Hyland Connect

paulweb · ‎08-24-2009

OS:Centos 5.2 alfresco 3.2
For testing CIFS
in chain used AlfrescoNtlm. We have customised CIFS, but at authentification, using the account admin, there is following


DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
09:02:13,588 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
09:02:13,588 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=986,Authenticator=EncType=23,Kvno=-1,Len=181]
09:02:13,588 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
09:02:13,588 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
09:02:13,589 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
09:02:13,599 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
09:02:13,600 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
09:02:13,600 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1181,Authenticator=EncType=23,Kvno=-1,Len=176]
09:02:13,600 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
09:02:13,601 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
09:02:13,601 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
‍‍‍‍‍‍‍‍‍‍‍‍‍‍

:?:

os:winxp alfresco 3.2 cifs works

dward · ‎08-25-2009

There is currently a known issue with the CIFS Kerberos authenticators where they won't auto-create people who log in for the first time. They already have to exist in Alfresco. I am investigating and will update, just a soon as I can get it all set up on a VM! See

https://issues.alfresco.com/jira/browse/ETHREEOH-425

paulweb · ‎08-25-2009

when i try to open https://issues.alfresco.com/jira/browse/ETHREEOH-425

ERROR

It seems that you have tried to perform an operation which you are not permitted to perform.

If you think this message is wrong, please consult your administrators about getting the necessary permissions.

paulweb · ‎08-26-2009

:?:
our config cifs


filesystem.acl.global.defaultAccessLevel=

cifs.enabled=true
cifs.serverName=${localname}
cifs.domain=MY-DOMAIN.RU
cifs.broadcast=255.255.255.255
# An empty value indicates bind to all available network adapters
cifs.bindto=
cifs.ipv6.enabled=false
cifs.hostannounce=true
# Enable the use of asynchronous sockets/NIO code
cifs.disableNIO=false
# Disable the use of JNI code. Only currently affects Windows
cifs.disableNativeCode=false
# Session timeout, in seconds. Defaults to 15 minutes, to match the default Windows client setting.
# If no I/O is received within that time the session is closed by the server
cifs.sessionTimeout=900

# Can be mapped to non-privileged ports, then use firewall rules to forward requests from the standard ports
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.sessionPort=1139
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138

# Optional WINS server primary and secondary IP addresses. Ignored if autoDetectEnabled=true
cifs.WINS.autoDetectEnabled=true
#cifs.WINS.primary=
#cifs.WINS.secondary=

ftp.enabled=false
ftp.port=21
ftp.ipv6.enabled=false

nfs.enabled=false

cifs.urlfile.prefix=http://${localname}:8080/alfresco/
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

authentication in alfresco customize with kerberos
if use ie 7.0.5730
if i set address http://centos52:8080/alfresco automatic authentication work
if i set http://centos52.my-domain.ru:8080/alfresco automatic authentication not work
firefox work normal with http://centos52:8080/alfresco and http://centos52.my-domain.ru:8080/alfresco

paulweb · ‎08-27-2009

we test on IE8. maybe is a bug IE

dward · ‎08-27-2009

You have to add the domain name to your "Local Intranet" security zone. See http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Kerberos_Client_Configuration

Note that I have just comitted a fix to the Kerberos subsystem to HEAD. The disableNTLM flag was switched on on the Kerberos CIFS authenticator to make sure it always negotiates Kerberos authentication.

You should find Kerberos SSO and CIFS authentication works fine with the latest 3.3 code on HEAD.

paulweb · ‎08-28-2009

Thanks dward for the help(Century live a century study)
but
we update svn head and compile, then for testing set update 3.3
my steps
1. click the details file
2. click anchor "open with webdav"
3. all opens
4. then when i closing window and try close details file i have got following error


java.lang.ClassCastException: org.alfresco.repo.webdav.auth.WebDAVUser cannot be cast to org.alfresco.web.bean.repository.User
at org.alfresco.web.app.Application.getCurrentUser(Application.java:308)
at org.alfresco.web.bean.repository.PreferencesService.getPreferences(PreferencesService.java:60)
at org.alfresco.web.bean.repository.PreferencesService.getPreferences(PreferencesService.java:51)
at org.alfresco.web.bean.users.UserPreferencesBean.getContentFilterLanguage(UserPreferencesBean.java:122)
at org.alfresco.web.app.servlet.AuthenticationHelper.setupThread(AuthenticationHelper.java:126)
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.onValidate(KerberosAuthenticationFilter.java:108)
at org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter.doFilter(BaseKerberosAuthenticationFilter.java:316)
at sun.reflect.GeneratedMethodAccessor470.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:109)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy191.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:74)
at sun.reflect.GeneratedMethodAccessor470.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:109)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy191.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:574)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1527)
at java.lang.Thread.run(Thread.java:619)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

And once again thanks

dward · ‎08-28-2009

Please can you log the issue in JIRA. Thanks.

paulweb · ‎08-31-2009

https://issues.alfresco.com/jira/browse/ALFCOM-3354

paulweb · ‎09-01-2009

I found problem and maked over.

