Alfresco的安全机制是很严谨的,由于实现了JSR170的存储规范,所以Alfresco支持很多协议如NTLM,FTP,WebDev等等,在应用交互层面,支持web-client和webservices。
我在这里说的FTP验证,是出于这样一种环境,实现SSO的整合,实现方便使用的多文档存取,在此两条件下我们需要对Aflresto的FTP进行独立验证,这种验证是基于SSO的授权验证,因为如果不这样做的,我在使用FTP时会很不安全。
所以我改写了如下文件代码:
1.org.alfresco.filesys.ftp.FTPSrvSession
2.org.alfresco.filesys.server.config.ServerConfiguration
新增如下文件:
1.org.alfresco.repo.ftp.FTPAuthenticationDao
2.org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao
3.applicationContext-resources.xml
主要实现方法在于改写FTPSrvSession.java中的procPassword方法:
.......
// Use the normal authentication service as we have the plaintext
// password

AuthenticationService authService = getServer().getConfiguration().getAuthenticationService();

/**
* For CAS SSO Integration, Get FTPAuthentication
*
*/
FTPAuthenticationDao ftpAuthentication = getServer().getConfiguration().getFtpAuthenticationDao();

.......

authService.authenticate(cInfo.getUserName(), cInfo.getPasswordAsCharArray());

/**
* Check FTPAuthentication for SSO Validation
*/
if (ftpAuthentication.ssoValidate()) {
ftpAuthentication.authenticate(cInfo.getUserName(), cInfo.getPasswordAsString());
}
.......
这样根据ftpAuthentication的ssoValidate方法可动态的设置FTP是否需要强制进行验证。
FTPAuthenticationDao.java:
package org.alfresco.repo.ftp;

public interface FTPAuthenticationDao {
public boolean ssoValidate();

public void authenticate(String username, String password);
}

HibernateFTPAuthenticationDao.java:

package org.alfresco.repo.ftp.hibernate;

import java.util.List;

import org.alfresco.filesys.server.auth.PasswordEncoder;
import org.alfresco.filesys.server.auth.PlainTextPasswordEncoder;
import org.alfresco.repo.ftp.FTPAuthenticationDao;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.Query;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;

public class HibernateFTPAuthenticationDao extends HibernateDaoSupport implements FTPAuthenticationDao {

protected final Log log = LogFactory.getLog(getClass());

private String sql;

private PasswordEncoder passwordEncoder = new PlainTextPasswordEncoder();

private boolean ssoValidate;

public void setSql(String sql) {
this.sql = sql;
}

public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}

public boolean ssoValidate() {
return this.isSsoValidate();
}

public void setSsoValidate(boolean ssoValidate) {
this.ssoValidate = ssoValidate;
}

public boolean isSsoValidate() {
return ssoValidate;
}

public void authenticate(final String username, final String password) {

HibernateCallback callback = new HibernateCallback() {
public Object doInHibernate(Session session) {
Query query = session.createSQLQuery(sql);
query.setString(0, username);
return query.list();
}
};

List<String> queryResults = (List<String>) getHibernateTemplate().execute(callback);
if (queryResults.isEmpty()) {
log.error("User not exist!");
throw new AuthenticationException("User not exist!(" + this.getClass().getName() + ")");
} else {
if (!queryResults.get(0).toString().equals(passwordEncoder.encode(password))) {
log.error("User password error!");
throw new AuthenticationException("User password error!(" + this.getClass().getName() + ")");
}
}

/*
* String[] paramNames = new String[]{"username","password"}; String[]
* values = new String[]{username, passwordEncoder.encode(password)};
* List<User> queryResults =
* getHibernateTemplate().findByNamedQueryAndNamedParam("ftp.checkUser",
* paramNames, values); if (queryResults.isEmpty()) { log.error("User
* not exist!"); throw new AuthenticationException("User not exist!(" +
* this.getClass().getName() + ")"); }
*/
log.info("User: " + username + " logon successfully!");
}
}
applicationContext-resources.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jee="http://www.springframework.org/schema/jee"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd">
<!-- For mail settings and future properties files
<bean id="_propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath*:alfresco/extension/jdbc.properties</value>
</list>
</property>
</bean>
-->
<!-- JNDI DataSource for J2EE environments -->
<!--<jee:jndi-lookup id="dataSource" jndi-name="java:comp/env/jdbc/appfuse"/>-->

<bean id="_dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="org.postgresql.Driver"/>
<property name="url" value="jdbc:postgresql://localhost/myworld"/>
<property name="username" value="postgres"/>
<property name="password" value="postgres"/>
<property name="maxActive" value="100"/>
<property name="maxWait" value="1000"/>
<property name="poolPreparedStatements" value="true"/>
<property name="defaultAutoCommit" value="true"/>
</bean>
<!-- Hibernate SessionFactory -->
<bean id="_sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="_dataSource"/>
<property name="configLocation" value="classpath:hibernate.cfg.xml"/>
<property name="hibernateProperties">
<value>
hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
hibernate.query.substitutions=true 'Y', false 'N'
hibernate.cache.use_second_level_cache=true
hibernate.cache.provider_class=org.hibernate.cache.EhCacheProvider
hibernate.jdbc.batch_size=0
hibernate.hbm2ddl.auto=update
</value>
<!-- Turn batching off for better error messages under PostgreSQL -->
<!-- hibernate.jdbc.batch_size=0 -->
</property>
</bean>
<bean id="ftpAuthenticationDao" class="org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao">
<property name="sessionFactory" ref="_sessionFactory"></property>
<property name="sql" value="select password from cas_user where username = ?"></property>
<property name="passwordEncoder">
<bean class="org.alfresco.filesys.server.auth.DefaultPasswordEncoder">
<constructor-arg>
<value>SHA</value>
</constructor-arg>
</bean>
</property>
<property name="ssoValidate" value="true"></property>
</bean>
</beans>
在改写network-protocol-context.xml:
<!-- File Server Configuration -->
<bean id="fileServerConfigurationBase"
abstract="true"
destroy-method="closeConfiguration">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="authenticationService">
<ref bean="authenticationService"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
<property name="nodeService">
<ref bean="NodeService"/>
</property>
<property name="tenantService">
<ref bean="tenantService" />
</property>
<property name="searchService">
<ref bean="SearchService" />
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property>
<property name="personService">
<ref bean="personService"/>
</property>
<property name="transactionService">
<ref bean="transactionService"/>
</property>
<property name="diskInterface">
<ref bean="contentDiskDriver"/>
</property>
<property name="avmDiskInterface">
<ref bean="avmDiskDriver"/>
</property>
<property name="ftpAuthenticationDao">
<ref bean="ftpAuthenticationDao"/>
</property>
</bean>
我在这里说的FTP验证,是出于这样一种环境,实现SSO的整合,实现方便使用的多文档存取,在此两条件下我们需要对Aflresto的FTP进行独立验证,这种验证是基于SSO的授权验证,因为如果不这样做的,我在使用FTP时会很不安全。
所以我改写了如下文件代码:
1.org.alfresco.filesys.ftp.FTPSrvSession
2.org.alfresco.filesys.server.config.ServerConfiguration
新增如下文件:
1.org.alfresco.repo.ftp.FTPAuthenticationDao
2.org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao
3.applicationContext-resources.xml
主要实现方法在于改写FTPSrvSession.java中的procPassword方法:























这样根据ftpAuthentication的ssoValidate方法可动态的设置FTP是否需要强制进行验证。
FTPAuthenticationDao.java:
























































































applicationContext-resources.xml:





























































在改写network-protocol-context.xml:








































