MT fixes to provide initial support for tenant-specific guests

- explicit guest access is required, such as "guest@tenant1" (note: implicit/anonymous guest access can only login to the default domain)
- also fixes issue with "Show All" users, when logged in as a tenant admin

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@7748 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2008-01-03 15:06:07 +00:00
parent 1ddcbd15f1
commit 0a7fef92aa
8 changed files with 84 additions and 32 deletions

View File

@@ -158,6 +158,9 @@
<property name="allowGuestLogin"> <property name="allowGuestLogin">
<value>true</value> <value>true</value>
</property> </property>
<property name="tenantService">
<ref bean="tenantService"/>
</property>
</bean> </bean>

View File

@@ -32,6 +32,7 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User; import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PermissionService;
/** /**
@@ -47,6 +48,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
*/ */
private Boolean allowGuestLogin = null; private Boolean allowGuestLogin = null;
private TenantService tenantService;
public AbstractAuthenticationComponent() public AbstractAuthenticationComponent()
{ {
super(); super();
@@ -62,12 +65,17 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
this.allowGuestLogin = allowGuestLogin; this.allowGuestLogin = allowGuestLogin;
} }
public void setTenantService(TenantService tenantService)
{
this.tenantService = tenantService;
}
public void authenticate(String userName, char[] password) throws AuthenticationException public void authenticate(String userName, char[] password) throws AuthenticationException
{ {
// Support guest login from the login screen // Support guest login from the login screen
if ((userName != null) && (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))) if (isGuestUserName(userName))
{ {
setGuestUserAsCurrentUser(); setGuestUserAsCurrentUser(tenantService.getUserDomain(userName));
} }
else else
{ {
@@ -111,10 +119,10 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM"); gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
ud = new User(AuthenticationUtil.SYSTEM_USER_NAME, "", true, true, true, true, gas); ud = new User(AuthenticationUtil.SYSTEM_USER_NAME, "", true, true, true, true, gas);
} }
else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY)) else if (isGuestUserName(userName))
{ {
GrantedAuthority[] gas = new GrantedAuthority[0]; GrantedAuthority[] gas = new GrantedAuthority[0];
ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas); ud = new User(getGuestUserName(tenantService.getUserDomain(userName)), "", true, true, true, true, gas);
} }
else else
{ {
@@ -203,22 +211,37 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
/** /**
* Get the name of the Guest User * Get the name of the Guest User
* note: for MT, will get guest for default domain only
*/ */
public String getGuestUserName() public String getGuestUserName()
{ {
return PermissionService.GUEST_AUTHORITY.toLowerCase(); return PermissionService.GUEST_AUTHORITY.toLowerCase();
} }
private String getGuestUserName(String tenantDomain)
{
return tenantService.getDomainUser(getGuestUserName(), tenantDomain);
}
/**
* Set the guest user as the current user.
* note: for MT, will set to default domain only
*/
public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
{
return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
}
/** /**
* Set the guest user as the current user. * Set the guest user as the current user.
*/ */
public Authentication setGuestUserAsCurrentUser() throws AuthenticationException private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
{ {
if (allowGuestLogin == null) if (allowGuestLogin == null)
{ {
if (implementationAllowsGuestLogin()) if (implementationAllowsGuestLogin())
{ {
return setCurrentUser(PermissionService.GUEST_AUTHORITY); return setCurrentUser(getGuestUserName(tenantDomain));
} }
else else
{ {
@@ -229,7 +252,7 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
{ {
if (allowGuestLogin.booleanValue()) if (allowGuestLogin.booleanValue())
{ {
return setCurrentUser(PermissionService.GUEST_AUTHORITY); return setCurrentUser(getGuestUserName(tenantDomain));
} }
else else
{ {
@@ -239,6 +262,11 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
} }
} }
private boolean isGuestUserName(String userName)
{
return ((userName != null) && tenantService.getBaseNameUser(userName).equalsIgnoreCase(PermissionService.GUEST_AUTHORITY));
}
protected abstract boolean implementationAllowsGuestLogin(); protected abstract boolean implementationAllowsGuestLogin();
/** /**

View File

@@ -154,7 +154,7 @@ public class AuthorityServiceImpl implements AuthorityService
{ {
authorities.addAll(adminSet); authorities.addAll(adminSet);
} }
if(AuthorityType.getAuthorityType(currentUserName) != AuthorityType.GUEST) if (AuthorityType.getAuthorityType(tenantService.getBaseNameUser(currentUserName)) != AuthorityType.GUEST)
{ {
authorities.addAll(allSet); authorities.addAll(allSet);
} }

View File

@@ -433,7 +433,15 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
} }
// TODO: Refactor and use the authentication service for this. // TODO: Refactor and use the authentication service for this.
User user = (User) auth.getPrincipal(); User user = (User) auth.getPrincipal();
auths.add(user.getUsername());
String username = user.getUsername();
auths.add(username);
if (tenantService.getBaseNameUser(username).equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
{
auths.add(PermissionService.GUEST_AUTHORITY);
}
for (GrantedAuthority authority : auth.getAuthorities()) for (GrantedAuthority authority : auth.getAuthorities())
{ {
auths.add(authority.getAuthority()); auths.add(authority.getAuthority());
@@ -444,7 +452,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
{ {
for (DynamicAuthority da : dynamicAuthorities) for (DynamicAuthority da : dynamicAuthorities)
{ {
if (da.hasAuthority(nodeRef, user.getUsername())) if (da.hasAuthority(nodeRef, username))
{ {
auths.add(da.getAuthority()); auths.add(da.getAuthority());
} }

View File

@@ -601,9 +601,6 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten
props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain)); props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
props.put("alfresco_user_store.adminpassword", passwordEncoder.encodePassword(new String(tenantAdminRawPassword), salt)); props.put("alfresco_user_store.adminpassword", passwordEncoder.encodePassword(new String(tenantAdminRawPassword), salt));
// override guest username property
props.put("alfresco_user_store.guestusername", getTenantGuestUser(tenantDomain));
userImporterBootstrap.bootstrap(); userImporterBootstrap.bootstrap();
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef)); logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
@@ -670,6 +667,9 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten
Properties props = spacesImporterBootstrap.getConfiguration(); Properties props = spacesImporterBootstrap.getConfiguration();
props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain)); props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
// override guest username property
props.put("alfresco_user_store.guestusername", getTenantGuestUser(tenantDomain));
spacesImporterBootstrap.bootstrap(); spacesImporterBootstrap.bootstrap();
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef)); logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));