example code C#:


public interface A
{
    string getU();    
}
public class B:A
{
    public string getU()
    {
        Console.Write("B");
     }    
}
public class C:A
{
  public string getU()
  {
   Console.Write("C");
  }
}
  //in main:
C _test=new C();
B _testBug=(B)_test; // is error C cannot be cast to  B
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

in alfresco Application.java (search public static User getCurrentUser(FacesContext context))


 public static User getCurrentUser(FacesContext context)
{
   return (User)context.getExternalContext().getSessionMap().get(AuthenticationHelper.AUTHENTICATION_USER);     
}
‍‍‍‍‍‍

i have rewritten at following code (i worked java first time )


public static User getCurrentUser(FacesContext context)
   {
      NodeRef _ret=null;
      Class cls = context.getExternalContext().getSessionMap().get(AuthenticationHelper.AUTHENTICATION_USER).getClass();
      SessionUser _test=(SessionUser)context.getExternalContext().getSessionMap().get(AuthenticationHelper.AUTHENTICATION_USER);
     if(cls.getName()=="org.alfresco.repo.webdav.auth.WebDAVUser")
    {
      _ret=((org.alfresco.repo.webdav.auth.WebDAVUser)_test).getHomeNode();
       return new User(_test.getUserName(),_test.getTicket(),_ret);
    }
    else
    {
      return (User)context.getExternalContext().getSessionMap().get(AuthenticationHelper.AUTHENTICATION_USER);
    }
   }
 ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

because look and compare


public interface SessionUser extends Serializable
{
    /**
     * Return the user name
     * 
     * @return user name
     */
    String getUserName();
    
    /**
     * Return the ticket
     * 
     * @return ticket
     */
    String getTicket();
}

public class WebDAVUser implements SessionUser
{
    private static final long serialVersionUID = -6948146071131901345L;

    // User name
    
    private String m_userName;
    
    //  Authentication ticket
    
    private String m_ticket;
    
    // User home node
    
    private NodeRef m_homeNode;
    
    /**
     * Class constructor
     * 
     * @param user String
     * @param ticket String
     * @param homeNode NodeRef
     */
    public WebDAVUser(String user, String ticket, NodeRef homeNode)
    {
        m_userName = user;
        m_ticket   = ticket;
        m_homeNode = homeNode;
    }
    
    /**
     * Return the user name
     * 
     * @return String
     */
    public final String getUserName()
    {
        return m_userName;
    }
    
    /**
     * Return the ticket
     * 
     * @return String
     */
    public final String getTicket()
    {
        return m_ticket;
    }
    
    /**
     * Check if the user has a home node
     * 
     * @return boolean
     */
    public final boolean hasHomeNode()
    {
        return m_homeNode != null ? true : false;
    }

    /**
     * Return the user home node
     * 
     * @return NodeRef
     */
    public final NodeRef getHomeNode()
    {
        return m_homeNode;
    }
    
    /**
     * Set the home folder node for this user
     * 
     * @param homeNode NodeRef
     */
    protected final void setHomeNode(NodeRef homeNode)
    {
        m_homeNode = homeNode;
    }
    
    /**
     * Return the user details as a string
     * 
     * @return String
     */
    public String toString()
    {
        StringBuilder str = new StringBuilder();
        
        str.append("[");
        str.append(getUserName());
        str.append(":");
        str.append(getTicket());
        
        if ( hasHomeNode())
        {
            str.append(",Home=");
            str.append(getHomeNode());
        }
        str.append("]");
        
        return str.toString();
    }
}

public final class User implements SessionUser
{
   private static final long serialVersionUID = -90577901805847829L;

   private String companyRootId;   
   private String homeSpaceId;
   private String userName;
   private String ticket;
   private NodeRef person;
   private String fullName = null;
   private Boolean administrator = null;
   
   private Preferences preferences = null;
   
   /**
    * Constructor
    * 
    * @param userName constructor for the user
    */
   public User(String userName, String ticket, NodeRef person)
   {
      if (userName == null || ticket == null || person == null)
      {
         throw new IllegalArgumentException("All user details are mandatory!");
      }
      
      this.userName = userName;  
      this.ticket = ticket;
      this.person = person;
   }
   
   /**
    * Forces a clear of any cached or calcluated values
    */
   public void reset()
   {
      this.fullName = null;
      this.administrator = null;
      this.preferences = null;
   }
   
   /**
    * @return The user name
    */
   public String getUserName()
   {
      return this.userName;
   }
   
   /**
    * Return the full name of the Person this User represents 
    * 
    * @param service        NodeService to use
    * 
    * @return The full name
    */
   public String getFullName(NodeService service)
   {
      if (this.fullName == null)
      {
         String lastName = (String)service.getProperty(this.person, ContentModel.PROP_LASTNAME);
         this.fullName = service.getProperty(this.person, ContentModel.PROP_FIRSTNAME) +
                         (lastName != null ? (" " + lastName) : "");
      }
      
      return this.fullName;
   }
   
   /**
    * @return Retrieves the user's home space (this may be the id of the company home space)
    */
   public String getHomeSpaceId()
   {
      return this.homeSpaceId;
   }

