Fix for ALF-13535 Using CMIS, on-disk tickets cache can grow unbounded

- Single ticket per user (you can have a ticket per login via configuration)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@54572 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/authentication-services-context.xml

@@ -604,10 +604,13 @@
 				</property>
 				<!-- If ticketsEpire is true then how they should expire -->
 				<!-- AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE -->
-				<!-- The default is AFTER_FIXED_TIME -->
+				<!-- The default is AFTER_INACTIVITY -->
 				<property name="expiryMode">
 					<value>${authentication.ticket.expiryMode}</value>
 				</property>
+				<property name="useSingleTicketPerUser">
+					<value>${authentication.ticket.useSingleTicketPerUser}</value>
+				</property>
 			</bean>
 		</property>
 		<property name="interceptorNames">

config/alfresco/repository.properties

@@ -677,6 +677,10 @@ authentication.ticket.expiryMode=AFTER_INACTIVITY
 # The default is PT1H for one hour.
 authentication.ticket.validDuration=PT1H
 
+# Use one ticket for all user sessions
+# For the pre 4.2 behaviour of one ticket per session set this to false.
+authentication.ticket.useSingleTicketPerUser=true
+
 # If kerberos.authentication.cifs.enableTicketCracking is false, 
 # the Kerberos ticket cracking code is switched off.
 # This code was required to get mutual authentication with a Windows AD client working in earlier versions of Java (version 5 or earlier). 

source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java

@@ -338,8 +338,14 @@ public class AuthenticationTest extends TestCase
         pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
         String ticket1 = pubAuthenticationService.getCurrentTicket();
         pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
+        if(ticketComponent.getUseSingleTicketPerUser())
+        {
+            assertTrue(ticket1.equals(pubAuthenticationService.getCurrentTicket()));
+        }
+        else
+        {
             assertFalse(ticket1.equals(pubAuthenticationService.getCurrentTicket()));
-        
+        }
     }
     
     public void testGuest()
@@ -737,6 +743,8 @@ public class AuthenticationTest extends TestCase
 
     public void testTicketExpiryMode()
     {   
+        ticketsCache.clear();
+        
         InMemoryTicketComponentImpl tc = new InMemoryTicketComponentImpl();
         tc.setOneOff(false);
         tc.setTicketsExpire(true);
@@ -878,6 +886,7 @@ public class AuthenticationTest extends TestCase
 
     public void testTicketExpires()
     {
+        ticketsCache.clear();
         InMemoryTicketComponentImpl tc = new InMemoryTicketComponentImpl();
         tc.setOneOff(false);
         tc.setTicketsExpire(true);
@@ -1036,8 +1045,15 @@ public class AuthenticationTest extends TestCase
 
         String ticket2 = authenticationService.getCurrentTicket();
 
+        if(ticketComponent.getUseSingleTicketPerUser())
+        {
+            assertTrue(ticket1.equals(ticket2));
+        }
+        else
+        {
             assertFalse(ticket1.equals(ticket2));
         }
+    }
 
     public void testAuthenticationService1()
     {