Example 1 with RequiredAuthentication
use of org.springframework.extensions.webscripts.Description.RequiredAuthentication in project acs-community-packaging by Alfresco.
the class AuthenticatorServlet method service.
/*
* (non-Javadoc)
* @see javax.servlet.http.HttpServlet#service(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/
@Override
protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
ServletContext context = getServletContext();
boolean isGuest = (Boolean) req.getAttribute(ATTR_IS_GUEST);
RequiredAuthentication required = (RequiredAuthentication) req.getAttribute(ATTR_REQUIRED_AUTH);
AuthenticationStatus status;
if (isGuest && RequiredAuthentication.guest == required) {
if (logger.isDebugEnabled())
logger.debug("Authenticating as Guest");
status = AuthenticationHelper.authenticate(context, req, res, true);
} else {
if (logger.isDebugEnabled())
logger.debug("Authenticating session");
status = AuthenticationHelper.authenticate(context, req, res, false, false);
}
req.setAttribute(ATTR_AUTH_STATUS, status);
}
Also used :
AuthenticationStatus(org.alfresco.web.app.servlet.AuthenticationStatus)
ServletContext(javax.servlet.ServletContext)
RequiredAuthentication(org.springframework.extensions.webscripts.Description.RequiredAuthentication)
Example 2 with RequiredAuthentication
use of org.springframework.extensions.webscripts.Description.RequiredAuthentication in project alfresco-remote-api by Alfresco.
the class RepositoryContainer method executeScriptInternal.
protected void executeScriptInternal(WebScriptRequest scriptReq, WebScriptResponse scriptRes, final Authenticator auth) throws IOException {
final WebScript script = scriptReq.getServiceMatch().getWebScript();
final Description desc = script.getDescription();
final boolean debug = logger.isDebugEnabled();
// Escalate the webscript declared level of authentication to the container required authentication
// eg. must be guest if MT is enabled unless credentials are empty
RequiredAuthentication containerRequiredAuthentication = getRequiredAuthentication();
final RequiredAuthentication required = (desc.getRequiredAuthentication().compareTo(containerRequiredAuthentication) < 0 && !auth.emptyCredentials() ? containerRequiredAuthentication : desc.getRequiredAuthentication());
final boolean isGuest = scriptReq.isGuest();
if (required == RequiredAuthentication.none) {
// TODO revisit - cleared here, in-lieu of WebClient clear
// AuthenticationUtil.clearCurrentSecurityContext();
transactionedExecuteAs(script, scriptReq, scriptRes);
} else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest) {
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires user authentication; however, a guest has attempted access.");
} else {
try {
AuthenticationUtil.pushAuthentication();
//
if (debug) {
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
logger.debug("Current authentication: " + (currentUser == null ? "unauthenticated" : "authenticated as " + currentUser));
logger.debug("Authentication required: " + required);
logger.debug("Guest login requested: " + isGuest);
}
//
// Apply appropriate authentication to Web Script invocation
//
RetryingTransactionCallback<Boolean> authWork = new RetryingTransactionCallback<Boolean>() {
public Boolean execute() throws Exception {
if (auth == null || auth.authenticate(required, isGuest)) {
// Check to see if they supplied HTTP Auth or Ticket as guest, on a script that needs more
if (required == RequiredAuthentication.user || required == RequiredAuthentication.admin) {
String authenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
String runAsUser = AuthenticationUtil.getRunAsUser();
if ((authenticatedUser == null) || (authenticatedUser.equals(runAsUser) && authorityService.hasGuestAuthority()) || (!authenticatedUser.equals(runAsUser) && authorityService.isGuestAuthority(authenticatedUser))) {
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires user authentication; however, a guest has attempted access.");
}
}
// Check to see if they're admin or system on an Admin only script
if (required == RequiredAuthentication.admin && !(authorityService.hasAdminAuthority() || AuthenticationUtil.getFullyAuthenticatedUser().equals(AuthenticationUtil.getSystemUserName()))) {
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires admin authentication; however, a non-admin has attempted access.");
}
if (debug) {
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
logger.debug("Authentication: " + (currentUser == null ? "unauthenticated" : "authenticated as " + currentUser));
}
return true;
}
return false;
}
};
boolean readOnly = transactionService.isReadOnly();
boolean requiresNew = !readOnly && AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY;
if (transactionService.getRetryingTransactionHelper().doInTransaction(authWork, readOnly, requiresNew)) {
// Execute Web Script if authentication passed
// The Web Script has its own txn management with potential runAs() user
transactionedExecuteAs(script, scriptReq, scriptRes);
} else {
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Authentication failed for Web Script " + desc.getId());
}
} finally {
//
// Reset authentication for current thread
//
AuthenticationUtil.popAuthentication();
if (debug) {
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
logger.debug("Authentication reset: " + (currentUser == null ? "unauthenticated" : "authenticated as " + currentUser));
}
}
}
}
Also used :
Description(org.springframework.extensions.webscripts.Description)
WebScriptException(org.springframework.extensions.webscripts.WebScriptException)
RetryingTransactionCallback(org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback)
WebScript(org.springframework.extensions.webscripts.WebScript)
SocketException(java.net.SocketException)
TooBusyException(org.alfresco.repo.transaction.TooBusyException)
IOException(java.io.IOException)
AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException)
WebScriptException(org.springframework.extensions.webscripts.WebScriptException)
RequiredAuthentication(org.springframework.extensions.webscripts.Description.RequiredAuthentication)
Aggregations
RequiredAuthentication (org.springframework.extensions.webscripts.Description.RequiredAuthentication)2
IOException (java.io.IOException)1
SocketException (java.net.SocketException)1
ServletContext (javax.servlet.ServletContext)1
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)1
RetryingTransactionCallback (org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback)1
TooBusyException (org.alfresco.repo.transaction.TooBusyException)1
AuthenticationStatus (org.alfresco.web.app.servlet.AuthenticationStatus)1
Description (org.springframework.extensions.webscripts.Description)1
WebScript (org.springframework.extensions.webscripts.WebScript)1
WebScriptException (org.springframework.extensions.webscripts.WebScriptException)1
