mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
MOB-412: Decouple thread local authentication methods from AuthenticationComponent into new AuthenticationContext super-interface. The AuthenticationContext is a delegate of AbstractAuthenticationComponent and can be accessed directly by low-level classes (e.g. schema bootstrap) before the authentication subsystem is available.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13721 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -1,125 +1,123 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have recieved a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
package org.alfresco.repo.security.authentication;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||
import org.alfresco.repo.tenant.TenantService;
|
||||
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.security.AuthorityType;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.alfresco.service.transaction.TransactionService;
|
||||
|
||||
/**
|
||||
* This class abstract the support required to set up and query the Acegi context for security enforcement. There are
|
||||
* some simple default method implementations to support simple authentication.
|
||||
*
|
||||
* @author Andy Hind
|
||||
*/
|
||||
public abstract class AbstractAuthenticationComponent implements AuthenticationComponent
|
||||
{
|
||||
/**
|
||||
* The abstract class keeps track of support for guest login
|
||||
*/
|
||||
private Boolean allowGuestLogin = null;
|
||||
|
||||
private TenantService tenantService;
|
||||
|
||||
private PersonService personService;
|
||||
|
||||
private NodeService nodeService;
|
||||
|
||||
private TransactionService transactionService;
|
||||
|
||||
private Set<String> defaultAdministratorUserNames = Collections.emptySet();
|
||||
|
||||
private boolean autoCreatePeopleOnLogin = true;
|
||||
|
||||
public AbstractAuthenticationComponent()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set if guest login is supported.
|
||||
*
|
||||
* @param allowGuestLogin
|
||||
*/
|
||||
public void setAllowGuestLogin(Boolean allowGuestLogin)
|
||||
{
|
||||
this.allowGuestLogin = allowGuestLogin;
|
||||
}
|
||||
|
||||
public void setTenantService(TenantService tenantService)
|
||||
{
|
||||
this.tenantService = tenantService;
|
||||
}
|
||||
|
||||
public void setPersonService(PersonService personService)
|
||||
{
|
||||
this.personService = personService;
|
||||
}
|
||||
|
||||
public void setNodeService(NodeService nodeService)
|
||||
{
|
||||
this.nodeService = nodeService;
|
||||
}
|
||||
|
||||
public void setTransactionService(TransactionService transactionService)
|
||||
{
|
||||
this.transactionService = transactionService;
|
||||
}
|
||||
|
||||
public TransactionService getTransactionService()
|
||||
{
|
||||
return transactionService;
|
||||
}
|
||||
|
||||
public Boolean getAllowGuestLogin()
|
||||
{
|
||||
return allowGuestLogin;
|
||||
}
|
||||
|
||||
/*
|
||||
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have recieved a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
package org.alfresco.repo.security.authentication;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||
import org.alfresco.repo.tenant.TenantService;
|
||||
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.security.AuthorityType;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.alfresco.service.transaction.TransactionService;
|
||||
|
||||
/**
|
||||
* This class abstract the support required to set up and query the Acegi context for security enforcement. There are
|
||||
* some simple default method implementations to support simple authentication.
|
||||
*
|
||||
* @author Andy Hind
|
||||
*/
|
||||
public abstract class AbstractAuthenticationComponent implements AuthenticationComponent
|
||||
{
|
||||
/**
|
||||
* The abstract class keeps track of support for guest login
|
||||
*/
|
||||
private Boolean allowGuestLogin = null;
|
||||
|
||||
private Set<String> defaultAdministratorUserNames = Collections.emptySet();
|
||||
|
||||
private boolean autoCreatePeopleOnLogin = true;
|
||||
|
||||
private AuthenticationContext authenticationContext;
|
||||
|
||||
private PersonService personService;
|
||||
|
||||
private NodeService nodeService;
|
||||
|
||||
private TransactionService transactionService;
|
||||
|
||||
public AbstractAuthenticationComponent()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set if guest login is supported.
