Alfresco FTP的验证方法

最新推荐文章于 2020-04-12 21:50:49 发布

lifei88

最新推荐文章于 2020-04-12 21:50:49 发布

阅读量2.4k

点赞数

文章标签： bean import class postgresql string sso

本文链接：https://blog.csdn.net/lifei88/article/details/2016457

版权

    Alfresco的安全机制是很严谨的，由于实现了JSR170的存储规范，所以Alfresco支持很多协议如NTLM,FTP,WebDev等等，在应用交互层面，支持web-client和webservices。

    我在这里说的FTP验证，是出于这样一种环境，实现SSO的整合，实现方便使用的多文档存取，在此两条件下我们需要对Aflresto的FTP进行独立验证，这种验证是基于SSO的授权验证，因为如果不这样做的，我在使用FTP时会很不安全。

    所以我改写了如下文件代码：
    1.org.alfresco.filesys.ftp.FTPSrvSession
    2.org.alfresco.filesys.server.config.ServerConfiguration
    新增如下文件:
    1.org.alfresco.repo.ftp.FTPAuthenticationDao
    2.org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao
    3.applicationContext-resources.xml

    主要实现方法在于改写FTPSrvSession.java中的procPassword方法:

.......

// Use the normal authentication service as we have the plaintext

// password

AuthenticationService authService = getServer().getConfiguration().getAuthenticationService();

/**

* For CAS SSO Integration, Get FTPAuthentication

FTPAuthenticationDao ftpAuthentication = getServer().getConfiguration().getFtpAuthenticationDao();

.......

authService.authenticate(cInfo.getUserName(), cInfo.getPasswordAsCharArray());

/**

* Check FTPAuthentication for SSO Validation

if (ftpAuthentication.ssoValidate()) {

ftpAuthentication.authenticate(cInfo.getUserName(), cInfo.getPasswordAsString());

}

.......

这样根据ftpAuthentication的ssoValidate方法可动态的设置FTP是否需要强制进行验证。
FTPAuthenticationDao.java:

package org.alfresco.repo.ftp;

public interface FTPAuthenticationDao {

public boolean ssoValidate();

public void authenticate(String username, String password);

}

HibernateFTPAuthenticationDao.java:

package org.alfresco.repo.ftp.hibernate;

import java.util.List;

import org.alfresco.filesys.server.auth.PasswordEncoder;

import org.alfresco.filesys.server.auth.PlainTextPasswordEncoder;

import org.alfresco.repo.ftp.FTPAuthenticationDao;

import org.alfresco.repo.security.authentication.AuthenticationException;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import org.hibernate.Query;

import org.hibernate.Session;

import org.springframework.orm.hibernate3.HibernateCallback;

import org.springframework.orm.hibernate3.support.HibernateDaoSupport;

public class HibernateFTPAuthenticationDao extends HibernateDaoSupport implements FTPAuthenticationDao {

protected final Log log = LogFactory.getLog(getClass());

private String sql;

private PasswordEncoder passwordEncoder = new PlainTextPasswordEncoder();

private boolean ssoValidate;

public void setSql(String sql) {

this.sql = sql;

}

public void setPasswordEncoder(PasswordEncoder passwordEncoder) {

this.passwordEncoder = passwordEncoder;

}

public boolean ssoValidate() {

return this.isSsoValidate();

}

public void setSsoValidate(boolean ssoValidate) {

this.ssoValidate = ssoValidate;

}

public boolean isSsoValidate() {

return ssoValidate;

}

public void authenticate(final String username, final String password) {

HibernateCallback callback = new HibernateCallback() {

public Object doInHibernate(Session session) {

Query query = session.createSQLQuery(sql);

query.setString(0, username);

return query.list();

}

};

List<String> queryResults = (List<String>) getHibernateTemplate().execute(callback);

if (queryResults.isEmpty()) {

log.error("User not exist!");

throw new AuthenticationException("User not exist!(" + this.getClass().getName() + ")");

} else {

if (!queryResults.get(0).toString().equals(passwordEncoder.encode(password))) {

log.error("User password error!");

throw new AuthenticationException("User password error!(" + this.getClass().getName() + ")");

}

* String[] paramNames = new String[]{"username","password"}; String[]

* values = new String[]{username, passwordEncoder.encode(password)};

