Example 1 with Authorization
use of org.alfresco.repo.security.authentication.Authorization in project alfresco-remote-api by Alfresco.
the class AuthenticationFilter method doFilter.
// Various services required by NTLM authenticator
/**
* Run the authentication filter
*
* @param context ServletContext
* @param req ServletRequest
* @param resp ServletResponse
* @param chain FilterChain
* @exception ServletException
* @exception IOException
*/
@Override
public void doFilter(ServletContext context, ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
if (logger.isDebugEnabled())
logger.debug("Entering AuthenticationFilter.");
// Assume it's an HTTP request
HttpServletRequest httpReq = (HttpServletRequest) req;
HttpServletResponse httpResp = (HttpServletResponse) resp;
// Get the user details object from the session
SessionUser user = getSessionUser(context, httpReq, httpResp, false);
if (user == null) {
if (logger.isDebugEnabled())
logger.debug("There is no user in the session.");
// Get the authorization header
String authHdr = httpReq.getHeader("Authorization");
if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase("BASIC")) {
if (logger.isDebugEnabled())
logger.debug("Basic authentication details present in the header.");
byte[] encodedString = Base64.decodeBase64(authHdr.substring(5).getBytes());
// ALF-13621: Due to browser inconsistencies we have to try a fallback path of encodings
Set<String> attemptedAuths = new HashSet<String>(ENCODINGS.length * 2);
for (String encoding : ENCODINGS) {
CharsetDecoder decoder = Charset.forName(encoding).newDecoder().onMalformedInput(CodingErrorAction.REPORT);
try {
// Attempt to decode using this charset
String basicAuth = decoder.decode(ByteBuffer.wrap(encodedString)).toString();
// It decoded OK but we may already have tried this string.
if (!attemptedAuths.add(basicAuth)) {
// Already tried - no need to try again
continue;
}
String username = null;
String password = null;
// Split the username and password
int pos = basicAuth.indexOf(":");
if (pos != -1) {
username = basicAuth.substring(0, pos);
password = basicAuth.substring(pos + 1);
} else {
username = basicAuth;
password = "";
}
// Go to the repo and authenticate
Authorization auth = new Authorization(username, password);
if (auth.isTicket()) {
authenticationService.validate(auth.getTicket());
} else {
authenticationService.authenticate(username, password.toCharArray());
if (authenticationListener != null) {
authenticationListener.userAuthenticated(new BasicAuthCredentials(username, password));
}
}
user = createUserEnvironment(httpReq.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), false);
// Success so break out
break;
} catch (CharacterCodingException e) {
if (logger.isDebugEnabled())
logger.debug("Didn't decode using " + decoder.getClass().getName(), e);
} catch (AuthenticationException ex) {
if (logger.isDebugEnabled())
logger.debug("Authentication error ", ex);
} catch (NoSuchPersonException e) {
if (logger.isDebugEnabled())
logger.debug("There is no such person error ", e);
}
}
} else {
// Check if the request includes an authentication ticket
String ticket = req.getParameter(ARG_TICKET);
if (ticket != null && ticket.length() > 0) {
// PowerPoint bug fix
if (ticket.endsWith(PPT_EXTN)) {
ticket = ticket.substring(0, ticket.length() - PPT_EXTN.length());
}
if (logger.isDebugEnabled())
logger.debug("Logon via ticket from " + req.getRemoteHost() + " (" + req.getRemoteAddr() + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);
// Validate the ticket
authenticationService.validate(ticket);
if (authenticationListener != null) {
authenticationListener.userAuthenticated(new TicketCredentials(ticket));
}
// Need to create the User instance if not already available
String currentUsername = authenticationService.getCurrentUserName();
user = createUserEnvironment(httpReq.getSession(), currentUsername, ticket, false);
}
}
if (user == null) {
if (logger.isDebugEnabled())
logger.debug("No user/ticket, force the client to prompt for logon details.");
httpResp.setHeader("WWW-Authenticate", "BASIC realm=\"Alfresco DAV Server\"");
httpResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
httpResp.flushBuffer();
return;
}
} else {
if (authenticationListener != null) {
authenticationListener.userAuthenticated(new TicketCredentials(user.getTicket()));
}
}
// Chain other filters
chain.doFilter(req, resp);
}
Also used :
TicketCredentials(org.alfresco.repo.web.auth.TicketCredentials)
CharsetDecoder(java.nio.charset.CharsetDecoder)
BasicAuthCredentials(org.alfresco.repo.web.auth.BasicAuthCredentials)
AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException)
NoSuchPersonException(org.alfresco.service.cmr.security.NoSuchPersonException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
CharacterCodingException(java.nio.charset.CharacterCodingException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authorization(org.alfresco.repo.security.authentication.Authorization)
SessionUser(org.alfresco.repo.SessionUser)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Example 2 with Authorization
use of org.alfresco.repo.security.authentication.Authorization in project alfresco-remote-api by Alfresco.
the class SSOFallbackBasicAuthenticationDriver method authenticateRequest.
