeRef; protected Map<String, NodeRef> baseNodeRefs;
protected String baseDir;
// dependencies // dependencies
protected RetryingTransactionHelper retryingTransactionHelper; protected RetryingTransactionHelper retryingTransactionHelper;
@@ -82,6 +85,8 @@ public class RepoStore implements Store
protected NamespaceService namespaceService; protected NamespaceService namespaceService;
protected PermissionService permissionService; protected PermissionService permissionService;
private TenantDeployerService tenantDeployerService;
/** /**
* Sets helper that provides transaction callbacks * Sets helper that provides transaction callbacks
@@ -139,6 +144,14 @@ public class RepoStore implements Store
this.permissionService = permissionService; this.permissionService = permissionService;
} }
/**
* Sets the tenant deployer service
*/
public void setTenantDeployerService(TenantDeployerService tenantDeployerService)
{
this.tenantDeployerService = tenantDeployerService;
}
/** /**
* Sets whether the repo store must exist * Sets whether the repo store must exist
* *
@@ -169,33 +182,65 @@ public class RepoStore implements Store
/* (non-Javadoc) /* (non-Javadoc)
* @see org.alfresco.web.scripts.Store#init() * @see org.alfresco.web.scripts.Store#init()
* @see org.alfresco.repo.tenant.TenantDeployer#init()
*/ */
public void init() public void init()
{ {
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() if (baseNodeRefs == null)
{ {
public Object doWork() throws Exception baseNodeRefs = new HashMap<String, NodeRef>(1);
}
getBaseNodeRef();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#destroy()
*/
public void destroy()
{
baseNodeRefs.remove(tenantDeployerService.getCurrentUserDomain());
}
private NodeRef getBaseNodeRef()
{
String tenantDomain = tenantDeployerService.getCurrentUserDomain();
NodeRef baseNodeRef = baseNodeRefs.get(tenantDomain);
if (baseNodeRef == null)
{
baseNodeRef = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
{ {
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>() public NodeRef doWork() throws Exception
{ {
public Object execute() throws Exception return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{ {
String query = "PATH:\"" + repoPath + "\""; public NodeRef execute() throws Exception
ResultSet resultSet = searchService.query(repoStore, SearchService.LANGUAGE_LUCENE, query);
if (resultSet.length() == 1)
{ {
baseNodeRef = resultSet.getNodeRef(0); String query = "PATH:\"" + repoPath + "\"";
baseDir = getPath(baseNodeRef); ResultSet resultSet = searchService.query(repoStore, SearchService.LANGUAGE_LUCENE, query);
if (resultSet.length() == 1)
{
return resultSet.getNodeRef(0);
}
else if (mustExist)
{
throw new WebScriptException("Web Script Store " + repoStore.toString() + repoPath + " must exist; it was not found");
}
return null;
} }
else if (mustExist) });
{ }
throw new WebScriptException("Web Script Store " + repoStore.toString() + repoPath + " must exist; it was not found"); }, AuthenticationUtil.getSystemUserName());
}
return null; // TODO clear on deleteTenant
} baseNodeRefs.put(tenantDomain, baseNodeRef);
}); }
} return baseNodeRef;
}, AuthenticationUtil.getSystemUserName()); }
private String getBaseDir()
{
return getPath(getBaseNodeRef());
} }
/* (non-Javadoc) /* (non-Javadoc)
@@ -203,7 +248,7 @@ public class RepoStore implements Store
*/ */
public boolean exists() public boolean exists()
{ {
return (baseNodeRef != null); return (getBaseNodeRef() != null);