   /**
    * @param homeSpaceId Sets the id of the users home space
    */
   public void setHomeSpaceId(String homeSpaceId)
   {
      this.homeSpaceId = homeSpaceId;
   }

   /**
    * @return Retrieves the company home space
    */
   public String getCompanyRootId()
   {
      return this.companyRootId;
   }

   /**
    * @param companyRootId Sets the id of the company home space
    */
   public void setCompanyRootId(String companyRootId)
   {
      this.companyRootId = companyRootId;
   }

   /**
    * @return Returns the ticket.
    */
   public String getTicket()
   {
      return this.ticket;
   }
   
   /**
    * @return Returns the person NodeRef
    */
   public NodeRef getPerson()
   {
      return this.person;
   }
   
   /**
    * @return If the current user has Admin Authority
    */
   public boolean isAdmin()
   {
      if (administrator == null)
      {
         administrator = Repository.getServiceRegistry(FacesContext.getCurrentInstance())
               .getAuthorityService().hasAdminAuthority();
      }
      
      return administrator;
   }
   
   /**
    * @return The Preferences for the User
    */
   Preferences getPreferences(FacesContext fc)
   {
      if (this.preferences == null)
      {
         this.preferences = new Preferences(getUserPreferencesRef(
               FacesContextUtils.getRequiredWebApplicationContext(fc)));
      }
      return this.preferences;
   }
   
   /**
    * @return The Preferences for the User
    */
   Preferences getPreferences(ServletContext sc)
   {
      if (this.preferences == null)
      {
         this.preferences = new Preferences(getUserPreferencesRef(
               WebApplicationContextUtils.getRequiredWebApplicationContext(sc)));
      }
      return this.preferences;
   }
   
   /**
    * Get or create the node used to store user preferences.
    * Utilises the 'configurable' aspect on the Person linked to this user.
    */
   synchronized NodeRef getUserPreferencesRef(WebApplicationContext context)
    {
        final ServiceRegistry registry = (ServiceRegistry) context.getBean("ServiceRegistry");
        final NodeService nodeService = registry.getNodeService();
        final SearchService searchService = registry.getSearchService();
        final NamespaceService namespaceService = registry.getNamespaceService();
        final ConfigurableService configurableService = (ConfigurableService) context.getBean("ConfigurableService");
        RetryingTransactionHelper txnHelper = registry.getRetryingTransactionHelper();
        return txnHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
        {

            public NodeRef execute() throws Throwable
            {
                NodeRef prefRef = null;
                NodeRef person = getPerson();
                if (nodeService.hasAspect(person, ApplicationModel.ASPECT_CONFIGURABLE) == false)
                {
                    // create the configuration folder for this Person node
                    configurableService.makeConfigurable(person);
                }

                // target of the assoc is the configurations folder ref
                NodeRef configRef = configurableService.getConfigurationFolder(person);
                if (configRef == null)
                {
                    throw new IllegalStateException("Unable to find associated 'configurations' folder for node: "
                            + person);
                }

                String xpath = NamespaceService.APP_MODEL_PREFIX + ":" + "preferences";
                List<NodeRef> nodes = searchService.selectNodes(configRef, xpath, null, namespaceService, false);

                if (nodes.size() == 1)
                {
                    prefRef = nodes.get(0);
                }
                else
                {
                    // create the preferences Node for this user
                    ChildAssociationRef childRef = nodeService
                            .createNode(configRef, ContentModel.ASSOC_CONTAINS, QName.createQName(
                                    NamespaceService.APP_MODEL_1_0_URI, "preferences"), ContentModel.TYPE_CMOBJECT);

                    prefRef = childRef.getChildRef();

                }
                return prefRef;
            }
        });
    }
   
   /**
    * Returns the full name of the user represented by the given NodeRef
    * 
    * @param nodeService The node service instance
    * @param user The user to get the full name for
    * @return The full name
    */
   public static String getFullName(NodeService nodeService, NodeRef user)
   {
      Map<QName, Serializable> props = nodeService.getProperties(user);
      String firstName = (String)props.get(ContentModel.PROP_FIRSTNAME);
      String lastName = (String)props.get(ContentModel.PROP_LASTNAME);
      String fullName = firstName + ((lastName != null && lastName.length() > 0) ? " " + lastName : "");
      
      return fullName;
   }
   
   /**
    * Returns the full name of the user plus their userid in the form [id]
    * 
    * @param nodeService The node service instance
    * @param user The user to get the full name for
    * @return The full name and userid
    */
   public static String getFullNameAndUserId(NodeService nodeService, NodeRef user)
   {
      String fullName = getFullName(nodeService, user);
      String userId = (String)nodeService.getProperties(user).get(ContentModel.PROP_USERNAME);

      StringBuilder nameAndId = new StringBuilder();
      if (fullName != null && fullName.length() > 0 && fullName.equals("null") == false)
      {
         nameAndId.append(fullName);
         nameAndId.append(" ");
      }
      
      nameAndId.append("[");
      nameAndId.append(userId);
      nameAndId.append("]");
      
      return nameAndId.toString();
   }
}
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

when i compiled my apllication.java everything worked 😎

Hyland Connect

And here Kerberos?