Fix for ALF-13535 Using CMIS, on-disk tickets cache can grow unbounded

- Single ticket per user (you can have a ticket per login via configuration) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@54572 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-08-28 13:12:29 +00:00
parent 4e721b8636
commit 0d4d8c41d1
3 changed files with 28 additions and 5 deletions
--- a/config/alfresco/authentication-services-context.xml
+++ b/config/alfresco/authentication-services-context.xml
@@ -604,10 +604,13 @@
 				</property>
 				<!-- If ticketsEpire is true then how they should expire -->
 				<!-- AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE -->
-				<!-- The default is AFTER_FIXED_TIME -->
+				<!-- The default is AFTER_INACTIVITY -->
 				<property name="expiryMode">
 					<value>${authentication.ticket.expiryMode}</value>
 				</property>
+				<property name="useSingleTicketPerUser">
+					<value>${authentication.ticket.useSingleTicketPerUser}</value>
+				</property>
 			</bean>
 		</property>
 		<property name="interceptorNames">
--- a/config/alfresco/repository.properties
+++ b/config/alfresco/repository.properties
@@ -677,6 +677,10 @@ authentication.ticket.expiryMode=AFTER_INACTIVITY
 # The default is PT1H for one hour.
 authentication.ticket.validDuration=PT1H

+# Use one ticket for all user sessions
+# For the pre 4.2 behaviour of one ticket per session set this to false.
+authentication.ticket.useSingleTicketPerUser=true
+
 # If kerberos.authentication.cifs.enableTicketCracking is false, 
 # the Kerberos ticket cracking code is switched off.
 # This code was required to get mutual authentication with a Windows AD client working in earlier versions of Java (version 5 or earlier). 
--- a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
+++ b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
@@ -338,8 +338,14 @@ public class AuthenticationTest extends TestCase
        pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
        String ticket1 = pubAuthenticationService.getCurrentTicket();
        pubAuthenticationService.authenticate("Andy", "auth1".toCharArray());
-        assertFalse(ticket1.equals(pubAuthenticationService.getCurrentTicket()));
-        
+        if(ticketComponent.getUseSingleTicketPerUser())
+        {
+            assertTrue(ticket1.equals(pubAuthenticationService.getCurrentTicket()));
+        }
+        else
+        {
+            assertFalse(ticket1.equals(pubAuthenticationService.getCurrentTicket()));
+        }
    }
    
    public void testGuest()
@@ -736,7 +742,9 @@ public class AuthenticationTest extends TestCase
    }

    public void testTicketExpiryMode()
-    {
+    {   
+        ticketsCache.clear();
+        
        InMemoryTicketComponentImpl tc = new InMemoryTicketComponentImpl();
        tc.setOneOff(false);
        tc.setTicketsExpire(true);
@@ -878,6 +886,7 @@ public class AuthenticationTest extends TestCase

    public void testTicketExpires()
    {
+        ticketsCache.clear();
        InMemoryTicketComponentImpl tc = new InMemoryTicketComponentImpl();
        tc.setOneOff(false);
        tc.setTicketsExpire(true);
@@ -1036,7 +1045,14 @@ public class AuthenticationTest extends TestCase

        String ticket2 = authenticationService.getCurrentTicket();

-        assertFalse(ticket1.equals(ticket2));
+        if(ticketComponent.getUseSingleTicketPerUser())
+        {
+            assertTrue(ticket1.equals(ticket2));
+        }
+        else
+        {
+            assertFalse(ticket1.equals(ticket2));
+        }
    }

    public void testAuthenticationService1()