MT fixes to provide initial support for tenant-specific guests

- explicit guest access is required, such as "guest@tenant1" (note: implicit/anonymous guest access can only login to the default domain) - also fixes issue with "Show All" users, when logged in as a tenant admin git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@7748 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-24 17:32:48 +00:00 · 2008-01-03 15:06:07 +00:00
parent 1ddcbd15f1
commit 0a7fef92aa
8 changed files with 84 additions and 32 deletions
--- a/config/alfresco/authentication-services-context.xml
+++ b/config/alfresco/authentication-services-context.xml
@@ -158,6 +158,9 @@
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
        <property name="tenantService">
            <ref bean="tenantService"/>
        </property>
    </bean>
--- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
+++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
@@ -32,6 +32,7 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import net.sf.acegisecurity.providers.dao.User;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.tenant.TenantService;
 import org.alfresco.service.cmr.security.PermissionService;
 /**
@@ -47,6 +48,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
     */
    private Boolean allowGuestLogin = null;
    private TenantService tenantService;
    public AbstractAuthenticationComponent()
    {
        super();
@@ -62,12 +65,17 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
        this.allowGuestLogin = allowGuestLogin;
    }
    public void setTenantService(TenantService tenantService)
    {
    	this.tenantService = tenantService;
    }
    public void authenticate(String userName, char[] password) throws AuthenticationException
    {
        // Support guest login from the login screen
-        if ((userName != null) && (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY)))
+        if (isGuestUserName(userName))
        {
-            setGuestUserAsCurrentUser();
+            setGuestUserAsCurrentUser(tenantService.getUserDomain(userName));
        }
        else
        {
@@ -111,10 +119,10 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
                gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
                ud = new User(AuthenticationUtil.SYSTEM_USER_NAME, "", true, true, true, true, gas);
            }
-            else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
+            else if (isGuestUserName(userName))
            {
                GrantedAuthority[] gas = new GrantedAuthority[0];
-                ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas);
+                ud = new User(getGuestUserName(tenantService.getUserDomain(userName)), "", true, true, true, true, gas);
            }
            else
            {
@@ -203,22 +211,37 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
    /**
     * Get the name of the Guest User
     * note: for MT, will get guest for default domain only
     */
    public String getGuestUserName()
    {
        return PermissionService.GUEST_AUTHORITY.toLowerCase();
    }
    private String getGuestUserName(String tenantDomain)
    {
    	return tenantService.getDomainUser(getGuestUserName(), tenantDomain);
    }
    /**
     * Set the guest user as the current user.
     * note: for MT, will set to default domain only
     */
    public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
    {
    	return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
    }
    /**
     * Set the guest user as the current user.
     */
-    public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
+    private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
    {
        if (allowGuestLogin == null)
        {
            if (implementationAllowsGuestLogin())
            {
-                return setCurrentUser(PermissionService.GUEST_AUTHORITY);
+                return setCurrentUser(getGuestUserName(tenantDomain));
            }
            else
            {
@@ -229,7 +252,7 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
        {
            if (allowGuestLogin.booleanValue())
            {
-                return setCurrentUser(PermissionService.GUEST_AUTHORITY);
+            	return setCurrentUser(getGuestUserName(tenantDomain));
            }
            else
            {
@@ -239,6 +262,11 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
        }
    }
    private boolean isGuestUserName(String userName)
    {
    	return ((userName != null) && tenantService.getBaseNameUser(userName).equalsIgnoreCase(PermissionService.GUEST_AUTHORITY));
    }
    protected abstract boolean implementationAllowsGuestLogin();
    /**
--- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java
@@ -154,7 +154,7 @@ public class AuthorityServiceImpl implements AuthorityService
        {
            authorities.addAll(adminSet);
        }
-        if(AuthorityType.getAuthorityType(currentUserName) != AuthorityType.GUEST)
+        if (AuthorityType.getAuthorityType(tenantService.getBaseNameUser(currentUserName)) != AuthorityType.GUEST)
        {
           authorities.addAll(allSet);
        }
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
@@ -433,7 +433,15 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
        }
        // TODO: Refactor and use the authentication service for this.
