mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
b2e7793c54
20128: Reverse part of previous build fix that breaks other tests ...
20129: ALF-202, ALF-1488: Fixed portlets in alfresco.war
- Stop excluding portlet.xml from alfresco.war
- Used JSR 286 ResourceURL solution to get upload iframes to work in portlets
- Removed horrific hacks concerning faces session map resolution in portlets and upload servlet
- WebClientPortletAuthenticator now dispatches to a helper servlet, AuthenticatorServlet, allowing it to use identical servlet mechanisms to authenticate / sign-on the user
- Portlet Authenticated user now set consistently in application-scoped attribute, so web client, web script portlets and client portlet share same notion of user ID
- Application.inPortalServer flag now thread local (and thread safe!)
20130: Merged BRANCHES/V2.2 to BRANCHES/V3.3
13819: *RECORD ONLY* ACT-6420 - Office 2003 "Install for all users" - DO NOT MERGE
20131: Merged BRANCHES/V3.1 to BRANCHES/V3.3
19600: *RECORD ONLY* ALF-2205 - CLONE: Office Plugin: filename overlaps the plugin UI if longer than 40 characters without spaces
Merged V3.2 to V3.1 (Adobe)
17499: ETHREEOH-2322 - Office Plugin: filename overlaps the plugin UI if longer than 40 characters without spaces
19443: ALF-2131 - Office webscripts: Missing close brace, '}'
20132: ALF-2749 - temporarily skip couple of -ve checks (for MS SQL Server only)
20133: Merged BRANCHES/V3.2 to BRANCHES/V3.3
19550: *RECORD ONLY* ALF-1091 - Only 15 tags displayed in Tags section in Browser pane
20134: Adding files missed during first commit of Meeting Workspace code
20135: Merged V3.2 to V3.3
19814: *RECORD ONLY* Fix for ALF-2322 - discussion topic containing non-ascii characters cannot be saved
19934: *RECORD ONLY* Fix for ALF-2512 - ability to execute JavaScript via cmd servlet by a non-admin user disabled by default.
- user script execution privileges can be reactivated if required via web-client-config flag <allow-user-script-execute>
19935: *RECORD ONLY* Corrected imports for 3.2 compatability
20136: Merge Dev to V3.3
20104 : ALF-676 - imapFolders patch fails if versionable aspect is mandatory on cm:content
20137: Workaround for ALF-2639: Sharepoint: Share Edit Online uses Share protocol rather than Alfresco protocol to build link
- Replace "https:" protocol with "http:" when generating "Edit Online" URL
20138: Merged V3.1 to V3.3
18204: *RECORD ONLY* Merged DEV/TEMPORARY to 3.1
17837: ETHREEOH-3801: Creating users via the api does not add them to the user store
18577: *RECORD ONLY* Fix for ETHREEOH-4117, based on CHK-11154
19373: *RECORD ONLY* Merged V3.2 to V3.1
19216: ENH-506 - allow script compilation to be disabled for repository tier. Fix to unreported issue with return aspect array from a ScriptNode.
20139: Merged V2.2 to V3.3
18518: *RECORD ONLY* Fix for ETWOTWO-1375
18522: *RECORD ONLY* Merged DEV-TEMPORARY to V2.2
18440: TinyMCE HTML Image gets invalid path
18503: ETWOTWO-1035: Error message when bypassing the 'close' and directly clicking on breadcrumb link after a deployment
18504: ETWOTWO-1035: Error message when bypassing the 'close' and directly clicking on breadcrumb link after a deployment
18578: Merged DEV-TEMPORARY to V2.2
18528: ETWOTWO-1114: Missing 'Required' items are not highlighted in the error when missed
19094: *RECORD ONLY* Merged V3.1 to V2.2
14015: Fixes for ETHREEOH-1864 and ETHREEOH-1840
20140: Remove unwanted @overide
20141: Lazy schema introspection to shave off a few seconds on startup
- Saves about 5s on dev machine
- Hibernate still has to look at the DB metadata, though
20144: Merged V2.2 to V3.3
18859: (RECORD ONLY) ALF-1882: Merged V3.2 to V2.2
17292: ETHREEOH-1842: Ticket association with HttpSession IDs tracked so that we don't invalidate a ticket in use by multiple sessions prematurely
- AuthenticationService validate, getCurrentTicket, etc. methods now take optional sessionId arguments
18864: (RECORD ONLY) ALF-1882: Fixed compilation error from previous checkin.