@Override
public boolean authenticateRequest(ServletContext context, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String authHdr = request.getHeader("Authorization");
HttpSession session = request.getSession(false);
SessionUser user = session == null ? null : (SessionUser) session.getAttribute(userAttributeName);
if (user == null) {
if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase("Basic")) {
String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes()));
String username = null;
String password = null;
int pos = basicAuth.indexOf(":");
if (pos != -1) {
username = basicAuth.substring(0, pos);
password = basicAuth.substring(pos + 1);
} else {
username = basicAuth;
password = "";
}
try {
if (logger.isDebugEnabled())
logger.debug("Authenticating user '" + username + "'");
Authorization auth = new Authorization(username, password);
if (auth.isTicket()) {
authenticationService.validate(auth.getTicket());
} else {
authenticationService.authenticate(username, password.toCharArray());
}
final RetryingTransactionCallback<SessionUser> callback = new RetryingTransactionCallback<SessionUser>() {
@Override
public SessionUser execute() throws Throwable {
NodeRef personNodeRef = personService.getPerson(authenticationService.getCurrentUserName());
String username = (String) nodeService.getProperty(personNodeRef, ContentModel.PROP_USERNAME);
NodeRef homeSpaceRef = (NodeRef) nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
return new WebDAVUser(username, authenticationService.getCurrentTicket(), homeSpaceRef);
}
};
user = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<SessionUser>() {
public SessionUser doWork() throws Exception {
return transactionService.getRetryingTransactionHelper().doInTransaction(callback, true);
}
}, AuthenticationUtil.SYSTEM_USER_NAME);
if (logger.isDebugEnabled())
logger.debug("Authenticated user '" + username + "'");
request.getSession().setAttribute(userAttributeName, user);
return true;
} catch (AuthenticationException ex) {
// Do nothing, user object will be null
}
}
} else {
try {
authenticationService.validate(user.getTicket());
return true;
} catch (AuthenticationException ex) {
session.invalidate();
}
}
return false;
}
Also used :
Authorization(org.alfresco.repo.security.authentication.Authorization)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
SessionUser(org.alfresco.repo.SessionUser)
RetryingTransactionCallback(org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback)
AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException)
HttpSession(javax.servlet.http.HttpSession)
Example 3 with Authorization
use of org.alfresco.repo.security.authentication.Authorization in project alfresco-remote-api by Alfresco.
the class AuthenticationsImpl method getTicket.
protected String getTicket(Parameters parameters) {
// First check the alf_ticket in the URL
final String alfTicket = parameters.getParameter(PARAM_ALF_TICKET);
if (StringUtils.isNotEmpty(alfTicket)) {
return alfTicket;
}
// Check the Authorization header
final String authorization = parameters.getRequest().getHeader(AUTHORIZATION_HEADER);
if (StringUtils.isEmpty(authorization)) {
throw new InvalidArgumentException("Authorization header is required.");
}
final String[] authorizationParts = authorization.split(" ");
if (!authorizationParts[0].equalsIgnoreCase("basic")) {
throw new InvalidArgumentException("Authorization '" + authorizationParts[0] + "' not supported.");
}
final String decodedAuthorisation = new String(Base64.decode(authorizationParts[1]));
Authorization authObj = new Authorization(decodedAuthorisation);
if (!authObj.isTicket()) {
throw new InvalidArgumentException("Ticket base authentication required.");
}
return authObj.getTicket();
}
Also used :
Authorization(org.alfresco.repo.security.authentication.Authorization)
InvalidArgumentException(org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)
Aggregations
Authorization (org.alfresco.repo.security.authentication.Authorization)3
SessionUser (org.alfresco.repo.SessionUser)2
AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)2
CharacterCodingException (java.nio.charset.CharacterCodingException)1
CharsetDecoder (java.nio.charset.CharsetDecoder)1
HashSet (java.util.HashSet)1
LinkedHashSet (java.util.LinkedHashSet)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
HttpSession (javax.servlet.http.HttpSession)1
RetryingTransactionCallback (org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback)1
BasicAuthCredentials (org.alfresco.repo.web.auth.BasicAuthCredentials)1
TicketCredentials (org.alfresco.repo.web.auth.TicketCredentials)1
InvalidArgumentException (org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)1
NodeRef (org.alfresco.service.cmr.repository.NodeRef)1
NoSuchPersonException (org.alfresco.service.cmr.security.NoSuchPersonException)1
