AnsweredAssumed Answered

CIFS + Custom Authentication

Question asked by jneeve on Aug 25, 2008
Ok, I'm trying to follow all the CIFS problems posted here but I'm still a bit confused… sorry if this is hard to follow as its a bit long…maybe it will help someone else with ideas  :roll:

We've successfully implemented our own custom external authentication system (Crowd) which works for webdav, the alf gui and webscripts but doesn't work for CIFS

(Basically following the wikis instructions http://wiki.alfresco.com/wiki/Security_and_Authentication#Implementing_your_own_authentication_mechanism)

So, in spring we've configured a new custom authenticator - we overide the authenticateImpl method and call our own authenticator..

 <bean id="authenticationComponent" class="ca.epsb.personnel.crowd.CrowdAuthenticationComponentImpl">

So, if your credentials are succesfull we simply set the user and then call Alfresco's personService which will create the users automatically if they don't exist.


protected void authenticateImpl(String userName, char[] password) throws AuthenticationException
    {
        try
        {
            httpAuthenticator.verifyAuthentication(userName, String.valueOf(password));
            setCurrentUser(userName);
            NodeRef personNode = getPersonService().getPerson(userName);
…..

So, every user thats created by this method go into the 'spacesStore' as TYPE_PERSON

But, if you create user using the Alfresco GUI they're created in the 'alfrescoUserStore' as  TYPE_USER

So, what I've noticed is that no user created automatically can authenticate with CIFS. AND, only users created through the Alf GUI can authenticate to CIFS BUT they can only authenticate with their original Alfresco password….  (But those same users can use webdav/etc and authenticate with their Crowd ID/Password)

CIFS is setup to user the Enterprise authenticator… if I try 'Alfresco' I get a CIFS error about it being an invalid authenticator (?)

So, how do I get CIFS to recognize users that were created of type PERSON…

What I tried is customizing the createPerson service to create users of TYPE_USER instead of TYPE_PERSON but that didnt seem to work….it did make user of the new type, but nobody could login :)


   public NodeRef createPerson(Map<QName, Serializable> properties)
    {
        String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
                .get(ContentModel.PROP_USERNAME));
        properties.put(ContentModel.PROP_USERNAME, userName);
        //return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
        //        ContentModel.TYPE_PERSON, properties).getChildRef();
        return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER,
                ContentModel.TYPE_USER, properties).getChildRef();
    }

And whats interesting is you can force users into the userStore instead of spacesStore by modifing the storeURL location in authentication-services-context.xml (Which also worked but I had major problems with everything else!)


<property name="storeUrl">
           <!– <value>${spaces.store}</value> –>
          <value>user://alfrescoUserStore</value>
</property>

This post is very similar ( http://forums.alfresco.com/en/viewtopic.php?f=4&t=12633)  but I'm trying to figure out how to modfy the crowd Person service since most of the methods I need to overwrite are private [   private NodeRef getPersonOrNull(String searchUserName) ]

Any other ideas or suggestions?

Outcomes