AnsweredAssumed Answered

Authentication of a user with two mapped usernames

Question asked by julio.melo on Mar 22, 2011
I developped a prototype of a custom authentication component that changes the supplied usernames of a legacy system to its respective LDAP user, by defining:


public class CustomComponent extends AbstractAuthenticationComponent {
   // Some code (…)
   @Override
   protected void authenticateImpl(String legacyUserName, char[] password) {
      // Some code (…)
      clearCurrentSecurityContext();
      setCurrentUser(otherUserName);
   }
}

I configured the authentication chain to use my custom component, LDAP, and alfrescoNtlm.

It worked just fine on Alfresco Explorer, but when authenticating through Alfresco Share, it created the legacy username in Alfresco repository, although files handled by the logged user was owned/modified by the mapped LDAP one.

I did an investigation on this behavior and see that in the org.alfresco.repo.webdav.auth.BaseAuthenticationFilter.handleLoginForm method, the authentication flow was:


authenticationService.authenticate(username, password.toCharArray());
session = req.getSession();           
createUserEnvironment(session, username, authenticationService.getCurrentTicket(), false);

As in org.alfresco.repo.webdav.auth.AuthenticationFilter.doFilter:113, since that method does not call setCurrentUser, username should be taken from authenticationService.getCurrentUser(), shouldn't it?


authenticationService.authenticate(username, password.toCharArray());
session = req.getSession();           
createUserEnvironment(session, authenticationService.getCurrentUser(), authenticationService.getCurrentTicket(), false);

In my case, to achieve the desired behavior without changing Alfresco's code, I used AOP on PersonService and changed the username in getPerson arguments. Now it worked on Alfresco Explorer, Share and CMIS.

As I said, this is just a prototype. I'm not sure if it is expected that AuthenticateComponent to change usernames during authentication (I believe that is probably not recommended) or if there is any other side-effects. Any suggestion would be appreciated.

Outcomes