Package org.alfresco.repo.webdav.auth

Class BaseAuthenticationFilter

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static String ARG_TICKET
      The name of the ticket argument.
      static String AUTHENTICATION_USER
      The default session attribute used to cache the user.
      protected org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent
      The authentication component.
      protected AuthenticationListener authenticationListener
      The authentication listener.
      protected org.alfresco.service.cmr.security.AuthenticationService authenticationService
      The authentication service.
      protected static String NO_AUTH_REQUIRED
      Indication by an up-stream filter that no authentication checks are required.
      protected org.alfresco.service.cmr.repository.NodeService nodeService
      The node service.
      protected org.alfresco.service.cmr.security.PersonService personService
      The person service.
      protected org.alfresco.repo.security.authentication.external.RemoteUserMapper remoteUserMapper
      The remote user mapper.
      protected org.alfresco.service.transaction.TransactionService transactionService
      The transaction service.

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      protected SessionUser createUserEnvironment​(javax.servlet.http.HttpSession session, String userName)
      Callback to create the User environment as appropriate for a filter impl
      protected SessionUser createUserEnvironment​(javax.servlet.http.HttpSession session, String userName, String ticket, boolean externalAuth)
      Callback to create the User environment as appropriate for a filter impl.
      protected SessionUser createUserObject​(String userName, String ticket, org.alfresco.service.cmr.repository.NodeRef personNode, org.alfresco.service.cmr.repository.NodeRef homeSpaceRef)
      Create the user object that will be stored in the session.
      protected <T> T doInSystemTransaction​(org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback<T> callback)
      Executes a callback in a transaction as the system user
      protected abstract org.apache.commons.logging.Log getLogger()
      Return the logger.
      protected SessionUser getSessionUser​(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, boolean externalAuth)
      Callback to get the specific impl of the Session User for a filter.
      protected String getUserAttributeName()
      Return the user object session attribute name.
      protected boolean handleLoginForm​(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
      Handles the login form directly, allowing management of the session user.
      protected void invalidateSession​(javax.servlet.http.HttpServletRequest req)
      Remove the user from the session and expire the session - after failed ticket auth.
      void setAuthenticationComponent​(org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent)
      Sets the authentication component.
      void setAuthenticationListener​(AuthenticationListener authenticationListener)
      Sets the authentication listener.
      void setAuthenticationService​(org.alfresco.service.cmr.security.AuthenticationService authenticationService)
      Sets the authentication service.
      void setNodeService​(org.alfresco.service.cmr.repository.NodeService nodeService)
      Sets the node service.
      void setPersonService​(org.alfresco.service.cmr.security.PersonService personService)
      Sets the person service.
      void setRemoteUserMapper​(org.alfresco.repo.security.authentication.external.RemoteUserMapper remoteUserMapper)
      Sets the remote user mapper.
      void setTransactionService​(org.alfresco.service.transaction.TransactionService transactionService)
      Sets the transaction service.
      protected void setUserAttributeName​(String userAttr)
      Set the user object attribute name.

    • Field Detail

      • NO_AUTH_REQUIRED

        protected static final String NO_AUTH_REQUIRED
        Indication by an up-stream filter that no authentication checks are required.
        See Also:
        Constant Field Values

      • authenticationService

        protected org.alfresco.service.cmr.security.AuthenticationService authenticationService
        The authentication service.

      • personService

        protected org.alfresco.service.cmr.security.PersonService personService
        The person service.

      • nodeService

        protected org.alfresco.service.cmr.repository.NodeService nodeService
        The node service.

      • transactionService

        protected org.alfresco.service.transaction.TransactionService transactionService
        The transaction service.

      • authenticationComponent

        protected org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent
        The authentication component.

      • remoteUserMapper

        protected org.alfresco.repo.security.authentication.external.RemoteUserMapper remoteUserMapper
        The remote user mapper.

      • authenticationListener

        protected AuthenticationListener authenticationListener
        The authentication listener.