} }
/* (non-Javadoc) /* (non-Javadoc)
@@ -239,7 +284,7 @@ public class RepoStore implements Store
{ {
String[] pathElements = documentPath.split("/"); String[] pathElements = documentPath.split("/");
List<String> pathElementsList = Arrays.asList(pathElements); List<String> pathElementsList = Arrays.asList(pathElements);
FileInfo file = fileService.resolveNamePath(baseNodeRef, pathElementsList); FileInfo file = fileService.resolveNamePath(getBaseNodeRef(), pathElementsList);
node = file.getNodeRef(); node = file.getNodeRef();
} }
catch (FileNotFoundException e) catch (FileNotFoundException e)
@@ -262,7 +307,7 @@ public class RepoStore implements Store
{ {
public String[] execute() throws Exception public String[] execute() throws Exception
{ {
int baseDirLength = baseDir.length() +1; int baseDirLength = getBaseDir().length() +1;
List<String> documentPaths = new ArrayList<String>(); List<String> documentPaths = new ArrayList<String>();
String scriptPath = script.getDescription().getScriptPath(); String scriptPath = script.getDescription().getScriptPath();
NodeRef scriptNodeRef = findNodeRef(scriptPath); NodeRef scriptNodeRef = findNodeRef(scriptPath);
@@ -305,7 +350,7 @@ public class RepoStore implements Store
{ {
public String[] execute() throws Exception public String[] execute() throws Exception
{ {
int baseDirLength = baseDir.length() +1; int baseDirLength = getBaseDir().length() +1;
List<String> documentPaths = new ArrayList<String>(); List<String> documentPaths = new ArrayList<String>();
String query = "+PATH:\"" + repoPath + "//*\" +QNAME:*.desc.xml"; String query = "+PATH:\"" + repoPath + "//*\" +QNAME:*.desc.xml";
@@ -391,7 +436,7 @@ public class RepoStore implements Store
List<String> folderElementsList = Arrays.asList(folderElements); List<String> folderElementsList = Arrays.asList(folderElements);
// create folder // create folder
FileInfo pathInfo = fileService.makeFolders(baseNodeRef, folderElementsList, ContentModel.TYPE_FOLDER); FileInfo pathInfo = fileService.makeFolders(getBaseNodeRef(), folderElementsList, ContentModel.TYPE_FOLDER);
// create file // create file
String fileName = pathElements[pathElements.length -1]; String fileName = pathElements[pathElements.length -1];
@@ -420,6 +465,23 @@ public class RepoStore implements Store
return new RepoScriptLoader(); return new RepoScriptLoader();
} }
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onEnableTenant()
*/
public void onEnableTenant()
{
init();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onDisableTenant()
*/
public void onDisableTenant()
{
destroy();
}
/** /**
* Repository path based template loader * Repository path based template loader
* *
@@ -673,7 +735,7 @@ public class RepoStore implements Store
*/ */
public String getPath() public String getPath()
{ {
return repoStore + baseDir + "/" + path; return repoStore + getBaseDir() + "/" + path;
} }
/* (non-Javadoc) /* (non-Javadoc)
@@ -681,7 +743,7 @@ public class RepoStore implements Store
*/ */
public String getPathDescription() public String getPathDescription()
{ {
return "/" + path + " (in repository store " + repoStore.toString() + baseDir + ")"; return "/" + path + " (in repository store " + repoStore.toString() + getBaseDir() + ")";
} }
} }

102
source/java/org/alfresco/repo/web/scripts/Repository.java
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2005-2007 Alfresco Software Limited. * Copyright (C) 2005-2008 Alfresco Software Limited.
