当前位置: 文江博客话题详情

带 Cookie 的露天 SSO

发布于 2024-12-06 03:37:26 字数 1138 浏览 1 评论 0原文

我想将 Alfresco 与我当前的登录系统(LDAP 服务器)集成。我可以成功集成 LDAP 身份验证,但是,我想使用外部登录页面并让 Alfresco 读取 cookie 来登录用户(该 cookie 将包含用户名和可用于验证他们是否已登录的密钥与 LDAP 服务器)。

我查看了 SDK 附带的示例,但似乎没有办法让用户无需密码即可登录。

我正在研究外部身份验证子系统,并看到了 CAS 指南,但这似乎有点矫枉过正,我不确定我是否理解正在发生的一切,或者为什么我的情况需要所有这些。

在查看外部子系统后,我发现它使用“SimpleAcceptOrRejectAllAuthenticationComponentImpl”,它覆盖了身份验证功能。在该函数中,它通过“setCurrentUser”函​​数对用户进行身份验证,但这依赖于“accept”的值设置为 true。我搜索了 Alfresco 源代码,并查看了 WEB-INF/classes/alfresco/subsystems/Authentication/external 下的文件,但我找不到 setAccept 函数是如何被调用的。经过一番谷歌搜索后,我发现 这个例子

看起来他们设置了一个过滤器,通过 SimpleAcceptOrRejectAllAuthenticationComponentImpl 对象让用户登录,并在其中显式调用 setAccept(true)。我还没有尝试过这个,但他们的 wiki 说 web.xml 文件需要编辑,Alfresco Dev 在另一篇文章中说 Alfresco v3.2 之后不需要编辑(我正在使用 v3.4.3)。这是下降的正确途径吗?

我听说另一个想法是编写自己的身份验证器子系统,但我没有看到任何相关文档,并且在不知道如何为外部子系统调用“setAccept”函数的情况下,我觉得我会开枪在黑暗中。

关于如何根据外部 web 应用程序创建的 cookie(位于同一域 - 我已经能够读取 cookie,我只是不知道如何在没有密码的情况下对用户进行身份验证)登录用户的任何想法)?

原文

I want to integrate Alfresco with my current login system (which is an LDAP server). I can successfully integrate LDAP authentication in, however, I want to use an external login page and have Alfresco read a cookie to log the user in (the cookie will contain the username and a key which can be used to verify they're logged in with the LDAP server).

I looked into the example that came with the SDK, but there doesn't seem to be a way to login the user in without a password.

I was looking into the External Authentication Subsystem, and saw the CAS guide, but that seems like overkill and I'm not sure I understand everything that's going on or why all of that is needed for my situation.

After poking around in the Exernal subsystem, I saw it uses "SimpleAcceptOrRejectAllAuthenticationComponentImpl", which overrides the authentication function. In that function it authenticates a user via a "setCurrentUser" function, but that relies on the value of "accept" being set to true. I grepped through the Alfresco source, and looked in the files under WEB-INF/classes/alfresco/subsystems/Authentication/external, but I couldn't find out how the setAccept function ever got called. After some googling I found this example.

It looks like they setup a filter that logs the user in via a SimpleAcceptOrRejectAllAuthenticationComponentImpl object where they explicitly call setAccept(true). I haven't tried this yet, but their wiki says the web.xml file needs to be edited, something an Alfresco Dev said in another post wasn't needed after Alfresco v3.2 (I'm using v3.4.3). Is this the right avenue to go down?

I've heard another idea would be to write my own Authenticator subsystem, but I don't see any docs on that, and without knowing how the "setAccept" function gets called for the External subsystem, I feel like I'd be shooting in the dark.

Any thoughts on how to login a user in based on a cookie created by an external webapp (which is on the same domain - I've been able to read the cookie, I just don't know how to authenticate a user without a password)?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

万水千山粽是情ミ 2024-12-13 03:37:26

我想我应该为遇到同样问题的人发布解决方案。

第 1 步:创建一个过滤器,当有人尝试访问您的某个 URL 时将执行该过滤器。创建过滤器后,将其编译并打包到 jar 中,然后将该 jar 放入 alfresco.war 和 share.war 中(位于“WEB-INF/lib”位置)。下面是过滤器代码的框架版本:

package sample.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;

public class SSOIntegrationFilter implements Filter { 
    private static final String PARAM_REMOTE_USER = "remoteUser"; 
    private static final String SESS_PARAM_REMOTE_USER = SSOIntegrationFilter.class.getName() + '.' + PARAM_REMOTE_USER; 

