inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
40a176205a39ebf72a9a7eb6d45798a68e5ed3d6
alfresco-community-repo/source/java/org/alfresco/web/sharepoint/auth/AbstractAuthenticationHandler.java
Dave Ward 80cda47b63 Merged V3.3-BUG-FIX to HEAD 
21132: ALF-3855: Refactored repository authentication filters so that same code is re-used for Web Client, Web Script, Web DAV and Sharepoint authentication
      - 'Uber Filter' part 3
      - Means we now support Kerberos Authentication for Sharepoint
      - Threw away a lot of duplicated code
      - New common AuthenticationDriver interface created and now implemented by core authentication code
      - Sharepoint and BaseSSOAuthenticationFilter now both use AuthenticationDrivers
      - Needs regression testing
   21137: ALF-3841: Alfresco Explorer SSO Authentication Filters now accept ticket parameters too
      - Can be turned back off with ntlm.authentication.browser.ticketLogons=false or kerberos.authentication.browser.ticketLogons=false
      - Wiki updated
   21141: ALF-3855: Fixed wiring
   21146: ALF-2879: 'xamconnector' module behaviour for xam:archived
      - Application of xam:archived recurses and locks both files and folders
      - cm:content nodes also have the store selector applied for the XAMContentStore
      - TODO: Archive properties
   21165: Fixed ALF-3867: SQL format error when re-instating orphaned content URL
      - Parameter was not bounded with #
      - Added unit test to ensure SQL generated is correct
   21169: Merged V3.3 to V3.3-BUG-FIX
      21168: (RECORD ONLY Merged PATCHES/V3.2.1 to V3.3
         21166: Merged V3.3-BUG-FIX to PATCHES/V3.2.1
            21165: Fixed ALF-3867: SQL format error when re-instating orphaned content URL
               - Parameter was not bounded with #
               - Added unit test to ensure SQL generated is correct
      21118: Latest SpringSurf libs:
         - Fix for missing read of "keystore" in Remote config
         - Session Fixation attack mitigation improvements:
         - A Surf application no longer generates a Session (and therefore no JSESSIONID) until a user is authenticated - simply visiting a login page or similar will no longer generate a Session
         - Existing Sessions are always invalidated and destroyed if found when a user is authenticated via the LoginController (i.e. due to a JSESSIONID captured via an XSS attack)

         Merged HEAD to V3.3
            21111: Fix to encode form parameter on Share login template - prevents its potential use as an reflected XSS attack vector
            21117: Session Fixation mitigation:
               - Removed Session creation from Share index.jsp

         Merged V3.3-BUG-FIX-2010_06_24 to V3.3
            21096: Fix for ALF-3718 - JSF client login page input validator is too aggressive ("Login" button is disabled if username contains forward slash)
      21088: Latest SpringSurf libs


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@21170 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2010-07-14 14:49:50 +00:00

87 lines
3.0 KiB
Java
Raw Blame History

/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.web.sharepoint.auth;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.webdav.auth.AuthenticationDriver;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* <p>Abstract implementation of web authentication.</p>
*
* @author PavelYur
*
*/
public abstract class AbstractAuthenticationHandler implements AuthenticationDriver, ActivateableBean
{
private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
protected Log logger = LogFactory.getLog(getClass());
protected AuthenticationService authenticationService;
protected PersonService personService;
private boolean isActive = true;
public void setAuthenticationService(AuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setActive(boolean isActive)
{
this.isActive = isActive;
}
public boolean isActive()
{
return this.isActive;
}
/**
* Returns the <i>value</i> of 'WWW-Authenticate' http header that determine what type of authentication to use by
* client.
*
* @return value
*/
public abstract String getWWWAuthenticate();
/* (non-Javadoc)
* @see org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#restartLoginChallenge(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
public void restartLoginChallenge(ServletContext context, HttpServletRequest request, HttpServletResponse response)
{
if (logger.isDebugEnabled())
logger.debug("Force the client to prompt for logon details");
response.setHeader(HEADER_WWW_AUTHENTICATE, getWWWAuthenticate());
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
}
Reference in New Issue View Git Blame Copy Permalink