inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-06-16 17:55:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
alfresco-community-repo/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
Derek Hulley 6e225ce15d Merged V2.9 to HEAD 
9018: MT: system-wide jobs should run across all stores/indexes
   9204: Merged V2.2 to V2.9
      8633: Merged V2.1 to V2.2
         8629: Merged V2.1-A to V2.1
            8493: Fixed ADB-51: ImporterBootstrap doesn't use transaction retrying
            8494: EHCache and JGroup patches and upgrades
            8546: ACT-1650: performance optimization
            8550: Fixes to transactional cache handling
            8553: Fixed tests: MLText is a Map, but will always have at least one entry, even that entry is null.
            8583: ACT-954: IndexInfo files now reopen when they close (for whatever reason)
      8640: Merged V2.1 to V2.2
         8638: Used correct exception type for IO channel reopen logic
      9102: Unit test to check that transactional cache size overrun is handled
      9106: Merged V2.1 to V2.2
         9043: Fixed AR-2291: SchemaBootstrap lock is only required before first SQL execution
         9045: Fix AR-2291: SchemaBootstrap lock is only required before first SQL execution
         9047: Fixed AR-2305: Index tracking in AUTO mode doesn't report anything on bootstrap
         9048: Fixed AR-2300: Random-based GUID instead of time-based GUIDs
         9049: Fix patches to only run once
         9050 <Defered>: Changed getString() method to use the available buffer length rather than a hard coded value.
         9060: Fixed ETWOONE-109 and ETWOONE-128: RetryingTransactionHelper fixes and improvements
         9061: Fixed NodeRefPropertyMethodInterceptorTest
         9075 <Defered>: Added delete permission check when marking a file for delete on close. ETWOONE-141/ACT-2416.
         9080: Fixed EHCache source zip
         9081: Fixed ETWOONE-118: Tomcat failed bootstrap doesn't clean up EHCache cluster structures
         9085: Fixed ETWOONE-154: Added JSR107 Jar to WAR
      9115: Fixed test: TransactionalCache uses LRU so repeatedly checking if a entry is there keeps it in the cache.
   9206: Merged V2.2 to V2.9
      8857: Improvements to ACL performance for large ACLs
      8951: Always check permission entry changes are made at position 0
   9219 <No change>: Made NTLMLogonDetails class Serializable, port of r8973.
   9220: Added delete permission check when marking a file for delete on close. Port of r9075.
   9222: Merged V2.1 to V2.9
      8683: Early warning for nodes indexed in the wrong store (ACT-964)
      8684: Enhanced tests
      8685: Enhanced tests
      8686: Additional tests
   9223: Merged V2.2 to V2.9
      9120: Merged V2.1 to V2.2
         8740: Fix for AR-2173 - do no recheck case of the user name when validating tickets (it has been done)
      9122: Additional unit test from support case.
   9224: Merged V2.2 to V2.9
      9076: Fixed ETWOTWO-426: Upgrading alfresco from 2.1.1 to 2.2 throws errors with Mysql 5.0.51
      9104: Merged V2.1 to V2.2
         9025: Fixed AR-2314, AR-2299: Optimizations after profiling
      9105: Merged V2.1 to V2.2
         8745: Fix AR-2233 (regression introduced by fix for AR-2221)
      9121: Merged V2.1 to V2.2
         9017: Fix index back up failing due to background index merge/deletions (inlcudes back port of CHK-2588)
      9137: Incorporated additions from Will into AVM console (ETWOTWO-439)
   9225: Merged V2.1 to V2.9
      8641: Merged V2.1-A to V2.1
         7729: Fix to Repository Web Service (queryAssociated) to allow reverse association lookup (ie. given target, get the source)
      8673: Fix for AR-2098 - shorter URL form now has NTLM filter mapping example in web.xml
      8682: Fix for AR-2005
      8695: AR-2054.
      8696: Improved sort test to include prefix form of field name
   9226: Fix ALFCOM-994 (see also earlier change in r9223)


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9233 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2008-05-22 12:40:46 +00:00

462 lines
14 KiB
Java
Raw Blame History

/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.authentication;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
/**
* This class abstract the support required to set up and query the Acegi context for security enforcement. There are
* some simple default method implementations to support simple authentication.
