Merged V2.2 to HEAD

7276: Add specific login error messages (as opposed to "unknown username...') in cases where users are disallowed and/or max users exceeded
   7277: Update to JMX-based admin: option to disable (and re-enable) link validation service

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8254 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/core-services-context.xml

@@ -135,6 +135,7 @@
     <bean id="RepoServerMgmt" class="org.alfresco.repo.admin.RepoServerMgmt">       
         <property name="transactionService"><ref bean="transactionService"/></property>
         <property name="authenticationService"><ref bean="authenticationService"/></property>
+        <property name="linkValidationService"><ref bean="linkValidationService"/></property>
         <property name="maxUsers"><value>${server.maxusers}</value></property>
         <property name="singleUserOnly"><value>${server.singleuseronly.name}</value></property>
     </bean>

config/alfresco/linkvalidation-service-context.xml

@@ -252,6 +252,9 @@
         <property name="purgeStoreTxnListener">
             <ref bean="purgeStoreTxnListener"/>
         </property>
+        <property name="sysAdminCache">
+            <ref bean="sysAdminCache"/>
+        </property>
 
         <!-- Poll interval to check getLatestSnapshotID (in milliseconds).  -->
         <!-- Note:  If pollInterval is 0, link validation is disabled.      -->

source/java/org/alfresco/linkvalidation/LinkValidationAction.java

@@ -28,6 +28,7 @@ package org.alfresco.linkvalidation;
 import java.util.List;
 
 import org.alfresco.config.JNDIConstants;
+import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.action.ParameterDefinitionImpl;
 import org.alfresco.repo.action.executer.ActionExecuterAbstractBase;
 import org.alfresco.repo.avm.AVMNodeConverter;
@@ -162,6 +163,12 @@ public class LinkValidationAction extends ActionExecuterAbstractBase
         LinkValidationReport report = null;
         try
         {
+        	if (this.linkValidationService.isLinkValidationDisabled())
+        	{
+        		logger.warn("Link validation (action) not performed - currently disabled by system administrator");
+        		throw new AlfrescoRuntimeException("Link validation not performed - currently disabled by the system administrator");
+        	}
+        	
             // determine which API to call depending on whether there is a destination webapp present 
             if (destWebappPath != null)
             {

source/java/org/alfresco/linkvalidation/LinkValidationService.java

@@ -213,4 +213,8 @@ public interface LinkValidationService
     //-------------------------------------------------------------------------
     public List<String> getHrefsDependentUponFile(String path);
 
+    
+    public void setLinkValidationDisabled(boolean disabled);
+
+    public boolean isLinkValidationDisabled();
 }

source/java/org/alfresco/repo/admin/RepoServerMgmt.java

@@ -31,6 +31,7 @@ import java.util.SortedSet;
 import java.util.TreeSet;
 
 import org.alfresco.error.AlfrescoRuntimeException;
+import org.alfresco.linkvalidation.LinkValidationService;
 import org.alfresco.repo.security.authentication.AuthenticationServiceImpl;
 import org.alfresco.repo.transaction.TransactionServiceImpl;
 import org.alfresco.service.license.LicenseService;
@@ -49,6 +50,7 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 	
 	private TransactionServiceImpl transactionService;
 	private AuthenticationServiceImpl authenticationService;
+	private LinkValidationService linkValidationService;
 	
 	// property key should be the same as the one in core-services-context.xml (to allow repo to start in multi-user mode even if the property is not set)
 	private final static String PROPERTY_KEY_SINGLE_USER_ONLY = "${server.singleuseronly.name}";
@@ -63,6 +65,11 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 		this.authenticationService = authenticationService;
 	}
 	
+	public void setLinkValidationService(LinkValidationService linkValidationService) 
+	{
+		this.linkValidationService = linkValidationService;
+	}
+	
 	public void setApplicationContext(ApplicationContext ctx)
 	{
 		this.ctx = ctx;
@@ -76,13 +83,13 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 	{  
 		if (readOnly && isReadOnly())
 		{
-			log.info("Alfresco is already read-only");
+			log.warn("Alfresco is already read-only");
 			return;
 		}
 		
 		if (!readOnly && !isReadOnly())
 		{
-			log.info("Alfresco is already read-write");
+			log.warn("Alfresco is already read-write");
 			return;
 		}
 		
