Package org.alfresco.repo.security.authentication.external

Class DefaultRemoteUserMapper

java.lang.Object

org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper

All Implemented Interfaces:

ActivateableBean, RemoteUserMapper

public class DefaultRemoteUserMapper
extends Object
implements RemoteUserMapper, ActivateableBean

A default RemoteUserMapper implementation. Extracts a user ID using HttpServletRequest.getRemoteUser() and optionally from a configured request header. If there is no configured proxy user name, it returns the request header user name if there is one, or the remote user name otherwise. If there is a configured proxy user, then it returns the request header user name if the remote user matches the proxy user, or the remote user otherwise. An optional regular expression defining how to convert the header to a user ID can be configured using setUserIdPattern(String). This allows for the secure proxying of requests from a Surf client such as Alfresco Share using SSL client certificates.

Author:

dward

Constructor Summary

Constructors

Constructor	Description
DefaultRemoteUserMapper()

Method Summary

Modifier and Type	Method	Description
String	getRemoteUser(jakarta.servlet.http.HttpServletRequest request)	Gets an externally authenticated user ID from an HTTP request.
boolean	isActive()	Determines whether this bean is active.
void	setActive(boolean isEnabled)	Controls whether the mapper is enabled.
void	setPersonService(PersonService personService)	Sets the person service.
void	setProxyHeader(String proxyHeader)	Sets the name of the header containing the ID of a proxied user.
void	setProxyUserName(String proxyUserName)	Sets the name of the remote user used to 'proxy' requests securely in the name of another user.
void	setUserIdPattern(String userIdPattern)	Sets a regular expression for extracting a user ID from the header.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultRemoteUserMapper

public DefaultRemoteUserMapper()

Method Details

setProxyUserName

public void setProxyUserName(String proxyUserName)

Sets the name of the remote user used to 'proxy' requests securely in the name of another user. Typically this remote identity will be protected by an SSL client certificate.

Parameters:

proxyUserName - the proxy user name. If null or empty, then the header will be checked regardless of remote user identity.

setProxyHeader

public void setProxyHeader(String proxyHeader)

Sets the name of the header containing the ID of a proxied user.

Parameters:

proxyHeader - the proxy header name

setActive

public void setActive(boolean isEnabled)

Controls whether the mapper is enabled. When disabled getRemoteUser(HttpServletRequest) will always return null

Parameters:

isEnabled - Is this mapper enabled?

setUserIdPattern

public void setUserIdPattern(String userIdPattern)

Sets a regular expression for extracting a user ID from the header. If this is not set, then the entire contents of the header will be used as the user ID.

Parameters:

userIdPattern - the regular expression

setPersonService

public void setPersonService(PersonService personService)

Sets the person service.

Parameters:

personService - the person service

getRemoteUser

public String getRemoteUser(jakarta.servlet.http.HttpServletRequest request)

Description copied from interface: RemoteUserMapper

Gets an externally authenticated user ID from an HTTP request.

Specified by:

getRemoteUser in interface RemoteUserMapper

Parameters:

request - the request

Returns:

the user ID or null if the user is unauthenticated

isActive

public boolean isActive()

Description copied from interface: ActivateableBean

Determines whether this bean is active.

Specified by:

isActive in interface ActivateableBean

Returns:

true if this bean is active