        User user = (User) auth.getPrincipal();
-        auths.add(user.getUsername());
+        
        String username = user.getUsername();
        auths.add(username);
        if (tenantService.getBaseNameUser(username).equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
        {
        	auths.add(PermissionService.GUEST_AUTHORITY);
        }
        for (GrantedAuthority authority : auth.getAuthorities())
        {
            auths.add(authority.getAuthority());
@@ -444,7 +452,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
            {
                for (DynamicAuthority da : dynamicAuthorities)
                {
-                    if (da.hasAuthority(nodeRef, user.getUsername()))
+                    if (da.hasAuthority(nodeRef, username))
                    {
                        auths.add(da.getAuthority());
                    }
--- a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
@@ -601,9 +601,6 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten
        props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
        props.put("alfresco_user_store.adminpassword", passwordEncoder.encodePassword(new String(tenantAdminRawPassword), salt));
        // override guest username property
        props.put("alfresco_user_store.guestusername", getTenantGuestUser(tenantDomain));
        userImporterBootstrap.bootstrap();
        logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
@@ -670,6 +667,9 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten
        Properties props = spacesImporterBootstrap.getConfiguration();
        props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
        // override guest username property
        props.put("alfresco_user_store.guestusername", getTenantGuestUser(tenantDomain));
        spacesImporterBootstrap.bootstrap();
        logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
--- a/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java
@@ -183,7 +183,7 @@ public class MultiTServiceImpl implements TenantService
        String tenantDomain = getCurrentUserDomain();
-        if (! tenantDomain.equals(""))
+        if (! tenantDomain.equals(DEFAULT_DOMAIN))
        {
            int idx1 = name.indexOf(SEPARATOR);
            if (idx1 != 0)
@@ -246,12 +246,12 @@ public class MultiTServiceImpl implements TenantService
            int idx2 = name.indexOf(SEPARATOR, 1);
            String nameDomain = name.substring(1, idx2);
-            if ((! tenantDomain.equals("")) && (! tenantDomain.equals(nameDomain)))
+            if ((! tenantDomain.equals(DEFAULT_DOMAIN)) && (! tenantDomain.equals(nameDomain)))
            {
                throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
            }
-            if ((! tenantDomain.equals("")) || (forceForNonTenant))
+            if ((! tenantDomain.equals(DEFAULT_DOMAIN)) || (forceForNonTenant))
            {
                // remove tenant domain
                name = name.substring(idx2+1);
@@ -282,7 +282,7 @@ public class MultiTServiceImpl implements TenantService
        String tenantDomain = getCurrentUserDomain();
-         if (! tenantDomain.equals(""))
+         if (! tenantDomain.equals(DEFAULT_DOMAIN))
         {
            int idx2 = username.lastIndexOf(SEPARATOR);
            if ((idx2 > 0) && (idx2 < (username.length()-1)))
@@ -317,7 +317,7 @@ public class MultiTServiceImpl implements TenantService
        String tenantDomain = getCurrentUserDomain();
-        if (((nameDomain == null) && (! tenantDomain.equals(""))) || 
+        if (((nameDomain == null) && (! tenantDomain.equals(DEFAULT_DOMAIN))) || 
            ((nameDomain != null) && (! nameDomain.equals(tenantDomain))))
        {
            throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
@@ -432,17 +432,15 @@ public class MultiTServiceImpl implements TenantService
        return false;  
    }
-    public String getCurrentUserDomain()
+    public String getUserDomain(String username)
    {
        String user = AuthenticationUtil.getCurrentUserName();
    	// can be null (e.g. for System user / during app ctx init)
-        if (user != null) 
+        if (username != null) 
        {
-            int idx = user.lastIndexOf(SEPARATOR);
+            int idx = username.lastIndexOf(SEPARATOR);
-            if ((idx > 0) && (idx < (user.length()-1)))
+            if ((idx > 0) && (idx < (username.length()-1)))
            {
-               String tenantDomain = user.substring(idx+1);
+               String tenantDomain = username.substring(idx+1);
               checkTenantEnabled(tenantDomain);
@@ -450,7 +448,13 @@ public class MultiTServiceImpl implements TenantService
            }
        }        
-        return ""; // default domain - non-tenant user
+        return DEFAULT_DOMAIN; // default domain - non-tenant user
    }
    public String getCurrentUserDomain()
    {
        String user = AuthenticationUtil.getCurrentUserName();
        return getUserDomain(user);
    }
    public String getDomain(String name)
@@ -460,7 +464,7 @@ public class MultiTServiceImpl implements TenantService
        String tenantDomain = getCurrentUserDomain();
-        String nameDomain = "";
+        String nameDomain = DEFAULT_DOMAIN;
        int idx1 = name.indexOf(SEPARATOR);
        if (idx1 == 0)
@@ -468,7 +472,7 @@ public class MultiTServiceImpl implements TenantService
            int idx2 = name.indexOf(SEPARATOR, 1);
            nameDomain = name.substring(1, idx2);
-            if ((! tenantDomain.equals("")) && (! tenantDomain.equals(nameDomain)))
+            if ((! tenantDomain.equals(DEFAULT_DOMAIN)) && (! tenantDomain.equals(nameDomain)))
            {
                throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
            }    
@@ -483,7 +487,7 @@ public class MultiTServiceImpl implements TenantService
        ParameterCheck.mandatory("baseUsername", baseUsername);
        ParameterCheck.mandatory("tenantDomain", tenantDomain);
-        if (! tenantDomain.equals(""))
+        if (! tenantDomain.equals(DEFAULT_DOMAIN))
        {
            if (baseUsername.contains(SEPARATOR))
            {
--- a/source/java/org/alfresco/repo/tenant/SingleTServiceImpl.java
+++ b/source/java/org/alfresco/repo/tenant/SingleTServiceImpl.java
@@ -128,14 +128,19 @@ public class SingleTServiceImpl implements TenantService
        return false;
    }
    public String getUserDomain(String username)
    {
        return DEFAULT_DOMAIN;
    }
    public String getCurrentUserDomain()
    {
-        return "";
+        return DEFAULT_DOMAIN;
    }
    public String getDomain(String name)
    {
-        return "";
+        return DEFAULT_DOMAIN;
    }
    public String getDomainUser(String baseUsername, String tenantDomain)
--- a/source/java/org/alfresco/repo/tenant/TenantService.java
+++ b/source/java/org/alfresco/repo/tenant/TenantService.java
@@ -42,6 +42,8 @@ public interface TenantService
 {
    public static final String SEPARATOR = "@";
    public static final String DEFAULT_DOMAIN = "";
    public static final String ADMIN_BASENAME = "admin";
    public NodeRef getName(NodeRef nodeRef);
@@ -80,6 +82,8 @@ public interface TenantService
    public boolean isTenantName(String name);
    public String getUserDomain(String username);
    public String getCurrentUserDomain();
    public String getDomain(String name);