inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d6f9f50c3982e225e75bd63552cef5e65c4e9d57
alfresco-community-repo/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
Raluca Munteanu d6f9f50c39 Merged 5.1.N (5.1.2) to 5.2.N (5.2.1) 
125603 rmunteanu: Merged 5.1.1 (5.1.1) to 5.1.N (5.1.2)
      125484 slanglois: MNT-16155 Update source headers - remove old Copyrights from Java and JSP dource files


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@125781 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2016-04-26 12:48:49 +00:00

186 lines
7.0 KiB
Java
Raw Blame History

package org.alfresco.web.sharepoint.auth;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
import org.alfresco.repo.web.auth.AuthenticationListener;
import org.alfresco.repo.web.auth.TicketCredentials;
import org.alfresco.repo.web.auth.BasicAuthCredentials;
import org.alfresco.repo.webdav.auth.SharepointConstants;
import org.alfresco.web.bean.repository.User;
import org.apache.commons.codec.binary.Base64;
/**
* <p>
* BASIC web authentication implementation.
* </p>
*
* @author PavelYur
*/
public class BasicAuthenticationHandler extends AbstractAuthenticationHandler implements SharepointConstants
{
private final static String HEADER_AUTHORIZATION = "Authorization";
private final static String BASIC_START = "Basic";
private AuthenticationListener authenticationListener;
protected RemoteUserMapper remoteUserMapper;
protected AuthenticationComponent authenticationComponent;
/**
* Set the authentication listener
*/
public void setAuthenticationListener(AuthenticationListener authenticationListener)
{
this.authenticationListener = authenticationListener;
}
/*
* (non-Javadoc)
* @see
* org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#authenticateRequest(javax.servlet.ServletContext,
* javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
public boolean authenticateRequest(ServletContext context, HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
if (isUserAuthenticated(context, request))
{
return true;
}
else
{
// Unlike multi-stage authentication protocols like Kerberos / NTLM we have only one possible response to an
// unauthenticated user
restartLoginChallenge(context, request, response);
return false;
}
}
/**
* Returns <code>true</code> if the user is authenticated and their details are cached in the session
*
* @param context
* the servlet context
* @param request
* the servlet request
* @return <code>true</code>, if the user is authenticated
* @throws IOException
* Signals that an I/O exception has occurred.
* @throws ServletException
* On other errors.
*/
public boolean isUserAuthenticated(ServletContext context, HttpServletRequest request) throws IOException,
ServletException
{
String authHdr = request.getHeader(HEADER_AUTHORIZATION);
HttpSession session = request.getSession(false);
SessionUser sessionUser = session == null ? null : (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
if (sessionUser == null)
{
if (remoteUserMapper != null && (!(remoteUserMapper instanceof ActivateableBean) || ((ActivateableBean) remoteUserMapper).isActive()))
{
String userId = remoteUserMapper.getRemoteUser(request);
if (userId != null)
{
// authenticated by other
authenticationComponent.setCurrentUser(userId);
request.getSession().setAttribute(USER_SESSION_ATTRIBUTE, new User(userId, authenticationService.getCurrentTicket(), personService.getPerson(userId)));
return true;
}
}
if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
{
String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes()));
String username = null;
String password = null;
int pos = basicAuth.indexOf(":");
if (pos != -1)
{
username = basicAuth.substring(0, pos);
password = basicAuth.substring(pos + 1);
}
else
{
username = basicAuth;
password = "";
}
try
{
if (logger.isDebugEnabled())
logger.debug("Authenticating user '" + username + "'");
authenticationService.authenticate(username, password.toCharArray());
// Normalize the user ID taking into account case sensitivity settings
username = authenticationService.getCurrentUserName();
if (logger.isDebugEnabled())
logger.debug("Authenticated user '" + username + "'");
authenticationListener.userAuthenticated(new BasicAuthCredentials(username, password));
request.getSession()
.setAttribute(
USER_SESSION_ATTRIBUTE,
new User(username, authenticationService.getCurrentTicket(), personService
.getPerson(username)));
return true;
}
catch (AuthenticationException ex)
{
authenticationListener.authenticationFailed(new BasicAuthCredentials(username, password), ex);
}
}
}
else
{
try
{
authenticationService.validate(sessionUser.getTicket());
authenticationListener.userAuthenticated(new TicketCredentials(sessionUser.getTicket()));
return true;
}
catch (AuthenticationException ex)
{
authenticationListener.authenticationFailed(new TicketCredentials(sessionUser.getTicket()), ex);
session.invalidate();
}
}
return false;
}
@Override
public String getWWWAuthenticate()
{
return "Basic realm=\"Alfresco Server\"";
}
public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper)
{
this.remoteUserMapper = remoteUserMapper;
}
public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)
{
this.authenticationComponent = authenticationComponent;
}
}
Reference in New Issue View Git Blame Copy Permalink