|
||||
*
|
||||
* @param allowGuestLogin
|
||||
*/
|
||||
public void setAllowGuestLogin(Boolean allowGuestLogin)
|
||||
{
|
||||
this.allowGuestLogin = allowGuestLogin;
|
||||
}
|
||||
|
||||
public void setAuthenticationContext(AuthenticationContext authenticationContext)
|
||||
{
|
||||
this.authenticationContext = authenticationContext;
|
||||
}
|
||||
|
||||
public void setPersonService(PersonService personService)
|
||||
{
|
||||
this.personService = personService;
|
||||
}
|
||||
|
||||
public void setNodeService(NodeService nodeService)
|
||||
{
|
||||
this.nodeService = nodeService;
|
||||
}
|
||||
|
||||
public void setTransactionService(TransactionService transactionService)
|
||||
{
|
||||
this.transactionService = transactionService;
|
||||
}
|
||||
|
||||
public TransactionService getTransactionService()
|
||||
{
|
||||
return transactionService;
|
||||
}
|
||||
|
||||
public Boolean getAllowGuestLogin()
|
||||
{
|
||||
return allowGuestLogin;
|
||||
}
|
||||
|
||||
public NodeService getNodeService()
|
||||
{
|
||||
return nodeService;
|
||||
@@ -130,56 +128,56 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
return personService;
|
||||
}
|
||||
|
||||
public boolean isAutoCreatePeopleOnLogin()
|
||||
{
|
||||
return autoCreatePeopleOnLogin;
|
||||
}
|
||||
|
||||
public void setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
|
||||
{
|
||||
this.autoCreatePeopleOnLogin = autoCreatePeopleOnLogin;
|
||||
}
|
||||
|
||||
public void authenticate(String userName, char[] password) throws AuthenticationException
|
||||
{
|
||||
// Support guest login from the login screen
|
||||
if (isGuestUserName(userName))
|
||||
{
|
||||
setGuestUserAsCurrentUser(tenantService.getUserDomain(userName));
|
||||
}
|
||||
else
|
||||
{
|
||||
authenticateImpl(userName, password);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own
|
||||
* authentication component as it will support guest login - prior to this direct over ride for authenticate(String ,
|
||||
* char[]) was used. This will still work.
|
||||
*
|
||||
* @param userName
|
||||
* @param password
|
||||
*/
|
||||
protected void authenticateImpl(String userName, char[] password)
|
||||
{
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public Authentication setCurrentUser(String userName, UserNameValidationMode validationMode)
|
||||
{
|
||||
switch (validationMode)
|
||||
{
|
||||
case NONE:
|
||||
public boolean isAutoCreatePeopleOnLogin()
|
||||
{
|
||||
return autoCreatePeopleOnLogin;
|
||||
}
|
||||
|
||||
public void setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
|
||||
{
|
||||
this.autoCreatePeopleOnLogin = autoCreatePeopleOnLogin;
|
||||
}
|
||||
|
||||
public void authenticate(String userName, char[] password) throws AuthenticationException
|
||||
{
|
||||
// Support guest login from the login screen
|
||||
if (isGuestUserName(userName))
|
||||
{
|
||||
setGuestUserAsCurrentUser(getUserDomain(userName));
|
||||
}
|
||||
else
|
||||
{
|
||||
authenticateImpl(userName, password);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own
|
||||
* authentication component as it will support guest login - prior to this direct over ride for authenticate(String ,
|
||||
* char[]) was used. This will still work.
