diff --git a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java index 0a522e5b9f..d1abb30fa5 100644 --- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java +++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -32,14 +32,18 @@ import net.sf.acegisecurity.providers.dao.User; import org.alfresco.model.ContentModel; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.repo.security.sync.UserRegistrySynchronizer; +import org.alfresco.repo.tenant.TenantContextHolder; import org.alfresco.repo.tenant.TenantService; +import org.alfresco.repo.tenant.TenantUtil; +import org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork; import org.alfresco.repo.transaction.AlfrescoTransactionSupport; -import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState; +import org.alfresco.repo.transaction.RetryingTransactionHelper; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.transaction.TransactionService; +import org.alfresco.util.Pair; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -456,20 +460,20 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC { AuthenticationException ae = null; - String userName; + String userNameIn; - CurrentUserCallback(String userName) + CurrentUserCallback(String userNameIn) { - this.userName = userName; + this.userNameIn = userNameIn; } } class CheckCurrentUserCallback extends CurrentUserCallback { - CheckCurrentUserCallback(String userName) + CheckCurrentUserCallback(String userNameIn) { - super(userName); + super(userNameIn); } public Authentication execute() throws Throwable @@ -477,6 +481,10 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC try { // We must set full authentication before calling runAs in order to retain tickets + Pair userTenant = AuthenticationUtil.getUserTenant(userNameIn); + final String userName = userTenant.getFirst(); + final String tenantDomain = userTenant.getSecond(); + Authentication authentication = setCurrentUserImpl(userName); AuthenticationUtil.runAs(new RunAsWork() { @@ -495,7 +503,9 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC } return null; } - }, getSystemUserName(getUserDomain(userName))); + }, tenantDomain); + + TenantContextHolder.setTenantDomain(tenantDomain); return authentication; } catch (AuthenticationException ae) @@ -508,16 +518,20 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC class FixCurrentUserCallback extends CurrentUserCallback { - FixCurrentUserCallback(String userName) + FixCurrentUserCallback(String userNameIn) { - super(userName); + super(userNameIn); } public Authentication execute() throws Throwable { try { - return setCurrentUserImpl(AuthenticationUtil.runAs(new RunAsWork() + Pair userTenant = AuthenticationUtil.getUserTenant(userNameIn); + final String userName = userTenant.getFirst(); + final String tenantDomain = userTenant.getSecond(); + + Authentication authentication = setCurrentUserImpl(TenantUtil.runAsSystemTenant(new TenantRunAsWork() { public String doWork() throws Exception { @@ -543,7 +557,10 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC // checks return (String) nodeService.getProperty(userNode, ContentModel.PROP_USERNAME); } - }, getSystemUserName(getUserDomain(userName)))); + }, tenantDomain)); + + TenantContextHolder.setTenantDomain(tenantDomain); + return authentication; } catch (AuthenticationException ae) { diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java index 763c386b67..ab4604378f 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -32,7 +32,9 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator; +import org.alfresco.repo.tenant.TenantContextHolder; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; +import org.alfresco.util.Pair; public class AuthenticationComponentImpl extends AbstractAuthenticationComponent implements NLTMAuthenticator { @@ -69,10 +71,14 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent * Authenticate */ @Override - protected void authenticateImpl(final String userName, final char[] password) throws AuthenticationException + protected void authenticateImpl(final String userNameIn, final char[] password) throws AuthenticationException { try { + Pair userTenant = AuthenticationUtil.getUserTenant(userNameIn); + final String userName = userTenant.getFirst(); + final String tenantDomain = userTenant.getSecond(); + String normalized = getTransactionService().getRetryingTransactionHelper().doInTransaction( new RetryingTransactionCallback() { @@ -90,7 +96,8 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent } }, getSystemUserName(getUserDomain(userName))); } - }, true); + }, true); + if (normalized == null) { setCurrentUser(userName, UserNameValidationMode.CHECK_AND_FIX); @@ -99,6 +106,8 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent { setCurrentUser(normalized, UserNameValidationMode.NONE); } + + TenantContextHolder.setTenantDomain(tenantDomain); } catch (net.sf.acegisecurity.AuthenticationException ae) { diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java index 6246624c19..bdc662b000 