Custom servlet filter in ACS

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Partner

Custom servlet filter in ACS

Hello,

 

I would like to create a custom servlet filter in ACS v5.2 which will be able to fetch username and token from currently authenticated user.

Every attempt ended up with failure.

 

Do I need to extend BaseNTLMAuthenticationFilter or something else? Do you have any idea how to implement it?

 

Thanks in advance

3 Replies
Partner

Re: Custom servlet filter in ACS

It does not have to be a filter, but it is important to get info about the successful login of the user (username, token...).

Do you know how?

Highlighted
Master

Re: Custom servlet filter in ACS

Using a filter would not be the correct way here. Alfresco actually defines an AuthenticationListener interface (https://github.com/Alfresco/alfresco-remote-api/blob/master/src/main/java/org/alfresco/repo/web/auth...) which could be used in this case. The big problem is just that Alfresco does not support having more than one authentication listener (by default), and the one "spot" may already be taken by a default bean / addon module bean. I actually ran into that problem myself and had to develop a small workaround / facade (https://github.com/Acosix/alfresco-utility/blob/master/full/repository/src/main/java/de/acosix/alfre...) to support multiple listeners in an Alfresco system. There are also two different layers where authentication listeners may be invoked - one from the SSO filter layer and another from more generic user name / password login components. This requires that a custom listener or facade be registered with two beans. My rather complex (because of compatibility / flexibility concerns) configuration can be seen in https://github.com/Acosix/alfresco-utility/blob/master/full/repository/src/main/config/module-contex...

Highlighted
Partner

Re: Custom servlet filter in ACS

Thank you very much. Your input is very useful.

To be more precise, I want to find the IP address of the client for the currently authenticated user. This info should be used later in my custom PermissionService.

The IP I can fetch using HttpServletRequest#getRemoteAddr(). But I have to relate this client IP info with the user. I thought that ticket and username (because the user can connect from different clients at the same time) could be the way to go.

Do you have an idea of how to fetch IP address for the currently authenticated user and use that info in the PermissionService later?