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License * modify it under the terms of the GNU General Public License
@@ -25,12 +25,17 @@
package org.alfresco.repo.web.scripts; package org.alfresco.repo.web.scripts;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.tenant.TenantDeployer;
import org.alfresco.repo.tenant.TenantDeployerService;
import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.model.FileFolderService; import org.alfresco.service.cmr.model.FileFolderService;
@@ -56,7 +61,7 @@ import org.springframework.context.ApplicationListener;
* *
* @author davidc * @author davidc
*/ */
public class Repository implements ApplicationContextAware, ApplicationListener public class Repository implements ApplicationContextAware, ApplicationListener, TenantDeployer
{ {
private ProcessorLifecycle lifecycle = new ProcessorLifecycle(); private ProcessorLifecycle lifecycle = new ProcessorLifecycle();
@@ -67,11 +72,12 @@ public class Repository implements ApplicationContextAware, ApplicationListener
private NodeService nodeService; private NodeService nodeService;
private FileFolderService fileFolderService; private FileFolderService fileFolderService;
private PersonService personService; private PersonService personService;
private TenantDeployerService tenantDeployerService;
// company home // company home
private StoreRef companyHomeStore; private StoreRef companyHomeStore;
private String companyHomePath; private String companyHomePath;
private NodeRef companyHome; private Map<String, NodeRef> companyHomeRefs;
/** /**
@@ -152,6 +158,16 @@ public class Repository implements ApplicationContextAware, ApplicationListener
this.personService = personService; this.personService = personService;
} }
/**
* Sets the tenant deployer service
*
* @param tenantDeployerService
*/
public void setTenantDeployerService(TenantDeployerService tenantDeployerService)
{
this.tenantDeployerService = tenantDeployerService;
}
/* (non-Javadoc) /* (non-Javadoc)
* @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext) * @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
*/ */
@@ -190,20 +206,14 @@ public class Repository implements ApplicationContextAware, ApplicationListener
*/ */
protected void initContext() protected void initContext()
{ {
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>() tenantDeployerService.register(this);
{
@SuppressWarnings("synthetic-access") if (companyHomeRefs == null)
public Object execute() throws Exception {
{ companyHomeRefs = new HashMap<String, NodeRef>(1);
List<NodeRef> refs = searchService.selectNodes(nodeService.getRootNode(companyHomeStore), companyHomePath, null, namespaceService, false); }
if (refs.size() != 1)
{ getCompanyHome();
throw new IllegalStateException("Invalid company home path: " + companyHomePath + " - found: " + refs.size());
}
companyHome = refs.get(0);
return null;
}
});
} }
@@ -224,7 +234,32 @@ public class Repository implements ApplicationContextAware, ApplicationListener
*/ */
public NodeRef getCompanyHome() public NodeRef getCompanyHome()
{ {
return companyHome; String tenantDomain = tenantDeployerService.getCurrentUserDomain();
NodeRef companyHomeRef = companyHomeRefs.get(tenantDomain);
if (companyHomeRef == null)
{
companyHomeRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
{
public NodeRef doWork() throws Exception
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
public NodeRef execute() throws Exception
{
List<NodeRef> refs = searchService.selectNodes(nodeService.getRootNode(companyHomeStore), companyHomePath, null, namespaceService, false);
if (refs.size() != 1)
{
throw new IllegalStateException("Invalid company home path: " + companyHomePath + " - found: " + refs.size());
}
return refs.get(0);
}
});
}
}, AuthenticationUtil.getSystemUserName());
companyHomeRefs.put(tenantDomain, companyHomeRef);
}
return companyHomeRef;
} }
/** /**
@@ -329,4 +364,35 @@ public class Repository implements ApplicationContextAware, ApplicationListener
return nodeRef; return nodeRef;
} }
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onEnableTenant()
*/
public void onEnableTenant()
{
init();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onDisableTenant()
*/
public void onDisableTenant()
{
destroy();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#init()
*/
public void init()
{
initContext();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#destroy()
*/
public void destroy()
{
companyHomeRefs.remove(tenantDeployerService.getCurrentUserDomain());
}
} }

91
source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2005-2007 Alfresco Software Limited. * Copyright (C) 2005-2008 Alfresco Software Limited.
