CAS 和Liferay的整合网上到处都有,我在此也不再鳌述。CAS和Alfresco的整合推荐一篇blog,你看了之后也就知道怎么做了:
http://athenalogics.blogspot.com/2008/07/how-to-casify-alfresco-cms_567.html
本文所要讲的是在CAS和Liferay已经整合好的前提下, 把Alfresco部署成Liferay的portlet并且和CAS整合。
我试了网上有一些别的方法无一成功,也有人说存在bug无法整合。至少根据我前面的blog讲share liferay session的方法给alfresco portlet是不可行的。alfresco的用户认证这里确实有bug。
当然,首先你需要把Alfresco部署成portlet,我这里用到的是Alfresco community version 2.1, Liferay 5.1.0
部署Liferay portlet 通常的做法是 Hotdeploy. 也就是把alfresco.war放到$user_home/liferay/deploy
之后会在Webapp下面产生一个新的alfresco的app, 到它的lib下面把portlet-api删掉,因为这个和liferay的相冲突。然再把附件中的liferay portlet描述文件copy到alfresco/WEB-INF下面. 注意,附件里的web.xml中用到的portlet-class是我自己修改过的。
这样你的alfresco就可以被添加到liferay里面了.
当然,如果你不想使用hotdeploy(通常写自动产生server的script的人最讨厌这个), 那么可以参考这个script的相应部分: http://tempo.intalio.org/tempo/trunk/rsc/scripts/create_tomcat.rb
接下来,Alfresco portlet的用户管理的基本思路是在PortletSession里是否存在'AuthenticationHelper.AUTHENTICATION_USER'这个属性,如果存在的话就取出里面的User去做验证。通过的话就可以访问。基于这个原理,我在原有的portlet-class上做了一些改动,下面的portlet class的全文:
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.intalio.tempo.web;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import javax.faces.application.ViewHandler;
import javax.faces.component.UIViewRoot;
import javax.faces.context.FacesContext;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletException;
import javax.portlet.PortletRequest;
import javax.portlet.PortletRequestDispatcher;
import javax.portlet.PortletSession;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.UnavailableException;
import javax.servlet.http.HttpServletRequest;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigService;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.TempFileProvider;
import org.alfresco.web.app.Application;
import org.alfresco.web.app.portlet.AlfrescoDefaultViewSelector;
import org.alfresco.web.app.servlet.AuthenticationHelper;
import org.alfresco.web.app.servlet.AuthenticationStatus;
import org.alfresco.web.bean.ErrorBean;
import org.alfresco.web.bean.FileUploadBean;
import org.alfresco.web.bean.LoginBean;
import org.alfresco.web.bean.NavigationBean;
import org.alfresco.web.bean.repository.Repository;
import org.alfresco.web.bean.repository.User;
import org.alfresco.web.config.ClientConfigElement;
import org.alfresco.web.config.LanguagesConfigElement;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.portlet.PortletFileUpload;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.myfaces.portlet.MyFacesGenericPortlet;
import org.apache.myfaces.portlet.PortletUtil;
import org.springframework.web.context.WebApplicationContext;
import com.liferay.portal.service.UserServiceUtil;
/**
* Class to extend the MyFacesGenericPortlet to provide behaviour specific to
* Alfresco web client. Handles upload of multi-part forms through a JSR-168
* Portlet, generic error handling and session login authentication.
*
* @author Gavin Cornwell, Kevin Roast
*/
public class AlfrescoFacesPortlet extends MyFacesGenericPortlet {
private static final String PREF_ALF_USERNAME = "_alfUserName";
private static final String SESSION_LAST_VIEW_ID = "_alfLastViewId";
private static final String ERROR_PAGE_PARAM = "error-page";
private static final String ERROR_OCCURRED = "error-occurred";
private List<String> m_languages;
private static Log logger = LogFactory.getLog(AlfrescoFacesPortlet.class);
private String loginPage = null;
private String errorPage = null;
/**
* Called by the portlet container to allow the portlet to process an action
* request.
*/
public void processAction(ActionRequest request, ActionResponse response) throws PortletException, IOException {
Application.setInPortalServer(true);
// Set the current locale
I18NUtil.setLocale(Application.getLanguage(request.getPortletSession()));
boolean isMultipart = PortletFileUpload.isMultipartContent(request);
try {
// NOTE: Due to filters not being called within portlets we can not
// make use
// of the MyFaces file upload support, therefore we are using a pure
// portlet request/action to handle file uploads until there is a
// solution.