20145: Merged V3,1 to V3.3
19584: (RECORD ONLY) ALF-2207: Merged V3.2 to V3.1 (Adobe)
18277: Merged DEV_TEMPORARY to V3.2
18178: ETHREEOH-3222: ERROR [org.alfresco.webdav.protocol] WebDAV method not implemented - PROPPATCH
19660: (RECORD ONLY) ALF-2266: Merged V3.2 to V3.1 (Adobe)
19562: Merged DEV/BELARUS/V3.2-2010_02_24 to V3.2
19244: ALF-1816: Email templates can no longer be selected when creating a rule for the action 'Send email to specified users' following an upgrade
- New patch has been created to create invite email templates and notify email templates folders if those are absent. Also it moves default notify and invite templates into appropriate folders.
19662: (RECORD ONLY) Incremented version label
19663: (RECORD ONLY) Corrected version label
19779: (RECORD ONLY) Incremented version label
20148: Merged PATCHES/V3.2.r to V3.3
20029: ALF-2624: Avoid NPE in LDAP sync when there are dangling references and improve logging
20053: (RECORD ONLY) Incremented version number
20151: ALF-2749 - unit test fix (re-arranged -ve checks for txn boundaries, functionally equivalent)
20152: Merged HEAD to BRANCHES/V3.3: (RECORD ONLY)
20050: Fix ALF-2637: objectTypeId updatability reported as "readonly" rather then "oncreate"
20051: Fix for ALF-2609: CMIS ACL mapping improvements
20052: Fix for ALF-2609: CMIS ACL mapping improvements
20086: Fix re-opened ALF-2637: "objectTypeId" updatability reported as "readonly" rather then "oncreate"
20125: Fix ALF-2728: AtomPub renditions are not rendered as part of cmis:object, although their rel links are.
20153: Merged HEAD to BRANCHES/V3.3: (RECORD ONLY)
20067: Fix ALF-2691: Choice display names in Type Definition are not escaped properly in AtomPub binding
20154: ALF-1598: Share - Edit online missing on preview page
- Note: The details page doesn't know when Office opens the file, so may show stale information.
20156: Build/unit test - comment-out force re-index (IndexCheckServiceImplTest)
20157: Office add-in: Missing i18n string found whilst investigating ALF-605: Script error appears when start typing not-existent user in "Assign to" filed
- Changed behaviour slightly so that "start workflow" panel remains if error occurred during submit
20164: Fix trailing commas that MSIE doesn't like. Plus fix for renamed webscript reference.
20168: Attempting to fix failing test in ThumbnailService.
The change adds some extra logging and exception info too.
20169: Build/unit test - temporarily put back "force re-index" (IndexCheckServiceImplTest)
- TODO: re-work test for build env
20170: Fix NPE (AVMStoreImpl.createSnapshot)
- see DBC-HEADPOSTGRESQL-34
20173: Propagate IOExceptions from retryable write transactions in AlfrescoDiskDriver
20176: Merge from V3.2 to V3.3. Merge ok'ed by Steve.
20175: JMX configuration of enterprise logging broken
20178: JodConverter loggers are now exposed in JMX.
This follows on from check-ins 20175 (on V32) and 20176 (on V33) which fixed the JMX logging for enterprise code.
20180: Fixes ALF-2021 by adding new date format properties and exposing YUI widget options.
20185: Various core fixes and additional debug output. Part of ALF-1554.
20186: Fix for OpenOffice multiple versions per edit problem. ALF-1554.
20187: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20181: IndexCheckServiceImplTest - by default, check test store only (reduces current ent build time by nearly 1 hour !)
