[Ecm] Nuxeo 5.2.0 : Login Anonymous + CAS

Fri, 10 Jul 2009 06:12:47 -0700 

Hi All,
We use Nuxeo 5.2.0 and nuxeo-platform-login-cas2 (we got it from mercurial and deployed it like a plugin with maven). 

Here the authenticationChain that we use :

               <plugin>BASIC_AUTH</plugin>
               <plugin>ANONYMOUS_AUTH</plugin>
               <plugin>CAS2_AUTH</plugin>



We had some problems between Anonymous Authentication and CAS 
Authentication.



For example, if you're trying first to log in with CAS but you decide to 
abort it at last - you can't :
you never retrieve an anonymous session (you must to clean your cookies 
to retrieve it in fact so that you have a new session on Nuxeo).
For us it's a problem, because some documents can be read by anonymous 
and some others not - here if an anonymous user tries to access to a 
secured document, then the cas authentication prompt is displayed at him 
for ever ... even if he tries to get a public document :-(



So like workaround, we patched NuxeoAuthenticationFilter 
(nuxeo-platform-web-common) and Cas2Authenticator 
(nuxeo-platform-login-cas2).
It works well but it's just a "workaround" (it can give some ideas to 
others to make a better patch directly on Nuxeo maybe).


Thank you,
Vincent.



diff -r 9b120c9a5f82 nuxeo-platform-web-common/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/NuxeoAuthenticationFilter.java
--- a/nuxeo-platform-web-common/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/NuxeoAuthenticationFilter.java	Fri May 15 18:33:52 2009 +0200
+++ b/nuxeo-platform-web-common/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/NuxeoAuthenticationFilter.java	Fri Jun 26 15:46:45 2009 +0200
@@ -615,7 +615,12 @@
         logLogout(cachedUserInfo.getUserInfo());
 
         // invalidate Session !
-        service.invalidateSession(request);
+        // vb : but keep the requestPage in memory
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        String requestPage = getSavedRequestedURL(httpServletRequest);
+        service.invalidateSession(httpServletRequest);
+        HttpSession session = httpServletRequest.getSession();
+        session.setAttribute(START_PAGE_SAVE_KEY, requestPage);
 
         String pluginName = cachedUserInfo.getUserInfo().getAuthPluginName();
 

diff -r 8c026b818d80 nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java
--- a/nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java	Wed May 27 17:08:03 2009 +0200
+++ b/nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java	Fri Jun 26 14:15:21 2009 +0200
@@ -25,6 +25,7 @@
 import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.commons.logging.Log;
@@ -45,6 +46,8 @@
  */
 public class Cas2Authenticator implements NuxeoAuthenticationPlugin,
         NuxeoAuthenticationPluginLogoutExtension {
+	
+    public static final String BLOCK_CAS_LOGIN_KEY = "org.nuxeo.ecm.platform.ui.web.auth.cas2.block";
 
     protected String ticketKey = "ticket";
 
@@ -121,12 +124,31 @@
             HttpServletResponse httpResponse, String baseURL) {
         // Redirect to CAS Login screen
         // assing our application URL as service name
+        
+    	if (isCasLoginBlocked(httpRequest)) {
+    		 String completeURI = httpRequest.getRequestURI();
+    	     try {
+    	    	HttpSession session = httpRequest.getSession(false);
+    	    	session.setAttribute(org.nuxeo.ecm.platform.ui.web.auth.plugins.AnonymousAuthenticator.BLOCK_ANONYMOUS_LOGIN_KEY, false);
+    		    httpResponse.sendRedirect(completeURI);
+    	     } catch (IOException e) {
+    	            log.error("Unable to redirect to asked url " + completeURI, e);
+    	            return false;
+    	     }
+    	     
+            return true;
+        }
+        
+        HttpSession session = httpRequest.getSession(true);
+        session.setAttribute(BLOCK_CAS_LOGIN_KEY, Boolean.TRUE);
+        
         String location = null;
         try {
             // httpResponse.sendRedirect(serviceLoginURL + "?" + serviceKey +
             // "=" + appURL);
             location = getServiceURL(httpRequest, LOGIN_ACTION) + "?"
                     + serviceKey + "=" + getAppURL(httpRequest);
+            String a = (String)httpRequest.getSession(true).getAttribute("Nuxeo5_Start_Page");
             httpResponse.sendRedirect(location);
         } catch (IOException e) {
             log.error("Unable to redirect to CAS login screen to " + location,
@@ -177,6 +199,22 @@
         uui.setToken(casTicket);
         return uui;
     }
+    
+    protected boolean isCasLoginBlocked(HttpServletRequest httpRequest) {
+        if (Boolean.TRUE.equals(httpRequest.getAttribute(BLOCK_CAS_LOGIN_KEY))) {
+            httpRequest.removeAttribute(BLOCK_CAS_LOGIN_KEY);
+            return true;
+        }
+
+        HttpSession session = httpRequest.getSession(false);
+        if (session != null
+                && Boolean.TRUE.equals(session.getAttribute(BLOCK_CAS_LOGIN_KEY))) {
+
+            session.setAttribute(BLOCK_CAS_LOGIN_KEY, false);
+            return true;
+        }
+        return false;
+    }
 
     public void initPlugin(Map<String, String> parameters) {
         if (parameters.containsKey(CAS2Parameters.TICKET_NAME_KEY)) {

_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm














    











					Reply via email to