if (isMultipart) {
if (logger.isDebugEnabled())
logger.debug("Handling multipart request...");
PortletSession session = request.getPortletSession();
// get the file from the request and put it in the session
DiskFileItemFactory factory = new DiskFileItemFactory();
PortletFileUpload upload = new PortletFileUpload(factory);
List<FileItem> fileItems = upload.parseRequest(request);
Iterator<FileItem> iter = fileItems.iterator();
FileUploadBean bean = new FileUploadBean();
while (iter.hasNext()) {
FileItem item = iter.next();
String filename = item.getName();
if (item.isFormField() == false) {
if (logger.isDebugEnabled())
logger.debug("Processing uploaded file: " + filename);
// workaround a bug in IE where the full path is
// returned
// IE is only available for Windows so only check for
// the Windows path separator
int idx = filename.lastIndexOf('\\');
if (idx == -1) {
// if there is no windows path separator check for
// *nix
idx = filename.lastIndexOf('/');
}
if (idx != -1) {
filename = filename.substring(idx + File.separator.length());
}
File tempFile = TempFileProvider.createTempFile("alfresco", ".upload");
item.write(tempFile);
bean.setFile(tempFile);
bean.setFileName(filename);
bean.setFilePath(tempFile.getAbsolutePath());
session.setAttribute(FileUploadBean.FILE_UPLOAD_BEAN_NAME, bean, PortletSession.PORTLET_SCOPE);
}
}
// Set the VIEW_ID parameter to tell the faces portlet bridge to
// treat the request
// as a JSF request, this will send us back to the previous page
// we came from.
String lastViewId = (String) request.getPortletSession().getAttribute(SESSION_LAST_VIEW_ID);
if (lastViewId != null) {
response.setRenderParameter(VIEW_ID, lastViewId);
}
} else {
User user = (User) request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
if (user != null) {
// setup the authentication context
try {
WebApplicationContext ctx = (WebApplicationContext) getPortletContext().getAttribute(
WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
AuthenticationService auth = (AuthenticationService) ctx.getBean("AuthenticationService");
auth.validate(user.getTicket());
// save last username into portlet preferences, get from
// LoginBean state
LoginBean loginBean = (LoginBean) request.getPortletSession().getAttribute(AuthenticationHelper.LOGIN_BEAN);
if (loginBean != null) {
// TODO: Need to login to the Portal to get a user
// here to store prefs against
// so not really a suitable solution as they get
// thrown away at present!
// Also would need to store prefs PER user - so auto
// login for each...?
String oldValue = request.getPreferences().getValue(PREF_ALF_USERNAME, null);
if (oldValue == null || oldValue.equals(loginBean.getUsernameInternal()) == false) {
if (request.getPreferences().isReadOnly(PREF_ALF_USERNAME) == false) {
request.getPreferences().setValue(PREF_ALF_USERNAME, loginBean.getUsernameInternal());
request.getPreferences().store();
}
}
}
// do the normal JSF processing
super.processAction(request, response);
} catch (AuthenticationException authErr) {
// remove User object as it's now useless
request.getPortletSession().removeAttribute(AuthenticationHelper.AUTHENTICATION_USER);
}
} else {
// do the normal JSF processing as we may be on the login
// page
super.processAction(request, response);
}
}
} catch (Throwable e) {
if (getErrorPage() != null) {
handleError(request, response, e);
} else {
logger.warn("No error page configured, re-throwing exception");
if (e instanceof PortletException) {
throw (PortletException) e;
} else if (e instanceof IOException) {
throw (IOException) e;
} else {
throw new PortletException(e);
}
}
}
}
/**
* @see org.apache.myfaces.portlet.MyFacesGenericPortlet#facesRender(javax.portlet.RenderRequest,
* javax.portlet.RenderResponse)
*/
protected void facesRender(RenderRequest request, RenderResponse response) throws PortletException, IOException {
try {
User user = (User) request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
if (user == null) {
Method getHttpServletRequest = request.getClass().getMethod("getHttpServletRequest");
HttpServletRequest hsr = (HttpServletRequest) getHttpServletRequest.invoke(request);
Long userID = (Long) hsr.getSession().getAttribute("USER_ID");
com.liferay.portal.model.User liferayUser = UserServiceUtil.getUserById(userID);
String userName = liferayUser.getScreenName();
logger.debug("user name for alfresco is:" + userName);
getPortletContext().removeAttribute("loggedin");
setAuthenticatedUser(request, userName);
}
} catch (Throwable e) {
// do nothing
}
Application.setInPortalServer(true);
// Set the current locale
I18NUtil.setLocale(Application.getLanguage(request.getPortletSession()));
if (request.getParameter(ERROR_OCCURRED) != null) {
String errorPage = Application.getErrorPage(getPortletContext());
if (logger.isDebugEnabled())
logger.debug("An error has occurred, redirecting to error page: " + errorPage);
response.setContentType("text/html");
PortletRequestDispatcher dispatcher = getPortletContext().getRequestDispatcher(errorPage);
