带Cookie的Alfresco SSO [英] Alfresco SSO with Cookie
问题描述
我想将Alfresco与我当前的登录系统(是LDAP服务器)集成。我可以成功集成LDAP身份验证,但是,我想使用外部登录页面并让Alfresco读取cookie以登录用户(该cookie将包含用户名和密钥,可用于验证他们是否已登录)
I want to integrate Alfresco with my current login system (which is an LDAP server). I can successfully integrate LDAP authentication in, however, I want to use an external login page and have Alfresco read a cookie to log the user in (the cookie will contain the username and a key which can be used to verify they're logged in with the LDAP server).
我调查了SDK附带的示例,但似乎没有一种方法可以在没有密码的情况下登录用户。
I looked into the example that came with the SDK, but there doesn't seem to be a way to login the user in without a password.
我正在查看外部身份验证子系统,并看到了CAS指南,但这似乎有点过头了,我不确定我是否理解正在发生的一切,或者为什么
I was looking into the External Authentication Subsystem, and saw the CAS guide, but that seems like overkill and I'm not sure I understand everything that's going on or why all of that is needed for my situation.
在Exernal子系统中摸索之后,我看到它使用了 SimpleAcceptOrRejectAllAuthenticationComponentImpl,它覆盖了身份验证功能。在该函数中,它通过 setCurrentUser函数对用户进行身份验证,但这取决于将 accept的值设置为true的情况。我浏览了Alfresco的源代码,并查看了WEB-INF / classes / alfresco / subsystems / Authentication / external下的文件,但我无法找到setAccept函数的调用方式。经过一番谷歌搜索,我发现此示例。
After poking around in the Exernal subsystem, I saw it uses "SimpleAcceptOrRejectAllAuthenticationComponentImpl", which overrides the authentication function. In that function it authenticates a user via a "setCurrentUser" function, but that relies on the value of "accept" being set to true. I grepped through the Alfresco source, and looked in the files under WEB-INF/classes/alfresco/subsystems/Authentication/external, but I couldn't find out how the setAccept function ever got called. After some googling I found this example.
看起来他们设置了一个过滤器,该过滤器通过SimpleAcceptOrRejectAllAuthenticationComponentImpl对象登录用户,在其中明确调用setAccept(true) 。我还没有尝试过,但是他们的Wiki说需要编辑web.xml文件,而Alfresco v3.2(我正在使用v3.4.3)之后,不需要Alfresco Dev在另一篇文章中说过。
It looks like they setup a filter that logs the user in via a SimpleAcceptOrRejectAllAuthenticationComponentImpl object where they explicitly call setAccept(true). I haven't tried this yet, but their wiki says the web.xml file needs to be edited, something an Alfresco Dev said in another post wasn't needed after Alfresco v3.2 (I'm using v3.4.3). Is this the right avenue to go down?
我听说另一个想法是编写自己的Authenticator子系统,但是我看不到任何文档,而且不知道外部子系统是如何调用 setAccept功能的,我觉得自己会在黑暗中拍摄。
I've heard another idea would be to write my own Authenticator subsystem, but I don't see any docs on that, and without knowing how the "setAccept" function gets called for the External subsystem, I feel like I'd be shooting in the dark.
关于如何基于外部Web应用程序(位于同一域上)创建的cookie登录用户的任何想法-我已经能够读取该cookie ,我只是不知道如何在没有密码的情况下对用户进行身份验证)?
Any thoughts on how to login a user in based on a cookie created by an external webapp (which is on the same domain - I've been able to read the cookie, I just don't know how to authenticate a user without a password)?
推荐答案
我认为我会发布解决方案对于遇到相同问题的任何人。
I figured I'd post the solution for anyone who had the same problem.
第1步:创建一个过滤器,该过滤器将在有人尝试访问您的网址之一时执行。创建过滤器后,将其编译并打包到一个jar中,然后将该jar放在alfresco.war和share.war中(在 WEB-INF / lib位置)。这是过滤器代码的基本版本:
Step 1: Create a filter that will be executed when someone tries to hit one of your URLs. Once the filter is created, compile and package it in a jar, and then place that jar inside of the alfresco.war and share.war (in the location "WEB-INF/lib"). Here is a skeleton version of what the filter code will look like:
package sample.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
public class SSOIntegrationFilter implements Filter {
private static final String PARAM_REMOTE_USER = "remoteUser";
private static final String SESS_PARAM_REMOTE_USER = SSOIntegrationFilter.class.getName() + '.' + PARAM_REMOTE_USER;
@Override
public void init(FilterConfig arg0) throws ServletException {}
@Override
public void destroy() {}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) req;
String remoteUser = proprieterayUserIdValidationAndExtractionMethod(req.getParameter(PARAM_REMOTE_USER));
// We've successfully authenticated the user. Remember their ID for next time.
if (remoteUser != null) {
HttpSession session = httpServletRequest.getSession();
session.setAttribute(SESS_PARAM_REMOTE_USER, remoteUser);
}
chain.doFilter(new HttpServletRequestWrapper(httpServletRequest) {
@Override
public String getRemoteUser() {
return (String) getSession().getAttribute(SESS_PARAM_REMOTE_USER);
}
}, res);
}
private String proprieterayUserIdValidationAndExtractionMethod(String param) {
return "admin"; // who to login as, replace with your cookie login code
}
}
步骤2:为tomcat配置web.xml文件以识别此过滤器(我的文件位于/ usr / share / tomcat / conf中。)
Step 2: Configure the web.xml file for tomcat to recognize this filter (mine was located in /usr/share/tomcat/conf).
<filter>
<filter-name>Demo Filter</filter-name>
<filter-class>sample.filter.SSOIntegrationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Demo Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
第3步:对您的share-config-custom.xml文件进行以下更改(应位于在共享目录中): http://docs.alfresco.com/3.4/index.jsp?topic=%2Fcom.alfresco.Enterprise_3_4_0.doc%2Ftasks%2Fauth-alfrescontlm-sso.html
Step 3: Make the following changes to your share-config-custom.xml file (should be located in the shared directory): http://docs.alfresco.com/3.4/index.jsp?topic=%2Fcom.alfresco.Enterprise_3_4_0.doc%2Ftasks%2Fauth-alfrescontlm-sso.html
步骤4:使用以下信息更新alfresco-global.properties文件:
Step 4: Update your alfresco-global.properties file with the following information:
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
external.authentication.proxyUserName=X-Alfresco-Remote-User
然后启动Alfresco并尝试一下。希望这会让您走上正确的轨道。
Then start up Alfresco and try it out. Hopefully this will put you on the right track.
这篇关于带Cookie的Alfresco SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