20188: Fix -exploded build target for Share to copy core classes folder
20191: Merged HEAD to BRANCHES/V3.3: (RECORD ONLY)
20190: Fix ALF-2774: Atompub createDocument with versioningState=checkedout followed by checkin does not create major version, Fix ALF-2782: AtomPub binding incorrectly handles atom:title when no value is provided (often done for compliant atom entry)
20193: Merge 3.2 to 3.3:
19759: Fix for CIFS/CheckInOut.exe save of working copy breaks lock on original file. ALF-2028. (Record-only)
19760: Fix for working copy checked out via CIFS is not accessible until FileStateReaper expires file state. ALF-962. (Record-only)
20195: Form fields for numbers are now rendered much smaller that text fields following feedback from meetups. Must be included in 3.3 as requested by Paul.
20197: Rules: Size property is now more userfriendly & IE bugs are solved
- Numbers and booleans where posted as strings to the server making property comparisons against properties such as "Size" to fail on the server
- Size, encoding & mimetype are now options by default in the "IF/Unless" drop downs
- When comparing Size properties a "bytes" label is placed to the right of the text field
- "Show more..." menu now displays aspect/type ids on mouse hover in the tree
- "Show more..." menu now displays a new column for the property name in the list next to the property displayLabel
- The list in the "Show more..." menu now stays in its place instead of being pushed down in some browsers
- IE css fixes to make rules look good in IE 6, 7 & 8
- Fixed IE 6 & 7 issue with generateDomId & getAttribute("id") not being in sync
- Fixed IE 6 & 7 issue where Selector.query only worked with "id" as root attribute
20199: Merge 3.1 to 3.3 (All record-only):
14483: Merged HEAD to v3.1:
13942 Added FTP IPv6 support. MOB-714.
14484: Merged HEAD to v3.1:
13943 Added FTP IPv6 configuration. Added the ftp.ipv6 property. MOB-714.
14523: Add trailing 'A' to CIFS server name, removed by recent checkin.
14916: Fixes for local domain lookup when WINS is configured. ETHREEOH-2263.
14921: Merge HEAD to V3.1:
14599: Fixes to file server ACL parsing, part of ETHREEOH-2177
14930: Updated svn:mergeinfo
15231: Fix for cut/paste file between folders on CIFS. ETHREEOH-2323.
15570: Merge 3.2 to 3.1:
15548: CIFS server memory leak fixes (clear auth context, session close). ETHREEOH-2538
15571: Merge 3.2 to 3.1:
15549: Check for null ClientInfo in the setCurrentUser() method and clear the auth context. Part of ETHREEOH-2538.
15550: Fixed performance issue in the continue search code, add warn level output of folder search timing.
15572: Update svn:mergeinfo
15627: Merge 3.2 to 3.1:
15626: Fixed NetBIOS reports an invalid packet during session connection, and connection stalls for a while. JLAN-86.
15628: Update svn:mergeinfo
15780: Fix for MS Office document locking issue. ETHREEOH-2579.
15827: Fixed bug in delete node event processing.
16160: Minor change to debug output
16162: Add support for the . and .. pseudo entries in a folder search.
16163: Added timstamp tracking via the file state cache, blend cached timestamps into file info/folder search results.
16555: Fix for processing of NetBIOS packets over 64K in the older JNI code. Part of ETHREEOH-2882.
16556: Fix for CIFS session leak and 100% CPU when connect/disconnecting quickly. ETHREEOH-2881.
16559: Fix for ACL parsing in the standalone JLAN Server build. JLAN-89.
16666: Fix for CIFS cannot handle requests over 64K in JNI code, causes session disconnect, standalone server. JLAN-91.
16709: Fixed the FTP not logged on status return code, now uses reply code 530. JLAN-90.
16710: Added CIFS NT status code/text for the 'account locked' status, 0xC0000234. ETHREEOH-2897.
16717: Fixed setAllowConsoleShutdown setting in standalone server can cause infinite loop. JLAN-38.