View File

@@ -183,7 +183,7 @@ public class MultiTServiceImpl implements TenantService
String tenantDomain = getCurrentUserDomain(); String tenantDomain = getCurrentUserDomain();
if (! tenantDomain.equals("")) if (! tenantDomain.equals(DEFAULT_DOMAIN))
{ {
int idx1 = name.indexOf(SEPARATOR); int idx1 = name.indexOf(SEPARATOR);
if (idx1 != 0) if (idx1 != 0)
@@ -246,12 +246,12 @@ public class MultiTServiceImpl implements TenantService
int idx2 = name.indexOf(SEPARATOR, 1); int idx2 = name.indexOf(SEPARATOR, 1);
String nameDomain = name.substring(1, idx2); String nameDomain = name.substring(1, idx2);
if ((! tenantDomain.equals("")) && (! tenantDomain.equals(nameDomain))) if ((! tenantDomain.equals(DEFAULT_DOMAIN)) && (! tenantDomain.equals(nameDomain)))
{ {
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain); throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
} }
if ((! tenantDomain.equals("")) || (forceForNonTenant)) if ((! tenantDomain.equals(DEFAULT_DOMAIN)) || (forceForNonTenant))
{ {
// remove tenant domain // remove tenant domain
name = name.substring(idx2+1); name = name.substring(idx2+1);
@@ -282,7 +282,7 @@ public class MultiTServiceImpl implements TenantService
String tenantDomain = getCurrentUserDomain(); String tenantDomain = getCurrentUserDomain();
if (! tenantDomain.equals("")) if (! tenantDomain.equals(DEFAULT_DOMAIN))
{ {
int idx2 = username.lastIndexOf(SEPARATOR); int idx2 = username.lastIndexOf(SEPARATOR);
if ((idx2 > 0) && (idx2 < (username.length()-1))) if ((idx2 > 0) && (idx2 < (username.length()-1)))
@@ -317,7 +317,7 @@ public class MultiTServiceImpl implements TenantService
String tenantDomain = getCurrentUserDomain(); String tenantDomain = getCurrentUserDomain();
if (((nameDomain == null) && (! tenantDomain.equals(""))) || if (((nameDomain == null) && (! tenantDomain.equals(DEFAULT_DOMAIN))) ||
((nameDomain != null) && (! nameDomain.equals(tenantDomain)))) ((nameDomain != null) && (! nameDomain.equals(tenantDomain))))
{ {
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain); throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
@@ -432,17 +432,15 @@ public class MultiTServiceImpl implements TenantService
return false; return false;
} }
public String getCurrentUserDomain() public String getUserDomain(String username)
{ {
String user = AuthenticationUtil.getCurrentUserName(); // can be null (e.g. for System user / during app ctx init)
if (username != null)
// can be null (e.g. for System user / during app ctx init)
if (user != null)
{ {
int idx = user.lastIndexOf(SEPARATOR); int idx = username.lastIndexOf(SEPARATOR);
if ((idx > 0) && (idx < (user.length()-1))) if ((idx > 0) && (idx < (username.length()-1)))
{ {
String tenantDomain = user.substring(idx+1); String tenantDomain = username.substring(idx+1);
checkTenantEnabled(tenantDomain); checkTenantEnabled(tenantDomain);
@@ -450,7 +448,13 @@ public class MultiTServiceImpl implements TenantService
} }
} }
return ""; // default domain - non-tenant user return DEFAULT_DOMAIN; // default domain - non-tenant user
}
public String getCurrentUserDomain()
{
String user = AuthenticationUtil.getCurrentUserName();
return getUserDomain(user);
} }
public String getDomain(String name) public String getDomain(String name)
@@ -460,7 +464,7 @@ public class MultiTServiceImpl implements TenantService
String tenantDomain = getCurrentUserDomain(); String tenantDomain = getCurrentUserDomain();
String nameDomain = ""; String nameDomain = DEFAULT_DOMAIN;
int idx1 = name.indexOf(SEPARATOR); int idx1 = name.indexOf(SEPARATOR);
if (idx1 == 0) if (idx1 == 0)
@@ -468,7 +472,7 @@ public class MultiTServiceImpl implements TenantService
int idx2 = name.indexOf(SEPARATOR, 1); int idx2 = name.indexOf(SEPARATOR, 1);
nameDomain = name.substring(1, idx2); nameDomain = name.substring(1, idx2);
if ((! tenantDomain.equals("")) && (! tenantDomain.equals(nameDomain))) if ((! tenantDomain.equals(DEFAULT_DOMAIN)) && (! tenantDomain.equals(nameDomain)))
{ {
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain); throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
} }
@@ -483,7 +487,7 @@ public class MultiTServiceImpl implements TenantService
ParameterCheck.mandatory("baseUsername", baseUsername); ParameterCheck.mandatory("baseUsername", baseUsername);
ParameterCheck.mandatory("tenantDomain", tenantDomain); ParameterCheck.mandatory("tenantDomain", tenantDomain);
if (! tenantDomain.equals("")) if (! tenantDomain.equals(DEFAULT_DOMAIN))
{ {
if (baseUsername.contains(SEPARATOR)) if (baseUsername.contains(SEPARATOR))
{ {

View File

@@ -128,14 +128,19 @@ public class SingleTServiceImpl implements TenantService
return false; return false;
} }
public String getUserDomain(String username)
{
return DEFAULT_DOMAIN;
}
public String getCurrentUserDomain() public String getCurrentUserDomain()
{ {
return ""; return DEFAULT_DOMAIN;
} }
public String getDomain(String name) public String getDomain(String name)
{ {
return ""; return DEFAULT_DOMAIN;
} }
public String getDomainUser(String baseUsername, String tenantDomain) public String getDomainUser(String baseUsername, String tenantDomain)

View File

@@ -42,6 +42,8 @@ public interface TenantService
{ {
public static final String SEPARATOR = "@"; public static final String SEPARATOR = "@";
public static final String DEFAULT_DOMAIN = "";
public static final String ADMIN_BASENAME = "admin"; public static final String ADMIN_BASENAME = "admin";
public NodeRef getName(NodeRef nodeRef); public NodeRef getName(NodeRef nodeRef);
@@ -80,6 +82,8 @@ public interface TenantService
public boolean isTenantName(String name); public boolean isTenantName(String name);
public String getUserDomain(String username);
public String getCurrentUserDomain(); public String getCurrentUserDomain();
public String getDomain(String name); public String getDomain(String name);