Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Alfresco with Tomcat-native SSO
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco with Tomcat-native SSO
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2008 09:19 AM
Hello folkz,
I'm tryin to use alfresco with the tomcat-native single sign on.
the login page appears… just as it should be…
now what i have to do is to pass alfresco a username (who was logged on)
which i can get from the HttpServletRequest (getUserPrincipal().getName())
and alfresco should load proper home space and settings…
I'm trying to write an own authentication filter… is it the right way?
what should i take care of? tried to do it like in the
NovellIChainsHTTPRequestAuthenticationFilter but it doesn't work
please help
best regards
I'm tryin to use alfresco with the tomcat-native single sign on.
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />…the login page appears… just as it should be…
now what i have to do is to pass alfresco a username (who was logged on)
which i can get from the HttpServletRequest (getUserPrincipal().getName())
and alfresco should load proper home space and settings…
I'm trying to write an own authentication filter… is it the right way?
what should i take care of? tried to do it like in the
NovellIChainsHTTPRequestAuthenticationFilter but it doesn't work
please help
best regards
Labels:
- Labels:
-
Archive
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2008 12:43 AM
Hi,
Take a look at HTTPRequestAuthenticationFilter.java
Regards,
–Alaaeldin
Take a look at HTTPRequestAuthenticationFilter.java
Regards,
–Alaaeldin
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2008 09:01 AM
hi RivetLogic,
thx for reply, i've tried to write an own auth-filter and took the HTTPRequestAuthenticationFilter as a basis.
In my view function setAuthenticatedUser(HttpServletRequest, HttpSession, String userName) should create an athenticated user by his username
i retrieve the username and call this function and get following error:
org.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required
exactly when i try to set the user to the authentication component:
authComponent.setCurrentUsername(userName);
do you have an idea why?
best regards
thx for reply, i've tried to write an own auth-filter and took the HTTPRequestAuthenticationFilter as a basis.
In my view function setAuthenticatedUser(HttpServletRequest, HttpSession, String userName) should create an athenticated user by his username
i retrieve the username and call this function and get following error:
org.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required
org.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required
at org.alfresco.repo.transaction.AlfrescoTransactionSupport.registerSynchronizations(AlfrescoTransactionSupport.java:399)
at org.alfresco.repo.transaction.AlfrescoTransactionSupport.getSynchronization(AlfrescoTransactionSupport.java:384)
at org.alfresco.repo.transaction.AlfrescoTransactionSupport.bindDaoService(AlfrescoTransactionSupport.java:238)
at org.alfresco.repo.transaction.TransactionalDaoInterceptor.invoke(TransactionalDaoInterceptor.java:66)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy1.getNode(Unknown Source)
at org.alfresco.repo.node.db.DbNodeServiceImpl.exists(DbNodeServiceImpl.java:166)
at sun.reflect.GeneratedMethodAccessor196.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at org.alfresco.repo.transaction.TransactionResourceInterceptor.invoke(TransactionResourceInterceptor.java:129)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy2.exists(Unknown Source)
at sun.reflect.GeneratedMethodAccessor196.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.service.StoreRedirectorProxyFactory$RedirectorInvocationHandler.invoke(StoreRedirectorProxyFactory.java:221)
at $Proxy3.exists(Unknown Source)
at sun.reflect.GeneratedMethodAccessor196.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at org.alfresco.repo.node.MLPropertyInterceptor.invoke(MLPropertyInterceptor.java:211)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy2.exists(Unknown Source)
at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.getUserOrNull(RepositoryAuthenticationDao.java:164)
at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:113)
at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getUserDetails(AuthenticationComponentImpl.java:98)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:97)
at de.swipe.alfresco.web.app.servlet.TomcatSSOAuthenticationFilter.setAuthenticatedUser(TomcatSSOAuthenticationFilter.java:145)
at de.swipe.alfresco.web.app.servlet.TomcatSSOAuthenticationFilter.doFilter(TomcatSSOAuthenticationFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:419)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:619)
exactly when i try to set the user to the authentication component:
authComponent.setCurrentUsername(userName);
do you have an idea why?
best regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2008 09:44 AM
Hi,
Since you're attempting to run in SSO mode and allow users to automatically be authenticated in Alfresco via a servlet filter you should wire Alfresco's authentication component(s) accordingly. This means that Alfresco should not attempt to authenticate users using the default authentication component unless of course that's what you want to do in which case you should use chaining and write your own authentication component.