|
||||
*
|
||||
* @param userName
|
||||
* @param password
|
||||
*/
|
||||
protected void authenticateImpl(String userName, char[] password)
|
||||
{
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public Authentication setCurrentUser(String userName, UserNameValidationMode validationMode)
|
||||
{
|
||||
switch (validationMode)
|
||||
{
|
||||
case NONE:
|
||||
return setCurrentUserImpl(userName);
|
||||
case CHECK_AND_FIX:
|
||||
default:
|
||||
return setCurrentUser(userName);
|
||||
}
|
||||
}
|
||||
|
||||
public Authentication setCurrentUser(final String userName) throws AuthenticationException
|
||||
{
|
||||
case CHECK_AND_FIX:
|
||||
default:
|
||||
return setCurrentUser(userName);
|
||||
}
|
||||
}
|
||||
|
||||
public Authentication setCurrentUser(final String userName) throws AuthenticationException
|
||||
{
|
||||
if (isSystemUserName(userName))
|
||||
{
|
||||
return setCurrentUserImpl(userName);
|
||||
@@ -223,39 +221,29 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
throw new AuthenticationException("Null user name");
|
||||
}
|
||||
|
||||
if (isSystemUserName(userName))
|
||||
{
|
||||
return setSystemUserAsCurrentUser(getUserDomain(userName));
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
UserDetails ud = null;
|
||||
if (isSystemUserName(userName))
|
||||
{
|
||||
GrantedAuthority[] gas = new GrantedAuthority[1];
|
||||
gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
|
||||
ud = new User(userName, "", true, true, true, true, gas);
|
||||
}
|
||||
else if (isGuestUserName(userName))
|
||||
if (isGuestUserName(userName))
|
||||
{
|
||||
GrantedAuthority[] gas = new GrantedAuthority[0];
|
||||
ud = new User(getGuestUserName(tenantService.getUserDomain(userName)), "", true, true, true, true, gas);
|
||||
ud = new User(getGuestUserName(getUserDomain(userName)), "", true, true, true, true, gas);
|
||||
}
|
||||
else
|
||||
{
|
||||
ud = getUserDetails(userName);
|
||||
}
|
||||
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(ud, "", ud.getAuthorities());
|
||||
auth.setDetails(ud);
|
||||
auth.setAuthenticated(true);
|
||||
return setCurrentAuthentication(auth);
|
||||
return setUserDetails(ud);
|
||||
}
|
||||
catch (net.sf.acegisecurity.AuthenticationException ae)
|
||||
{
|
||||
throw new AuthenticationException(ae.getMessage(), ae);
|
||||
}
|
||||
finally
|
||||
{
|
||||
// Support for logging tenantdomain / username (via log4j NDC)
|
||||
AuthenticationUtil.logNDC(userName);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -270,175 +258,177 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
|
||||
UserDetails ud = new User(userName, "", true, true, true, true, gas);
|
||||
return ud;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Authentication setCurrentAuthentication(Authentication authentication)
|
||||
{
|
||||
return AuthenticationUtil.setFullAuthentication(authentication);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the current authentication context
|
||||
*
|
||||
* @return Authentication
|
||||
* @throws AuthenticationException
|
||||
*/
|
||||
public Authentication getCurrentAuthentication() throws AuthenticationException
|
||||
{
|
||||
return AuthenticationUtil.getFullAuthentication();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the current user name.
|
||||
*
|
||||
* @return String
|
||||
* @throws AuthenticationException
|
||||
*/
|
||||
public String getCurrentUserName() throws AuthenticationException
|
||||
{
|
||||
return AuthenticationUtil.getFullyAuthenticatedUser();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the system user as the current user note: for MT, will set to default domain only
|
||||
*
|
||||
* @return Authentication
|
||||
*/
|
||||
public Authentication setSystemUserAsCurrentUser()
|
||||
{
|
||||
return setCurrentUser(AuthenticationUtil.SYSTEM_USER_NAME);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the name of the system user note: for MT, will get system for default domain only
|
||||
*
|
||||
* @return String
|
||||
*/
|
||||
public String getSystemUserName()
|
||||
{
|
||||
return AuthenticationUtil.SYSTEM_USER_NAME;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this the system user ?
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public boolean isSystemUserName(String userName)
|
||||
{
|
||||
return (getSystemUserName().equals(tenantService.getBaseNameUser(userName)));
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the name of the Guest User note: for MT, will get guest for default domain only
|
||||
*
|
||||
* @return String
|
||||
*/
|
||||
public String getGuestUserName()
|
||||
{
|
||||
return PermissionService.GUEST_AUTHORITY.toLowerCase();
|
||||
}
|
||||
|
||||
private String getGuestUserName(String tenantDomain)
|
||||
{
|
||||
return tenantService.getDomainUser(getGuestUserName(), tenantDomain);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the guest user as the current user. note: for MT, will set to default domain only
|
||||
*/
|
||||
public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
|
||||
{
|
||||
return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the guest user as the current user.
