我正在为我的Alfresco JLan创建一个自定义身份验证器。
我的jlanConfig.xml:
<?xml version="1.0" standalone="no"?>
<!-- <!DOCTYPE jlanserver SYSTEM "jlanserver.dtd"> -->
<jlanserver>
<servers>
<SMB/>
<noFTP/>
<noNFS/>
</servers>
<SMB>
<host name="NUAGESERVER" domain="NUAGE">
<broadcast>255.255.255.0</broadcast>
<smbdialects>LanMan,NT</smbdialects>
<comment>Alfresco JLAN Server</comment>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!-- To run the server using a non-root account on linux, Mac OS X, Solaris -->
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,macosx,solaris"/>
<tcpipSMB port="1445" platforms="linux,macosx,solaris"/>
<hostAnnounce interval="5"/>
</host>
<sessionDebug flags="Negotiate,Socket,Tree"/>
<netbiosDebug/>
<announceDebug/>
<authenticator>
<class>com.ye.nuage.auth.NuageAuthenticator</class>
<Debug/>
</authenticator>
</SMB>
<FTP>
<port>21</port>
<allowAnonymous/>
<debug flags="File,Search,Error,DataPort,Directory"/>
</FTP>
<NFS>
<enablePortMapper/>
<debug flags="File,FileIO"/>
</NFS>
<debug>
<output>
<class>org.alfresco.jlan.debug.ConsoleDebug</class>
<logFile>jlansrv.log</logFile>
<append/>
</output>
</debug>
<shares>
<diskshare name="JLAN" comment="Test share">
<driver>
<class>org.alfresco.jlan.smb.server.disk.JavaFileDiskDriver</class>
<LocalPath>.</LocalPath>
</driver>
</diskshare>
</shares>
<security>
<JCEProvider>cryptix.jce.provider.CryptixCrypto</JCEProvider>
<authenticator>
<class>com.ye.nuage.auth.NuageAuthenticator</class>
<mode>USER</mode>
</authenticator>
<users>
<user name="jlansrv">
<password>jlan</password>
<comment>System administrator</comment>
<administrator/>
</user>
<user name="normal">
<password>normal</password>
</user>
</users>
</security>
</jlanserver>
我的NuageAuthenticator是CifsAuthenticator的副本,除了这些方法:
Override
public int authenticateUser(ClientInfo client, SrvSession sess, int alg) {
// Check if the user exists in the user list
UserAccount userAcc = null;
try {
userAcc = getNuageUserDetails(client.getUserName());
} catch (YeException e) {
e.printStackTrace();
}
if (userAcc != null) {
// Validate the password
boolean authSts = false;
if (client.getPassword() != null) {
// Validate using the Unicode password
authSts = validateNuagePassword(userAcc, client, sess.getAuthenticationContext(), alg);
} else if (client.hasANSIPassword()) {
// Validate using the ANSI password with the LanMan encryption
authSts = validateNuagePassword(userAcc, client, sess.getAuthenticationContext(), LANMAN);
}
// Return the authentication status
return authSts == true ? AUTH_ALLOW : AUTH_BADPASSWORD;
}
// Check if this is an SMB/CIFS null session logon.
//
// The null session will only be allowed to connect to the IPC$ named
// pipe share.
if (client.isNullSession() && sess instanceof SMBSrvSession)
return AUTH_ALLOW;
// Unknown user
return allowGuest() ? AUTH_GUEST : AUTH_DISALLOW;
}
private UserAccount getNuageUserDetails(String userName) throws YeException {
if (context == null) {
context = new ClassPathXmlApplicationContext("/applicationContext-nuage.xml");
}
userRepository = context.getBean(UserRepository.class);
User u = userRepository.findByUserLogin(userName); // Search the user into my repository
if (u != null) {
UserAccount ua = new UserAccount();
ua.setMD4Password(u.getUserMd4Password().getBytes());
ua.setUserName(userName);
ua.setRealName(u.getUserFirstName() + " " + u.getUserLastName());
return ua;
}
return null;
}
但是当我尝试登录时,当我调用validatePassword方法时,我收到以下错误:
[T2] Closing session due to exception
java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at com.ye.nuage.auth.NuageAuthenticator.validatePassword(NuageAuthenticator.java:123)
at com.ye.nuage.auth.NuageAuthenticator.authenticateUser(NuageAuthenticator.java:60)
at org.alfresco.jlan.server.auth.CifsAuthenticator.processSessionSetup(CifsAuthenticator.java:572)
at org.alfresco.jlan.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:396)
at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:213)
at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1439)
at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:104)
at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:141)
at java.lang.Thread.run(Thread.java:722)
java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at com.ye.nuage.auth.NuageAuthenticator.validatePassword(NuageAuthenticator.java:123)
at com.ye.nuage.auth.NuageAuthenticator.authenticateUser(NuageAuthenticator.java:60)
at org.alfresco.jlan.server.auth.CifsAuthenticator.processSessionSetup(CifsAuthenticator.java:572)
at org.alfresco.jlan.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:396)
at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:213)
at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1439)
at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:104)
at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:141)
at java.lang.Thread.run(Thread.java:722)
这是一个方法剪辑:
if (user.hasMD4Password() && alg != LANMAN) {
try {
// Generate the encrpyted password
if (alg == NTLM1) {
// Get the MD4 hashed password
byte[] p21 = new byte[21];
System.arraycopy(user.getMD4Password(), 0, p21, 0, user.getMD4Password().length); **//THE ERROR OCCURS HERE!**
// Generate an NTLMv1 encrypted password
`
错误出现在这里:
System.arraycopy(user.getMD4Password(), 0, p21, 0, user.getMD4Password().length);
但是问题很简单:为什么会出现这个错误?
问题是MD4 32位算法。详见:http://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/alfresco-jlan-smbcifs