Alfresco FTP的验证方法

    Alfresco的安全机制是很严谨的,由于实现了JSR170的存储规范,所以Alfresco支持很多协议如NTLM,FTP,WebDev等等,在应用交互层面,支持web-client和webservices。
 
    我在这里说的FTP验证,是出于这样一种环境,实现SSO的整合,实现方便使用的多文档存取,在此两条件下我们需要对Aflresto的FTP进行独立验证,这种验证是基于SSO的授权验证,因为如果不这样做的,我在使用FTP时会很不安全。

    所以我改写了如下文件代码:
    1.org.alfresco.filesys.ftp.FTPSrvSession
    2.org.alfresco.filesys.server.config.ServerConfiguration
    新增如下文件:
    1.org.alfresco.repo.ftp.FTPAuthenticationDao
    2.org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao
    3.applicationContext-resources.xml

    主要实现方法在于改写FTPSrvSession.java中的procPassword方法:
.......
        
// Use the normal authentication service as we have the plaintext
        
// password

        AuthenticationService authService 
= getServer().getConfiguration().getAuthenticationService();

        
/**
         * For CAS SSO Integration, Get FTPAuthentication
         *
         
*/

        FTPAuthenticationDao ftpAuthentication 
= getServer().getConfiguration().getFtpAuthenticationDao();

.......

authService.authenticate(cInfo.getUserName(), cInfo.getPasswordAsCharArray());

                
/**
                 * Check FTPAuthentication for SSO Validation
                 
*/

                
if (ftpAuthentication.ssoValidate()) {
                    ftpAuthentication.authenticate(cInfo.getUserName(), cInfo.getPasswordAsString());
                }

.......


这样根据ftpAuthentication的ssoValidate方法可动态的设置FTP是否需要强制进行验证。
FTPAuthenticationDao.java:

package org.alfresco.repo.ftp;

public interface FTPAuthenticationDao {
    
public boolean ssoValidate();

    
public void authenticate(String username, String password);
}


HibernateFTPAuthenticationDao.java:

package org.alfresco.repo.ftp.hibernate;

import java.util.List;

import org.alfresco.filesys.server.auth.PasswordEncoder;
import org.alfresco.filesys.server.auth.PlainTextPasswordEncoder;
import org.alfresco.repo.ftp.FTPAuthenticationDao;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.Query;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;

public class HibernateFTPAuthenticationDao extends HibernateDaoSupport implements FTPAuthenticationDao {

    
protected final Log log = LogFactory.getLog(getClass());

    
private String sql;

    
private PasswordEncoder passwordEncoder = new PlainTextPasswordEncoder();

    
private boolean ssoValidate;

    
public void setSql(String sql) {
        
this.sql = sql;
    }


    
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        
this.passwordEncoder = passwordEncoder;
    }


    
public boolean ssoValidate() {
        
return this.isSsoValidate();
    }


    
public void setSsoValidate(boolean ssoValidate) {
        
this.ssoValidate = ssoValidate;
    }


    
public boolean isSsoValidate() {
        
return ssoValidate;
    }


    
public void authenticate(final String username, final String password) {

        HibernateCallback callback 
= new HibernateCallback() {
            
public Object doInHibernate(Session session) {
                Query query 
= session.createSQLQuery(sql);
                query.setString(
0, username);
                
return query.list();
            }

        }
;

        List
<String> queryResults = (List<String>) getHibernateTemplate().execute(callback);
        
if (queryResults.isEmpty()) {
            log.error(
"User not exist!");
            
throw new AuthenticationException("User not exist!(" + this.getClass().getName() + ")");
        }
 else {
            
if (!queryResults.get(0).toString().equals(passwordEncoder.encode(password))) {
                log.error(
"User password error!");
                
throw new AuthenticationException("User password error!(" + this.getClass().getName() + ")");
            }