|
||||
*/
|
||||
private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
|
||||
{
|
||||
if (allowGuestLogin == null)
|
||||
{
|
||||
if (implementationAllowsGuestLogin())
|
||||
{
|
||||
return setCurrentUser(getGuestUserName(tenantDomain));
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new AuthenticationException("Guest authentication is not allowed");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (allowGuestLogin.booleanValue())
|
||||
{
|
||||
return setCurrentUser(getGuestUserName(tenantDomain));
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new AuthenticationException("Guest authentication is not allowed");
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isGuestUserName(String userName)
|
||||
{
|
||||
return (PermissionService.GUEST_AUTHORITY.equalsIgnoreCase(tenantService.getBaseNameUser(userName)));
|
||||
}
|
||||
|
||||
protected abstract boolean implementationAllowsGuestLogin();
|
||||
|
||||
/**
|
||||
* @return true if Guest user authentication is allowed, false otherwise
|
||||
*/
|
||||
public boolean guestUserAuthenticationAllowed()
|
||||
{
|
||||
if (allowGuestLogin == null)
|
||||
{
|
||||
return (implementationAllowsGuestLogin());
|
||||
}
|
||||
else
|
||||
{
|
||||
return (allowGuestLogin.booleanValue());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the current security information
|
||||
*/
|
||||
public void clearCurrentSecurityContext()
|
||||
{
|
||||
AuthenticationUtil.clearCurrentSecurityContext();
|
||||
}
|
||||
|
||||
/**
|
||||
* The default is not to support Authentication token base authentication
|
||||
*/
|
||||
public Authentication authenticate(Authentication token) throws AuthenticationException
|
||||
{
|
||||
throw new AlfrescoRuntimeException("Authentication via token not supported");
|
||||
}
|
||||
|
||||
/**
|
||||
* The should only be supported if getNTLMMode() is NTLMMode.MD4_PROVIDER.
|
||||
*/
|
||||
public String getMD4HashedPassword(String userName)
|
||||
{
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the NTML mode - none - supports MD4 hash to integrate - or it can asct as an NTLM authentication
|
||||
*/
|
||||
public NTLMMode getNTLMMode()
|
||||
{
|
||||
return NTLMMode.NONE;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Authentication setCurrentAuthentication(Authentication authentication)
|
||||
{
|
||||
return this.authenticationContext.setCurrentAuthentication(authentication);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the current authentication context
|
||||
*
|
||||
* @return Authentication
|
||||
* @throws AuthenticationException
|
||||
*/
|
||||
public Authentication getCurrentAuthentication() throws AuthenticationException
|
||||
{
|
||||
return authenticationContext.getCurrentAuthentication();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the current user name.
|
||||
*
|
||||
* @return String
|
||||
* @throws AuthenticationException
|
||||
*/
|
||||
public String getCurrentUserName() throws AuthenticationException
|
||||
{
|
||||
return authenticationContext.getCurrentUserName();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the system user as the current user note: for MT, will set to default domain only
|
||||
*
|
||||
* @return Authentication
|
||||
*/
|
||||
public Authentication setSystemUserAsCurrentUser()
|
||||
{
|
||||
return authenticationContext.setSystemUserAsCurrentUser();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the name of the system user note: for MT, will get system for default domain only
|
||||
*
|
||||
* @return String
|
||||
*/
|
||||
public String getSystemUserName()
|
||||
{
|
||||
return authenticationContext.getSystemUserName();
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this the system user ?
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public boolean isSystemUserName(String userName)
|
||||
{
|
||||
return authenticationContext.isSystemUserName(userName);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the name of the Guest User note: for MT, will get guest for default domain only
|
||||
*
|
||||
* @return String
|
||||
*/
|
||||
public String getGuestUserName()
|
||||
{
|
||||
return authenticationContext.getGuestUserName();
|
||||
}
|
||||
|
||||
public String getGuestUserName(String tenantDomain)
|
||||
{
|
||||
return authenticationContext.getGuestUserName(tenantDomain);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the guest user as the current user. note: for MT, will set to default domain only
|
||||
*/
|
||||
public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
|
||||
{
|
||||
return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the guest user as the current user.
