org.alfresco.repo.webdav.auth
Class BaseSSOAuthenticationFilter

java.lang.Object
  extended by org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
      extended by org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
All Implemented Interfaces:
org.alfresco.repo.management.subsystems.ActivateableBean, DependencyInjectedFilter, org.springframework.beans.factory.InitializingBean
Direct Known Subclasses:
BaseKerberosAuthenticationFilter, BaseNTLMAuthenticationFilter

public abstract class BaseSSOAuthenticationFilter
extends BaseAuthenticationFilter
implements DependencyInjectedFilter, org.alfresco.repo.management.subsystems.ActivateableBean, org.springframework.beans.factory.InitializingBean

Base class with common code and initialisation for single signon authentication filters.


Field Summary
protected  org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent
           
protected static java.lang.String NO_AUTH_REQUIRED
           
 
Fields inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
ARG_TICKET, AUTHENTICATION_USER, authenticationService, nodeService, personService, transactionService
 
Constructor Summary
BaseSSOAuthenticationFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
protected  boolean allowsTicketLogons()
          Check if ticket based logons are allowed
protected  boolean checkForTicketParameter(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          Check if the request has specified a ticket parameter to bypass the standard authentication.
protected  SessionUser createUserEnvironment(javax.servlet.http.HttpSession session, java.lang.String userName)
          Callback to create the User environment as appropriate for a filter impl
protected  java.lang.String getLoginPage()
          Return the login page address
protected  org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()
           
protected  java.lang.String getServerName()
          Because the file server configuration may change during the lifetime of this filter, this method checks against the last configured server name before returning a cached result
protected  boolean hasLoginPage()
          Determine if the login page is available
protected  void init()
          Initializes the filter.
 boolean isActive()
           
protected  boolean isNTLMSSPBlob(byte[] byts, int offset)
          Check if a security blob starts with the NTLMSSP signature
protected  java.lang.String mapClientAddressToDomain(java.lang.String clientIP)
          Map a client IP address to a domain
protected  boolean onLoginComplete(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean userInit)
          Callback executed on completion of NTLM login
protected  void onValidate(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          Callback executed on successful ticket validation during Type3 Message processing.
protected  void onValidateFailed(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, javax.servlet.http.HttpSession session)
          Callback executed on failed authentication of a user ticket during Type3 Message processing
protected  void redirectToLoginPage(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          Redirect to the login page
 void setActive(boolean active)
          Activates or deactivates the bean
 void setAuthenticationComponent(org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent)
           
protected  void setLoginPage(java.lang.String loginPage)
          Set the login page address
 void setServerConfiguration(org.alfresco.filesys.ExtendedServerConfigurationAccessor serverConfiguration)
           
protected  void setTicketLogons(boolean ticketsAllowed)
          Set the ticket based logons allowed flag
 
Methods inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationService, setNodeService, setPersonService, setTransactionService, setUserAttributeName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.alfresco.repo.web.filter.beans.DependencyInjectedFilter
doFilter
 

Field Detail

NO_AUTH_REQUIRED

protected static final java.lang.String NO_AUTH_REQUIRED
See Also:
Constant Field Values

authenticationComponent

protected org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent
Constructor Detail

BaseSSOAuthenticationFilter

public BaseSSOAuthenticationFilter()
Method Detail

setServerConfiguration

public void setServerConfiguration(org.alfresco.filesys.ExtendedServerConfigurationAccessor serverConfiguration)
Parameters:
serverConfiguration - the serverConfiguration to set

setAuthenticationComponent

public void setAuthenticationComponent(org.alfresco.repo.security.authentication.AuthenticationComponent authenticationComponent)
Parameters:
authenticationComponent - the authenticationComponent to set

setActive

public final void setActive(boolean active)
Activates or deactivates the bean

Parameters:
active - true if the bean is active and initialization should complete

isActive

public final boolean isActive()
Specified by:
isActive in interface org.alfresco.repo.management.subsystems.ActivateableBean

afterPropertiesSet

public final void afterPropertiesSet()
                              throws javax.servlet.ServletException
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Throws:
javax.servlet.ServletException

init

protected void init()
             throws javax.servlet.ServletException
Initializes the filter. Only called if the filter is active, as indicated by BaseSSOAuthenticationFilter.isActive(). Subclasses should override.