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -23,6 +23,8 @@ import java.util.Set; import org.alfresco.repo.management.subsystems.ActivateableBean; import org.alfresco.repo.security.authentication.AuthenticationComponent.UserNameValidationMode; +import org.alfresco.repo.tenant.TenantService; +import org.alfresco.repo.tenant.TenantUtil; public class AuthenticationServiceImpl extends AbstractAuthenticationService implements ActivateableBean { @@ -70,7 +72,7 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp throw ae; } ticketComponent.clearCurrentTicket(); - getCurrentTicket(); + getCurrentTicket(); } public String getCurrentUserName() throws AuthenticationException @@ -125,6 +127,7 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp public String getCurrentTicket() throws AuthenticationException { String userName = getCurrentUserName(); + // So that preAuthenticationCheck can constrain the creation of new tickets, we first ask for the current ticket // without auto-creation String ticket = ticketComponent.getCurrentTicket(userName, false); @@ -140,6 +143,7 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp public String getNewTicket() { String userName = getCurrentUserName(); + try { preAuthenticationCheck(userName); diff --git a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java index 7f48425a01..bb97abbddd 100644 --- a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java +++ b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2012 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -73,7 +73,6 @@ import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.invitation.InvitationException; import org.alfresco.service.cmr.model.FileFolderService; import org.alfresco.service.cmr.repository.ChildAssociationRef; -import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.StoreRef; @@ -419,23 +418,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per */ public NodeRef getPerson(final String userName, final boolean autoCreateHomeFolderAndMissingPersonIfAllowed) { - // MT share - for activity service system callback - if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantUser(userName)) - { - final String tenantDomain = tenantService.getUserDomain(userName); - - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() - { - public NodeRef doWork() throws Exception - { - return getPersonImpl(userName, autoCreateHomeFolderAndMissingPersonIfAllowed); - } - }, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain)); - } - else - { - return getPersonImpl(userName, autoCreateHomeFolderAndMissingPersonIfAllowed); - } + return getPersonImpl(userName, autoCreateHomeFolderAndMissingPersonIfAllowed); } private NodeRef getPersonImpl(String userName, boolean autoCreateHomeFolderAndMissingPersonIfAllowed) diff --git a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java index f1299d974c..f81d48bc68 100644 --- a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java +++ b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2012 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -40,8 +40,8 @@ import org.alfresco.query.PagingRequest; import org.alfresco.repo.content.MimetypeMap; import org.alfresco.repo.model.Repository; import org.alfresco.repo.security.authentication.AuthenticationUtil; -import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl; +import org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.service.cmr.admin.RepoAdminService; import org.alfresco.service.cmr.coci.CheckOutCheckInService; @@ -186,6 +186,8 @@ public class MultiTDemoTest extends TestCase repositoryHelper = (Repository) ctx.getBean("repositoryHelper"); siteService = (SiteService) ctx.getBean("SiteService"); + AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName()); // authenticate as super-admin + createTenants(); } @@ -225,7 +227,7 @@ public class MultiTDemoTest extends TestCase private void deleteTestAuthoritiesForTenant(final String[] uniqueGroupNames, final String tenantName) { // Check deletion for tenant1 - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -246,7 +248,7 @@ public class MultiTDemoTest extends TestCase private void createTestAuthoritiesForTenant(final String[] uniqueGroupNames, final String tenantName) { // Create groups for tenant - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -269,7 +271,7 @@ public class MultiTDemoTest extends TestCase private void checkTestAuthoritiesPresence(final String[] uniqueGroupNames, final String tenantName, final boolean shouldPresent) { // Check that created permissions are not visible to tenant 2 - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -459,7 +461,7 @@ public class MultiTDemoTest extends TestCase private void createTenant(final String tenantDomain) { // create tenants (if not already created) - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -483,7 +485,7 @@ public class MultiTDemoTest extends TestCase public Object execute() throws Throwable { // delete tenant (if it exists) - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -512,7 +514,7 @@ public class MultiTDemoTest extends TestCase createTenant(tenantDomain1); String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain1); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -558,7 +560,7 @@ public class MultiTDemoTest extends TestCase { String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -579,7 +581,7 @@ public class MultiTDemoTest extends TestCase { String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -700,7 +702,7 @@ public class MultiTDemoTest extends TestCase assertTrue(tenants.size() > 0); - final int rootGrpsOrigCnt = AuthenticationUtil.runAs(new RunAsWork() + final int rootGrpsOrigCnt = TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Integer doWork() throws Exception { @@ -713,7 +715,7 @@ public class MultiTDemoTest extends TestCase { final String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -742,7 +744,7 @@ public class MultiTDemoTest extends TestCase { final String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -780,7 +782,7 @@ public class MultiTDemoTest extends TestCase logger.info("Create demo categories"); // super admin - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -795,7 +797,7 @@ public class MultiTDemoTest extends TestCase { String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -903,7 +905,7 @@ public class MultiTDemoTest extends TestCase { final String tenantUserName = tenantService.getDomainUser(baseUserName, tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -946,7 +948,7 @@ public class MultiTDemoTest extends TestCase { final String tenantUserName = tenantService.getDomainUser(baseUserName, tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -974,7 +976,7 @@ public class MultiTDemoTest extends TestCase logger.info("Get tenant stores"); // system - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -989,7 +991,7 @@ public class MultiTDemoTest extends TestCase }, AuthenticationUtil.getSystemUserName()); // super admin - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1002,7 +1004,7 @@ public class MultiTDemoTest extends TestCase { String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1023,7 +1025,7 @@ public class MultiTDemoTest extends TestCase { String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1056,7 +1058,7 @@ public class MultiTDemoTest extends TestCase { final String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1099,6 +1101,7 @@ public class MultiTDemoTest extends TestCase } } + // TODO pending THOR-201 / CLOUD-1349 fix public void test16DeleteArchiveAndRestoreContent() { logger.info("test delete/archive & restore content"); @@ -1107,7 +1110,7 @@ public class MultiTDemoTest extends TestCase { final String tenantUserName = tenantService.getDomainUser(TEST_USER1, tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1140,7 +1143,7 @@ public class MultiTDemoTest extends TestCase { final String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1192,7 +1195,7 @@ public class MultiTDemoTest extends TestCase { final String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1220,7 +1223,7 @@ public class MultiTDemoTest extends TestCase { final String tenantUserName = tenantService.getDomainUser(TEST_USER1, tenantDomain); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1253,7 +1256,8 @@ public class MultiTDemoTest extends TestCase } } - public void test21_ALF_12732() + // TODO pending CLOUD-1350 fix + public void xtest21_ALF_12732() { final String tenantDomain1 = TEST_RUN+".one.alf12732"; @@ -1265,7 +1269,7 @@ public class MultiTDemoTest extends TestCase { AuthenticationUtil.setFullyAuthenticatedUser(tenantAdminName); // note: since SiteServiceImpl.setupSitePermissions currently uses getCurrentUserName (rather than runAs) - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1302,7 +1306,7 @@ public class MultiTDemoTest extends TestCase createTenant(tenantDomain2); String tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain1); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { @@ -1315,7 +1319,7 @@ public class MultiTDemoTest extends TestCase }, tenantAdminName); tenantAdminName = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain2); - AuthenticationUtil.runAs(new RunAsWork() + TenantUtil.runAsPrimaryTenant(new TenantRunAsWork() { public Object doWork() throws Exception { diff --git a/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java b/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java index 508e8a2966..2ff7d3f31e 100644 --- a/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java +++ b/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java @@ -1,19 +1,19 @@ /* - * Copyright (C) 2005-2012 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License + * Copyright (C) 2005-2013 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License * along with Alfresco. If not, see . */ package org.alfresco.repo.tenant; @@ -46,10 +46,9 @@ import org.springframework.aop.support.DelegatingIntroductionInterceptor; * Interceptor to translate