AnsweredAssumed Answered

Custom Authenticator for CAS

Question asked by andrepra on May 5, 2011
Hi,
I'm using Alfresco 3.4d Community Ed.
I need to implements a custom authentication mechanism that perform the authentication with CAS and synchronize the user repository with an external database. To do that I follow the instruction of the wiki and looking the code of the external subsystem I developed my own subsystem. Everything works fine except the webscript call through the wcservice.
I've mapped the /wcservice/* call under the CAS filter and the CAS filter correctly redirects to the login page but when I return to the /wcservice URL (ie: /alfresco/wcservice/index) I get the Alfresco login page. Debugging I found that the cause is the Authenticator used by the webscript servlet (from web.xml)


   <servlet>
      <servlet-name>wcapiServlet</servlet-name>
      <servlet-class>org.springframework.extensions.webscripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.webclient</param-value>
      </init-param>
   </servlet>

This authenticator is defined in the  web-client-application-context.xml and instantiate the WebClientAuthenticatorFactory class. This class check the presence of a ticket parameter (the one Alfresco use for authentication) but found the ticket parameter the CAS use. Obviously there is a conflict.
So I decide to implemt my custom authenticator to manage this case. I developed my class, I changed the web.xml to define a new authenticator.

   <servlet>
      <servlet-name>wcapiServlet</servlet-name>
      <servlet-class>org.springframework.extensions.webscripts.servlet.WebScriptServlet</servlet-class>
      <init-param>
         <param-name>authenticator</param-name>
         <param-value>webscripts.authenticator.cas</param-value>
      </init-param>
   </servlet>
I defined the new bean in my subsystem context xml file

<bean id="webscripts.authenticator.cas" class="it.quix.alfresco.repo.web.scripts.servlet.CASAuthenticatorFactory" />
Testing my implementation I get an error:

GRAVE: Allocate exception for servlet wcapiServlet
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'webscripts.authenticator.cas' is defined
   at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:504)
        ….
Putting the same bean definition in the web-client-application-context.xml works fine. sound strange because other bean are loaded correctly.
I would define all my authentication beans in the same subsystem context file. It's possible or the authenticator are loaded in a different manner?

Thanks

Outcomes