@@ -105,7 +112,7 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 		
 		if (readOnly)
 		{
-			log.info("Alfresco set to be read-only");
+			log.warn("Alfresco set to be read-only");
 		}
 		else
 		{
@@ -237,11 +244,11 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 				
 				if (maxUsers != 0)
 				{
-					log.info("Alfresco set to allow single-user (" + allowedUsername + ") logins");
+					log.warn("Alfresco set to allow single-user (" + allowedUsername + ") logins only");
 				}
 				else
 				{
-					log.info("Alfresco set to allow single-user (" + allowedUsername + ") logins - although further logins are currently prevented (limit = 0)");
+					log.warn("Alfresco set to allow single-user (" + allowedUsername + ") logins - although further logins are currently prevented (limit = 0)");
 				}
 			}
 		}
@@ -253,7 +260,7 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 			}
 			else if (maxUsers == 0)
 			{
-				log.info("Alfresco set to allow logins - although further logins are currently prevented (limit = 0)");
+				log.warn("Alfresco set to allow logins - although further logins are currently prevented (limit = 0)");
 			}
 			else if (maxUsers != 0)
 			{
@@ -307,7 +314,7 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 		}
 		else if (maxUsers == 0)
 		{
-			log.info("Alfresco set to prevent further logins (limit = 0)");
+			log.warn("Alfresco set to prevent further logins (limit = 0)");
 		}
 		else
 		{
@@ -330,4 +337,30 @@ public class RepoServerMgmt implements RepoServerMgmtMBean, ApplicationContextAw
 	{  
 		return authenticationService.getMaxUsers();
 	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see org.alfresco.repo.admin.RepoServerMgmtMBean#setLinkValidationDisabled(boolean)
+	 */
+	public void setLinkValidationDisabled(boolean disable)
+	{
+		linkValidationService.setLinkValidationDisabled(disable);
+		if (disable)
+		{
+			log.warn("Link validation disabled");
+		}
+		else
+		{
+			log.info("Link validation enabled");
+		}
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see org.alfresco.repo.admin.RepoServerMgmtMBean#isLinkValidationDisabled()
+	 */
+	public boolean isLinkValidationDisabled()
+	{  
+		return linkValidationService.isLinkValidationDisabled();
+	}
 }

source/java/org/alfresco/repo/admin/RepoServerMgmtMBean.java

@@ -165,4 +165,18 @@ public interface RepoServerMgmtMBean
 	 * @param int  maxUsers
 	 */
 	public int getMaxUsers();
+	
+	/**
+	 * Disable or re-enable link validation
+	 * 
+	 * @param disable  true = disable, false = re-enable
+	 */
+	public void setLinkValidationDisabled(boolean disable);
+	
+	/**
+	 * Is link validation disabled ?
+	 * 
+	 * @param boolean  true = disabled, false = enabled
+	 */
+	public boolean isLinkValidationDisabled();
 }

source/java/org/alfresco/repo/security/authentication/AuthenticationDisallowedException.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.security.authentication;
+
+public class AuthenticationDisallowedException extends AuthenticationException
+{
+    /**
+     * 
+     */
+	static final long serialVersionUID = -5993582597632086734L;
+
+    public AuthenticationDisallowedException(String msg)
+    {
+        super(msg);
+    }
+
+    public AuthenticationDisallowedException(String msg, Throwable cause)
+    {
+        super(msg, cause);
+    }
+
+}

source/java/org/alfresco/repo/security/authentication/AuthenticationMaxUsersException.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.security.authentication;
+
+public class AuthenticationMaxUsersException extends AuthenticationException
+{
+    /**
+     * 
+     */
+	static final long serialVersionUID = -3804740186420556532L;
+
+    public AuthenticationMaxUsersException(String msg)
+    {
+        super(msg);
+    }
+
+    public AuthenticationMaxUsersException(String msg, Throwable cause)
+    {
+        super(msg, cause);
+    }
+
+}

source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java

@@ -130,14 +130,14 @@ public class AuthenticationServiceImpl implements AuthenticationService
            
         	if ((allowedUsers != null) && (! allowedUsers.contains(userName)))
 			{
-				throw new AuthenticationException("Username not allowed: " + userName);
+				throw new AuthenticationDisallowedException("Username not allowed: " + userName);
 			}
         	
         	Integer maxUsers = (Integer)sysAdminCache.get(KEY_SYSADMIN_MAX_USERS);
         	
         	if ((maxUsers != null) && (maxUsers != -1) && (ticketComponent.getUsersWithTickets(true).size() >= maxUsers))
         	{
-        		throw new AuthenticationException("Max users exceeded: " + maxUsers);
+        		throw new AuthenticationMaxUsersException("Max users exceeded: " + maxUsers);
         	}
         	
         	authenticationComponent.authenticate(userName, password);