16718: Fix for Alfresco and AVM spaces are empty when viewed by FTP and Alfresco is run as non-root. ETHREEOH-2652.
16727: Fix for unable to connect via FTP via Firefox (when anonymous logons are not enabled). ETHREEOH-2012.
16987: Merge 2.2 to 3.1:
13089: (record-only) Fix "Read-Write transaction" exception, when the user does not exist. ETWOTWO-1055.
13091: (record-only) Fix for NFS server "Read-Write transaction started within read-only transaction" exception. ETWOTWO-1054.
14190: (record-only) Fix for cut/paste a folder from Alfresco CIFS to local drive loses folder contents. ETWOTWO-1159.
14191: (record-only) Additional fix for CIFS 'No more connections' error. ETWOTWO-556
14199: (record-only) Fix for NFS problem with Solaris doing an Access check on the share level handle. ETWOTWO-1225.
14210: (record-only) Added support for FTP EPRT and EPSV commands, on IPv4 only. ETWOTWO-325.
14216: (record-only) Fixed FTP character encoding, ported UTF8 normalizer code from v3.x. ETWOTWO-1151.
14229: (record-only) Remove unused import.
14655: (record-only) Convert content I/O exceptions to file server exceptions during write and truncate. ETWOTWO-1241.
14825: (record-only) Add support for the extended response to the CIFS NTCreateAndX call, back port of ETWOTWO-1232.
15869: (record-only) Port of desktop action client side EXE fixes from v3.x. ETWOTWO-1374.
17130: Fix for cannot delete file via CIFS that has a thumbnail associated with it. ETHREEOH-3143 and ETHREEOH-3115.
17359: Fix for CIFS/Kerberos/SPNEGO logon problem with Win2008/Win7 client. ETHREEOH-3225.
17839: Rewrite the rename file logic to handle MS Office file rename patterns. ETHREEOH-1951.
17842: Missing file from previous checkin.
17843: Re-use open files for the same session/process id so that writes on each file handle go to the same file. Port of ETWOTWO-1250.
17861: Merge 2.2 to 3.1:
17803: Re-use open files for the same session/process id so that writes on each file handle go to the same file. ETWOTWO-1250. (Record-only)
18432: Added FTP data port range configuration via <dataPorts>n:n</dataPorts> config value. ETHREEOH-4103.
18451: Fixed incorrect FTP debug level name.
20200: Merge PATCHES/V3.2.1 to 3.3:
20142: Added debug output to dump the restart file name for FindFirst/FindNext folder searches (via the 'Search' debug output level).
20201: Merge PATCHES/V3.2.1 to 3.3:
20143: Fix for files being skipped during a long folder listing via CIFS, ALF-2730.
20202: Update svn:mergeinfo
20219: Fix for ALF-2791 - correction to changes in rev 20129 so the upload file servlet path is generated for all cases.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20567 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
502 lines
18 KiB
Java
502 lines
18 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.web.bean;
|
|
|
|
import java.io.IOException;
|
|
import java.io.Serializable;
|
|
import java.text.MessageFormat;
|
|
import java.util.Locale;
|
|
import java.util.Map;
|
|
|
|
import javax.faces.application.FacesMessage;
|
|
import javax.faces.component.UIComponent;
|
|
import javax.faces.context.FacesContext;
|
|
import javax.faces.validator.ValidatorException;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpSession;
|
|
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.repo.SessionUser;
|
|
import org.alfresco.repo.security.authentication.AuthenticationDisallowedException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationMaxUsersException;
|
|
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.security.AuthenticationService;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.web.app.Application;
|
|
import org.alfresco.web.app.servlet.AuthenticationHelper;
|
|
import org.alfresco.web.bean.repository.Repository;
|
|
import org.alfresco.web.bean.repository.User;
|
|
import org.alfresco.web.bean.users.UserPreferencesBean;
|
|
import org.alfresco.web.ui.common.Utils;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
/**
|
|
* JSF Managed Bean. Backs the "login.jsp" view to provide the form fields used
|
|
* to enter user data for login. Also contains bean methods to validate form
|
|
* fields and action event fired in response to the Login button being pressed.
