Package org.alfresco.repo.webdav.auth

Class BaseKerberosAuthenticationFilter

java.lang.Object

org.alfresco.repo.webdav.auth.BaseAuthenticationFilter

org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter

org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter

All Implemented Interfaces:

javax.security.auth.callback.CallbackHandler, org.alfresco.repo.management.subsystems.ActivateableBean, DependencyInjectedFilter, AuthenticationDriver, org.springframework.beans.factory.InitializingBean

Direct Known Subclasses:

KerberosAuthenticationFilter, KerberosAuthenticationFilter

public abstract class BaseKerberosAuthenticationFilter
extends BaseSSOAuthenticationFilter
implements javax.security.auth.callback.CallbackHandler

Base class with common code and initialisation for Kerberos authentication filters.

Author:

gkspencer

Field Summary

Fields inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter

loginPageLink, MIME_HTML_TEXT

Fields inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter

ARG_TICKET, AUTHENTICATION_USER, authenticationComponent, authenticationListener, authenticationService, NO_AUTH_REQUIRED, nodeService, personService, remoteUserMapper, transactionService

Fields inherited from interface org.alfresco.repo.webdav.auth.AuthenticationDriver

AUTHENTICATION_USER

Constructor Summary

Constructors

Constructor	Description
BaseKerberosAuthenticationFilter()

Method Summary

Modifier and Type	Method	Description
boolean	authenticateRequest(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)	Authenticate user based on information in http request such as Authorization header or cached session information.
protected boolean	checkLoginPage(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
void	handle(javax.security.auth.callback.Callback[] callbacks)	JAAS callback handler
protected void	init()	Initializes the filter.
void	logonStartAgain(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)	The logon to start again
void	restartLoginChallenge(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)	Restart the Kerberos logon process
void	setJaasConfigEntryName(java.lang.String jaasConfigEntryName)	Sets the HTTP service login configuration entry name.
void	setPassword(java.lang.String password)	Sets the HTTP service account password.
void	setRealm(java.lang.String realm)	Sets the HTTP service account realm.
void	setStripKerberosUsernameSuffix(boolean stripKerberosUsernameSuffix)	Indicates whether the @domain suffix should be removed from Kerberos user IDs

Methods inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter

afterPropertiesSet, allowsTicketLogons, checkForTicketParameter, doFilter, getLoginPage, getLoginPageLink, getSecurityConfigSection, getServerName, hasLoginPage, includeFallbackAuth, isActive, isFallbackEnabled, isNTLMSSPBlob, onLoginComplete, onValidate, onValidateFailed, performFallbackAuthentication, redirectToLoginPage, setActive, setFallback, setFallbackEnabled, setLoginPage, setLoginPageLink, setServerConfiguration, setTicketLogons, writeLoginPageLink

Methods inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter

createUserEnvironment, createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationComponent, setAuthenticationListener, setAuthenticationService, setNodeService, setPersonService, setRemoteUserMapper, setTransactionService, setUserAttributeName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BaseKerberosAuthenticationFilter

public BaseKerberosAuthenticationFilter()

Method Detail

setPassword

public void setPassword(java.lang.String password)

Sets the HTTP service account password. (the Principal should be configured in java.login.config)

Parameters:

password - the password to set

setRealm

public void setRealm(java.lang.String realm)

Sets the HTTP service account realm.

Parameters:

realm - the realm to set

setJaasConfigEntryName

public void setJaasConfigEntryName(java.lang.String jaasConfigEntryName)

Sets the HTTP service login configuration entry name. The default is "AlfrescoHTTP".

Parameters:

jaasConfigEntryName - the jaasConfigEntryName to set

setStripKerberosUsernameSuffix

public void setStripKerberosUsernameSuffix(boolean stripKerberosUsernameSuffix)

Indicates whether the @domain suffix should be removed from Kerberos user IDs

Parameters:

stripKerberosUsernameSuffix - true if the @domain suffix should be removed from Kerberos user IDs

init

protected void init()
             throws javax.servlet.ServletException

Description copied from class: BaseSSOAuthenticationFilter

Initializes the filter. Only called if the filter is active, as indicated by BaseSSOAuthenticationFilter.isActive(). Subclasses should override.

Overrides:

init in class BaseSSOAuthenticationFilter

Throws:

javax.servlet.ServletException

authenticateRequest

public boolean authenticateRequest(javax.servlet.ServletContext context,
                                   javax.servlet.http.HttpServletRequest req,
                                   javax.servlet.http.HttpServletResponse resp)
                            throws java.io.IOException,
                                   javax.servlet.ServletException

Description copied from interface: AuthenticationDriver

Authenticate user based on information in http request such as Authorization header or cached session information.

Specified by:

authenticateRequest in interface AuthenticationDriver

Parameters:

context - the context

req - http request

resp - http response

Returns:

true if authentication was successful

Throws:

java.io.IOException

javax.servlet.ServletException

checkLoginPage

protected boolean checkLoginPage(javax.servlet.http.HttpServletRequest req,
                                 javax.servlet.http.HttpServletResponse resp)

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException

JAAS callback handler

Specified by:

handle in interface javax.security.auth.callback.CallbackHandler

Parameters:

callbacks - Callback[]

Throws:

java.io.IOException

javax.security.auth.callback.UnsupportedCallbackException

restartLoginChallenge

public void restartLoginChallenge(javax.servlet.ServletContext context,
                                  javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse resp)
                           throws java.io.IOException

Restart the Kerberos logon process

Specified by:

restartLoginChallenge in interface AuthenticationDriver

Parameters:

context - ServletContext

req - HttpServletRequest

resp - HttpServletResponse

Throws:

java.io.IOException

logonStartAgain

public void logonStartAgain(javax.servlet.ServletContext context,
                            javax.servlet.http.HttpServletRequest req,
                            javax.servlet.http.HttpServletResponse resp)
                     throws java.io.IOException

The logon to start again

Parameters:

context - ServletContext

req - HttpServletRequest

resp - HttpServletResponse

Throws:

java.io.IOException