org.alfresco.filesys.auth.cifs

Class EnterpriseCifsAuthenticator

java.lang.Object

org.alfresco.jlan.server.auth.CifsAuthenticator

org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase

org.alfresco.filesys.auth.cifs.EnterpriseCifsAuthenticator

All Implemented Interfaces:

javax.security.auth.callback.CallbackHandler, org.alfresco.jlan.server.auth.ICifsAuthenticator, ActivateableBean, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean

public class EnterpriseCifsAuthenticator
extends CifsAuthenticatorBase
implements javax.security.auth.callback.CallbackHandler

Enterprise CIFS Authenticator Class

CIFS authenticator that supports NTLMSSP and Kerberos logins.

Field Summary

Fields

Modifier and Type	Field and Description
protected static org.apache.commons.logging.Log	logger

Fields inherited from class org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase

m_md4Encoder

Fields inherited from class org.alfresco.jlan.server.auth.CifsAuthenticator

GUEST_USERNAME, m_config, m_random

Fields inherited from interface org.alfresco.jlan.server.auth.ICifsAuthenticator

AUTH_ACCDISABLED, AUTH_ALLOW, AUTH_BADPASSWORD, AUTH_BADUSER, AUTH_DISALLOW, AUTH_GUEST, AUTH_PASSEXPIRED, LANMAN, NoAccess, NTLM1, NTLM2, ReadOnly, SHARE_MODE, STANDARD_CHALLENGE_LEN, STANDARD_PASSWORD_LEN, USER_MODE, Writeable

Constructor Summary

Constructors

Constructor and Description
EnterpriseCifsAuthenticator() Class constructor

Method Summary

Methods

Modifier and Type	Method and Description
void	generateNegotiateResponse(org.alfresco.jlan.smb.server.SMBSrvSession sess, org.alfresco.jlan.smb.server.SMBSrvPacket respPkt, boolean extendedSecurity) Generate the CIFS negotiate response packet, the authenticator should add authentication specific fields to the response.
int	getEncryptionKeyLength() Return the encryption key/challenge length
int	getServerCapabilities() Return the server capability flags
void	handle(javax.security.auth.callback.Callback[] callbacks) JAAS callback handler
void	initialize() Initialize the authenticator (after properties have been set)
void	initialize(org.alfresco.jlan.server.config.ServerConfiguration config, org.springframework.extensions.config.ConfigElement params) Initialize the authenticator (via the config service)
void	processSessionSetup(org.alfresco.jlan.smb.server.SMBSrvSession sess, org.alfresco.jlan.smb.server.SMBSrvPacket reqPkt) Process the CIFS session setup request packet and build the session setup response.
void	setDisableNTLM(boolean disableNTLM)
void	setDisallowNTLMv1(boolean disallowNTLMv1)
void	setEnableTicketCracking(boolean enaTktCracking) Enable Kerbeors ticket cracking code that is required for Java5
void	setJaasConfigEntryName(java.lang.String jaasConfigEntryName) Sets the HTTP service login configuration entry name.
void	setKerberosDebug(boolean kerberosDebug)
void	setPassword(java.lang.String password) Sets the HTTP service account password.
void	setRealm(java.lang.String realm) Sets the HTTP service account realm.
void	setStripKerberosUsernameSuffix(boolean stripKerberosUsernameSuffix)
void	setUseSPNEGO(boolean useSPNEGO)

Methods inherited from class org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase

afterPropertiesSet, checkForAdminUserName, destroy, doGuestLogon, doInTransaction, getAuthenticationComponent, getAuthenticationService, getAuthorityService, getHomeFolderForUser, getNodeService, getNTLMAuthenticator, getPersonService, isActive, mapUserNameToPerson, setActive, setAuthenticationComponent, setAuthenticationService, setAuthorityService, setCurrentUser, setDiskInterface, setNodeService, setPersonService, setTransactionService, validateAuthenticationMode

Methods inherited from class org.alfresco.jlan.server.auth.CifsAuthenticator

allowGuest, authenticateShareConnect, authenticateUser, authenticateUserPlainText, closeAuthenticator, convertPassword, generateEncryptedPassword, getAccessMode, getAuthContext, getCIFSConfig, getEnabledDialects, getEncryptor, getGuestUserName, getsecurityConfig, getSecurityMode, getStatusAsString, getUserDetails, hasDebug, hasExtendedSecurity, hasSessionCleanup, mapClientAddressToDomain, mapUnknownUserToGuest, setAccessMode, setAllowGuest, setConfig, setDebug, setExtendedSecurity, setGuestUserName, setMapToGuest, setSecurityMode, setSessionCleanup, toString, validatePassword

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

logger

protected static final org.apache.commons.logging.Log logger

Constructor Detail

EnterpriseCifsAuthenticator

public EnterpriseCifsAuthenticator()

Class constructor

Method Detail

setPassword

public void setPassword(java.lang.String password)

Sets the HTTP service account password. (the Principal should be configured in java.login.config)

Parameters:

password - the password to set

setRealm

public void setRealm(java.lang.String realm)

Sets the HTTP service account realm.