dispatcher.include(request, response);
} else {
WebApplicationContext ctx = (WebApplicationContext) getPortletContext().getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
AuthenticationService auth = (AuthenticationService) ctx.getBean("AuthenticationService");
// if we have no User object in the session then an HTTP Session
// timeout must have occured
// use the viewId to check that we are not already on the login page
PortletSession session = request.getPortletSession();
String viewId = request.getParameter(VIEW_ID);
// keep track of last view id so we can use it as return page from
// multi-part requests
request.getPortletSession().setAttribute(SESSION_LAST_VIEW_ID, viewId);
User user = (User) request.getPortletSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
if (user == null && (viewId == null || viewId.equals(getLoginPage()) == false)) {
if (AuthenticationHelper.portalGuestAuthenticate(ctx, session, auth) == AuthenticationStatus.Guest) {
if (logger.isDebugEnabled())
logger.debug("Guest access successful.");
// perform the forward to the page processed by the Faces
// servlet
response.setContentType("text/html");
request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
// get the start location as configured by the web-client
// config
ConfigService configService = (ConfigService) ctx.getBean("webClientConfigService");
ClientConfigElement configElement = (ClientConfigElement) configService.getGlobalConfig().getConfigElement("client");
if (NavigationBean.LOCATION_MYALFRESCO.equals(configElement.getInitialLocation())) {
nonFacesRequest(request, response, "/jsp/dashboards/container.jsp");
} else {
nonFacesRequest(request, response, "/jsp/browse/browse.jsp");
}
} else {
if (logger.isDebugEnabled())
logger.debug("No valid User login, requesting login page. ViewId: " + viewId);
// set last used username as special session value used by
// the LoginBean
session.setAttribute(AuthenticationHelper.SESSION_USERNAME, request.getPreferences().getValue(PREF_ALF_USERNAME, null));
// login page is the default portal page
response.setContentType("text/html");
request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
nonFacesRequest(request, response);
}
} else {
if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) != null) {
// remove the username preference value as explicit logout
// was requested by the user
if (request.getPreferences().isReadOnly(PREF_ALF_USERNAME) == false) {
request.getPreferences().reset(PREF_ALF_USERNAME);
}
session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
}
try {
if (user != null) {
if (logger.isDebugEnabled())
logger.debug("Validating ticket: " + user.getTicket());
// setup the authentication context
auth.validate(user.getTicket());
}
// do the normal JSF processing
String loggedin = (String) getPortletContext().getAttribute("loggedin");
logger.debug("logged in?:" + loggedin);
if (loggedin != null && loggedin.equalsIgnoreCase("true")) {
super.facesRender(request, response);
} else {
getPortletContext().setAttribute("loggedin", "true");
response.setContentType("text/html");
request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
nonFacesRequest(request, response, "/jsp/browse/browse.jsp");
}
} catch (AuthenticationException authErr) {
// ticket is no longer valid!
if (logger.isDebugEnabled())
logger.debug("Invalid ticket, requesting login page.");
// remove User object as it's now useless
request.getPortletSession().removeAttribute(AuthenticationHelper.AUTHENTICATION_USER);
// login page is the default portal page
response.setContentType("text/html");
request.getPortletSession().setAttribute(PortletUtil.PORTLET_REQUEST_FLAG, "true");
nonFacesRequest(request, response);
} catch (Throwable e) {
if (getErrorPage() != null) {
handleError(request, response, e);
} else {
logger.warn("No error page configured, re-throwing exception");
if (e instanceof PortletException) {
throw (PortletException) e;
} else if (e instanceof IOException) {
throw (IOException) e;
} else {
throw new PortletException(e);
}
}
}
}
}
}
/**
* Handles errors that occur during a process action request
*/
private void handleError(ActionRequest request, ActionResponse response, Throwable error) throws PortletException, IOException {
// get the error bean from the session and set the error that occurred.
PortletSession session = request.getPortletSession();
ErrorBean errorBean = (ErrorBean) session.getAttribute(ErrorBean.ERROR_BEAN_NAME, PortletSession.PORTLET_SCOPE);
if (errorBean == null) {
errorBean = new ErrorBean();
session.setAttribute(ErrorBean.ERROR_BEAN_NAME, errorBean, PortletSession.PORTLET_SCOPE);
}
errorBean.setLastError(error);
response.setRenderParameter(ERROR_OCCURRED, "true");
}
/**
* Handles errors that occur during a render request
*/
private void handleError(RenderRequest request, RenderResponse response, Throwable error) throws PortletException, IOException {
// get the error bean from the session and set the error that occurred.