*
* @author Andy Hind
*/
public abstract class AbstractAuthenticationComponent implements AuthenticationComponent
{
/**
* The abstract class keeps track of support for guest login
*/
private Boolean allowGuestLogin = null;
private TenantService tenantService;
private PersonService personService;
private NodeService nodeService;
private TransactionService transactionService;
public AbstractAuthenticationComponent()
{
super();
}
/**
* Set if guest login is supported.
*
* @param allowGuestLogin
*/
public void setAllowGuestLogin(Boolean allowGuestLogin)
{
this.allowGuestLogin = allowGuestLogin;
}
public void setTenantService(TenantService tenantService)
{
this.tenantService = tenantService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setTransactionService(TransactionService transactionService)
{
this.transactionService = transactionService;
}
public TransactionService getTransactionService()
{
return transactionService;
}
public Boolean getAllowGuestLogin()
{
return allowGuestLogin;
}
public NodeService getNodeService()
{
return nodeService;
}
public PersonService getPersonService()
{
return personService;
}
public void authenticate(String userName, char[] password) throws AuthenticationException
{
// Support guest login from the login screen
if (isGuestUserName(userName))
{
setGuestUserAsCurrentUser(tenantService.getUserDomain(userName));
}
else
{
authenticateImpl(userName, password);
}
}
/**
* Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own
* authentication component as it will support guest login - prior to this direct over ride for authenticate(String ,
* char[]) was used. This will still work.
*
* @param userName
* @param password
*/
protected void authenticateImpl(String userName, char[] password)
{
throw new UnsupportedOperationException();
}
public Authentication setCurrentUser(String userName, UserNameValidationMode validationMode)
{
switch(validationMode)
{
case NONE:
return setCurrentUserImpl(userName);
case CHECK_AND_FIX:
default:
return setCurrentUser(userName);
}
}
public Authentication setCurrentUser(final String userName) throws AuthenticationException
{
if (isSystemUserName(userName))
{
return setCurrentUserImpl(userName);
}
else
{
SetCurrentUserCallback callback = new SetCurrentUserCallback(userName);
Authentication auth = transactionService.getRetryingTransactionHelper().doInTransaction(callback, transactionService.isReadOnly(), false);
if ((auth == null) || (callback.ae != null))
{
throw callback.ae;
}
return auth;
}
}
/**
* Explicitly set the current user to be authenticated.
*
* @param userName
* String
* @return Authentication
*/
private Authentication setCurrentUserImpl(String userName) throws AuthenticationException
{
if (userName == null)
{
throw new AuthenticationException("Null user name");
}
try
{
UserDetails ud = null;
if (isSystemUserName(userName))
{
GrantedAuthority[] gas = new GrantedAuthority[1];
gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
ud = new User(userName, "", true, true, true, true, gas);
}
else if (isGuestUserName(userName))
{
GrantedAuthority[] gas = new GrantedAuthority[0];
ud = new User(getGuestUserName(tenantService.getUserDomain(userName)), "", true, true, true, true, gas);
}
else
{
ud = getUserDetails(userName);
}
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(ud, "", ud.getAuthorities());
auth.setDetails(ud);
auth.setAuthenticated(true);
return setCurrentAuthentication(auth);
}
catch (net.sf.acegisecurity.AuthenticationException ae)
{
throw new AuthenticationException(ae.getMessage(), ae);
}
finally
{
// Support for logging tenantdomain / username (via log4j NDC)
AuthenticationUtil.logNDC(userName);
}
}
/**
* Default implementation that makes an ACEGI object on the fly
*
* @param userName
* @return
*/
protected UserDetails getUserDetails(String userName)
{
GrantedAuthority[] gas = new GrantedAuthority[1];
gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
UserDetails ud = new User(userName, "", true, true, true, true, gas);
return ud;
}
/**
* {@inheritDoc}
*/
public Authentication setCurrentAuthentication(Authentication authentication)
{
return AuthenticationUtil.setCurrentAuthentication(authentication);
}
/**
* Get the current authentication context
*
* @return Authentication
* @throws AuthenticationException
*/
public Authentication getCurrentAuthentication() throws AuthenticationException
{
return AuthenticationUtil.getCurrentAuthentication();
}
/**
* Get the current user name.