    • Constructor Detail

      • BaseAuthenticationFilter

        public BaseAuthenticationFilter()

    • Method Detail

      • setAuthenticationService

        public void setAuthenticationService​(org.alfresco.service.cmr.security.AuthenticationService authenticationService)
        Sets the authentication service.
        Parameters:
        authenticationService - the authService to set

      • setPersonService

        public void setPersonService​(org.alfresco.service.cmr.security.PersonService personService)
        Sets the person service.
        Parameters:
        personService - the personService to set

      • setNodeService

        public void setNodeService​(org.alfresco.service.cmr.repository.NodeService nodeService)
        Sets the node service.
        Parameters:
        nodeService - the nodeService to set

      • setTransactionService

        public void setTransactionService​(org.alfresco.service.transaction.TransactionService transactionService)
        Sets the transaction service.
        Parameters:
        transactionService - the transactionService to set

      • setAuthenticationComponent

        public void setAuthenticationComponent​(org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent)
        Sets the authentication component.
        Parameters:
        authenticationComponent - the authentication component

      • setAuthenticationListener

        public void setAuthenticationListener​(AuthenticationListener authenticationListener)
        Sets the authentication listener.
        Parameters:
        authenticationListener - AuthenticationListener

      • setRemoteUserMapper

        public void setRemoteUserMapper​(org.alfresco.repo.security.authentication.external.RemoteUserMapper remoteUserMapper)
        Sets the remote user mapper.
        Parameters:
        remoteUserMapper - the remote user mapper

      • createUserObject

        protected SessionUser createUserObject​(String userName,
                                       String ticket,
                                       org.alfresco.service.cmr.repository.NodeRef personNode,
                                       org.alfresco.service.cmr.repository.NodeRef homeSpaceRef)
        Create the user object that will be stored in the session.
        Parameters:
        userName - String
        ticket - String
        personNode - NodeRef
        homeSpaceRef - NodeRef
        Returns:
        SessionUser

      • getSessionUser

        protected SessionUser getSessionUser​(javax.servlet.ServletContext servletContext,
                                     javax.servlet.http.HttpServletRequest httpServletRequest,
                                     javax.servlet.http.HttpServletResponse httpServletResponse,
                                     boolean externalAuth)
        Callback to get the specific impl of the Session User for a filter.
        Parameters:
        servletContext - the servlet context
        httpServletRequest - the http servlet request
        httpServletResponse - the http servlet response
        externalAuth - has the user been authenticated by SSO?
        Returns:
        User from the session

      • invalidateSession

        protected void invalidateSession​(javax.servlet.http.HttpServletRequest req)
        Remove the user from the session and expire the session - after failed ticket auth.
        Parameters:
        req - HttpServletRequest

      • doInSystemTransaction

        protected <T> T doInSystemTransaction​(org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback<T> callback)
        Executes a callback in a transaction as the system user
        Parameters:
        callback - the callback
        Returns:
        the return value from the callback

      • getUserAttributeName

        protected final String getUserAttributeName()
        Return the user object session attribute name.
        Returns:
        the user object session attribute name

      • setUserAttributeName

        protected final void setUserAttributeName​(String userAttr)
        Set the user object attribute name.
        Parameters:
        userAttr - the user object session attribute name

      • createUserEnvironment

        protected SessionUser createUserEnvironment​(javax.servlet.http.HttpSession session,
                                            String userName,
                                            String ticket,
                                            boolean externalAuth)
                                     throws IOException,
                                            javax.servlet.ServletException
        Callback to create the User environment as appropriate for a filter impl.
        Parameters:
        session - HttpSession
        userName - String
        ticket - the ticket
        externalAuth - has the user been authenticated by SSO?
        Returns:
        SessionUser
        Throws:
        IOException - Signals that an I/O exception has occurred.
        javax.servlet.ServletException - the servlet exception

      • createUserEnvironment

        protected SessionUser createUserEnvironment​(javax.servlet.http.HttpSession session,
                                            String userName)
                                     throws IOException,
                                            javax.servlet.ServletException
        Callback to create the User environment as appropriate for a filter impl
        Parameters:
        session - HttpSession
        userName - String
        Returns:
        SessionUser
        Throws:
        IOException
        javax.servlet.ServletException

      • getLogger

        protected abstract org.apache.commons.logging.Log getLogger()
        Return the logger.
        Returns:
        Log

      • handleLoginForm

        protected boolean handleLoginForm​(javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse res)
                           throws IOException,
                                  javax.servlet.ServletException
        Handles the login form directly, allowing management of the session user.
        Parameters:
        req - the request
        res - the response
        Throws:
        IOException - Signals that an I/O exception has occurred.
        javax.servlet.ServletException - on error