Node * * @since 3.0 - * @author Derek Hulley - * @author janv + * @author Derek Hulley, janv */ -public class MultiTNodeServiceInterceptor extends DelegatingIntroductionInterceptor//implements NodeService +public class MultiTNodeServiceInterceptor extends DelegatingIntroductionInterceptor //implements NodeService { private static final long serialVersionUID = -5462852271914961462L; @@ -99,8 +98,8 @@ public class MultiTNodeServiceInterceptor extends DelegatingIntroductionIntercep @SuppressWarnings("unchecked") public Object invoke(MethodInvocation invocation) throws Throwable { - // See if we can shortcut (for super 'System' only) - if (AuthenticationUtil.getSystemUserName().equals(AuthenticationUtil.getRunAsUser()) || !AuthenticationUtil.isMtEnabled()) + // See if we can shortcut + if (!AuthenticationUtil.isMtEnabled()) { return invocation.proceed(); } @@ -251,7 +250,7 @@ public class MultiTNodeServiceInterceptor extends DelegatingIntroductionIntercep // done return ret; } - + /** * Convert outbound collection to spoofed (ie. without tenant prefix) values. */ diff --git a/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java b/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java index 30de5827d8..0868af2b44 100644 --- a/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java +++ b/source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2012 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -529,24 +529,28 @@ public class MultiTServiceImpl implements TenantService /* (non-Javadoc) * @see org.alfresco.repo.tenant.TenantService#isTenantUser() */ + // TODO review usages (re: cloud external user => more than one domain) public boolean isTenantUser() { - return isTenantUser(AuthenticationUtil.getRunAsUser()); + //return isTenantUser(AuthenticationUtil.getRunAsUser()); + return (! getCurrentUserDomain().equals(TenantService.DEFAULT_DOMAIN)); } /* (non-Javadoc) * @see org.alfresco.repo.tenant.TenantService#isTenantUser(java.lang.String) */ + // TODO review usages (re: cloud external user => more than one domain) public boolean isTenantUser(String username) - { + { // can be null (e.g. for System user / during app ctx init) - if (username != null) { + if (username != null) + { int idx = username.lastIndexOf(SEPARATOR); if ((idx > 0) && (idx < (username.length()-1))) { return true; } - } + } return false; } @@ -687,8 +691,13 @@ public class MultiTServiceImpl implements TenantService protected void checkTenantEnabled(String tenantDomain) { + Tenant tenant = getTenant(tenantDomain); + if (tenant == null) + { + throw new AlfrescoRuntimeException("Tenant does not exist: " + tenantDomain); + } // note: System user can access disabled tenants - if (!AuthenticationUtil.isRunAsUserTheSystemUser() && !(getTenant(tenantDomain).isEnabled())) + if (!AuthenticationUtil.isRunAsUserTheSystemUser() && (! tenant.isEnabled())) { throw new TenantDisabledException(tenantDomain); } diff --git a/source/java/org/alfresco/repo/tenant/TenantUtil.java b/source/java/org/alfresco/repo/tenant/TenantUtil.java deleted file mode 100644 index cfa25d25cf..0000000000 --- a/source/java/org/alfresco/repo/tenant/TenantUtil.java +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright (C) 2005-2012 Alfresco Software Limited. - * - * This file is part of Alfresco - * - * Alfresco is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * Alfresco is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Alfresco. If not, see . - */ -package org.alfresco.repo.tenant; - -import org.alfresco.repo.security.authentication.AuthenticationUtil; - -/** - * Utility helper methods to change the tenant context for threads. - * - * @since Thor - */ -public class TenantUtil -{ - public interface TenantRunAsWork - { - /** - * Method containing the work to be done - * - * @return Return the result of the operation - */ - Result doWork() throws Exception; - } - - /** - * Execute a unit of work in a given tenant context. The thread's tenant context will be returned to its normal state - * after the call. - * - * @param runAsWork the unit of work to do - * @param uid the user ID - * @return Returns the work's return value - */ - public static R runAsPrimaryTenant(final TenantRunAsWork runAsWork, String user) - { - // TODO need to differentiate between - // - tenant user - with implied context (in MT Ent world) - // - system users as a tenant - // - super tenant only - // etc - - // TODO for now, this is just a brute force change of tenant regardless of above - // scenarios - String runAsUser = AuthenticationUtil.getRunAsUser(); - if (runAsUser == null || runAsUser.equals(user)) - { - return runAsWork(runAsWork); - } - else - { - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() - { - public R doWork() - { - return runAsWork(runAsWork); - } - }, user); - } - } - - /** - * Execute a unit of work in a given tenant context. The thread's tenant context will be returned to its normal state - * after the call. - * - * @param runAsWork the unit of work to do - * @param uid the user ID - * @param tenanDomain the tenant domain - * @return Returns the work's return value - */ - public static R runAsUserTenant(final TenantRunAsWork runAsWork, final String uid, final String tenantDomain) - { - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() - { - public R doWork() - { - return runAsTenant(runAsWork, tenantDomain); - } - }, uid); - } - - /** - * Execute a unit of work in a given tenant context. The thread's tenant context will be returned to its normal state - * after the call. - * - * @param runAsWork the unit of work to do - * @param uid the user ID - * @return Returns the work's return value - */ - public static R runAsTenant(final TenantRunAsWork runAsWork, String tenantDomain) - { - // TODO need to differentiate between - // - tenant user - with implied context (in MT Ent world) - // - system users as a tenant - // - super tenant only - // etc - - // TODO for now, this is just a brute force change of tenant regardless of above - // scenarios - - if (getCurrentDomain().equals(tenantDomain)) - { - return runAsWork(runAsWork); - } - else - { - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() - { - public R doWork() - { - return runAsWork(runAsWork); - } - }, AuthenticationUtil.getRunAsUser() + TenantService.SEPARATOR + tenantDomain); - } - } - - public static R runAsDefaultTenant(final TenantRunAsWork runAsWork) - { - // Note: with MT Enterprise, if you're current user is not already part of the default domain then this will switch to System - if (getCurrentDomain().equals(TenantService.DEFAULT_DOMAIN)) - { - return runAsWork(runAsWork); - } - else - { - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() - { - public R doWork() - { - return runAsWork(runAsWork); - } - }, AuthenticationUtil.getSystemUserName() + TenantService.SEPARATOR); // force default domain; - } - } - - // switch tenant and run as System within that tenant - public static R runAsSystemTenant(final TenantRunAsWork runAsWork, final String tenantDomain) - { - StringBuffer systemUser = new StringBuffer().append(AuthenticationUtil.getSystemUserName()); - if (AuthenticationUtil.isMtEnabled()) - { - systemUser.append(TenantService.SEPARATOR).append(tenantDomain); - } - - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() - { - public R doWork() - { - return runAsWork(runAsWork); - } - }, systemUser.toString()); - } - - private static R runAsWork(final TenantRunAsWork runAsWork) - { - try - { - return runAsWork.doWork(); - } - catch (Throwable exception) - { - // Re-throw the exception - if (exception instanceof RuntimeException) - { - throw (RuntimeException) exception; - } - throw new RuntimeException("Error during run as.", exception); - } - } - - // note: this does not check if tenant is enabled (unlike non-static MultiTServiceImpl.getCurrentUserDomain) - public static String getCurrentDomain() - { - if (AuthenticationUtil.isMtEnabled()) - { - String runAsUser = AuthenticationUtil.getRunAsUser(); - if (runAsUser != null) - { - int idx = runAsUser.lastIndexOf(TenantService.SEPARATOR); - if ((idx > 0) && (idx < (runAsUser.length()-1))) - { - return runAsUser.substring(idx+1); - } - } - } - return TenantService.DEFAULT_DOMAIN; - } -} \ No newline at end of file diff --git a/source/java/org/alfresco/repo/transaction/TransactionAwareSingleton.java b/source/java/org/alfresco/repo/transaction/TransactionAwareSingleton.java index 947c249998..5431c0acd5 100644 --- a/source/java/org/alfresco/repo/transaction/TransactionAwareSingleton.java +++ b/source/java/org/alfresco/repo/transaction/TransactionAwareSingleton.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2013 Alfresco Software Limited. * * This file is part of Alfresco * @@ -18,10 +18,13 @@ */ package org.alfresco.repo.transaction; +import java.util.HashMap; +import java.util.Map; import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock; import java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock; +import org.alfresco.repo.tenant.TenantUtil; import org.alfresco.util.GUID; /** @@ -45,7 +48,8 @@ public class TransactionAwareSingleton extends TransactionListenerAdapter private final String txnKey; private final ReadLock singletonReadLock; private final WriteLock singletonWriteLock; - private Object singletonValue; + + private Map tenantSingletonValue = new HashMap(1); // tenant-aware public TransactionAwareSingleton() { @@ -61,7 +65,7 @@ public class TransactionAwareSingleton extends TransactionListenerAdapter singletonWriteLock.lock(); try { - singletonValue = value; + tenantSingletonValue.put(TenantUtil.getCurrentDomain(), value); } finally { @@ -75,7 +79,7 @@ public class TransactionAwareSingleton extends TransactionListenerAdapter singletonReadLock.lock(); try { - return singletonValue; + return tenantSingletonValue.get(TenantUtil.getCurrentDomain()); } finally { @@ -144,4 +148,4 @@ public class TransactionAwareSingleton extends TransactionListenerAdapter { public Object newValue; } -} +} \ No newline at end of file