|
|
*
|
|
* @author Kevin Roast
|
|
*/
|
|
public class LoginBean implements Serializable
|
|
{
|
|
/**
|
|
* The default outcome of the logout action.
|
|
*/
|
|
private static final String OUTCOME_LOGOUT = "logout";
|
|
|
|
/**
|
|
* The outcome of the logout action when the user has been signed on by SSO.
|
|
*/
|
|
private static final String OUTCOME_RELOGIN = "relogin";
|
|
|
|
/**
|
|
* The name of the form parameter carrying the outcome to the logout action.
|
|
*/
|
|
private static final String PARAM_OUTCOME = "outcome";
|
|
|
|
private static final long serialVersionUID = 7417882503323795282L;
|
|
|
|
/**
|
|
* @param authenticationService The AuthenticationService to set.
|
|
*/
|
|
public void setAuthenticationService(AuthenticationService authenticationService)
|
|
{
|
|
this.authenticationService = authenticationService;
|
|
}
|
|
|
|
protected AuthenticationService getAuthenticationService()
|
|
{
|
|
if (authenticationService == null)
|
|
authenticationService = Repository.getServiceRegistry(FacesContext.getCurrentInstance()).getAuthenticationService();
|
|
return authenticationService;
|
|
}
|
|
|
|
/**
|
|
* @param personService The personService to set.
|
|
*/
|
|
public void setPersonService(PersonService personService)
|
|
{
|
|
this.personService = personService;
|
|
}
|
|
|
|
protected PersonService getPersonService()
|
|
{
|
|
if (personService == null)
|
|
personService = Repository.getServiceRegistry(FacesContext.getCurrentInstance()).getPersonService();
|
|
return personService;
|
|
}
|
|
|
|
/**
|
|
* @param nodeService The nodeService to set.
|
|
*/
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
protected NodeService getNodeService()
|
|
{
|
|
if (nodeService == null)
|
|
nodeService = Repository.getServiceRegistry(FacesContext.getCurrentInstance()).getNodeService();
|
|
return nodeService;
|
|
}
|
|
|
|
/**
|
|
* @param browseBean The BrowseBean to set.
|
|
*/
|
|
public void setBrowseBean(BrowseBean browseBean)
|
|
{
|
|
this.browseBean = browseBean;
|
|
}
|
|
|
|
/**
|
|
* @param navigator The NavigationBean to set.
|
|
*/
|
|
public void setNavigator(NavigationBean navigator)
|
|
{
|
|
this.navigator = navigator;
|
|
}
|
|
|
|
/**
|
|
* @param preferences The UserPreferencesBean to set
|
|
*/
|
|
public void setUserPreferencesBean(UserPreferencesBean preferences)
|
|
{
|
|
this.preferences = preferences;
|
|
}
|
|
|
|
public UserPreferencesBean getUserPreferencesBean()
|
|
{
|
|
return preferences;
|
|
}
|
|
|
|
/**
|
|
* @return "logout" if the default Alfresco authentication process is being used, else "relogin"
|
|
* if an external authorisation mechanism is present.
