public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter, AuthenticationDriver, org.alfresco.repo.management.subsystems.ActivateableBean, org.springframework.beans.factory.InitializingBean
| Modifier and Type | Field and Description |
|---|---|
protected String |
loginPageLink |
protected static String |
MIME_HTML_TEXT |
ARG_TICKET, AUTHENTICATION_USER, authenticationComponent, authenticationListener, authenticationService, NO_AUTH_REQUIRED, nodeService, personService, remoteUserMapper, transactionServiceAUTHENTICATION_USER| Constructor and Description |
|---|
BaseSSOAuthenticationFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
protected boolean |
allowsTicketLogons()
Check if ticket based logons are allowed
|
protected boolean |
checkForTicketParameter(javax.servlet.ServletContext servletContext,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
Check if the request has specified a ticket parameter to bypass the standard authentication.
|
void |
doFilter(javax.servlet.ServletContext context,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
The
doFilter method of the Filter is called by the container each time a request/response pair is
passed through the chain due to a client request for a resource at the end of the chain. |
protected String |
getLoginPage()
Return the login page address
|
String |
getLoginPageLink() |
protected org.alfresco.jlan.server.config.SecurityConfigSection |
getSecurityConfigSection() |
protected String |
getServerName()
Because the file server configuration may change during the lifetime of this filter, this method checks against
the last configured server name before returning a cached result
|
protected boolean |
hasLoginPage()
Determine if the login page is available
|
protected void |
includeFallbackAuth(javax.servlet.ServletContext context,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
Include into response authentication method that is supported by fallback mechanism
|
protected void |
init()
Initializes the filter.
|
boolean |
isActive() |
boolean |
isFallbackEnabled() |
protected boolean |
isNTLMSSPBlob(byte[] byts,
int offset)
Check if a security blob starts with the NTLMSSP signature
|
protected String |
mapClientAddressToDomain(String clientIP)
Map a client IP address to a domain
|
protected boolean |
onLoginComplete(javax.servlet.ServletContext sc,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
boolean userInit)
Callback executed on completion of NTLM login
|
protected void |
onValidate(javax.servlet.ServletContext sc,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
WebCredentials credentials)
Callback executed on successful ticket validation during Type3 Message processing.
|
protected void |
onValidateFailed(javax.servlet.ServletContext sc,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
javax.servlet.http.HttpSession session,
WebCredentials credentials)
Callback executed on failed authentication of a user ticket during Type3 Message processing
|
protected boolean |
performFallbackAuthentication(javax.servlet.ServletContext context,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
Delegate authentication to the fallback mechanism
|
protected void |
redirectToLoginPage(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
Redirect to the login page
|
void |
setActive(boolean active)
Activates or deactivates the bean
|
void |
setFallback(AuthenticationDriver delegate)
Sets the fallback authentication support for this filter
|
void |
setFallbackEnabled(boolean fallbackEnabled)
Activates or deactivates the fallback authentication support for this filter
|
protected void |
setLoginPage(String loginPage)
Set the login page address
|
void |
setLoginPageLink(String loginPageLink) |
void |
setServerConfiguration(org.alfresco.filesys.ExtendedServerConfigurationAccessor serverConfiguration) |
void |
setTicketLogons(boolean ticketsAllowed)
Set the ticket based logons allowed flag
|
protected void |
writeLoginPageLink(javax.servlet.ServletContext context,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
Writes link to login page and refresh tag which cause user
to be redirected to the login page.
|
createUserEnvironment, createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationComponent, setAuthenticationListener, setAuthenticationService, setNodeService, setPersonService, setRemoteUserMapper, setTransactionService, setUserAttributeNameclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitauthenticateRequest, restartLoginChallengeprotected static final String MIME_HTML_TEXT
protected String loginPageLink
public String getLoginPageLink()
public void setLoginPageLink(String loginPageLink)
public void setServerConfiguration(org.alfresco.filesys.ExtendedServerConfigurationAccessor serverConfiguration)
serverConfiguration - the serverConfiguration to setpublic final void setActive(boolean active)
active - true if the bean is active and initialization should completepublic final boolean isActive()
isActive in interface org.alfresco.repo.management.subsystems.ActivateableBeanpublic final void setFallback(AuthenticationDriver delegate)
delegate - AuthenticationDriverpublic final void setFallbackEnabled(boolean fallbackEnabled)
fallbackEnabled - public final boolean isFallbackEnabled()
true if fallback authentication enabledpublic final void afterPropertiesSet()
throws javax.servlet.ServletException
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanjavax.servlet.ServletExceptionpublic void doFilter(javax.servlet.ServletContext context,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
DependencyInjectedFilterdoFilter method of the Filter is called by the container each time a request/response pair is
passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed
in to this method allows the Filter to pass on the request and response to the next entity in the chain.
A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input
filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output
filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (
chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block
the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.
doFilter in interface DependencyInjectedFilterIOExceptionjavax.servlet.ServletExceptionprotected void init()
throws javax.servlet.ServletException
isActive(). Subclasses
should override.javax.servlet.ServletExceptionprotected void onValidate(javax.servlet.ServletContext sc,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
WebCredentials credentials)
sc - the servlet contextreq - the requestres - the responseprotected void onValidateFailed(javax.servlet.ServletContext sc,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
javax.servlet.http.HttpSession session,
WebCredentials credentials)
throws IOException
sc - the servlet contextreq - HttpServletRequestres - HttpServletResponsesession - HttpSessionIOExceptionprotected boolean onLoginComplete(javax.servlet.ServletContext sc,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res,
boolean userInit)
throws IOException
req - HttpServletRequestres - HttpServletResponseIOExceptionprotected final String mapClientAddressToDomain(String clientIP)
clientIP - Stringprotected boolean checkForTicketParameter(javax.servlet.ServletContext servletContext,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
servletContext - the servlet contextreq - the requestresp - the responseprotected void redirectToLoginPage(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
throws IOException
req - HttpServletRequestres - HttpServletResponseIOExceptionprotected final boolean hasLoginPage()
protected final String getLoginPage()
protected final void setLoginPage(String loginPage)
loginPage - Stringprotected final boolean allowsTicketLogons()
public final void setTicketLogons(boolean ticketsAllowed)
ticketsAllowed - booleanprotected final boolean isNTLMSSPBlob(byte[] byts,
int offset)
byts - byte[]offset - intprotected String getServerName()
protected org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()
protected void writeLoginPageLink(javax.servlet.ServletContext context,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
throws IOException
context - ServletContextreq - HttpServletRequestresp - HttpServletResponseIOExceptionprotected void includeFallbackAuth(javax.servlet.ServletContext context,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
throws IOException
context - ServletContextreq - HttpServletRequestresp - HttpServletResponseIOExceptionprotected boolean performFallbackAuthentication(javax.servlet.ServletContext context,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
throws IOException,
javax.servlet.ServletException
context - ServletContextreq - HttpServletRequestresp - HttpServletResponseIOExceptionjavax.servlet.ServletExceptionCopyright © 2005–2018 Alfresco Software. All rights reserved.