mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged DAVEW_V3.2 to HEAD
13659: Fix NTLMAuthenticationFilter to call super.afterPropertiesSet()
13658: MOB-424: Utility to Dump JMX Data
- new enterprise distributable jmx-dumper.jar
- command line invocation via "java -jar jmx-dumper.jar"
- admin web access via http://localhost:8080/alfresco/faces/jsp/admin/jmx-dumper.jsp
13575: Preconfigured authentication stacks for alfresco, LDAP, Kerberos and NTLM. TODO: file server config.
13493: Initial work to enable selection, configuration, testing and hot-swapping of different authentication subsystems via JMX or admin UI.
13309: Changes to allow datasource and property configuration via JNDI
- Move AVM catalina .jars into 3rd-party/lib/virtual-tomcat so that they don't get automatically included in the .war file and hence stop JNDI lookups from working
- Allow JNDI lookup of datasource – use standard app server mechanisms for managing it but still fall back to 'normal' one
- Allow properties to be overridden by JNDI env-entries as well as system properties. Including hibernate dialect ones. Web.xml can then declare required env-entries and these can be defined on deployment.
- Rewire iBatis so that no config file edits are necessary when dialect is changed
- Use proxy around datasource so that auto-commit is always activated for iBatis
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13668 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -24,6 +24,11 @@
|
||||
*/
|
||||
package org.alfresco.repo.security.authentication;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
@@ -65,6 +70,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
private NodeService nodeService;
|
||||
|
||||
private TransactionService transactionService;
|
||||
|
||||
private Set<String> defaultAdministratorUserNames = Collections.emptySet();
|
||||
|
||||
private boolean autoCreatePeopleOnLogin = true;
|
||||
|
||||
@@ -494,4 +501,39 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames()
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
return this.defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the user names who for this particular authentication system should be considered administrators by default.
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
* a set of user names
|
||||
*/
|
||||
public void setDefaultAdministratorUserNames(Set<String> defaultAdministratorUserNames)
|
||||
{
|
||||
this.defaultAdministratorUserNames = defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convenience method to allow the administrator user names to be specified as a comma separated list
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
*/
|
||||
public void setDefaultAdministratorUserNames(String defaultAdministratorUserNames)
|
||||
{
|
||||
Set<String> nameSet = new TreeSet<String>();
|
||||
if (!defaultAdministratorUserNames.isEmpty())
|
||||
{
|
||||
nameSet.addAll(Arrays.asList(defaultAdministratorUserNames.split(",")));
|
||||
}
|
||||
setDefaultAdministratorUserNames(nameSet);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,6 +24,8 @@
|
||||
*/
|
||||
package org.alfresco.repo.security.authentication;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
public interface AuthenticationComponent
|
||||
@@ -134,4 +136,13 @@ public interface AuthenticationComponent
|
||||
* Get the MD4 password hash, as required by NTLM based authentication methods.
|
||||
*/
|
||||
public String getMD4HashedPassword(String userName);
|
||||
|
||||
/**
|
||||
* Gets a set of user names who for this particular authentication system should be considered administrators by
|
||||
* default. If the security framework is case sensitive these values should be case sensitive user names. If the
|
||||
* security framework is not case sensitive these values should be the lower-case user names.
|
||||
*
|
||||
* @return a set of user names
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames();
|
||||
}
|
||||
|
||||
@@ -26,6 +26,8 @@ package org.alfresco.repo.security.authentication;
|
||||
|
||||
import java.io.PrintWriter;
|
||||
import java.io.StringWriter;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
||||
import net.sf.acegisecurity.AuthenticationManager;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
@@ -59,28 +61,29 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
|
||||
*
|
||||
* @param authenticationDao
|
||||
*/
|
||||
@Managed(category="Security")
|
||||
@Managed(category = "Security")
|
||||
public void setAuthenticationDao(MutableAuthenticationDao authenticationDao)
|
||||
{
|
||||
this.authenticationDao = authenticationDao;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Authenticate
|
||||
*/
|
||||
@Override
|
||||
protected void authenticateImpl(String userName, char[] password) throws AuthenticationException
|
||||
{
|
||||
try
|
||||
{
|
||||
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userName,
|
||||
new String(password));
|
||||
authenticationManager.authenticate(authentication);
|
||||
this.authenticationManager.authenticate(authentication);
|
||||
setCurrentUser(userName);
|
||||
|
||||
}
|
||||
catch (net.sf.acegisecurity.AuthenticationException ae)
|
||||
{
|
||||
// This is a bit gross, I admit, but when LDAP is
|
||||
// This is a bit gross, I admit, but when LDAP is
|
||||
// configured ae, above, is non-serializable and breaks
|
||||
// remote authentication.
|
||||
StringWriter sw = new StringWriter();
|
||||
@@ -92,28 +95,28 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* We actually have an acegi object so override the default method.
|
||||
* We actually have an acegi object so override the default method.