|
|
*/
|
|
public String getLogoutOutcome()
|
|
{
|
|
Map<?, ?> session = FacesContext.getCurrentInstance().getExternalContext().getSessionMap();
|
|
return session.get(LOGIN_EXTERNAL_AUTH) == null ? OUTCOME_LOGOUT : OUTCOME_RELOGIN;
|
|
}
|
|
|
|
/**
|
|
* @param val Username from login dialog
|
|
*/
|
|
public void setUsername(String val)
|
|
{
|
|
if ( val != null ) { val = val.trim(); }
|
|
this.username = val;
|
|
}
|
|
|
|
/**
|
|
* @return The username string from login dialog
|
|
*/
|
|
public String getUsername()
|
|
{
|
|
// this value may have been set by a servlet filter via a cookie
|
|
// check for this by detecting a special value in the session
|
|
FacesContext context = FacesContext.getCurrentInstance();
|
|
Map session = context.getExternalContext().getSessionMap();
|
|
|
|
String username = (String)session.get(AuthenticationHelper.SESSION_USERNAME);
|
|
if (username != null)
|
|
{
|
|
session.remove(AuthenticationHelper.SESSION_USERNAME);
|
|
this.username = username;
|
|
}
|
|
|
|
return this.username;
|
|
}
|
|
|
|
public String getUsernameInternal()
|
|
{
|
|
return this.username;
|
|
}
|
|
|
|
/**
|
|
* @param val Password from login dialog
|
|
*/
|
|
public void setPassword(String val)
|
|
{
|
|
this.password = val;
|
|
}
|
|
|
|
/**
|
|
* @return The password string from login dialog
|
|
*/
|
|
public String getPassword()
|
|
{
|
|
return this.password;
|
|
}
|
|
|
|
/**
|
|
* @return true to display language selection, false to
|
|
*/
|
|
public boolean isLanguageSelect()
|
|
{
|
|
return Application.getClientConfig(FacesContext.getCurrentInstance()).isLanguageSelect();
|
|
}
|
|
|
|
|
|
// ------------------------------------------------------------------------------
|
|
// Validator methods
|
|
|
|
/**
|
|
* Validate password field data is acceptable
|
|
*/
|
|
public void validatePassword(FacesContext context, UIComponent component, Object value)
|
|
throws ValidatorException
|
|
{
|
|
int minPasswordLength = Application.getClientConfig(context).getMinPasswordLength();
|
|
|
|
String pass = (String)value;
|
|
if (pass.length() < minPasswordLength || pass.length() > 256)
|
|
{
|
|
String err = MessageFormat.format(Application.getMessage(context, MSG_PASSWORD_LENGTH),
|
|
new Object[]{minPasswordLength, 256});
|
|
throw new ValidatorException(new FacesMessage(err));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Validate Username field data is acceptable
|
|
*/
|
|
public void validateUsername(FacesContext context, UIComponent component, Object value)
|
|
throws ValidatorException
|
|
{
|
|
int minUsernameLength = Application.getClientConfig(context).getMinUsernameLength();
|
|
|
|
String name = ((String)value).trim();
|
|
|
|
if (name.length() < minUsernameLength || name.length() > 256)
|
|
{
|
|
String err = MessageFormat.format(Application.getMessage(context, MSG_USERNAME_LENGTH),
|
|
new Object[]{minUsernameLength, 256});
|
|
throw new ValidatorException(new FacesMessage(err));
|
|
}
|
|
if (name.indexOf('"') != -1)
|
|
{
|
|
String err = MessageFormat.format(Application.getMessage(context, MSG_USER_ERR),
|
|
new Object[]{"\""});
|
|
throw new ValidatorException(new FacesMessage(err));
|
|
}
|
|
}
|
|
|
|
|
|
// ------------------------------------------------------------------------------
|
|
// Action event methods
|
|
|
|
/**
|
|
* Login action handler
|
|
*
|
|
* @return outcome view name
|
|
*/
|
|
public String login()
|
|
{
|
|
String outcome = null;
|
|
|
|
FacesContext fc = FacesContext.getCurrentInstance();
|
|
|
|
if (this.username != null && this.username.length() != 0 &&
|
|
this.password != null && this.password.length() != 0)
|
|
{
|
|
try
|
|
{
|
|
Map session = fc.getExternalContext().getSessionMap();
|
|
|
|
// Authenticate via the authentication service, then save the details of user in an object
|
|
// in the session - this is used by the servlet filter etc. on each page to check for login
|
|
this.getAuthenticationService().authenticate(this.username, this.password.toCharArray());
|
|
|
|
// Set the user name as stored by the back end
|
|
