org.alfresco.repo.webdav.auth
Class BaseSSOAuthenticationFilter

java.lang.Object
  extended by org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
      extended by org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
All Implemented Interfaces:
org.alfresco.repo.management.subsystems.ActivateableBean, DependencyInjectedFilter, AuthenticationDriver, org.springframework.beans.factory.InitializingBean
Direct Known Subclasses:
BaseKerberosAuthenticationFilter, BaseNTLMAuthenticationFilter

public abstract class BaseSSOAuthenticationFilter
extends BaseAuthenticationFilter
implements DependencyInjectedFilter, AuthenticationDriver, org.alfresco.repo.management.subsystems.ActivateableBean, org.springframework.beans.factory.InitializingBean

Base class with common code and initialisation for single signon authentication filters.


Field Summary
protected static java.lang.String MIME_HTML_TEXT
           
 
Fields inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
ARG_TICKET, AUTHENTICATION_USER, authenticationComponent, authenticationService, NO_AUTH_REQUIRED, nodeService, personService, remoteUserMapper, transactionService
 
Constructor Summary
BaseSSOAuthenticationFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
protected  boolean allowsTicketLogons()
          Check if ticket based logons are allowed
protected  boolean checkForTicketParameter(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          Check if the request has specified a ticket parameter to bypass the standard authentication.
 void doFilter(javax.servlet.ServletContext context, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
          The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
protected  java.lang.String getLoginPage()
          Return the login page address
protected  org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()
           
protected  java.lang.String getServerName()
          Because the file server configuration may change during the lifetime of this filter, this method checks against the last configured server name before returning a cached result
protected  boolean hasLoginPage()
          Determine if the login page is available
protected  void init()
          Initializes the filter.
 boolean isActive()
           
protected  boolean isNTLMSSPBlob(byte[] byts, int offset)
          Check if a security blob starts with the NTLMSSP signature
protected  java.lang.String mapClientAddressToDomain(java.lang.String clientIP)
          Map a client IP address to a domain
protected  boolean onLoginComplete(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean userInit)
          Callback executed on completion of NTLM login
protected  void onValidate(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          Callback executed on successful ticket validation during Type3 Message processing.
protected  void onValidateFailed(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, javax.servlet.http.HttpSession session)
          Callback executed on failed authentication of a user ticket during Type3 Message processing
protected  void redirectToLoginPage(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          Redirect to the login page
 void setActive(boolean active)
          Activates or deactivates the bean
protected  void setLoginPage(java.lang.String loginPage)
          Set the login page address
 void setServerConfiguration(org.alfresco.filesys.ExtendedServerConfigurationAccessor serverConfiguration)
           
 void setTicketLogons(boolean ticketsAllowed)
          Set the ticket based logons allowed flag
protected  void writeLoginPageLink(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          Writes link to login page and refresh tag which cause user to be redirected to the login page.
 
Methods inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
createUserEnvironment, createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationComponent, setAuthenticationService, setNodeService, setPersonService, setRemoteUserMapper, setTransactionService, setUserAttributeName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.alfresco.repo.webdav.auth.AuthenticationDriver
authenticateRequest, restartLoginChallenge
 

Field Detail

MIME_HTML_TEXT

protected static final java.lang.String MIME_HTML_TEXT
See Also:
Constant Field Values
Constructor Detail

BaseSSOAuthenticationFilter

public BaseSSOAuthenticationFilter()
Method Detail

setServerConfiguration

public void setServerConfiguration(org.alfresco.filesys.ExtendedServerConfigurationAccessor serverConfiguration)
Parameters:
serverConfiguration - the serverConfiguration to set

setActive

public final void setActive(boolean active)
Activates or deactivates the bean

Parameters:
active - true if the bean is active and initialization should complete

isActive

public final boolean isActive()
Specified by:
isActive in interface org.alfresco.repo.management.subsystems.ActivateableBean

afterPropertiesSet

public final void afterPropertiesSet()
                              throws javax.servlet.ServletException
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Throws:
javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletContext context,
                     javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
Description copied from interface: DependencyInjectedFilter
The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object ( chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.

