1 17 18 package org.alfresco.repo.webdav.auth; 19 20 import java.io.IOException ; 21 22 import javax.servlet.Filter ; 23 import javax.servlet.FilterChain ; 24 import javax.servlet.FilterConfig ; 25 import javax.servlet.ServletContext ; 26 import javax.servlet.ServletException ; 27 import javax.servlet.ServletRequest ; 28 import javax.servlet.ServletResponse ; 29 import javax.servlet.http.HttpServletRequest ; 30 import javax.servlet.http.HttpServletResponse ; 31 32 import org.alfresco.model.ContentModel; 33 import org.alfresco.repo.security.authentication.AuthenticationException; 34 import org.alfresco.service.ServiceRegistry; 35 import org.alfresco.service.cmr.repository.NodeRef; 36 import org.alfresco.service.cmr.repository.NodeService; 37 import org.alfresco.service.cmr.security.AuthenticationService; 38 import org.alfresco.service.cmr.security.NoSuchPersonException; 39 import org.alfresco.service.cmr.security.PersonService; 40 import org.apache.commons.codec.binary.Base64; 41 import org.springframework.web.context.WebApplicationContext; 42 import org.springframework.web.context.support.WebApplicationContextUtils; 43 44 49 public class AuthenticationFilter implements Filter 50 { 51 53 public final static String AUTHENTICATION_USER = "_alfDAVAuthTicket"; 54 55 57 private ServletContext m_context; 58 59 61 private AuthenticationService m_authService; 62 private PersonService m_personService; 63 private NodeService m_nodeService; 64 65 71 public void init(FilterConfig config) throws ServletException 72 { 73 75 m_context = config.getServletContext(); 76 77 79 WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(m_context); 80 81 ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY); 82 m_nodeService = serviceRegistry.getNodeService(); 83 m_authService = serviceRegistry.getAuthenticationService(); 84 m_personService = (PersonService) ctx.getBean("PersonService"); } 86 87 96 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException , 97 ServletException 98 { 99 101 HttpServletRequest httpReq = (HttpServletRequest ) req; 102 HttpServletResponse httpResp = (HttpServletResponse ) resp; 103 104 106 WebDAVUser user = (WebDAVUser) httpReq.getSession().getAttribute(AUTHENTICATION_USER); 107 108 if (user == null) 109 { 110 112 String authHdr = httpReq.getHeader("Authorization"); 113 114 if ( authHdr != null && authHdr.length() > 5 && authHdr.substring(0,5).equalsIgnoreCase("BASIC")) 115 { 116 118 String basicAuth = new String (Base64.decodeBase64(authHdr.substring(5).getBytes())); 119 120 122 String username = null; 123 String password = null; 124 125 int pos = basicAuth.indexOf(":"); 126 if ( pos != -1) 127 { 128 username = basicAuth.substring(0, pos); 129 password = basicAuth.substring(pos + 1); 130 } 131 else 132 { 133 username = basicAuth; 134 password = ""; 135 } 136 137 try 138 { 139 m_authService.authenticate(username, password.toCharArray()); 141 142 NodeRef personNodeRef = m_personService.getPerson(username); 144 NodeRef homeSpaceRef = (NodeRef) m_nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER); 145 user = new WebDAVUser(username, m_authService.getCurrentTicket(), homeSpaceRef); 147 148 httpReq.getSession().setAttribute(AUTHENTICATION_USER, user); 149 } 150 catch ( AuthenticationException ex) 151 { 152 } 154 catch (NoSuchPersonException e) 155 { 156 } 158 } 159 160 162 if ( user == null) 163 { 164 166 httpResp.setHeader("WWW-Authenticate", "BASIC realm=\"Alfresco DAV Server\""); 167 httpResp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 168 169 httpResp.flushBuffer(); 170 return; 171 } 172 } 173 else 174 { 175 177 m_authService.validate(user.getTicket()); 178 179 181 } 183 184 186 chain.doFilter(req, resp); 187 } 188 189 192 public void destroy() 193 { 194 } 196 } 197 | Popular Tags |