this.username = this.getAuthenticationService().getCurrentUserName();
|
|
|
|
// remove the session invalidated flag (used to remove last username cookie by AuthenticationFilter)
|
|
session.remove(AuthenticationHelper.SESSION_INVALIDATED);
|
|
|
|
// Try to make an association between the session ID and the ticket ID (if not possible here, it will
|
|
// happen during first pass through security filters)
|
|
String sessionId = null;
|
|
Object httpSession = fc.getExternalContext().getSession(false);
|
|
if (httpSession != null && httpSession instanceof HttpSession)
|
|
{
|
|
sessionId = ((HttpSession) httpSession).getId();
|
|
}
|
|
|
|
// setup User object and Home space ID
|
|
User user = new User(
|
|
this.username,
|
|
this.getAuthenticationService().getCurrentTicket(sessionId),
|
|
getPersonService().getPerson(this.username));
|
|
|
|
NodeRef homeSpaceRef = (NodeRef) this.getNodeService().getProperty(getPersonService().getPerson(this.username), ContentModel.PROP_HOMEFOLDER);
|
|
|
|
// check that the home space node exists - else user cannot login
|
|
if (homeSpaceRef == null || this.getNodeService().exists(homeSpaceRef) == false)
|
|
{
|
|
throw new InvalidNodeRefException(homeSpaceRef);
|
|
}
|
|
user.setHomeSpaceId(homeSpaceRef.getId());
|
|
|
|
// put the User object in the Session - the authentication servlet will then allow
|
|
// the app to continue without redirecting to the login page
|
|
Application.setCurrentUser(fc, user);
|
|
|
|
// if a redirect URL has been provided then use that
|
|
// this allows servlets etc. to provide a URL to return too after a successful login
|
|
String redirectURL = (String)session.get(LOGIN_REDIRECT_KEY);
|
|
if (redirectURL != null)
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
logger.debug("Redirect URL found: " + redirectURL);
|
|
|
|
// remove redirect URL from session
|
|
session.remove(LOGIN_REDIRECT_KEY);
|
|
|
|
try
|
|
{
|
|
fc.getExternalContext().redirect(redirectURL);
|
|
fc.responseComplete();
|
|
return null;
|
|
}
|
|
catch (IOException ioErr)
|
|
{
|
|
logger.warn("Unable to redirect to url: " + redirectURL);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// special case to handle jump to My Alfresco page initially
|
|
|
|
// note: to enable MT runtime client config customization, need to re-init NavigationBean
|
|
// in context of tenant login page
|
|
this.navigator.initFromClientConfig();
|
|
|
|
if (NavigationBean.LOCATION_MYALFRESCO.equals(this.preferences.getStartLocation()))
|
|
{
|
|
return "myalfresco";
|
|
}
|
|
else
|
|
{
|
|
// generally this will navigate to the generic browse screen
|
|
return "success";
|
|
}
|
|
}
|
|
}
|
|
catch (AuthenticationDisallowedException aerr)
|
|
{
|
|
Utils.addErrorMessage(Application.getMessage(fc, MSG_ERROR_LOGIN_DISALLOWED));
|
|
}
|
|
catch (AuthenticationMaxUsersException aerr)
|
|
{
|
|
Utils.addErrorMessage(Application.getMessage(fc, MSG_ERROR_LOGIN_MAXUSERS));
|
|
}
|
|
catch (AuthenticationException aerr)
|
|
{
|
|
Utils.addErrorMessage(Application.getMessage(fc, MSG_ERROR_UNKNOWN_USER));
|
|
}
|
|
catch (InvalidNodeRefException refErr)
|
|
{
|
|
String msg;
|
|
if (refErr.getNodeRef() != null)
|
|
{
|
|
msg = refErr.getNodeRef().toString();
|
|
}
|
|
else
|
|
{
|
|
msg = Application.getMessage(fc, MSG_NONE);
|
|
}
|
|
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(fc,
|
|
Repository.ERROR_NOHOME), msg));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
Utils.addErrorMessage(Application.getMessage(fc, MSG_ERROR_MISSING));
|
|
}
|
|
|
|
return outcome;
|
|
}
|
|
|
|
/**
|
|
* Invalidate ticket and logout user
|
|
*/
|
|
public String logout()
|
|
{
|
|
FacesContext context = FacesContext.getCurrentInstance();
|
|
|
|
// The outcome is decided in advance (before session expiry) and included as a parameter
|
|
Map<?, ?> params = context.getExternalContext().getRequestParameterMap();
|
|
String outcome = (String)params.get(PARAM_OUTCOME);
|
|
if (outcome == null)
|
|
{
|
|
outcome = OUTCOME_LOGOUT;
|
|
}
|
|
|
|
Locale language = Application.getLanguage(context);
|
|
|
|
// Invalidate Session for this user.
|
|
if (Application.inPortalServer() == false)
|
|
{
|
|
// This causes the sessionDestroyed() event to be processed by ContextListener
|
|
// which is responsible for invalidating the ticket and clearing the security context
|
|
HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
|
|
request.getSession().invalidate();
|
|
}
|
|
else
|
|
{
|
|
Map session = context.getExternalContext().getSessionMap();
|
|
SessionUser user = Application.getCurrentUser(context);
|
|
if (user != null)
|
|
{
|
|
// invalidate ticket and clear the Security context for this thread
|
|
getAuthenticationService().invalidateTicket(user.getTicket(), null);
|
|
getAuthenticationService().clearCurrentSecurityContext();
|
|
}
|
|
// remove all objects from our session by hand
|
|
// we do this as invalidating the Portal session would invalidate all other portlets!
|
|
for (Object key : session.keySet())
|
|
{
|
|
session.remove(key);
|
|
}
|
|
}
|
|
|
|
// Request that the username cookie state is removed - this is not
|
|
// possible from JSF - so instead we setup a session variable
|
|
// which will be detected by the login.jsp/Portlet as appropriate.
|
|
Map session = context.getExternalContext().getSessionMap();
|
|
session.put(AuthenticationHelper.SESSION_INVALIDATED, true);
|
|
|
|
// set language to last used on the login page
|
|
Application.setLanguage(context, language.toString());
|
|
|
|
return outcome;
|
|
}
|
|
|
|
|
|
// ------------------------------------------------------------------------------
|
|
// Private data
|
|
|
|
private static final Log logger = LogFactory.getLog(LoginBean.class);
|
|
|
|
/** I18N messages */
|
|
private static final String MSG_ERROR_MISSING = "error_login_missing";
|
|
private static final String MSG_ERROR_UNKNOWN_USER = "error_login_user";
|
|
private static final String MSG_ERROR_LOGIN_DISALLOWED = "error_login_disallowed";
|
|
private static final String MSG_ERROR_LOGIN_MAXUSERS = "error_login_maxusers";
|
|
private static final String MSG_NONE = "none";
|
|
|
|
public static final String MSG_ERROR_LOGIN_NOPERMISSIONS = "login_err_permissions";
|
|
public static final String MSG_USERNAME_LENGTH = "login_err_username_length";
|
|
public static final String MSG_PASSWORD_LENGTH = "login_err_password_length";
|
|
public static final String MSG_USER_ERR = "user_err_user_name";
|
|
|
|
public static final String LOGIN_REDIRECT_KEY = "_alfRedirect";
|
|
public static final String LOGIN_EXTERNAL_AUTH = "_alfExternalAuth";
|
|
public static final String LOGIN_NOPERMISSIONS = "_alfNoPermissions";
|
|
|
|
/** user name */
|
|
private String username = null;
|
|
|
|
/** password */
|
|
private String password = null;
|
|
|
|
/** PersonService bean reference */
|
|
private transient PersonService personService;
|
|
|
|
/** AuthenticationService bean reference */
|
|
private transient AuthenticationService authenticationService;
|
|
|
|
/** NodeService bean reference */
|
|
private transient NodeService nodeService;
|
|
|
|
/** The BrowseBean reference */
|
|
protected BrowseBean browseBean;
|
|
|
|
/** The NavigationBean bean reference */
|
|
protected NavigationBean navigator;
|
|
|
|
/** The user preferences bean reference */
|
|
protected UserPreferencesBean preferences;
|
|
} |