public class SlingshotAlfrescoConnector
extends org.springframework.extensions.webscripts.connector.AlfrescoConnector
AlfrescoConnector
to allow the connection from Share
to the Alfresco Repository to use a configurable HTTP header for the
authenticated user name. Allows both Share and Repository to use the same
HTTP header, when an external SSO is unable to provide the user name in the
default Alfresco Repository header "X-Alfresco-Remote-User"
.
The user name from the header is also used by SSOAuthenticationFilter
for incoming request to Share to return the user name from
HttpServletRequest#getRemoteUser
.
The name of the header to be used is defined in the userHeader element of the Alfresco Connector definition (see share-config-custom.xml.sample). Also note the class element specifies this class. For example:
<connector> <id>alfrescoCookie</id> <name>Alfresco Connector</name> <description>Connects to an Alfresco instance using cookie-based authentication</description> <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class> <userHeader>SsoUserHeader</userHeader> </connector>This class does not suppress sending the user name in the default Alfresco Repository header
"X-Alfresco-Remote-User"
but will also send the user name in the configurable
header when it has been configured.
The Alfresco global property external.authentication.proxyHeader
still needs to
be configured on the Repository side to define which header will be used. For example:
authentication.chain=MySso:external,alfrescoNtlm1:alfrescoNtlm external.authentication.proxyUserName= external.authentication.proxyHeader=SsoUserHeaderWhen using the default Alfresco Repository header (X-Alfresco-Remote-User") Share and the Alfresco Repository must be protected against direct access from other clients. The same is true when using a configurable header. The reason is that Share and Alfresco just accept the header value as valid. Without this protection, it would be possible to log in as any user simply by setting the header.
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CS_PARAM_USER_HEADER
The name of the property in the
ConnectorSession that
contains the name of the HTTP header used by an external SSO
to provide the authenticated user name. |
Constructor and Description |
---|
SlingshotAlfrescoConnector(org.springframework.extensions.config.RemoteConfigElement.ConnectorDescriptor descriptor,
java.lang.String endpoint) |
Modifier and Type | Method and Description |
---|---|
protected void |
applyRequestHeaders(org.springframework.extensions.webscripts.connector.RemoteClient remoteClient,
org.springframework.extensions.webscripts.connector.ConnectorContext context)
Overrides the super method to add the HTTP header used by an external SSO
to provide the authenticated user name when calling alfresco from share.
|
void |
setConnectorSession(org.springframework.extensions.webscripts.connector.ConnectorSession connectorSession)
Overrides super method to set the CS_PARAM_USER_HEADER.
|
applyRequestAuthentication
call, call, call, call, initRemoteClient, processResponse
public static final java.lang.String CS_PARAM_USER_HEADER
ConnectorSession
that
contains the name of the HTTP header used by an external SSO
to provide the authenticated user name.public SlingshotAlfrescoConnector(org.springframework.extensions.config.RemoteConfigElement.ConnectorDescriptor descriptor, java.lang.String endpoint)
public void setConnectorSession(org.springframework.extensions.webscripts.connector.ConnectorSession connectorSession)
ConnectorService#getConnector
when
it constructs a Connector
.setConnectorSession
in interface org.springframework.extensions.webscripts.connector.Connector
setConnectorSession
in class org.springframework.extensions.webscripts.connector.AbstractConnector
protected void applyRequestHeaders(org.springframework.extensions.webscripts.connector.RemoteClient remoteClient, org.springframework.extensions.webscripts.connector.ConnectorContext context)
applyRequestHeaders
in class org.springframework.extensions.webscripts.connector.HttpConnector
Copyright © 2005 - 2013 Alfresco Software, Inc. All Rights Reserved.