Package org.alfresco.repo.webdav.auth

Class BaseSSOAuthenticationFilter

java.lang.Object
org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
All Implemented Interfaces:
ActivateableBean, DependencyInjectedFilter, AuthenticationDriver, org.springframework.beans.factory.InitializingBean
Direct Known Subclasses:
BaseKerberosAuthenticationFilter
public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter, AuthenticationDriver, ActivateableBean, org.springframework.beans.factory.InitializingBean
Base class with common code and initialisation for single signon authentication filters.
Author:
gkspencer, kroast

  • Field Details

  • Constructor Details

    • BaseSSOAuthenticationFilter

      public BaseSSOAuthenticationFilter()

  • Method Details

    • getLoginPageLink

      public String getLoginPageLink()
      Returns:
      login page link, which is send back to the client if the login fails in the filter. Override to change the default behaviour.

    • setLoginPageLink

      public void setLoginPageLink(String loginPageLink)

    • setServerConfiguration

      public void setServerConfiguration(ExtendedServerConfigurationAccessor serverConfiguration)
      Parameters:
      serverConfiguration - the serverConfiguration to set

    • setActive

      public final void setActive(boolean active)
      Activates or deactivates the bean
      Parameters:
      active - true if the bean is active and initialization should complete

    • isActive

      public final boolean isActive()
      Specified by:
      isActive in interface ActivateableBean

    • setFallback

      public final void setFallback(AuthenticationDriver delegate)
      Sets the fallback authentication support for this filter
      Parameters:
      delegate - AuthenticationDriver

    • setFallbackEnabled

      public final void setFallbackEnabled(boolean fallbackEnabled)
      Activates or deactivates the fallback authentication support for this filter
      Parameters:
      fallbackEnabled -

    • isFallbackEnabled

      public final boolean isFallbackEnabled()
      Returns:
      true if fallback authentication enabled

    • afterPropertiesSet

      public final void afterPropertiesSet() throws jakarta.servlet.ServletException
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      jakarta.servlet.ServletException

    • doFilter

      public void doFilter(jakarta.servlet.ServletContext context, jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Description copied from interface: DependencyInjectedFilter
      The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

      A typical implementation of this method would follow the following pattern:-
      1. Examine the request
      2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
      3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
      4. a) Either invoke the next entity in the chain using the FilterChain object ( chain.doFilter()),
      4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
      5. Directly set headers on the response after invocation of the next entity in the filter chain.

      Specified by:
      doFilter in interface DependencyInjectedFilter
      Throws:
      IOException
      jakarta.servlet.ServletException

    • init

      protected void init() throws jakarta.servlet.ServletException
      Initializes the filter. Only called if the filter is active, as indicated by isActive(). Subclasses should override.
      Throws:
      jakarta.servlet.ServletException

    • onValidate

      protected void onValidate(jakarta.servlet.ServletContext sc, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, WebCredentials credentials)
      Callback executed on successful ticket validation during Type3 Message processing.
      Parameters:
      sc - the servlet context
      req - the request
      res - the response

    • onValidateFailed

      protected void onValidateFailed(jakarta.servlet.ServletContext sc, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, jakarta.servlet.http.HttpSession session, WebCredentials credentials) throws IOException
      Callback executed on failed authentication of a user ticket during Type3 Message processing
      Parameters:
      sc - the servlet context
      req - HttpServletRequest
      res - HttpServletResponse
      session - HttpSession
      Throws:
      IOException

    • onLoginComplete

      protected boolean onLoginComplete(jakarta.servlet.ServletContext sc, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, boolean userInit) throws IOException
      Callback executed on completion of NTLM login
      Parameters:
      req - HttpServletRequest
      res - HttpServletResponse
      Returns:
      true to continue filter chaining, false otherwise
      Throws:
      IOException

    • checkForTicketParameter

      protected boolean checkForTicketParameter(jakarta.servlet.ServletContext servletContext, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp)
      Check if the request has specified a ticket parameter to bypass the standard authentication.
      Parameters:
      servletContext - the servlet context
      req - the request
      resp - the response
      Returns:
      boolean

    • redirectToLoginPage

      protected void redirectToLoginPage(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) throws IOException
      Redirect to the login page
      Parameters:
      req - HttpServletRequest
      res - HttpServletResponse
      Throws:
      IOException

    • hasLoginPage

      protected final boolean hasLoginPage()
      Determine if the login page is available
      Returns:
      boolean

    • getLoginPage

      protected final String getLoginPage()
      Return the login page address
      Returns:
      String

    • setLoginPage

      protected final void setLoginPage(String loginPage)
      Set the login page address
      Parameters:
      loginPage - String

    • allowsTicketLogons

      protected final boolean allowsTicketLogons()
      Check if ticket based logons are allowed
      Returns:
      boolean

    • setTicketLogons

      public final void setTicketLogons(boolean ticketsAllowed)
      Set the ticket based logons allowed flag
      Parameters:
      ticketsAllowed - boolean

    • isNTLMSSPBlob

      protected final boolean isNTLMSSPBlob(byte[] byts, int offset)
      Check if a security blob starts with the NTLMSSP signature
      Parameters:
      byts - byte[]
      offset - int
      Returns:
      boolean

    • getServerName

      protected String getServerName()
      Because the file server configuration may change during the lifetime of this filter, this method checks against the last configured server name before returning a cached result
      Returns:
      resolved local server name

    • getSecurityConfigSection

      protected org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()

    • writeLoginPageLink

      protected void writeLoginPageLink(jakarta.servlet.ServletContext context, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws IOException
      Writes link to login page and refresh tag which cause user to be redirected to the login page.
      Parameters:
      context - ServletContext
      req - HttpServletRequest
      resp - HttpServletResponse
      Throws:
      IOException

    • includeFallbackAuth

      protected void includeFallbackAuth(jakarta.servlet.ServletContext context, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws IOException
      Include into response authentication method that is supported by fallback mechanism
      Parameters:
      context - ServletContext
      req - HttpServletRequest
      resp - HttpServletResponse
      Throws:
      IOException

    • performFallbackAuthentication

      protected boolean performFallbackAuthentication(jakarta.servlet.ServletContext context, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws IOException, jakarta.servlet.ServletException
      Delegate authentication to the fallback mechanism
      Parameters:
      context - ServletContext
      req - HttpServletRequest
      resp - HttpServletResponse
      Returns:
      boolean
      Throws:
      IOException
      jakarta.servlet.ServletException