DownloadTo download STAr go to AWPr's download page and you'll find a link to the STAr AMP download. InstallationTo install the STAr AMP into Alfresco see the Alfresco wiki for instructions. ConfigurationSince STAr is an authentication component it can be chained with other authentication components in Alfresco. The following is an example of how to chain STAr with Alfresco's out-of-the-box authentication component which authenticates against the Alfresco database.
For chaining to work in Alfresco you need to create a file on your application server's shared classpath with the following path: /alfresco/extension/chaining-authentication-context.xml If you're using Tomcat 5 or 6 the path would be: [TOMCAT_HOME]/shared/classes/alfresco/extension/chaining-authentication-context.xml If you're using JBossAS with the default configuration the path would be [JBOSS_HOME]/server/default/conf/alfresco/extension/chaining-authentication-context.xml The contents of chaining-authentication-context.xml would be as follows: Note: For STAr version 1.0.0 you need to use the following bean declaration instead of the one detailed in the chaining-authentication-context.xml examples below: <bean id="authenticationComponentImplSecureToken" class="org.rivetlogic.rivet.star.repo.security.authentication.SecureTokenAuthenticationImpl" parent="authenticationComponentBase"> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> <property name="password"> <value>portal</value> </property> </bean> Alfresco 3.0 (Alfresco + STAr)<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'> <beans> <bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl"> <property name="authenticationServices"> <list> <ref bean="authenticationServiceImplSecureToken" /> </list> </property> <property name="mutableAuthenticationService"> <ref bean="authenticationServiceImplAlfresco" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl"> <property name="authenticationComponents"> <list> <ref bean="authenticationComponentImplSecureToken" /> </list> </property> <property name="mutableAuthenticationComponent"> <ref bean="authenticationComponentImplAlfresco" /> </property> </bean> <!-- Alfresco Auth --> <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoAlfresco" /> </property> <property name="ticketComponent"> <ref bean="ticketComponent" /> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentImplAlfresco" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao"> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="tenantService"> <ref bean="tenantService" /> </property> <property name="dictionaryService"> <ref bean="dictionaryService" /> </property> <property name="namespaceService"> <ref bean="namespaceService" /> </property> <property name="searchService"> <ref bean="admSearchService" /> </property> <property name="retryingTransactionHelper"> <ref bean="retryingTransactionHelper" /> </property> <property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property> <property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property> </bean> <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase"> <property name="authenticationDao"> <ref bean="authenticationDaoAlfresco" /> </property> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> </bean> <!-- Secure Token Auth --> <bean id="authenticationServiceImplSecureToken" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoSecureToken" /> </property> <property name="ticketComponent"> <ref bean="ticketComponent" /> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentImplSecureToken" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationComponentImplSecureToken" class="org.rivetlogic.rivet.star.repo.security.authentication.SecureTokenAuthenticationImpl" parent="authenticationComponentBase"> <constructor-arg value="QVdQclJvY2tzQmFieSEhIQ=="/> <constructor-arg value="portal"/> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> </bean> <bean id="authenticationDaoSecureToken" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" /> </beans> Alfresco 3.0 (Alfresco + LDAP + STAr)ldap-authentication-context.xml<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'> <beans> <!-- The main configuration has moved into a properties file --> <bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="ignoreUnresolvablePlaceholders"> <value>true</value> </property> <property name="locations"> <value>classpath:alfresco/extension/ldap-authentication.properties</value> </property> </bean> <!-- DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. --> <bean name="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" > <property name="allowDeleteUser"> <value>true</value> </property> </bean> <!-- LDAP authentication configuration --> <!-- You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other authentication routes, like Active Directory. --> <bean id="authenticationComponentLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl" parent="authenticationComponentBase"> <property name="LDAPInitialDirContextFactory"> <ref bean="ldapInitialDirContextFactory"/> </property> <property name="userNameFormat"> <!-- This maps between what the user types in and what is passed through to the underlying LDAP authentication. "%s" - the user id is passed through without modification. Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple". "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" Usually for simple authentication. Simple authentication always uses the DN for the user. --> <value>${ldap.authentication.userNameFormat}</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> <property name="escapeCommasInBind"> <value>${ldap.authentication.escapeCommasInBind}</value> </property> <property name="escapeCommasInUid"> <value>${ldap.authentication.escapeCommasInUid}</value> </property> </bean> <!-- This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups to pull them out of the LDAP reopsitory --> <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl"> <property name="initialDirContextEnvironment"> <map> <!-- The LDAP provider --> <entry key="java.naming.factory.initial"> <value>${ldap.authentication.java.naming.factory.initial}</value> </entry> <!-- The url to the LDAP server --> <!-- Note you can use space separated urls - they will be tried in turn until one works --> <!-- This could be used to authenticate against one or more ldap servers (you will not know which one ....) --> <entry key="java.naming.provider.url"> <value>${ldap.authentication.java.naming.provider.url}</value> </entry> <!-- The authentication mechanism to use --> <!-- Some sasl authentication mechanisms may require a realm to be set --> <!-- java.naming.security.sasl.realm --> <!-- The available options will depend on your LDAP provider --> <entry key="java.naming.security.authentication"> <value>${ldap.authentication.java.naming.security.authentication}</value> </entry> <!-- The id of a user who can read group and user information --> <!-- This does not go through the pattern substitution defined above and is used "as is" --> <entry key="java.naming.security.principal"> <value>${ldap.authentication.java.naming.security.principal}</value> </entry> <!-- The password for the user defined above --> <entry key="java.naming.security.credentials"> <value>${ldap.authentication.java.naming.security.credentials}</value> </entry> </map> </property> </bean> </beans> chaining-authentication-context.xml<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'> <beans> <bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl"> <property name="authenticationServices"> <list> <ref bean="authenticationServiceImplSecureToken" /> <ref bean ="authenticationServiceLDAP"/> </list> </property> <property name="mutableAuthenticationService"> <ref bean="authenticationServiceImplAlfresco" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl"> <property name="authenticationComponents"> <list> <ref bean="authenticationComponentImplSecureToken" /> <ref bean="authenticationComponentLDAP"/> </list> </property> <property name="mutableAuthenticationComponent"> <ref bean="authenticationComponentImplAlfresco" /> </property> </bean> <!-- Alfresco Auth --> <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoAlfresco" /> </property> <property name="ticketComponent"> <ref bean="ticketComponent" /> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentImplAlfresco" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao"> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="tenantService"> <ref bean="tenantService" /> </property> <property name="dictionaryService"> <ref bean="dictionaryService" /> </property> <property name="namespaceService"> <ref bean="namespaceService" /> </property> <property name="searchService"> <ref bean="admSearchService" /> </property> <property name="retryingTransactionHelper"> <ref bean="retryingTransactionHelper" /> </property> <property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property> <property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property> </bean> <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase"> <property name="authenticationDao"> <ref bean="authenticationDaoAlfresco" /> </property> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> </bean> <!-- Secure Token Auth --> <bean id="authenticationServiceImplSecureToken" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoSecureToken" /> </property> <property name="ticketComponent"> <ref bean="ticketComponent" /> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentImplSecureToken" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationComponentImplSecureToken" class="org.rivetlogic.rivet.star.repo.security.authentication.SecureTokenAuthenticationImpl" parent="authenticationComponentBase"> <constructor-arg value="QVdQclJvY2tzQmFieSEhIQ=="/> <constructor-arg value="portal"/> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> </bean> <bean id="authenticationDaoSecureToken" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" /> <!-- LDAP --> <bean id="authenticationServiceLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoLDAP"/> </property> <property name="ticketComponent"> <ref bean="ticketComponent"/> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentLDAP"/> </property> </bean> </beans> Alfresco 3.1 (Alfresco + STAr)<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'> <beans> <bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl"> <property name="authenticationServices"> <list> <ref bean="authenticationServiceImplSecureToken" /> </list> </property> <property name="mutableAuthenticationService"> <ref bean="authenticationServiceImplAlfresco" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl"> <property name="authenticationComponents"> <list> <ref bean="authenticationComponentImplSecureToken" /> </list> </property> <property name="mutableAuthenticationComponent"> <ref bean="authenticationComponentImplAlfresco" /> </property> </bean> <!