PortletSession session = request.getPortletSession();
ErrorBean errorBean = (ErrorBean) session.getAttribute(ErrorBean.ERROR_BEAN_NAME, PortletSession.PORTLET_SCOPE);
if (errorBean == null) {
errorBean = new ErrorBean();
session.setAttribute(ErrorBean.ERROR_BEAN_NAME, errorBean, PortletSession.PORTLET_SCOPE);
}
errorBean.setLastError(error);
// if the faces context is available set the current view to the browse
// page
// so that the error page goes back to the application (rather than
// going back
// to the same page which just throws the error again meaning we can
// never leave
// the error page)
FacesContext context = FacesContext.getCurrentInstance();
if (context != null) {
ViewHandler viewHandler = context.getApplication().getViewHandler();
// TODO: configure the portlet error return page
UIViewRoot view = viewHandler.createView(context, "/jsp/browse/browse.jsp");
context.setViewRoot(view);
}
// get the error page and include that instead
String errorPage = getErrorPage();
if (logger.isDebugEnabled())
logger.debug("An error has occurred, redirecting to error page: " + errorPage);
response.setContentType("text/html");
PortletRequestDispatcher dispatcher = getPortletContext().getRequestDispatcher(errorPage);
dispatcher.include(request, response);
}
/**
* @see org.apache.myfaces.portlet.MyFacesGenericPortlet#setDefaultViewSelector()
*/
protected void setDefaultViewSelector() throws UnavailableException {
super.setDefaultViewSelector();
if (this.defaultViewSelector == null) {
this.defaultViewSelector = new AlfrescoDefaultViewSelector();
}
}
/**
* @return Retrieves the configured login page
*/
private String getLoginPage() {
if (this.loginPage == null) {
this.loginPage = Application.getLoginPage(getPortletContext());
}
return this.loginPage;
}
/**
* @return Retrieves the configured error page
*/
private String getErrorPage() {
if (this.errorPage == null) {
this.errorPage = Application.getErrorPage(getPortletContext());
}
return this.errorPage;
}
private void setAuthenticatedUser(PortletRequest req, String userName) {
WebApplicationContext ctx = (WebApplicationContext) getPortletContext().getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
TransactionService transactionService = serviceRegistry.getTransactionService();
NodeService nodeService = serviceRegistry.getNodeService();
AuthenticationComponent authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
AuthenticationService authService = (AuthenticationService) ctx.getBean("authenticationService");
PersonService personService = (PersonService) ctx.getBean("personService");
// Get a list of the available locales
ConfigService configServiceService = (ConfigService) ctx.getBean("webClientConfigService");
LanguagesConfigElement configElement = (LanguagesConfigElement) configServiceService.getConfig("Languages").getConfigElement(
LanguagesConfigElement.CONFIG_ELEMENT_ID);
m_languages = configElement.getLanguages();
// Set up the user information
UserTransaction tx = transactionService.getUserTransaction();
NodeRef homeSpaceRef = null;
User user;
try {
tx.begin();
// Set the authentication
authComponent.setCurrentUser(userName);
user = new User(userName, authService.getCurrentTicket(), personService.getPerson(userName));
homeSpaceRef = (NodeRef) nodeService.getProperty(personService.getPerson(userName), ContentModel.PROP_HOMEFOLDER);
if (homeSpaceRef == null) {
logger.warn("Home Folder is null for user '" + userName + "', using company_home.");
homeSpaceRef = (NodeRef) nodeService.getRootNode(Repository.getStoreRef());
}
user.setHomeSpaceId(homeSpaceRef.getId());
tx.commit();
} catch (Throwable ex) {
logger.error(ex);
try {
tx.rollback();
} catch (Exception ex2) {
logger.error("Failed to rollback transaction", ex2);
}
if (ex instanceof RuntimeException) {
throw (RuntimeException) ex;
} else {
throw new RuntimeException("Failed to set authenticated user", ex);
}
}
// Store the user
req.getPortletSession().setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
req.getPortletSession().setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);
logger.debug("...authenticated user is: " + user.getUserName() + user.getTicket());
}
}
从上面的代码可以看出,拿去认证的用户是从Liferay的Session里拿到的当前登陆的用户,我们认为这个用户如果在alfresco里存在的话,那么也是可以访问alfresco的。这里我并没有完全整合用户认证,而是做了一个各个系统之间用户的对应关系。比如CAS的用户名和Liferay的Screen Name必须是一样的。那么从上面的代码中我们可以看到Liferay的用户的First Name必须和Alfresco的用户名一样。
更完善的三者整合是在这里: http://liferay.cignex.com/ 当然他们的方法就是中央管理了用户(LDAP)而不需要user mapping了
接下来,你只要在你的mysql里面创建一个名为alfresco的数据库,然后创建相应的用户。再start server就好了。
create database alfresco;
grant all on alfresco.* to 'alfresco'@'localhost' identified by 'alfresco' with grant option;
grant all on alfresco.* to 'alfresco'@'localhost.localdomain' identified by 'alfresco' with grant option;
所有的portlet描述文件和这个portlet-class都在附件的包里. enjoy~