Hyland Connect

Hi,

From what I understand, this implementation would require me to handle the authentication itself (i.e. connect to the LDAP server and check user credentials, etc.); I would simply like to let Alfresco handle this on its own, just like it does today, and once the authentication is performed, update the user information.

Isn't there some kind of event to which I could subscribe so I can update the user once he's logged in? Or maybe I'm missing something in your answer...

Anyway, thanks for your answer.

Sylvain.

My suggestion was to build a new "LoggerAuthenticationComponentImpl.java" as is suggested in the sample. You can log any information at "authenticateImpl" method and delegate authentication stuff in "super".

Alternatively, you can always use the audit component / service to record logins and use that to determine the last login date. This requires no implementation for recording the date, only configuration of the audit component. The default audit access config already contains everything you would need as far as I know.

No,you don't need to implement all code to handle the authentication ,you can inherit from existing class that alfresco provided.

The easiest way to do it like this:

For example if you use the default authentication chain,you can just customize your own class and inherit org.alfresco.repo.security.authentication.AuthenticationComponentImpl,the only methd you have to override is following

@Override

    protected void authenticateImpl(final String userNameIn, final char[] password) throws AuthenticationException{

    super.authenticateImpl(userNameIn, password);

    //add your code here

    }

create a spring configuration name file like ***-context.xml with content like following and place it into  alfresco/extension/subsystems//Authentication/alfrescoNtlm

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

   <bean id="authenticationComponent" class="******.YourAuthenticationComponentImpl"

      parent="authenticationComponentBase">

      <property name="authenticationDao">

         <ref bean="authenticationDao" />

      </property>

      <property name="authenticationManager">

         <ref bean="authenticationManager" />

      </property>

      <property name="compositePasswordEncoder">

         <ref bean="compositePasswordEncoder" />

      </property>

      <property name="allowGuestLogin">

         <value>${alfresco.authentication.allowGuestLogin}</value>

      </property>

      <property name="nodeService">

         <ref bean="nodeService" />

      </property>

      <property name="personService">

         <ref bean="personService" />

      </property>

      <property name="transactionService">

         <ref bean="transactionService" />

      </property>

      <!--                                                                  -->

      <!-- A list of default users with admin rights.                       -->

      <!--                                                                  -->

      <!-- If the security framework is case sensitive these values should  -->

      <!-- be case sensitive user names. If the security framework is not   -->

      <!-- case sensitive these values should be the lower-case user names. -->

      <!--                                                                  -->

      <!-- By default this includes:                                        -->

      <!--    admin (the user name of default alfresco admin user)          -->

      <!--    administrator (the windows default admin user)                -->

      <!--                                                                  -->

      <!-- This assumes that user names are not case sensitive.             -->

      <!--                                                                  -->

      <property name="defaultAdministratorUserNames">

         <set>

            <value>${alfresco_user_store.adminusername}</value>

            <value>administrator</value>

         </set>

      </property>

      <!--                                                                  -->

      <!-- A list of default users acting as guests.                        -->

      <!--                                                                  -->

      <!-- By default this includes:                                        -->

      <!--    guest (the user name of default alfresco guest user)          -->

      <!--                                                                  -->

      <!-- This assumes that user names are not case sensitive.             -->

      <!--                                                                  -->

      <property name="defaultGuestUserNames">

         <set>

            <value>${alfresco_user_store.guestusername}</value>

         </set>

      </property>

   </bean>

</beans>

And same as   Axel Faust  ,I also recommend using audit component

kayne zhang​ Obviously I was suggesting that, giving the code as sample and including that "super" in my response for the "authenticateImpl" method. However, thanks for clarifying, if it was not clear for you, it wasn't clear for others. Thanks

Thanks for your inputs. So, if I get this right...

My authentication chain looks like this:

authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm,all:ldap-ad

So basically, I should extend org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl, and overload its authenticateImpl method in the following way:

  @Override 
  protected void authenticateImpl(String userName, char[] password) {
     super.authenticateImpl(userName, password);

     final NodeService nodes = getNodeService();
     final PersonService people = getPersonService();
     final Date now = new Date();

     try {
       NodeRef user = people.getPerson(userName);
       if (nodes.exists(user)) {
         if (nodes.hasAspect(user, LastConnectionAspect.ASPECT_LAST_CONNECTION)) {
           nodes.setProperty(user, LastConnectionAspect.PROP_LAST_CONNECTION, now);
         } else {
           Map<QName, Serializable> properties = new HashMap<>();
           properties.put(LastConnectionAspect.PROP_LAST_CONNECTION, now);
           nodes.addAspect(user, LastConnectionAspect.ASPECT_LAST_CONNECTION, properties);
         }
       }
     } catch (Exception exception) {
       LOGGER.error("Could not set last connection date: " + exception);
     }
   }

And then, I should create the bean configuration file in alfresco/extensions/subsystems/Authentication/LDAP.

Am I right?

Thanks again for your time,

Sylvain.

In my opinion, you should extend the abstract class like it's done at alfresco-sdk-samples/CustomAuthenticationComponentImpl.java at alfresco-51 · Alfresco/alfresco-sdk-s...

You can include the code suggested by kayne zhang there:

@Override

    protected void authenticateImpl(final String userNameIn, final char[] password) throws AuthenticationException{

    super.authenticateImpl(userNameIn, password);

    //add your code here

    }

Then you can include your context (alfresco-sdk-samples/customauthenticator-authentication-context.xml at alfresco-51 · Alfresco/alfres... ) and your properties (alfresco-sdk-samples/customauthenticator-authentication.properties at alfresco-51 · Alfresco/alfresc... ) inside your AMP or in extended alfresco configuration folders.

Finally, you can include your custom authenticator in your alfresco global configuration file alfresco-sdk-samples/alfresco-global.properties at alfresco-51 · Alfresco/alfresco-sdk-samples · Git...

I don't get it,

How would the super.authenticateImpl() call do anything since the parent class is abstract?

Thanks for your inputs,

Sylvain.