Class BaseSSOAuthenticationFilter

    • Constructor Detail

      • BaseSSOAuthenticationFilter

        public BaseSSOAuthenticationFilter()
    • Method Detail

      • getLoginPageLink

        public String getLoginPageLink()
        Returns:
        login page link, which is send back to the client if the login fails in the filter. Override to change the default behaviour.
      • setLoginPageLink

        public void setLoginPageLink​(String loginPageLink)
      • setServerConfiguration

        public void setServerConfiguration​(org.alfresco.filesys.ExtendedServerConfigurationAccessor serverConfiguration)
        Parameters:
        serverConfiguration - the serverConfiguration to set
      • setActive

        public final void setActive​(boolean active)
        Activates or deactivates the bean
        Parameters:
        active - true if the bean is active and initialization should complete
      • isActive

        public final boolean isActive()
        Specified by:
        isActive in interface org.alfresco.repo.management.subsystems.ActivateableBean
      • setFallback

        public final void setFallback​(AuthenticationDriver delegate)
        Sets the fallback authentication support for this filter
        Parameters:
        delegate - AuthenticationDriver
      • setFallbackEnabled

        public final void setFallbackEnabled​(boolean fallbackEnabled)
        Activates or deactivates the fallback authentication support for this filter
        Parameters:
        fallbackEnabled -
      • isFallbackEnabled

        public final boolean isFallbackEnabled()
        Returns:
        true if fallback authentication enabled
      • afterPropertiesSet

        public final void afterPropertiesSet()
                                      throws javax.servlet.ServletException
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Throws:
        javax.servlet.ServletException
      • doFilter

        public void doFilter​(javax.servlet.ServletContext context,
                             javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
                      throws IOException,
                             javax.servlet.ServletException
        Description copied from interface: DependencyInjectedFilter
        The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

        A typical implementation of this method would follow the following pattern:-
        1. Examine the request
        2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
        3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
        4. a) Either invoke the next entity in the chain using the FilterChain object ( chain.doFilter()),
        4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
        5. Directly set headers on the response after invocation of the next entity in the filter chain.

        Specified by:
        doFilter in interface DependencyInjectedFilter
        Throws:
        IOException
        javax.servlet.ServletException
      • init

        protected void init()
                     throws javax.servlet.ServletException
        Initializes the filter. Only called if the filter is active, as indicated by isActive(). Subclasses should override.
        Throws:
        javax.servlet.ServletException
      • onValidate

        protected void onValidate​(javax.servlet.ServletContext sc,
                                  javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse res,
                                  WebCredentials credentials)
        Callback executed on successful ticket validation during Type3 Message processing.
        Parameters:
        sc - the servlet context
        req - the request
        res - the response
      • onValidateFailed

        protected void onValidateFailed​(javax.servlet.ServletContext sc,
                                        javax.servlet.http.HttpServletRequest req,
                                        javax.servlet.http.HttpServletResponse res,
                                        javax.servlet.http.HttpSession session,
                                        WebCredentials credentials)
                                 throws IOException
        Callback executed on failed authentication of a user ticket during Type3 Message processing
        Parameters:
        sc - the servlet context
        req - HttpServletRequest
        res - HttpServletResponse
        session - HttpSession
        Throws:
        IOException
      • onLoginComplete

        protected boolean onLoginComplete​(javax.servlet.ServletContext sc,
                                          javax.servlet.http.HttpServletRequest req,
                                          javax.servlet.http.HttpServletResponse res,
                                          boolean userInit)
                                   throws IOException
        Callback executed on completion of NTLM login
        Parameters:
        req - HttpServletRequest
        res - HttpServletResponse
        Returns:
        true to continue filter chaining, false otherwise
        Throws:
        IOException
      • mapClientAddressToDomain

        protected final String mapClientAddressToDomain​(String clientIP)
        Map a client IP address to a domain
        Parameters:
        clientIP - String
        Returns:
        String
      • checkForTicketParameter

        protected boolean checkForTicketParameter​(javax.servlet.ServletContext servletContext,
                                                  javax.servlet.http.HttpServletRequest req,
                                                  javax.servlet.http.HttpServletResponse resp)
        Check if the request has specified a ticket parameter to bypass the standard authentication.
        Parameters:
        servletContext - the servlet context
        req - the request
        resp - the response
        Returns:
        boolean
      • redirectToLoginPage

        protected void redirectToLoginPage​(javax.servlet.http.HttpServletRequest req,
                                           javax.servlet.http.HttpServletResponse res)
                                    throws IOException
        Redirect to the login page
        Parameters:
        req - HttpServletRequest
        res - HttpServletResponse
        Throws:
        IOException
      • hasLoginPage

        protected final boolean hasLoginPage()
        Determine if the login page is available
        Returns:
        boolean
      • getLoginPage

        protected final String getLoginPage()
        Return the login page address
        Returns:
        String
      • setLoginPage

        protected final void setLoginPage​(String loginPage)
        Set the login page address
        Parameters:
        loginPage - String
      • allowsTicketLogons

        protected final boolean allowsTicketLogons()
        Check if ticket based logons are allowed
        Returns:
        boolean
      • setTicketLogons

        public final void setTicketLogons​(boolean ticketsAllowed)
        Set the ticket based logons allowed flag
        Parameters:
        ticketsAllowed - boolean
      • isNTLMSSPBlob

        protected final boolean isNTLMSSPBlob​(byte[] byts,
                                              int offset)
        Check if a security blob starts with the NTLMSSP signature
        Parameters:
        byts - byte[]
        offset - int
        Returns:
        boolean
      • getServerName

        protected String getServerName()
        Because the file server configuration may change during the lifetime of this filter, this method checks against the last configured server name before returning a cached result
        Returns:
        resolved local server name
      • getSecurityConfigSection

        protected org.alfresco.jlan.server.config.SecurityConfigSection getSecurityConfigSection()
      • writeLoginPageLink

        protected void writeLoginPageLink​(javax.servlet.ServletContext context,
                                          javax.servlet.http.HttpServletRequest req,
                                          javax.servlet.http.HttpServletResponse resp)
                                   throws IOException
        Writes link to login page and refresh tag which cause user to be redirected to the login page.
        Parameters:
        context - ServletContext
        req - HttpServletRequest
        resp - HttpServletResponse
        Throws:
        IOException
      • includeFallbackAuth

        protected void includeFallbackAuth​(javax.servlet.ServletContext context,
                                           javax.servlet.http.HttpServletRequest req,
                                           javax.servlet.http.HttpServletResponse resp)
                                    throws IOException
        Include into response authentication method that is supported by fallback mechanism
        Parameters:
        context - ServletContext
        req - HttpServletRequest
        resp - HttpServletResponse
        Throws:
        IOException
      • performFallbackAuthentication

        protected boolean performFallbackAuthentication​(javax.servlet.ServletContext context,
                                                        javax.servlet.http.HttpServletRequest req,
                                                        javax.servlet.http.HttpServletResponse resp)
                                                 throws IOException,
                                                        javax.servlet.ServletException
        Delegate authentication to the fallback mechanism
        Parameters:
        context - ServletContext
        req - HttpServletRequest
        resp - HttpServletResponse
        Returns:
        boolean
        Throws:
        IOException
        javax.servlet.ServletException