        }


        
/*
         * String[] paramNames = new String[]{"username","password"}; String[]
         * values = new String[]{username, passwordEncoder.encode(password)};
         * List<User> queryResults =
         * getHibernateTemplate().findByNamedQueryAndNamedParam("ftp.checkUser",
         * paramNames, values); if (queryResults.isEmpty()) { log.error("User
         * not exist!"); throw new AuthenticationException("User not exist!(" +
         * this.getClass().getName() + ")"); }
         
*/

        log.info(
"User: " + username + " logon successfully!");
    }

}


applicationContext-resources.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jee
="http://www.springframework.org/schema/jee"
       xsi:schemaLocation
="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
            http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd"
>
   
    
<!-- For mail settings and future properties files
    <bean id="_propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="locations">
            <list>
                <value>classpath*:alfresco/extension/jdbc.properties</value>
            </list>
        </property>
    </bean>
    
-->
   
    
<!-- JNDI DataSource for J2EE environments -->
    
<!--<jee:jndi-lookup id="dataSource" jndi-name="java:comp/env/jdbc/appfuse"/>-->

    
<bean id="_dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
        
<property name="driverClassName" value="org.postgresql.Driver"/>
        
<property name="url" value="jdbc:postgresql://localhost/myworld"/>
        
<property name="username" value="postgres"/>
        
<property name="password" value="postgres"/>
        
<property name="maxActive" value="100"/>
        
<property name="maxWait" value="1000"/>
        
<property name="poolPreparedStatements" value="true"/>
        
<property name="defaultAutoCommit" value="true"/>
    
</bean>
   
    
<!-- Hibernate SessionFactory -->
    
<bean id="_sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
        
<property name="dataSource" ref="_dataSource"/>
        
<property name="configLocation" value="classpath:hibernate.cfg.xml"/>
        
<property name="hibernateProperties">
            
<value>
                hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
                hibernate.query.substitutions=true 'Y', false 'N'
                hibernate.cache.use_second_level_cache=true
                hibernate.cache.provider_class=org.hibernate.cache.EhCacheProvider
                hibernate.jdbc.batch_size=0
                hibernate.hbm2ddl.auto=update
            
</value>
            
<!-- Turn batching off for better error messages under PostgreSQL -->
            
<!-- hibernate.jdbc.batch_size=0 -->
        
</property>
    
</bean>
   
    
<bean id="ftpAuthenticationDao" class="org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao">
        
<property name="sessionFactory" ref="_sessionFactory"></property>
        
<property name="sql" value="select password from cas_user where username = ?"></property>
        
<property name="passwordEncoder">
            
<bean class="org.alfresco.filesys.server.auth.DefaultPasswordEncoder">
                
<constructor-arg>
                    
<value>SHA</value>
                
</constructor-arg>
            
</bean>
        
</property>
        
<property name="ssoValidate" value="true"></property>   
    
</bean>
</beans>


在改写network-protocol-context.xml:
<!-- File Server Configuration -->
   
<bean id="fileServerConfigurationBase"
         abstract
="true"
         destroy-method
="closeConfiguration">
      
<property name="authenticationManager">
         
<ref bean="authenticationManager"/>
      
</property>
      
<property name="authenticationService">
         
<ref bean="authenticationService"/>
      
</property>
      
<property name="authenticationComponent">
         
<ref bean="authenticationComponent"/>
      
</property>
      
<property name="nodeService">
         
<ref bean="NodeService"/>
      
</property>
      
<property name="tenantService">
         
<ref bean="tenantService" />
      
</property>
      
<property name="searchService">
         
<ref bean="SearchService" />
      
</property>
      
<property name="namespaceService">
         
<ref bean="namespaceService" />
      
</property>     
      
<property name="personService">
         
<ref bean="personService"/>
      
</property>
      
<property name="transactionService">
         
<ref bean="transactionService"/>
      
</property>
      
<property name="diskInterface">
         
<ref bean="contentDiskDriver"/>
      
</property>
      
<property name="avmDiskInterface">
         
<ref bean="avmDiskDriver"/>
      
</property>
      
<property name="ftpAuthenticationDao">
          
<ref bean="ftpAuthenticationDao"/>
      
</property>
   
</bean>
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值