* *
* This program is free software; you can redistribute it and/or * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License * modify it under the terms of the GNU General Public License
@@ -31,6 +31,8 @@ import java.util.Map;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantDeployer;
import org.alfresco.repo.tenant.TenantDeployerService;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport; import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
@@ -43,6 +45,7 @@ import org.alfresco.service.descriptor.DescriptorService;
import org.alfresco.web.scripts.AbstractRuntimeContainer; import org.alfresco.web.scripts.AbstractRuntimeContainer;
import org.alfresco.web.scripts.Authenticator; import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description; import org.alfresco.web.scripts.Description;
import org.alfresco.web.scripts.Registry;
import org.alfresco.web.scripts.ServerModel; import org.alfresco.web.scripts.ServerModel;
import org.alfresco.web.scripts.WebScript; import org.alfresco.web.scripts.WebScript;
import org.alfresco.web.scripts.WebScriptException; import org.alfresco.web.scripts.WebScriptException;
@@ -59,7 +62,7 @@ import org.apache.commons.logging.LogFactory;
* *
* @author davidc * @author davidc
*/ */
public class RepositoryContainer extends AbstractRuntimeContainer public class RepositoryContainer extends AbstractRuntimeContainer implements TenantDeployer
{ {
// Logger // Logger
protected static final Log logger = LogFactory.getLog(RepositoryContainer.class); protected static final Log logger = LogFactory.getLog(RepositoryContainer.class);
@@ -71,6 +74,9 @@ public class RepositoryContainer extends AbstractRuntimeContainer
private AuthorityService authorityService; private AuthorityService authorityService;
private PermissionService permissionService; private PermissionService permissionService;
private DescriptorService descriptorService; private DescriptorService descriptorService;
private TenantDeployerService tenantDeployerService;
private Map<String, Registry> tenantRegistries = new HashMap<String, Registry>(0);
/** /**
* @param repository * @param repository
@@ -120,6 +126,14 @@ public class RepositoryContainer extends AbstractRuntimeContainer
this.authorityService = authorityService; this.authorityService = authorityService;
} }
/**
* @param tenantDeployerService
*/
public void setTenantDeployerService(TenantDeployerService tenantDeployerService)
{
this.tenantDeployerService = tenantDeployerService;
}
/* (non-Javadoc) /* (non-Javadoc)
* @see org.alfresco.web.scripts.Container#getDescription() * @see org.alfresco.web.scripts.Container#getDescription()
*/ */
@@ -192,7 +206,12 @@ public class RepositoryContainer extends AbstractRuntimeContainer
if (required == RequiredAuthentication.none) if (required == RequiredAuthentication.none)
{ {
AuthenticationUtil.clearCurrentSecurityContext(); // MT-context will pre-authenticate (see MTWebScriptAuthenticationFilter)
if (! AuthenticationUtil.isMtEnabled())
{
// TODO revisit - cleared here, in-lieu of WebClient clear
AuthenticationUtil.clearCurrentSecurityContext();
}
transactionedExecute(script, scriptReq, scriptRes); transactionedExecute(script, scriptReq, scriptRes);
} }
else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest) else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest)
@@ -292,4 +311,70 @@ public class RepositoryContainer extends AbstractRuntimeContainer
} }
} }
/* (non-Javadoc)
* @see org.alfresco.web.scripts.AbstractRuntimeContainer#getRegistry()
*/
@Override
public Registry getRegistry()
{
if (tenantDeployerService.isEnabled())
{
String tenantDomain = tenantDeployerService.getCurrentUserDomain();
Registry registry = tenantRegistries.get(tenantDomain);
if (registry == null)
{
init();
registry = tenantRegistries.get(tenantDomain);
}
return registry;
}
else
{
return super.getRegistry();
}
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.AbstractRuntimeContainer#reset()
*/
@Override
public void reset()
{
tenantDeployerService.register(this);
super.reset();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onEnableTenant()
*/
public void onEnableTenant()
{
init();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onDisableTenant()
*/
public void onDisableTenant()
{
destroy();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#init()
*/
public void init()
{
Registry registry = super.getRegistry().cloneEmpty();
tenantRegistries.put(tenantDeployerService.getCurrentUserDomain(), registry);
registry.reset();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#destroy()
*/
public void destroy()
{
tenantRegistries.remove(tenantDeployerService.getCurrentUserDomain());
}
} }

112
source/java/org/alfresco/web/app/servlet/MTWebScriptAuthenticationFilter.java Normal file
View File

@@ -0,0 +1,112 @@
/*
* Copyright (C) 2005-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.web.app.servlet;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description.RequiredAuthentication;
import org.alfresco.web.scripts.servlet.ServletAuthenticatorFactory;
import org.alfresco.web.scripts.servlet.WebScriptServletRequest;
import org.alfresco.web.scripts.servlet.WebScriptServletResponse;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
* In case of MT-context, this servlet filter will force authentication prior to WebScript binding, even for WebScripts
* that do not require authentication.