If you just want users to authenticate via the servlet filter (which I'm assuming is what you're trying to do here) you should wire the SimpleAcceptOrRejectAllAuthenticationComponent. I believe the full package name would be org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl. You would also need to set the "accept" property to "false".
That way your authentication component will simply reject all authentication requests and you'll be able to directly set the user using the setCurrentUser method in your servlet filter. This will also get rid of the exception you're getting since in this case a transaction is not required.
Hope this helps,
–Alaaeldin
Since you're attempting to run in SSO mode and allow users to automatically be authenticated in Alfresco via a servlet filter you should wire Alfresco's authentication component(s) accordingly. This means that Alfresco should not attempt to authenticate users using the default authentication component unless of course that's what you want to do in which case you should use chaining and write your own authentication component.
If you just want users to authenticate via the servlet filter (which I'm assuming is what you're trying to do here) you should wire the SimpleAcceptOrRejectAllAuthenticationComponent. I believe the full package name would be org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl. You would also need to set the "accept" property to "false".
That way your authentication component will simply reject all authentication requests and you'll be able to directly set the user using the setCurrentUser method in your servlet filter. This will also get rid of the exception you're getting since in this case a transaction is not required.
Hope this helps,
–Alaaeldin
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2008 09:24 AM
fantastic, it works! SimpleAcceptOrRejectAllAuthenticationComponentImpl rulez 
thanxalot RivetLogic
great
thanxalot RivetLogic
great
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2008 11:52 AM
Hello,
one more question… can i use this SimpleAcceptOrRejectAllAuthenticationComponentImpl with chaining?
if i just configure this component in the authentication-services-context.xml i'll get a problem with cifs…
bad cifs server configuration.
here is my chaining-authentication-context.xml:
what I'm doing wrong?
best regards
roman
one more question… can i use this SimpleAcceptOrRejectAllAuthenticationComponentImpl with chaining?
if i just configure this component in the authentication-services-context.xml i'll get a problem with cifs…
bad cifs server configuration.
here is my chaining-authentication-context.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– Chaining –>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
<list>
<ref bean="authenticationServiceImplTomcatSSO"/>
<!– <ref bean="authenticationServiceImplLDAP"/> –>
</list>
</property>
<!–
<property name="mutableAuthenticationService">
<ref bean="authenticationServiceImplAlfresco"/>
</property>
–>
</bean>
<!– Alfresco Auth –>
<!–
<bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplAlfresco"/>
</property>
</bean>
<bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="dictionaryService">
<ref bean="dictionaryService"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
<bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="allowGuestLogin">
<value>true</value>
</property>
</bean>
–>
<!– LDAP Auth –>
<!–
<bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoLDAP" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplLDAP" />
</property>
</bean>
<bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>uid=%s,ou=swipe.de,ou=users,o=swipe,dc=swipe,dc=de</value>
</property>
</bean>
<bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
–>
<!– Tomcat SSO Auth –>
<bean id="authenticationServiceImplTomcatSSO" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoTomcatSSO"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplTomcatSSO"/>
</property>
</bean>
<bean id="authenticationComponentImplTomcatSSO" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
<property name="accept">
<value>true</value>
</property>
</bean>
<bean id="authenticationDaoTomcatSSO" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
</beans>what I'm doing wrong?
best regards
roman
Related Content
- Webinar recording: Enhance your Alfresco solution with Generative AI in Alfresco Blog
- Folder quota exceeded in Alfresco Forum
- signing pdf document add-on/module for alfresco 23 in Alfresco Forum
- AMPs on Maven 3.9 doesn't build in Alfresco Forum
- Migration Alfresco Community 5.2 to alfresco 23.1 in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
