The next challenge is to try and work out how to get this authentication working with webdav
Update:
One way to do this this is to bypass CAS and authenticate against the underlying CAS datastore directly by adding a new authentication component.
Of course this means that you are not using CAS but then as you are likely to be accessing WebDAV outside of the browser the single sign on capabilities are not particularly relevant
We use Drupal as our underlying CAS data store so there's a bit of custom code here - you may be able to just configure the authentication chain if you're using a different method e.g. LDAP
So in alfresco-global.properties add to the authentication chain:
authentication.chain=cas:external,localDrupal:drupal
drupal.db.driver=org.gjt.mm.mysql.Driver drupal.db.username=drupal drupal.db.password=drupal drupal.db.url=jdbc:mysql://localhost:3306/drupal6I'm not going to cover ensuring that you have access to the mysql database here. If it's on a different machine you'll need to configure MySQL as well as any firewall rules.
Next it's time to tell Alfresco about the new component that you are creating so create the directory alfresco/subsystems/Authentication/drupal and add the following files:
drupal-authentication-context.xml
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" xsi:schemalocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" id="drupalDataSource">
<property name="driverClassName" value="${drupal.db.driver}">
<property name="url" value="${drupal.db.url}">
<property name="username" value="${drupal.db.username}">
<property name="password" value="${drupal.db.password}">
<property name="validationQuery" value="SELECT 1">
<property name="testOnBorrow" value="true">
<property name="defaultAutoCommit" value="false">
<property name="maxWait" value="5000">
</property></property></property></property></property></property></property></property></bean>
<bean class="mypackage.authentication.DrupalAuthenticationComponentImpl" id="drupalAuthenticationComponent" parent="authenticationComponentBase">
<property name="dataSource" ref="drupalDataSource">
<property name="nodeService">
<ref bean="nodeService">
</ref></property>
<property name="personService">
<ref bean="personService">
</ref></property>
<property name="transactionService">
<ref bean="transactionService">
</ref></property>
</property></bean>
<bean class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean" id="AuthenticationComponent">
<property name="proxyInterfaces">
<value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager">
</ref></property>
<property name="target">
<ref bean="drupalAuthenticationComponent">
</ref></property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl" id="localAuthenticationService">
<property name="ticketComponent">
<ref bean="ticketComponent">
</ref></property>
<property name="authenticationComponent">
<ref bean="drupalAuthenticationComponent">
</ref></property>
<property name="sysAdminParams">
<ref bean="sysAdminParams">
</ref></property>
</bean>
</beans>
drupal-authentication.properties
drupal.db.driver=org.gjt.mm.mysql.Driver
drupal.db.username=drupal
drupal.db.password=drupal
drupal.db.url=jdbc:mysql://localhost:3306/drupal6
package mypackage.cms.authentication;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import javax.sql.DataSource;
import java.security.MessageDigest;
/**
* Authenticates a user by Drupal.
*
* The authentication is done against the database table USERS and the
* column NAME (username) and column PASS (MD5 password)
*
* Tested with Drupal 6
*
*/
public class DrupalAuthenticationComponentImpl extends AbstractAuthenticationComponent implements ActivateableBean {
public static final String GET_USER_PWD_SQL = "SELECT PASS FROM USERS WHERE NAME=?";
private final Log logger = LogFactory.getLog(getClass());
private JdbcTemplate m_jdbcTemplate;
private boolean m_active = true;
public DrupalAuthenticationComponentImpl() {
super();
}
public void setActive(boolean active) {
m_active = active;
}
public void setDataSource(DataSource dataSource) {
m_jdbcTemplate = new JdbcTemplate(dataSource);
}
/*
* (non-Javadoc)
* @see org.alfresco.repo.management.subsystems.ActivateableBean#isActive()
*/
public boolean isActive() {
return m_active;
}
/**
* Authenticate against the Drupal database
*
* @param userName the username to authenticate
* @param password the password to authenticate (passed in as plain text)
* @throws AuthenticationException if authentication failed
*/
@Override
protected void authenticateImpl(String userName, char[] password) throws AuthenticationException {
String userPwd = new String(password);
// Generate an MD5 hash for the password as that is what we get back from Drupal
// Get the value as hex
String userPwdMd5 = DigestUtils.md5Hex(userPwd);
if (logger.isDebugEnabled()) {
logger.debug("About to authenticate user: " + userName + " with MD5 password: " + userPwdMd5);
}
try {
String drupalPwdMd5 = m_jdbcTemplate.queryForObject(GET_USER_PWD_SQL, new Object[]{userName}, String.class);
if (logger.isDebugEnabled()) {
logger.debug("Got MD5 password from Drupal database: " + drupalPwdMd5);
}
if (StringUtils.isNotBlank(drupalPwdMd5)) {
if (MessageDigest.isEqual(userPwdMd5.getBytes(), drupalPwdMd5.getBytes())) {
// Authentication has been successful.
// Set the current user, they are now authenticated.
setCurrentUser(userName);
} else {
throw new AuthenticationException("Access denied for user: " + userName +
", incorrect password provided.");
}
} else {
throw new AuthenticationException(
"Password in Drupal database is blank, empty, or null for user: " + userName);
}
} catch (DataAccessException dae) {
throw new AuthenticationException(
"Error getting password from Drupal database for user: " + userName +
", user may not exist in the Drupal database", dae);
}
}
@Override
protected boolean implementationAllowsGuestLogin() {
return true;
}
}
No comments:
Post a Comment