Alfresco FTP的验证方法

    Alfresco的安全机制是很严谨的，由于实现了JSR170的存储规范，所以Alfresco支持很多协议如NTLM,FTP,WebDev等等，在应用交互层面，支持web-client和webservices。
 
    我在这里说的FTP验证，是出于这样一种环境，实现SSO的整合，实现方便使用的多文档存取，在此两条件下我们需要对Aflresto的FTP进行独立验证，这种验证是基于SSO的授权验证，因为如果不这样做的，我在使用FTP时会很不安全。

    所以我改写了如下文件代码：
    1.org.alfresco.filesys.ftp.FTPSrvSession
    2.org.alfresco.filesys.server.config.ServerConfiguration
    新增如下文件:
    1.org.alfresco.repo.ftp.FTPAuthenticationDao
    2.org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao
    3.applicationContext-resources.xml

    主要实现方法在于改写FTPSrvSession.java中的procPassword方法:

.......
        // Use the normal authentication service as we have the plaintext
        // password

        AuthenticationService authService = getServer().getConfiguration().getAuthenticationService();

        /** *//**
         * For CAS SSO Integration, Get FTPAuthentication
         *
         */
        FTPAuthenticationDao ftpAuthentication = getServer().getConfiguration().getFtpAuthenticationDao();

.......

authService.authenticate(cInfo.getUserName(), cInfo.getPasswordAsCharArray());

                /** *//**
                 * Check FTPAuthentication for SSO Validation
                 */
                if (ftpAuthentication.ssoValidate()) ...{
                    ftpAuthentication.authenticate(cInfo.getUserName(), cInfo.getPasswordAsString());
                }
.......

这样根据ftpAuthentication的ssoValidate方法可动态的设置FTP是否需要强制进行验证。
FTPAuthenticationDao.java:

package org.alfresco.repo.ftp;

public interface FTPAuthenticationDao ...{
    public boolean ssoValidate();

    public void authenticate(String username, String password);
}

HibernateFTPAuthenticationDao.java:

package org.alfresco.repo.ftp.hibernate;

import java.util.List;

import org.alfresco.filesys.server.auth.PasswordEncoder;
import org.alfresco.filesys.server.auth.PlainTextPasswordEncoder;
import org.alfresco.repo.ftp.FTPAuthenticationDao;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.Query;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;

public class HibernateFTPAuthenticationDao extends HibernateDaoSupport implements FTPAuthenticationDao ...{

    protected final Log log = LogFactory.getLog(getClass());

    private String sql;

    private PasswordEncoder passwordEncoder = new PlainTextPasswordEncoder();

    private boolean ssoValidate;

    public void setSql(String sql) ...{
        this.sql = sql;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) ...{
        this.passwordEncoder = passwordEncoder;
    }

    public boolean ssoValidate() ...{
        return this.isSsoValidate();
    }

    public void setSsoValidate(boolean ssoValidate) ...{
        this.ssoValidate = ssoValidate;
    }

    public boolean isSsoValidate() ...{
        return ssoValidate;
    }

    public void authenticate(final String username, final String password) ...{

        HibernateCallback callback = new HibernateCallback() ...{
            public Object doInHibernate(Session session) ...{
                Query query = session.createSQLQuery(sql);
                query.setString(0, username);
                return query.list();
            }
        };

        List<String> queryResults = (List<String>) getHibernateTemplate().execute(callback);
        if (queryResults.isEmpty()) ...{
            log.error("User not exist!");
            throw new AuthenticationException("User not exist!(" + this.getClass().getName() + ")");
        } else ...{
            if (!queryResults.get(0).toString().equals(passwordEncoder.encode(password))) ...{
                log.error("User password error!");
                throw new AuthenticationException("User password error!(" + this.getClass().getName() + ")");
            }
        }

        /**//*
         * String[] paramNames = new String[]{"username","password"}; String[]
         * values = new String[]{username, passwordEncoder.encode(password)};
         * List<User> queryResults =
         * getHibernateTemplate().findByNamedQueryAndNamedParam("ftp.checkUser",
         * paramNames, values); if (queryResults.isEmpty()) { log.error("User
         * not exist!"); throw new AuthenticationException("User not exist!(" +
         * this.getClass().getName() + ")"); }
         */
        log.info("User: " + username + " logon successfully!");
    }
}

applicationContext-resources.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jee="http://www.springframework.org/schema/jee"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
            http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd">
   
    <!-- For mail settings and future properties files
    <bean id="_propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="locations">
            <list>
                <value>classpath*:alfresco/extension/jdbc.properties</value>
            </list>
        </property>
    </bean>
    -->
   
    <!-- JNDI DataSource for J2EE environments -->
    <!--<jee:jndi-lookup id="dataSource" jndi-name="java:comp/env/jdbc/appfuse"/>-->

    <bean id="_dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
        <property name="driverClassName" value="org.postgresql.Driver"/>
        <property name="url" value="jdbc:postgresql://localhost/myworld"/>
        <property name="username" value="postgres"/>
        <property name="password" value="postgres"/>
        <property name="maxActive" value="100"/>
        <property name="maxWait" value="1000"/>
        <property name="poolPreparedStatements" value="true"/>
        <property name="defaultAutoCommit" value="true"/>
    </bean>
   
    <!-- Hibernate SessionFactory -->
    <bean id="_sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
        <property name="dataSource" ref="_dataSource"/>
        <property name="configLocation" value="classpath:hibernate.cfg.xml"/>
        <property name="hibernateProperties">
            <value>
                hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
                hibernate.query.substitutions=true 'Y', false 'N'
                hibernate.cache.use_second_level_cache=true
                hibernate.cache.provider_class=org.hibernate.cache.EhCacheProvider
                hibernate.jdbc.batch_size=0
                hibernate.hbm2ddl.auto=update
            </value>
            <!-- Turn batching off for better error messages under PostgreSQL -->
            <!-- hibernate.jdbc.batch_size=0 -->
        </property>
    </bean>
   
    <bean id="ftpAuthenticationDao" class="org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao">
        <property name="sessionFactory" ref="_sessionFactory"></property>
        <property name="sql" value="select password from cas_user where username = ?"></property>
        <property name="passwordEncoder">
            <bean class="org.alfresco.filesys.server.auth.DefaultPasswordEncoder">
                <constructor-arg>
                    <value>SHA</value>
                </constructor-arg>
            </bean>
        </property>
        <property name="ssoValidate" value="true"></property>   
    </bean>
</beans>

在改写network-protocol-context.xml:

<!-- File Server Configuration -->
   <bean id="fileServerConfigurationBase"
         abstract="true"
         destroy-method="closeConfiguration">
      <property name="authenticationManager">
         <ref bean="authenticationManager"/>
      </property>
      <property name="authenticationService">
         <ref bean="authenticationService"/>
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponent"/>
      </property>
      <property name="nodeService">
         <ref bean="NodeService"/>
      </property>
      <property name="tenantService">
         <ref bean="tenantService" />
      </property>
      <property name="searchService">
         <ref bean="SearchService" />
      </property>
      <property name="namespaceService">
         <ref bean="namespaceService" />
      </property>     
      <property name="personService">
         <ref bean="personService"/>
      </property>
      <property name="transactionService">
         <ref bean="transactionService"/>
      </property>
      <property name="diskInterface">
         <ref bean="contentDiskDriver"/>
      </property>
      <property name="avmDiskInterface">
         <ref bean="avmDiskDriver"/>
      </property>
      <property name="ftpAuthenticationDao">
          <ref bean="ftpAuthenticationDao"/>
      </property>
   </bean>