AuthenticationFilter


1   /*
2    * Copyright (C) 2005 Alfresco, Inc.
3    *
4    * Licensed under the Mozilla Public License version 1.1 
5    * with a permitted attribution clause. You may obtain a
6    * copy of the License at
7    *
8    *   http://www.alfresco.org/legal/license.txt
9    *
10   * Unless required by applicable law or agreed to in writing,
11   * software distributed under the License is distributed on an
12   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13   * either express or implied. See the License for the specific
14   * language governing permissions and limitations under the
15   * License.
16   */
17  
18  package org.alfresco.repo.webdav.auth;
19  
20  import java.io.IOException  ;
21  
22  import javax.servlet.Filter  ;
23  import javax.servlet.FilterChain  ;
24  import javax.servlet.FilterConfig  ;
25  import javax.servlet.ServletContext  ;
26  import javax.servlet.ServletException  ;
27  import javax.servlet.ServletRequest  ;
28  import javax.servlet.ServletResponse  ;
29  import javax.servlet.http.HttpServletRequest  ;
30  import javax.servlet.http.HttpServletResponse  ;
31  
32  import org.alfresco.model.ContentModel;
33  import org.alfresco.repo.security.authentication.AuthenticationException;
34  import org.alfresco.service.ServiceRegistry;
35  import org.alfresco.service.cmr.repository.NodeRef;
36  import org.alfresco.service.cmr.repository.NodeService;
37  import org.alfresco.service.cmr.security.AuthenticationService;
38  import org.alfresco.service.cmr.security.NoSuchPersonException;
39  import org.alfresco.service.cmr.security.PersonService;
40  import org.apache.commons.codec.binary.Base64;
41  import org.springframework.web.context.WebApplicationContext;
42  import org.springframework.web.context.support.WebApplicationContextUtils;
43  
44  /**
45   * WebDAV Authentication Filter Class
46   * 
47   * @author GKSpencer
48   */
49  public class AuthenticationFilter implements Filter  
50  {
51      // Authenticated user session object name
52  
53      public final static String   AUTHENTICATION_USER = "_alfDAVAuthTicket";
54  
55      // Servlet context
56  
57      private ServletContext   m_context;
58  
59      // Various services required by NTLM authenticator
60      
61      private AuthenticationService m_authService;
62      private PersonService m_personService;
63      private NodeService m_nodeService;
64      
65      /**
66       * Initialize the filter
67       * 
68       * @param config FitlerConfig
69       * @exception ServletException
70       */
71      public void init(FilterConfig   config) throws ServletException  
72      {
73          // Save the context
74  
75          m_context = config.getServletContext();
76  
77          // Setup the authentication context
78  
79          WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(m_context);
80          
81          ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
82          m_nodeService = serviceRegistry.getNodeService();
83          m_authService = serviceRegistry.getAuthenticationService();
84          m_personService = (PersonService) ctx.getBean("PersonService");   // transactional and permission-checked
85      }
86  
87      /**
88       * Run the authentication filter
89       * 
90       * @param req ServletRequest
91       * @param resp ServletResponse
92       * @param chain FilterChain
93       * @exception ServletException
94       * @exception IOException
95       */
96      public void doFilter(ServletRequest   req, ServletResponse   resp, FilterChain   chain) throws IOException  ,
97              ServletException  
98      {
99          // Assume it's an HTTP request
100 
101         HttpServletRequest   httpReq = (HttpServletRequest  ) req;
102         HttpServletResponse   httpResp = (HttpServletResponse  ) resp;
103 
104         // Get the user details object from the session
105 
106         WebDAVUser user = (WebDAVUser) httpReq.getSession().getAttribute(AUTHENTICATION_USER);
107 
108         if (user == null)
109         {
110             // Get the authorization header
111             
112             String   authHdr = httpReq.getHeader("Authorization");
113             
114             if ( authHdr != null && authHdr.length() > 5 && authHdr.substring(0,5).equalsIgnoreCase("BASIC"))
115             {
116                 // Basic authentication details present
117 
118                 String   basicAuth = new String  (Base64.decodeBase64(authHdr.substring(5).getBytes()));
119                 
120                 // Split the username and password
121                 
122                 String   username = null;
123                 String   password = null;
124                 
125                 int pos = basicAuth.indexOf(":");
126                 if ( pos != -1)
127                 {
128                     username = basicAuth.substring(0, pos);
129                     password = basicAuth.substring(pos + 1);
130                 }
131                 else
132                 {
133                     username = basicAuth;
134                     password = "";
135                 }
136                 
137                 try
138                 {
139                     // Authenticate the user
140                     m_authService.authenticate(username, password.toCharArray());
141                     
142                     // Get the user node and home folder
143                     NodeRef personNodeRef = m_personService.getPerson(username);
144                     NodeRef homeSpaceRef = (NodeRef) m_nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
145                     // Setup User object and Home space ID etc.
146                     user = new WebDAVUser(username, m_authService.getCurrentTicket(), homeSpaceRef);
147                     
148                     httpReq.getSession().setAttribute(AUTHENTICATION_USER, user);
149                 }
150                 catch ( AuthenticationException ex)
151                 {
152                     // Do nothing, user object will be null
153                 }
154                 catch (NoSuchPersonException e)
155                 {
156                     // Do nothing, user object will be null
157                 }
158             }
159             
160             // Check if the user is authenticated, if not then prompt again
161             
162             if ( user == null)
163             {
164                 // No user/ticket, force the client to prompt for logon details
165     
166                 httpResp.setHeader("WWW-Authenticate", "BASIC realm=\"Alfresco DAV Server\"");
167                 httpResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
168     
169                 httpResp.flushBuffer();
170                 return;
171             }
172         }
173         else
174         {
175             // Setup the authentication context
176 
177             m_authService.validate(user.getTicket());
178 
179             // Set the current locale
180 
181             // I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession()));
182         }
183 
184         // Chain other filters
185 
186         chain.doFilter(req, resp);
187     }
188 
189     /**
190      * Cleanup filter resources
191      */
192     public void destroy()
193     {
194         // Nothing to do
195     }
196 }
197
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags