org.alfresco.web.app.servlet
Class AuthenticationHelper

java.lang.Object
  extended by org.alfresco.web.app.servlet.AuthenticationHelper

public final class AuthenticationHelper
extends java.lang.Object

Helper to authenticate the current user using available Ticket information.

User information is looked up in the Session. If found the ticket is retrieved and validated. If the ticket is invalid then a redirect is performed to the login page.

If no User info is found then a search will be made for a previous username stored in a Cookie value. If the username if found then a redirect to the Login page will occur. If no username is found then Guest access login will be attempted by the system. Guest access can be forced with the appropriate method call.


Field Summary
static java.lang.String AUTHENTICATION_USER
          session variables
static java.lang.String LOGIN_BEAN
          JSF bean IDs
static java.lang.String SESSION_INVALIDATED
           
static java.lang.String SESSION_USERNAME
           
 
Constructor Summary
AuthenticationHelper()
           
 
Method Summary
static AuthenticationStatus authenticate(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean forceGuest)
          Helper to authenticate the current user using session based Ticket information.
static AuthenticationStatus authenticate(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean forceGuest, boolean allowGuest)
          Helper to authenticate the current user using session based Ticket information.
static AuthenticationStatus authenticate(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, java.lang.String ticket)
          Helper to authenticate the current user using the supplied Ticket value.
static javax.servlet.http.Cookie getAuthCookie(javax.servlet.http.HttpServletRequest httpRequest)
          Helper to return the Alfresco auth cookie.
static java.lang.String getAuthCookieValue(javax.servlet.http.Cookie authCookie)
          Gets the decoded auth cookie value.
static java.lang.String getRemoteUser(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest httpRequest)
          Uses the remote user mapper, if one is configured, to extract a user ID from the request
static User getUser(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
          Attempts to retrieve the User object stored in the current session.
static User portalGuestAuthenticate(org.springframework.web.context.WebApplicationContext ctx, org.alfresco.service.cmr.security.AuthenticationService auth)
          For no previous authentication or forced Guest - attempt Guest access
static void setupThread(javax.servlet.ServletContext sc, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, boolean useInterfaceLanguage)
          Does all the stuff you need to do after successfully authenticating/validating a user ticket to set up the request thread.
static User setUser(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, java.lang.String currentUsername, java.lang.String ticket, boolean externalAuth)
          Creates an object for an authenticated user and stores it in the session.
static void setUsernameCookie(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, java.lang.String username)
          Setup the Alfresco auth cookie value.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

AUTHENTICATION_USER

public static final java.lang.String AUTHENTICATION_USER
session variables

See Also:
Constant Field Values

SESSION_USERNAME

public static final java.lang.String SESSION_USERNAME
See Also:
Constant Field Values

SESSION_INVALIDATED

public static final java.lang.String SESSION_INVALIDATED
See Also:
Constant Field Values

LOGIN_BEAN

public static final java.lang.String LOGIN_BEAN
JSF bean IDs

See Also:
Constant Field Values
Constructor Detail

AuthenticationHelper

public AuthenticationHelper()
Method Detail

setupThread

public static void setupThread(javax.servlet.ServletContext sc,
                               javax.servlet.http.HttpServletRequest req,
                               javax.servlet.http.HttpServletResponse res,
                               boolean useInterfaceLanguage)
Does all the stuff you need to do after successfully authenticating/validating a user ticket to set up the request thread. A useful utility method for an authentication filter.

Parameters:
sc - the servlet context
req - the request
res - the response

authenticate

public static AuthenticationStatus authenticate(javax.servlet.ServletContext sc,
                                                javax.servlet.http.HttpServletRequest req,
                                                javax.servlet.http.HttpServletResponse res,
                                                boolean forceGuest)
                                         throws java.io.IOException
Helper to authenticate the current user using session based Ticket information.

User information is looked up in the Session. If found the ticket is retrieved and validated. If no User info is found or the ticket is invalid then a redirect is performed to the login page.

Parameters:
forceGuest - True to force a Guest login attempt
Returns:
AuthenticationStatus result.
Throws:
java.io.IOException

authenticate

public static AuthenticationStatus authenticate(javax.servlet.ServletContext sc,
                                                javax.servlet.http.HttpServletRequest req,
                                                javax.servlet.http.HttpServletResponse res,
                                                boolean forceGuest,
                                                boolean allowGuest)
                                         throws java.io.IOException
Helper to authenticate the current user using session based Ticket information.

User information is looked up in the Session. If found the ticket is retrieved and validated. If no User info is found or the ticket is invalid then a redirect is performed to the login page.

Parameters:
forceGuest - True to force a Guest login attempt
allowGuest - True to allow the Guest user if no user object represent
Returns:
AuthenticationStatus result.
Throws:
java.io.IOException

authenticate

public static AuthenticationStatus authenticate(javax.servlet.ServletContext context,
                                                javax.servlet.http.HttpServletRequest httpRequest,
                                                javax.servlet.http.HttpServletResponse httpResponse,
                                                java.lang.String ticket)
                                         throws java.io.IOException
Helper to authenticate the current user using the supplied Ticket value.

Returns:
true if authentication successful, false otherwise.
Throws:
java.io.IOException

setUser

public static User setUser(javax.servlet.ServletContext context,
                           javax.servlet.http.HttpServletRequest req,
                           java.lang.String currentUsername,
                           java.lang.String ticket,
                           boolean externalAuth)
Creates an object for an authenticated user and stores it in the session.

Parameters:
context - the servlet context
req - the request
currentUsername - the current user name
ticket - a validated ticket
externalAuth - was this user authenticated externally?
Returns:
the user object

portalGuestAuthenticate

public static User portalGuestAuthenticate(org.springframework.web.context.WebApplicationContext ctx,
                                           org.alfresco.service.cmr.security.AuthenticationService auth)
For no previous authentication or forced Guest - attempt Guest access

Parameters:
ctx - WebApplicationContext
auth - AuthenticationService

getRemoteUser

public static java.lang.String getRemoteUser(javax.servlet.ServletContext sc,
                                             javax.servlet.http.HttpServletRequest httpRequest)
Uses the remote user mapper, if one is configured, to extract a user ID from the request

Parameters:
sc - the servlet context
httpRequest - The HTTP request
Returns:
the user ID if a user has been externally authenticated or null otherwise.

getUser

public static User getUser(javax.servlet.ServletContext sc,
                           javax.servlet.http.HttpServletRequest httpRequest,
                           javax.servlet.http.HttpServletResponse httpResponse)
Attempts to retrieve the User object stored in the current session.

Parameters:
sc - the servlet context
httpRequest - The HTTP request
httpResponse - The HTTP response
Returns:
The User object representing the current user or null if it could not be found

setUsernameCookie

public static void setUsernameCookie(javax.servlet.http.HttpServletRequest httpRequest,
                                     javax.servlet.http.HttpServletResponse httpResponse,
                                     java.lang.String username)
Setup the Alfresco auth cookie value.

Parameters:
httpRequest -
httpResponse -
username -

getAuthCookie

public static javax.servlet.http.Cookie getAuthCookie(javax.servlet.http.HttpServletRequest httpRequest)
Helper to return the Alfresco auth cookie. The cookie saves the last used username value.

Parameters:
httpRequest -
Returns:
Cookie if found or null if not present

getAuthCookieValue

public static java.lang.String getAuthCookieValue(javax.servlet.http.Cookie authCookie)
Gets the decoded auth cookie value.

Parameters:
authCookie - the auth cookie
Returns:
the auth cookie value


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.