|
||||
*/
|
||||
private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
|
||||
{
|
||||
if (allowGuestLogin == null)
|
||||
{
|
||||
if (implementationAllowsGuestLogin())
|
||||
{
|
||||
return setCurrentUser(getGuestUserName(tenantDomain));
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new AuthenticationException("Guest authentication is not allowed");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (allowGuestLogin.booleanValue())
|
||||
{
|
||||
return setCurrentUser(getGuestUserName(tenantDomain));
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new AuthenticationException("Guest authentication is not allowed");
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
public boolean isGuestUserName(String userName)
|
||||
{
|
||||
return authenticationContext.isGuestUserName(userName);
|
||||
}
|
||||
|
||||
|
||||
protected abstract boolean implementationAllowsGuestLogin();
|
||||
|
||||
|
||||
/**
|
||||
* @return true if Guest user authentication is allowed, false otherwise
|
||||
*/
|
||||
public boolean guestUserAuthenticationAllowed()
|
||||
{
|
||||
if (allowGuestLogin == null)
|
||||
{
|
||||
return (implementationAllowsGuestLogin());
|
||||
}
|
||||
else
|
||||
{
|
||||
return (allowGuestLogin.booleanValue());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the current security information
|
||||
*/
|
||||
public void clearCurrentSecurityContext()
|
||||
{
|
||||
authenticationContext.clearCurrentSecurityContext();
|
||||
}
|
||||
|
||||
/**
|
||||
* The default is not to support Authentication token base authentication
|
||||
*/
|
||||
public Authentication authenticate(Authentication token) throws AuthenticationException
|
||||
{
|
||||
throw new AlfrescoRuntimeException("Authentication via token not supported");
|
||||
}
|
||||
|
||||
/**
|
||||
* The should only be supported if getNTLMMode() is NTLMMode.MD4_PROVIDER.
|
||||
*/
|
||||
public String getMD4HashedPassword(String userName)
|
||||
{
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the NTML mode - none - supports MD4 hash to integrate - or it can asct as an NTLM authentication
|
||||
*/
|
||||
public NTLMMode getNTLMMode()
|
||||
{
|
||||
return NTLMMode.NONE;
|
||||
}
|
||||
|
||||
class SetCurrentUserCallback implements RetryingTransactionHelper.RetryingTransactionCallback<Authentication>
|
||||
{
|
||||
AuthenticationException ae = null;
|
||||
@@ -490,7 +480,7 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
return userName;
|
||||
}
|
||||
}
|
||||
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getUserDomain(userName)));
|
||||
}, getSystemUserName(getUserDomain(userName)));
|
||||
|
||||
return setCurrentUserImpl(name);
|
||||
}
|
||||
@@ -502,38 +492,58 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames()
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
return this.defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the user names who for this particular authentication system should be considered administrators by default.
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
* a set of user names
|
||||
*/
|
||||
public void setDefaultAdministratorUserNames(Set<String> defaultAdministratorUserNames)
|
||||
{
|
||||
this.defaultAdministratorUserNames = defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convenience method to allow the administrator user names to be specified as a comma separated list
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
*/
|
||||
public void setDefaultAdministratorUserNames(String defaultAdministratorUserNames)
|
||||
{
|
||||
Set<String> nameSet = new TreeSet<String>();
|
||||
if (defaultAdministratorUserNames.length() > 0)
|
||||
{
|
||||
nameSet.addAll(Arrays.asList(defaultAdministratorUserNames.split(",")));
|
||||
}
|
||||
setDefaultAdministratorUserNames(nameSet);
|
||||
}
|
||||
}
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames()
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
return this.defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the user names who for this particular authentication system should be considered administrators by default.
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
* a set of user names
|
||||
*/
|
||||
public void setDefaultAdministratorUserNames(Set<String> defaultAdministratorUserNames)
|
||||
{
|
||||
this.defaultAdministratorUserNames = defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convenience method to allow the administrator user names to be specified as a comma separated list
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
*/
|
||||
public void setDefaultAdministratorUserNames(String defaultAdministratorUserNames)
|
||||
{
|
||||
Set<String> nameSet = new TreeSet<String>();
|
||||
if (defaultAdministratorUserNames.length() > 0)
|
||||
{
|
||||
nameSet.addAll(Arrays.asList(defaultAdministratorUserNames.split(",")));
|
||||
}
|
||||
setDefaultAdministratorUserNames(nameSet);
|
||||
}
|
||||
|
||||
public String getSystemUserName(String tenantDomain)
|
||||
{
|
||||
return authenticationContext.getSystemUserName(tenantDomain);
|
||||
}
|
||||
|
||||
public String getUserDomain(String userName)
|
||||
{
|
||||
return authenticationContext.getUserDomain(userName);
|
||||
}
|
||||
|
||||
public Authentication setSystemUserAsCurrentUser(String tenantDomain)
|
||||
{
|
||||
return authenticationContext.setSystemUserAsCurrentUser(tenantDomain);
|
||||
}
|
||||
|
||||
public Authentication setUserDetails(UserDetails ud)
|
||||
{
|
||||
return authenticationContext.setUserDetails(ud);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user