Specified by:
doFilter in interface DependencyInjectedFilter
Throws:
java.io.IOException
javax.servlet.ServletException

init

protected void init()
             throws javax.servlet.ServletException
Initializes the filter. Only called if the filter is active, as indicated by BaseSSOAuthenticationFilter.isActive(). Subclasses should override.

Throws:
javax.servlet.ServletException

onValidate

protected void onValidate(javax.servlet.ServletContext sc,
                          javax.servlet.http.HttpServletRequest req,
                          javax.servlet.http.HttpServletResponse res)
Callback executed on successful ticket validation during Type3 Message processing.

Parameters:
sc - the servlet context
req - the request
res - the response

onValidateFailed

protected void onValidateFailed(javax.servlet.ServletContext sc,
                                javax.servlet.http.HttpServletRequest req,
                                javax.servlet.http.HttpServletResponse res,
                                javax.servlet.http.HttpSession session)
                         throws java.io.IOException
Callback executed on failed authentication of a user ticket during Type3 Message processing

Parameters:
sc - the servlet context
req - HttpServletRequest
res - HttpServletResponse
session - HttpSession
Throws:
java.io.IOException

onLoginComplete

protected boolean onLoginComplete(javax.servlet.ServletContext sc,
                                  javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse res,
                                  boolean userInit)
                           throws java.io.IOException
Callback executed on completion of NTLM login

Parameters:
req - HttpServletRequest
res - HttpServletResponse
Returns:
true to continue filter chaining, false otherwise
Throws:
java.io.IOException

mapClientAddressToDomain

protected final java.lang.String mapClientAddressToDomain(java.lang.String clientIP)
Map a client IP address to a domain

Parameters:
clientIP - String
Returns:
String

checkForTicketParameter

protected boolean checkForTicketParameter(javax.servlet.ServletContext servletContext,
                                          javax.servlet.http.HttpServletRequest req,
                                          javax.servlet.http.HttpServletResponse resp)
Check if the request has specified a ticket parameter to bypass the standard authentication.

Parameters:
servletContext - the servlet context
req - the request
resp - the response
Returns:
boolean

redirectToLoginPage

protected void redirectToLoginPage(javax.servlet.http.HttpServletRequest req,
                                   javax.servlet.http.HttpServletResponse res)
                            throws java.io.IOException
Redirect to the login page

Parameters:
req - HttpServletRequest
req - HttpServletResponse
Throws:
java.io.IOException

hasLoginPage

protected final boolean hasLoginPage()
Determine if the login page is available

Returns:
boolean

getLoginPage

protected final java.lang.String getLoginPage()
Return the login page address

Returns:
String

setLoginPage

protected final void setLoginPage(java.lang.String loginPage)
Set the login page address

Parameters:
loginPage - String

allowsTicketLogons

protected final boolean allowsTicketLogons()
Check if ticket based logons are allowed

Returns:
boolean

setTicketLogons

public final void setTicketLogons(boolean ticketsAllowed)
Set the ticket based logons allowed flag

Parameters:
ticketsAllowed - boolean

isNTLMSSPBlob

protected final boolean isNTLMSSPBlob(byte[] byts,
                                      int offset)
Check if a security blob starts with the NTLMSSP signature

Parameters:
byts - byte[]
offset - int
Returns:
boolean

getServerName

protected java.lang.String getServerName()
Because the file server configuration may change during the lifetime of this filter, this method checks against the last configured server name before returning a cached result

Returns:
resolved local server name

getSecurityConfigSection

protected org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()

writeLoginPageLink

protected void writeLoginPageLink(javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse resp)
                           throws java.io.IOException
Writes link to login page and refresh tag which cause user to be redirected to the login page.

Parameters:
resp - HttpServletResponse
httpSess - HttpSession
Throws:
java.io.IOException


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.