* List<User> queryResults =

* getHibernateTemplate().findByNamedQueryAndNamedParam("ftp.checkUser",

* paramNames, values); if (queryResults.isEmpty()) { log.error("User

* not exist!"); throw new AuthenticationException("User not exist!(" +

* this.getClass().getName() + ")"); }

log.info("User: " + username + " logon successfully!");

}

applicationContext-resources.xml:

<? xml version="1.0" encoding="UTF-8" ?>

< beans xmlns ="http://www.springframework.org/schema/beans" xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"

xmlns:jee ="http://www.springframework.org/schema/jee"

xsi:schemaLocation ="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd

http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd" >

<!-- For mail settings and future properties files

<list>

<value>classpath*:alfresco/extension/jdbc.properties</value>

</list>

</property>

</bean>

-->

< bean id ="_dataSource" class ="org.apache.commons.dbcp.BasicDataSource" destroy-method ="close" >

< property name ="driverClassName" value ="org.postgresql.Driver" />

< property name ="url" value ="jdbc:postgresql://localhost/myworld" />

< property name ="username" value ="postgres" />

< property name ="password" value ="postgres" />

< property name ="maxActive" value ="100" />

< property name ="maxWait" value ="1000" />

< property name ="poolPreparedStatements" value ="true" />

< property name ="defaultAutoCommit" value ="true" />

</ bean >

< bean id ="_sessionFactory" class ="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean" >

< property name ="dataSource" ref ="_dataSource" />

< property name ="configLocation" value ="classpath:hibernate.cfg.xml" />

< property name ="hibernateProperties" >

< value >

hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

hibernate.query.substitutions=true 'Y', false 'N'

hibernate.cache.use_second_level_cache=true

hibernate.cache.provider_class=org.hibernate.cache.EhCacheProvider

hibernate.jdbc.batch_size=0

hibernate.hbm2ddl.auto=update

</ value >

</ property >

</ bean >

< bean id ="ftpAuthenticationDao" class ="org.alfresco.repo.ftp.hibernate.HibernateFTPAuthenticationDao" >

< property name ="sessionFactory" ref ="_sessionFactory" ></ property >

< property name ="sql" value ="select password from cas_user where username = ?" ></ property >

< property name ="passwordEncoder" >

< bean class ="org.alfresco.filesys.server.auth.DefaultPasswordEncoder" >

< constructor-arg >

< value > SHA </ value >

</ constructor-arg >

</ bean >

</ property >

< property name ="ssoValidate" value ="true" ></ property >

</ bean >

</ beans >

在改写network-protocol-context.xml:

< bean id ="fileServerConfigurationBase"

abstract ="true"

destroy-method ="closeConfiguration" >

< property name ="authenticationManager" >

< ref bean ="authenticationManager" />

</ property >

< property name ="authenticationService" >

< ref bean ="authenticationService" />

</ property >

< property name ="authenticationComponent" >

< ref bean ="authenticationComponent" />

</ property >

< property name ="nodeService" >

< ref bean ="NodeService" />

</ property >

< property name ="tenantService" >

< ref bean ="tenantService" />

</ property >

< property name ="searchService" >

< ref bean ="SearchService" />

</ property >

< property name ="namespaceService" >

< ref bean ="namespaceService" />

</ property >

< property name ="personService" >

< ref bean ="personService" />

</ property >

< property name ="transactionService" >

< ref bean ="transactionService" />

</ property >

< property name ="diskInterface" >

< ref bean ="contentDiskDriver" />

</ property >

< property name ="avmDiskInterface" >

< ref bean ="avmDiskDriver" />

</ property >

< property name ="ftpAuthenticationDao" >

< ref bean ="ftpAuthenticationDao" />

</ property >

</ bean >

lifei88

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
Alfresco FTP的验证方法

Alfresco的安全机制是很严谨的，由于实现了JSR170的存储规范，所以Alfresco支持很多协议如NTLM,FTP,WebDev等等，在应用交互层面，支持web-client和webservices。我在这里说的FTP验证，是出于这样一种环境，实现SSO的整合，实现方便使用的多文档存取，在此两条件下我们需要对Aflresto的FTP进行独立验证，这种验证是基于SSO的授权
复制链接

扫一扫