Hyland Connect

outlandish · ‎05-21-2013

I need to modify the Share authentication mechanism. When a user attempts to login from the share page, I need to add a check that checks for the user's tenant domain with the prefix of the web address. If username's tenant address matches with the prefix of the web address then the user is allowed to log in otherwise the authentication is rejected.

For examples:

user logs in as username@mydomain.com from mydomain.alfresco.com/share

In the above case the user would be allowed to login because …@mydomain.com matches with the web address prefix mydomain.alfresco.com/share.

I am not sure where to begin and would appreciate any help on accomplishing this.

afaust · ‎05-23-2013

Hello,

this will be a bit tricky, since authentication is done on the Repository tier while the web address will only be available on the Share tier for validation. I think the best way would be to provide a custom Surf LoginController implementation via an override of the "loginController" bean i.e. in custom-slingshot-application-context.xml. The default bean is:


<bean id="loginController" class="org.springframework.extensions.surf.mvc.LoginController">
   <property name="cacheSeconds" value="-1" />
   <property name="useExpiresHeader"><value>true</value></property>
   <property name="useCacheControlHeader"><value>true</value></property>
   <property name="userFactory" ref="user.factory"></property>
</bean>
‍‍‍‍‍‍‍‍

and you need to provide a different implementation class (meaning via Java development). This class has access to the HTTPServletRequest and can compare the tenant suffix of the userName (request parameter) with the public web address. Only if there is a match, a custom implementation can delegate to the default logic (e.g. using a specific subclass which delegates to super).

Regards
Axel

outlandish · ‎05-24-2013

This works. Thank you.

Hyland Connect

Share authentication customization