Throws:
javax.servlet.ServletException

createUserEnvironment

protected SessionUser createUserEnvironment(javax.servlet.http.HttpSession session,
                                            java.lang.String userName)
                                     throws java.io.IOException,
                                            javax.servlet.ServletException
Callback to create the User environment as appropriate for a filter impl

Parameters:
session - HttpSession
userName - String
Returns:
SessionUser
Throws:
java.io.IOException
javax.servlet.ServletException

onValidate

protected void onValidate(javax.servlet.ServletContext sc,
                          javax.servlet.http.HttpServletRequest req,
                          javax.servlet.http.HttpServletResponse res)
Callback executed on successful ticket validation during Type3 Message processing.

Parameters:
sc - the servlet context
req - the request
res - the response

onValidateFailed

protected void onValidateFailed(javax.servlet.http.HttpServletRequest req,
                                javax.servlet.http.HttpServletResponse res,
                                javax.servlet.http.HttpSession session)
                         throws java.io.IOException
Callback executed on failed authentication of a user ticket during Type3 Message processing

Parameters:
req - HttpServletRequest
res - HttpServletResponse
session - HttpSession
Throws:
java.io.IOException

onLoginComplete

protected boolean onLoginComplete(javax.servlet.ServletContext sc,
                                  javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse res,
                                  boolean userInit)
                           throws java.io.IOException
Callback executed on completion of NTLM login

Parameters:
req - HttpServletRequest
res - HttpServletResponse
Returns:
true to continue filter chaining, false otherwise
Throws:
java.io.IOException

mapClientAddressToDomain

protected final java.lang.String mapClientAddressToDomain(java.lang.String clientIP)
Map a client IP address to a domain

Parameters:
clientIP - String
Returns:
String

checkForTicketParameter

protected boolean checkForTicketParameter(javax.servlet.ServletContext servletContext,
                                          javax.servlet.http.HttpServletRequest req,
                                          javax.servlet.http.HttpServletResponse resp)
Check if the request has specified a ticket parameter to bypass the standard authentication.

Parameters:
servletContext - the servlet context
req - the request
resp - the response
Returns:
boolean

redirectToLoginPage

protected void redirectToLoginPage(javax.servlet.http.HttpServletRequest req,
                                   javax.servlet.http.HttpServletResponse res)
                            throws java.io.IOException
Redirect to the login page

Parameters:
req - HttpServletRequest
req - HttpServletResponse
Throws:
java.io.IOException

hasLoginPage

protected final boolean hasLoginPage()
Determine if the login page is available

Returns:
boolean

getLoginPage

protected final java.lang.String getLoginPage()
Return the login page address

Returns:
String

setLoginPage

protected final void setLoginPage(java.lang.String loginPage)
Set the login page address

Parameters:
loginPage - String

allowsTicketLogons

protected final boolean allowsTicketLogons()
Check if ticket based logons are allowed

Returns:
boolean

setTicketLogons

protected final void setTicketLogons(boolean ticketsAllowed)
Set the ticket based logons allowed flag

Parameters:
ticketsAllowed - boolean

isNTLMSSPBlob

protected final boolean isNTLMSSPBlob(byte[] byts,
                                      int offset)
Check if a security blob starts with the NTLMSSP signature

Parameters:
byts - byte[]
offset - int
Returns:
boolean

getServerName

protected java.lang.String getServerName()
Because the file server configuration may change during the lifetime of this filter, this method checks against the last configured server name before returning a cached result

Returns:
resolved local server name

getSecurityConfigSection

protected org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.