-- Alfresco Auth --> <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoAlfresco" /> </property> <property name="ticketComponent"> <ref bean="ticketComponent" /> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentImplAlfresco" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao"> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="tenantService"> <ref bean="tenantService"/> </property> <property name="dictionaryService"> <ref bean="dictionaryService" /> </property> <property name="namespaceService"> <ref bean="namespaceService" /> </property> <property name="searchService"> <ref bean="admSearchService" /> </property> <property name="retryingTransactionHelper"> <ref bean="retryingTransactionHelper"/> </property> <property name="userNameMatcher"> <ref bean="userNameMatcher" /> </property> <property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property> </bean> <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase"> <property name="authenticationDao"> <ref bean="authenticationDaoAlfresco" /> </property> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> </bean> <!-- Secure Token Auth --> <bean id="authenticationServiceImplSecureToken" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDaoSecureToken" /> </property> <property name="ticketComponent"> <ref bean="ticketComponent" /> </property> <property name="authenticationComponent"> <ref bean="authenticationComponentImplSecureToken" /> </property> <property name="sysAdminCache"> <ref bean="sysAdminCache" /> </property> </bean> <bean id="authenticationComponentImplSecureToken" class="org.rivetlogic.rivet.star.repo.security.authentication.SecureTokenAuthenticationImpl" parent="authenticationComponentBase"> <constructor-arg value="QVdQclJvY2tzQmFieSEhIQ=="/> <constructor-arg value="portal"/> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> </bean> <bean id="authenticationDaoSecureToken" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" /> </beans> Alfresco 3.2r2 (Alfresco + STAr)Starting with Alfresco version 3.2 authentication subsystems have been introduced which makes the process of defining authentication chains much simpler and straight forward. It does mean though that the way to configure STAr for Alfresco 3.2 has changed (to the better). To configure STAr for Alfresco 3.2 you must use STAr version 1.2.0 or higher.
The Alfresco authentication subsystem allows you to define your authentication components by creating a folder structure that matches the following convention: alfresco/subsystems/<category>/<type> Where, <category> = Authentication Therefore to add STAr as an authentication component you need to create the following folder structure and file: TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/star/star-authentication-context.xml (this doesn't work in Alfresco 3.2r2) OR ALFRESCO_WAR/WEB-INF/classes/alfresco/subsystems/Authentication/star/star-authentication-context.xml Copy and paste the following into star-authentication-context.xml: <?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'> <beans> <bean id="authenticationComponent" class="org.rivetlogic.rivet.star.repo.security.authentication.SecureTokenAuthenticationImpl" parent="authenticationComponentBase"> <constructor-arg value="QVdQclJvY2tzQmFieSEhIQ==" /> <constructor-arg value="portal" /> <property name="allowGuestLogin"> <value>true</value> </property> <property name="nodeService"> <ref bean="nodeService" /> </property> <property name="personService"> <ref bean="personService" /> </property> <property name="transactionService"> <ref bean="transactionService" /> </property> </bean> <!-- Wrapped version to be used within subsystem --> <bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean"> <property name="proxyInterfaces"> <list> <value> org.alfresco.repo.security.authentication.AuthenticationComponent </value> </list> </property> <property name="transactionManager"> <ref bean="transactionManager" /> </property> <property name="target"> <ref bean="authenticationComponent" /> </property> <property name="transactionAttributes"> <props> <prop key="*">${server.transaction.mode.default}</prop> </props> </property> </bean> <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao"> <property name="allowSetEnabled" value="true" /> <property name="allowGetEnabled" value="true" /> <property name="allowDeleteUser" value="true" /> <property name="allowCreateUser" value="true" /> </bean> <!-- Authentication service for chaining --> <bean id="localAuthenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <property name="authenticationDao"> <ref bean="authenticationDao" /> </property> <property name="ticketComponent"> <ref bean="ticketComponent" /> </property> <property name="authenticationComponent"> <ref bean="authenticationComponent" /> </property> <property name="sysAdminParams"> <ref bean="sysAdminParams" /> </property> </bean> </beans> To add STAr to Alfresco's authentication chain you should add the following line to TOMCAT_HOME/shared/classes/alfresco-global.properties: authentication.chain=alfrescoNtlm1:alfrescoNtlm,star1:star This will add STAr as the second authentication component in the chain. The Alfresco instance will need to be restarted in order for these changes to take effect. |