    @Override 
    public void init(FilterConfig arg0) throws ServletException {} 

    @Override 
    public void destroy() {} 

    @Override 
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { 
        HttpServletRequest httpServletRequest = (HttpServletRequest) req; 
        String remoteUser = proprieterayUserIdValidationAndExtractionMethod(req.getParameter(PARAM_REMOTE_USER)); 
        // We've successfully authenticated the user. Remember their ID for next time. 
        if (remoteUser != null) { 
            HttpSession session = httpServletRequest.getSession(); 
            session.setAttribute(SESS_PARAM_REMOTE_USER, remoteUser); 
        } 
        chain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { 
            @Override 
            public String getRemoteUser() { 
                return (String) getSession().getAttribute(SESS_PARAM_REMOTE_USER); 
            } 
        }, res); 
    } 

    private String proprieterayUserIdValidationAndExtractionMethod(String param) { 
        return "admin"; // who to login as, replace with your cookie login code
    }
}

步骤 2:配置 web.xml 文件以使 tomcat 识别此过滤器(我的位于 /usr/share/tomcat/conf 中)。

<filter>
    <filter-name>Demo Filter</filter-name>
    <filter-class>sample.filter.SSOIntegrationFilter</filter-class>
</filter> 

<filter-mapping>
    <filter-name>Demo Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

步骤 3:对 share-config-custom.xml 文件进行以下更改(应位于共享目录中): http://docs.alfresco.com/3.4/index.jsp?topic=%2Fcom.alfresco.Enterprise_3_4_0.doc%2Ftasks%2Fauth-alfrescontlm-sso.html

步骤 4:更新您的 alfresco-global.properties 文件包含以下信息:

authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
external.authentication.proxyUserName=X-Alfresco-Remote-User

然后启动 Alfresco 并尝试一下。希望这会让您走上正轨。

I figured I'd post the solution for anyone who had the same problem.

Step 1: Create a filter that will be executed when someone tries to hit one of your URLs. Once the filter is created, compile and package it in a jar, and then place that jar inside of the alfresco.war and share.war (in the location "WEB-INF/lib"). Here is a skeleton version of what the filter code will look like:

package sample.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;

public class SSOIntegrationFilter implements Filter { 
    private static final String PARAM_REMOTE_USER = "remoteUser"; 
    private static final String SESS_PARAM_REMOTE_USER = SSOIntegrationFilter.class.getName() + '.' + PARAM_REMOTE_USER; 

    @Override 
    public void init(FilterConfig arg0) throws ServletException {} 

    @Override 
    public void destroy() {} 

    @Override 
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { 
        HttpServletRequest httpServletRequest = (HttpServletRequest) req; 
        String remoteUser = proprieterayUserIdValidationAndExtractionMethod(req.getParameter(PARAM_REMOTE_USER)); 
        // We've successfully authenticated the user. Remember their ID for next time. 
        if (remoteUser != null) { 
            HttpSession session = httpServletRequest.getSession(); 
            session.setAttribute(SESS_PARAM_REMOTE_USER, remoteUser); 
        } 
        chain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { 
            @Override 
            public String getRemoteUser() { 
                return (String) getSession().getAttribute(SESS_PARAM_REMOTE_USER); 
            } 
        }, res); 
    } 

    private String proprieterayUserIdValidationAndExtractionMethod(String param) { 
        return "admin"; // who to login as, replace with your cookie login code
    }
}

Step 2: Configure the web.xml file for tomcat to recognize this filter (mine was located in /usr/share/tomcat/conf).

<filter>
    <filter-name>Demo Filter</filter-name>
    <filter-class>sample.filter.SSOIntegrationFilter</filter-class>
</filter> 

<filter-mapping>
    <filter-name>Demo Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Step 3: Make the following changes to your share-config-custom.xml file (should be located in the shared directory): http://docs.alfresco.com/3.4/index.jsp?topic=%2Fcom.alfresco.Enterprise_3_4_0.doc%2Ftasks%2Fauth-alfrescontlm-sso.html

Step 4: Update your alfresco-global.properties file with the following information:

authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
external.authentication.proxyUserName=X-Alfresco-Remote-User

Then start up Alfresco and try it out. Hopefully this will put you on the right track.

回复 原文
~没有更多了~

关于作者

苦笑流年记忆

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文