Parameters:

realm - the realm to set

setJaasConfigEntryName

public void setJaasConfigEntryName(java.lang.String jaasConfigEntryName)

Sets the HTTP service login configuration entry name.

Parameters:

loginEntryName - the loginEntryName to set

setKerberosDebug

public void setKerberosDebug(boolean kerberosDebug)

setDisableNTLM

public void setDisableNTLM(boolean disableNTLM)

setUseSPNEGO

public void setUseSPNEGO(boolean useSPNEGO)

setDisallowNTLMv1

public void setDisallowNTLMv1(boolean disallowNTLMv1)

setStripKerberosUsernameSuffix

public void setStripKerberosUsernameSuffix(boolean stripKerberosUsernameSuffix)

setEnableTicketCracking

public void setEnableTicketCracking(boolean enaTktCracking)

Enable Kerbeors ticket cracking code that is required for Java5

Parameters:

enaTktCracking - boolean

initialize

public void initialize(org.alfresco.jlan.server.config.ServerConfiguration config,
              org.springframework.extensions.config.ConfigElement params)
                throws org.alfresco.jlan.server.config.InvalidConfigurationException

Initialize the authenticator (via the config service)

Overrides:

initialize in class CifsAuthenticatorBase

Parameters:

config - ServerConfiguration

params - ConfigElement

Throws:

org.alfresco.jlan.server.config.InvalidConfigurationException

initialize

public void initialize()
                throws org.alfresco.jlan.server.config.InvalidConfigurationException

Initialize the authenticator (after properties have been set)

Overrides:

initialize in class CifsAuthenticatorBase

Throws:

org.alfresco.jlan.server.config.InvalidConfigurationException

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException

JAAS callback handler

Specified by:

handle in interface javax.security.auth.callback.CallbackHandler

Parameters:

callbacks - Callback[]

Throws:

java.io.IOException

javax.security.auth.callback.UnsupportedCallbackException

getEncryptionKeyLength

public int getEncryptionKeyLength()

Return the encryption key/challenge length

Specified by:

getEncryptionKeyLength in interface org.alfresco.jlan.server.auth.ICifsAuthenticator

Overrides:

getEncryptionKeyLength in class org.alfresco.jlan.server.auth.CifsAuthenticator

Returns:

int

getServerCapabilities

public int getServerCapabilities()

Return the server capability flags

Specified by:

getServerCapabilities in interface org.alfresco.jlan.server.auth.ICifsAuthenticator

Overrides:

getServerCapabilities in class org.alfresco.jlan.server.auth.CifsAuthenticator

Returns:

int

generateNegotiateResponse

public void generateNegotiateResponse(org.alfresco.jlan.smb.server.SMBSrvSession sess,
                             org.alfresco.jlan.smb.server.SMBSrvPacket respPkt,
                             boolean extendedSecurity)
                               throws org.alfresco.jlan.server.auth.AuthenticatorException

Generate the CIFS negotiate response packet, the authenticator should add authentication specific fields to the response.

Specified by:

generateNegotiateResponse in interface org.alfresco.jlan.server.auth.ICifsAuthenticator

Overrides:

generateNegotiateResponse in class org.alfresco.jlan.server.auth.CifsAuthenticator

Parameters:

sess - SMBSrvSession

respPkt - SMBSrvPacket

extendedSecurity - boolean

Throws:

org.alfresco.jlan.server.auth.AuthenticatorException

processSessionSetup

public void processSessionSetup(org.alfresco.jlan.smb.server.SMBSrvSession sess,
                       org.alfresco.jlan.smb.server.SMBSrvPacket reqPkt)
                         throws org.alfresco.jlan.smb.server.SMBSrvException

Process the CIFS session setup request packet and build the session setup response.

This is the boundary between alfresco and JLAN. So is responsible for logging and ensuring that the exceptions are correct for JLAN.

Specified by:

processSessionSetup in interface org.alfresco.jlan.server.auth.ICifsAuthenticator

Overrides:

processSessionSetup in class org.alfresco.jlan.server.auth.CifsAuthenticator

Parameters:

sess - SMBSrvSession

reqPkt - SMBSrvPacket

Throws:

org.alfresco.jlan.smb.server.SMBSrvException