|
||||
*/
|
||||
@Override
|
||||
protected UserDetails getUserDetails(String userName)
|
||||
{
|
||||
return (UserDetails) authenticationDao.loadUserByUsername(userName);
|
||||
return this.authenticationDao.loadUserByUsername(userName);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get the password hash from the DAO
|
||||
*/
|
||||
@Override
|
||||
public String getMD4HashedPassword(String userName)
|
||||
{
|
||||
return authenticationDao.getMD4HashedPassword(userName);
|
||||
return this.authenticationDao.getMD4HashedPassword(userName);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* This implementation supported MD4 password hashes.
|
||||
* This implementation supported MD4 password hashes.
|
||||
*/
|
||||
@Override
|
||||
public NTLMMode getNTLMMode()
|
||||
{
|
||||
return NTLMMode.MD4_PROVIDER;
|
||||
@@ -124,6 +127,14 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames()
|
||||
*/
|
||||
@Override
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
return Collections.singleton(AuthenticationUtil.getAdminUserName());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -303,4 +303,13 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService
|
||||
{
|
||||
return Collections.singleton(ticketComponent);
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getDefaultAdministratorUserNames()
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
return authenticationComponent.getDefaultAdministratorUserNames();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,6 +26,8 @@ package org.alfresco.repo.security.authentication;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
@@ -434,4 +436,17 @@ public class ChainingAuthenticationComponentImpl implements AuthenticationCompon
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames()
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
Set<String> defaultAdministratorUserNames = new TreeSet<String>();
|
||||
for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
|
||||
{
|
||||
defaultAdministratorUserNames.addAll(authComponent.getDefaultAdministratorUserNames());
|
||||
}
|
||||
return defaultAdministratorUserNames;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,6 +28,7 @@ import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.TreeSet;
|
||||
|
||||
import org.alfresco.service.Managed;
|
||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||
@@ -470,4 +471,13 @@ public class ChainingAuthenticationServiceImpl extends AbstractAuthenticationSer
|
||||
return tcs;
|
||||
}
|
||||
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
Set<String> defaultAdministratorUserNames = new TreeSet<String>();
|
||||
for (AuthenticationService authService : getUsableAuthenticationServices())
|
||||
{
|
||||
defaultAdministratorUserNames.addAll(authService.getDefaultAdministratorUserNames());
|
||||
}
|
||||
return defaultAdministratorUserNames;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -473,6 +473,11 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
return Collections.singleton(AuthenticationUtil.getAdminUserName());
|
||||
}
|
||||
|
||||
private static final String SYSTEM_USER_NAME = "System";
|
||||
|
||||
}
|
||||
|
||||
@@ -52,16 +52,11 @@ import org.alfresco.jlan.server.auth.passthru.PassthruServers;
|
||||
import org.alfresco.jlan.smb.Protocol;
|
||||
import org.alfresco.jlan.smb.SMBException;
|
||||
import org.alfresco.jlan.smb.SMBStatus;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.security.authentication.NTLMMode;
|
||||
import org.alfresco.service.Managed;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.alfresco.service.transaction.TransactionService;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
@@ -284,21 +279,23 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
|
||||
*/
|
||||
@Managed(category="Security")
|
||||
public void setDomain(String domain) {
|
||||
|
||||
// Check if the passthru server list is already configured
|
||||
|
||||
if ( m_passthruServers.getTotalServerCount() > 0)
|
||||
throw new AlfrescoRuntimeException("Passthru server list already configured");
|
||||
|
||||
// Configure the passthru authentication server list using the domain controllers
|
||||
|
||||
try
|
||||
{
|
||||
m_passthruServers.setDomain(domain);
|
||||
}
|
||||
catch ( IOException ex)
|
||||
{
|
||||
throw new AlfrescoRuntimeException("Failed to set passthru domain, " + ex);
|
||||
if (!domain.isEmpty())
|
||||
{
|
||||
// Check if the passthru server list is already configured
|
||||
|
||||
if ( m_passthruServers.getTotalServerCount() > 0)
|
||||
throw new AlfrescoRuntimeException("Passthru server list already configured");
|
||||
|
||||
// Configure the passthru authentication server list using the domain controllers
|
||||
|
||||
try
|
||||
{
|
||||
m_passthruServers.setDomain(domain);
|
||||
}
|
||||
catch ( IOException ex)
|
||||
{
|
||||
throw new AlfrescoRuntimeException("Failed to set passthru domain, " + ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -308,16 +305,18 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
|
||||
* @param servers String
|
||||
*/
|
||||
@Managed(category="Security")
|
||||
public void setServers(String servers) {
|
||||
|
||||
// Check if the passthru server list is already configured
|
||||
|
||||
if ( m_passthruServers.getTotalServerCount() > 0)
|
||||
throw new AlfrescoRuntimeException("Passthru server list already configured");
|
||||
|
||||
// Configure the passthru authenticaiton list using a list of server names/addresses
|
||||
|
||||
m_passthruServers.setServerList(servers);
|
||||
public void setServers(String servers) {
|
||||
if (!servers.isEmpty())
|
||||
{
|
||||
// Check if the passthru server list is already configured
|
||||
|
||||
if (m_passthruServers.getTotalServerCount() > 0)
|
||||
throw new AlfrescoRuntimeException("Passthru server list already configured");
|
||||
|
||||
// Configure the passthru authenticaiton list using a list of server names/addresses
|
||||
|
||||
m_passthruServers.setServerList(servers);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user