*
* @return String
* @throws AuthenticationException
*/
public String getCurrentUserName() throws AuthenticationException
{
return AuthenticationUtil.getCurrentUserName();
}
/**
* Set the system user as the current user
* note: for MT, will set to default domain only
*
* @return Authentication
*/
public Authentication setSystemUserAsCurrentUser()
{
return setCurrentUser(AuthenticationUtil.SYSTEM_USER_NAME);
}
/**
* Get the name of the system user
* note: for MT, will get system for default domain only
*
* @return String
*/
public String getSystemUserName()
{
return AuthenticationUtil.SYSTEM_USER_NAME;
}
/**
* Is this the system user ?
*
* @return boolean
*/
public boolean isSystemUserName(String userName)
{
return (getSystemUserName().equals(tenantService.getBaseNameUser(userName)));
}
/**
* Get the name of the Guest User
* note: for MT, will get guest for default domain only
*
* @return String
*/
public String getGuestUserName()
{
return PermissionService.GUEST_AUTHORITY.toLowerCase();
}
private String getGuestUserName(String tenantDomain)
{
return tenantService.getDomainUser(getGuestUserName(), tenantDomain);
}
/**
* Set the guest user as the current user.
* note: for MT, will set to default domain only
*/
public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
{
return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
}
/**
* Set the guest user as the current user.
*/
private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
{
if (allowGuestLogin == null)
{
if (implementationAllowsGuestLogin())
{
return setCurrentUser(getGuestUserName(tenantDomain));
}
else
{
throw new AuthenticationException("Guest authentication is not allowed");
}
}
else
{
if (allowGuestLogin.booleanValue())
{
return setCurrentUser(getGuestUserName(tenantDomain));
}
else
{
throw new AuthenticationException("Guest authentication is not allowed");
}
}
}
private boolean isGuestUserName(String userName)
{
return (PermissionService.GUEST_AUTHORITY.equalsIgnoreCase(tenantService.getBaseNameUser(userName)));
}
protected abstract boolean implementationAllowsGuestLogin();
/**
* @return true if Guest user authentication is allowed, false otherwise
*/
public boolean guestUserAuthenticationAllowed()
{
if (allowGuestLogin == null)
{
return (implementationAllowsGuestLogin());
}
else
{
return (allowGuestLogin.booleanValue());
}
}
/**
* Remove the current security information
*/
public void clearCurrentSecurityContext()
{
AuthenticationUtil.clearCurrentSecurityContext();
}
/**
* The default is not to support Authentication token base authentication
*/
public Authentication authenticate(Authentication token) throws AuthenticationException
{
throw new AlfrescoRuntimeException("Authentication via token not supported");
}
/**
* The should only be supported if getNTLMMode() is NTLMMode.MD4_PROVIDER.
*/
public String getMD4HashedPassword(String userName)
{
throw new UnsupportedOperationException();
}
/**
* Get the NTML mode - none - supports MD4 hash to integrate - or it can asct as an NTLM authentication
*/
public NTLMMode getNTLMMode()
{
return NTLMMode.NONE;
}
class SetCurrentUserCallback implements RetryingTransactionHelper.RetryingTransactionCallback<Authentication>
{
AuthenticationException ae = null;
String userName;
SetCurrentUserCallback(String userName)
{
this.userName = userName;
}
public Authentication execute() throws Throwable
{
try
{
String name = AuthenticationUtil.runAs(new RunAsWork<String>()
{
public String doWork() throws Exception
{
if (personService.personExists(userName))
{
NodeRef userNode = personService.getPerson(userName);
if (userNode != null)
{
// Get the person name and use that as the current user to line up with permission checks
return (String) nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
}
else
{
// Get user name
return userName;
}
}
else
{
// Get user name
return userName;
}
}
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getUserDomain(userName)));
return setCurrentUserImpl(name);
}
catch (AuthenticationException ae)
{
this.ae = ae;
return null;
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink