I am trying to implement External SSO in alfresco share. I am using alfresco.4.2.c.
I want to enable debug mode for the classes which are using for Authentication in the case of External SSO.
So please let me know the class names which are using in External SSO.
Depends on which SSO you are integrating say OpenAM, CAS etc
SlingshotUserFactory class is used for default authentication in Alfresco Share
You can override its entry as below in share-config-custom.xml
<config evaluator="string-compare" condition="WebFramework">
<web-framework>
<!-- SpringSurf Autowire Runtime Settings -->
<!-- Developers can set mode to 'development' to disable; SpringSurf caches,
FreeMarker template caching and Rhino JavaScript compilation. -->
<defaults>
<page-type>
<id>login</id>
<page-instance-id>slingshot-login</page-instance-id>
</page-type>
<user-factory>webframework.factory.user.custom.slingshot
</user-factory>
</defaults>
</web-framework>
</config>
Add below entry in custom-slingshot-application-context.xml
<bean id="webframework.factory.user.custom.slingshot" class="com.test.web.site.ExtSlingshotUserFactory"
parent="webframework.factory.user.slingshot">
</bean>
now on login it will call your class for authentication
Related
I want to use the xml configuration file for registering clients for OAUTH2 in my web application. I know that there exist support for xml tags using the client-registrations tag
However I want to register the client registration repository as a bean. So that it is extensible, something like this:
<beans:bean id="clientRegistrationRepository" class="org.springframework.security.oauth2.client.registration.ClientRegistrationRepository">
<beans:constructor-arg index="0" ref="clientRegistration"/>
</beans:bean>
... more tags expanding clientRegistration
However this does not work. Does any one know how we can do this ?
I support a website that uses Spring Security (5.3.3.RELEASE). The site can't be displayed in iframe in other sites because of the following configuration
<security:headers>
<security:frame-options policy="SAMEORIGIN"/>
</security:headers>
Now I am asked to allow a few pages to be displayed in iframe in ANY other sites (not a specific list of sites). I looked at the Spring documentation, and it appears that I can add a bean in the following way:
<security:headers>
<security:frame-options policy="SAMEORIGIN" ref="bean_id"/>
</security:headers>
I am not able to find info about what interface or methods the bean (bean_id) must implement or whether it can be used to decide what pages are frameable. Any help or example is really appreciated.
The interface is of type AllowFromStrategy. But that interface is deprecated since the ALLOW-FROM is an obsolete directive that no longer works in modern browsers, see here. The alternative is to use CSP: frame-ancestors.
Spring Security has support for the Content-Security-Policy header. You can rely on the DelegatingRequestMatcherHeaderWriter implementation to add the headers only to specific pages, like so:
<http>
<!-- ... -->
<headers>
<header ref="headerWriter"/>
</headers>
</http>
<beans:bean id="headerWriter"
class="org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter">
<beans:constructor-arg>
<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher"
c:pattern="/page-with-csp"/>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter"/>
</beans:constructor-arg>
</beans:bean>
I want to login into Alfresco Dashboard with google credentials. I have seen a sample application below.
https://github.com/gdepourtales/share-oauth-sso
but it is not working for me.
I am using Alfresco 5.0 enterprise version.
I have downloaded the project and i have followed all the steps
I have build the project which was mentioned and deployed the jars.
I have added below snippet in web.xml file
<filter>
<description>Oauth Authentication Support</description>
<filter-name>OAuthAuthenticationFilter</filter-name>
<filter-class>ch.gadp.alfresco.OAuthSSOAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>OAuthAuthenticationFilter</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>OAuthAuthenticationFilter</filter-name>
<url-pattern>/p/*</url-pattern>
</filter-mapping>
I have added the below configuration in share-config.custom.xml file
<config evaluator="string-compare" condition="OAuthFilter"> <!-- the condition must always be OAuthFilter -->
<repository>
<!-- The host of the Alfresco repository webapp -->
<host>localhost</host>
<!-- The port of the Alfresco repository webapp. Put 80 for standard HTTP-->
<port>8081</port>
<!-- The protocol to access the Alfresco repository -->
<protocol>http</protocol>
<!-- The API access URI. If you use standard Alfresco, this should not change -->
<api>/alfresco/service/api</api>
<!-- The admin user who is able to create new users -->
<admin>admin</admin>
<!-- The password of the admin user -->
<password>admin</password>
<!-- The unique password for all users authenticated with OAuth. Choose one very complicated :) -->
<user-password>gotpxdKFjA_uxzG5SdGu</user-password>
<!-- The domains for which incoming user should be restricted to. If blank, any valid email will be accepted -->
<user-domains>nxc.no</user-domains>
</repository>
<oauth-api>
<!-- The key of your API application -->
<key>my key</key>
<!-- The URI from which get the user profile informations -->
<uri>https://www.googleapis.com/oauth2/v1/userinfo</uri>
<!-- The secret of your API application -->
<secret>my secret</secret>
<!-- The scope(s) for getting data -->
<scope>https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email</scope>
<!-- This is a constant and my be different in future releases -->
<name>GoogleApi</name>
</oauth-api>
</config>
and i have started the server but I am not seeing any change.
How I can Know the process of user login to the dashboard.Because everything written in alfresco is a web-script how can i make a google user to login into Dashboard.
Any answer will help me a lot Thank you!.
You can extend the following project - https://github.com/FlexSolution/SocialLogin. It uses oauth2 to login Alfresco by using LinkedIn account
The video how it works is available on youtube - https://www.youtube.com/watch?v=4dpueBkL-Jo&index=5&list=PLjxSLwMQLhLifbIIC5qkVio8VoakzncXg
You'd want to use Google2Api these days. Also prompt setting is missing in your config.
<!-- This is a constant and my be different in future releases -->
<name>Google2Api</name>
<!-- Whether to re-prompt the user for consent -->
<prompt>auto</prompt>
Can any one tell me, how to configure spring mvc project that contains controllers both annotated and configured??
I want to configure static pages using ParametrizedViewController and rest of all using Annotations.
But it is not working??
Please someone tell the configuration file(dispatcher-servlet.xml in my case) which will contain both this requirements.
Thanks in advance.
<!-- Registering MVC stuff necessary for #RequestMapping -->
<mvc:annotation-driven />
<!-- Your view controller definition -->
<mvc:view-controller path="/home" view-name="home" />
I'm a ColdFusion developer looking to break into Flex. I have a couple test Flex applications Ii'm working on, but am having problem connecting to my CFCs. I've tried:
creating mappings in CFAdmin,
putting the CFC in the same folder as the Flex app,
putting the CFC in the C:\Coldfusion8\Gateway\CFC folder,
all to no avail.
Each time, I get the "Could not find the ColdFusion Component or Interface" error. What am I missing?
Here is how I'm invoking the CFC for Flex use.
<mx:RemoteObject id="conn" destination="ColdFusion" source="cfc.bulkmail"
result="orderGrid.dataProvider = event.result;" showBusyCursor="true">
You can also go into your remoting-config.xml file ([coldfusionRoot]wwwroot\WEB-INF\flex) and enable the use of mappings on your coldfusion instance. By default Flex is not allowed to use mappings in locating a cfc instance.
<destination id="ColdFusion">
<channels>
<channel ref="my-cfamf"/>
</channels>
<properties>
<source>*</source>
<!-- define the resolution rules and access level of the cfc being invoked -->
<access>
<!-- Use the ColdFusion mappings to find CFCs, by default only CFC files under your webroot can be found. -->
<use-mappings>false</use-mappings>
<!-- allow "public and remote" or just "remote" methods to be invoked -->
<method-access-level>remote</method-access-level>
</access>
<property-case>
<!-- cfc property names -->
<force-cfc-lowercase>false</force-cfc-lowercase>
<!-- Query column names -->
<force-query-lowercase>false</force-query-lowercase>
<!-- struct keys -->
<force-struct-lowercase>false</force-struct-lowercase>
</property-case>
</properties>
</destination>
what you see is the default. Change the use-mappings key to true and your mappings will now work.
I had similar problems on certain servers. I think it has something to do with how security is setup on your website. I ended up taking the easy route and making my CFC methods remotely accessible and calling them as WebServices.
C:\Coldfusion8\wwwroot\Gateway\CFC is the correct folder
and the cfc.bulkmail is the correct source.
It works, I must've just not had the proper case at one point or the other.
But here's the answer for anyone who has the same problem in the future.