*
* In future releases, consider updating the HTTP API such that an optional tenant context could be specified as part of
* the URL, hence not requiring pre-authentication in that case.
*/
public class MTWebScriptAuthenticationFilter implements Filter
{
private FilterConfig config;
private ApplicationContext appContext;
/**
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig config) throws ServletException
{
this.config = config;
this.appContext = WebApplicationContextUtils.getRequiredWebApplicationContext(config.getServletContext());
}
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException
{
if (AuthenticationUtil.isMtEnabled())
{
String currentUser = AuthenticationUtil.getCurrentUserName();
if (currentUser == null)
{
// retrieve authenticator factory
String authenticatorId = config.getInitParameter("authenticator");
if (authenticatorId != null && authenticatorId.length() > 0)
{
Object bean = appContext.getBean(authenticatorId);
if (bean == null || !(bean instanceof ServletAuthenticatorFactory))
{
throw new ServletException("Initialisation parameter 'authenticator' does not refer to a servlet authenticator factory (" + authenticatorId + ")");
}
ServletAuthenticatorFactory authenticatorFactory = (ServletAuthenticatorFactory)bean;
if ((req instanceof HttpServletRequest) && (res instanceof HttpServletResponse))
{
Authenticator authenticator = authenticatorFactory.create(new WebScriptServletRequest(null, (HttpServletRequest)req, null, null), new WebScriptServletResponse(null, (HttpServletResponse)res));
authenticator.authenticate(RequiredAuthentication.user, false);
}
}
}
}
// continue filter chaining
chain.doFilter(req, res);
}
/**
* @see javax.servlet.Filter#destroy()
*/
public void destroy()
{
// nothing to do
}
}

33
source/web/WEB-INF/web.xml
View File

@@ -108,6 +108,24 @@
<filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class> <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
</filter> </filter>
<filter>
<filter-name>MT WebScript Basic Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.MTWebScriptAuthenticationFilter</filter-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.basic</param-value>
</init-param>
</filter>
<filter>
<filter-name>MT WebScript WC Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.MTWebScriptAuthenticationFilter</filter-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.webclient</param-value>
</init-param>
</filter>
<filter-mapping> <filter-mapping>
<filter-name>Authentication Filter</filter-name> <filter-name>Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern> <url-pattern>/faces/*</url-pattern>
@@ -166,6 +184,21 @@
<url-pattern>/faces/jsp/admin/system-info.jsp</url-pattern> <url-pattern>/faces/jsp/admin/system-info.jsp</url-pattern>
</filter-mapping> </filter-mapping>
<!-- for MT-context, force auth prior to WebScript binding
for ST-context, pass through (or can explicitly comment out) -->
<filter-mapping>
<filter-name>MT WebScript Basic Authentication Filter</filter-name>
<servlet-name>apiServlet</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>MT WebScript WC Authentication Filter</filter-name>
<servlet-name>wcapiServlet</servlet-name>
</filter-mapping>
<listener> <listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class> <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
</listener> </listener>