inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Backing out stuff that should have gone on its own branch.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6890 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2007-10-01 15:47:06 +00:00
parent 0911547299
commit 19d195c423
27 changed files with 119 additions and 2402 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
config/alfresco/application-context.xml
View File

@@ -17,7 +17,7 @@
<import resource="classpath:alfresco/network-protocol-context.xml" /> <import resource="classpath:alfresco/network-protocol-context.xml" />
<import resource="classpath:alfresco/email-service-context.xml" /> <import resource="classpath:alfresco/email-service-context.xml" />
<import resource="classpath:alfresco/content-services-context.xml" /> <import resource="classpath:alfresco/content-services-context.xml" />
<import resource="classpath*:alfresco/extension/mt/mt-contentstore-context.xml"/> <import resource="classpath*:alfresco/extension/mt/mt-contentstore-context.xml"/>
<import resource="classpath:alfresco/hibernate-context.xml" /> <import resource="classpath:alfresco/hibernate-context.xml" />
<import resource="classpath:alfresco/ownable-services-context.xml" /> <import resource="classpath:alfresco/ownable-services-context.xml" />
<import resource="classpath:alfresco/template-services-context.xml" /> <import resource="classpath:alfresco/template-services-context.xml" />
@@ -27,8 +27,8 @@
<import resource="classpath:alfresco/authentication-services-context.xml" /> <import resource="classpath:alfresco/authentication-services-context.xml" />
<import resource="classpath:alfresco/policy-context.xml" /> <import resource="classpath:alfresco/policy-context.xml" />
<import resource="classpath:alfresco/import-export-context.xml" /> <import resource="classpath:alfresco/import-export-context.xml" />
<import resource="classpath:alfresco/bootstrap-context.xml" /> <import resource="classpath:alfresco/bootstrap-context.xml" />
<import resource="classpath:alfresco/repo-admin-context.xml"/> <import resource="classpath:alfresco/repo-admin-context.xml"/>
<import resource="classpath:alfresco/workflow-context.xml" /> <import resource="classpath:alfresco/workflow-context.xml" />
<import resource="classpath:alfresco/jcr-api-context.xml" /> <import resource="classpath:alfresco/jcr-api-context.xml" />
<import resource="classpath:alfresco/avm-services-context.xml" /> <import resource="classpath:alfresco/avm-services-context.xml" />
@@ -36,7 +36,6 @@
<import resource="classpath:alfresco/attributes-service-context.xml"/> <import resource="classpath:alfresco/attributes-service-context.xml"/>
<import resource="classpath:alfresco/linkvalidation-service-context.xml"/> <import resource="classpath:alfresco/linkvalidation-service-context.xml"/>
<import resource="classpath:alfresco/remote-services-context.xml"/> <import resource="classpath:alfresco/remote-services-context.xml"/>
<import resource="classpath:alfresco/simple-permissions-context.xml"/>
<import resource="classpath*:alfresco/patch/*-context.xml" /> <import resource="classpath*:alfresco/patch/*-context.xml" />
<import resource="classpath*:alfresco/domain/*-context.xml" /> <import resource="classpath*:alfresco/domain/*-context.xml" />
@@ -47,18 +46,18 @@
--> -->
<import resource="classpath*:alfresco/module-context.xml" /> <import resource="classpath*:alfresco/module-context.xml" />
<!-- <!--
Import of general extensions and bean overrides. Import of general extensions and bean overrides.
To give developers final control over the tuning To give developers final control over the tuning
of their own local build, the dev-context.xml file of their own local build, the dev-context.xml file
is processed last (note: dev-context.xml isn't is processed last (note: dev-context.xml isn't
part of the source tree itself). part of the source tree itself).
For details, see: For details, see:
http://wiki.alfresco.com/wiki/Developer_Runtime_Configuration http://wiki.alfresco.com/wiki/Developer_Runtime_Configuration
--> -->
<import resource="classpath*:alfresco/extension/*-context.xml"/> <import resource="classpath*:alfresco/extension/*-context.xml"/>
<import resource="classpath*:alfresco/extension/dev-context.xml" /> <import resource="classpath*:alfresco/extension/dev-context.xml" />
</beans> </beans>

39
config/alfresco/authentication-services-context.xml
View File

@@ -9,10 +9,10 @@
<!-- Acegi is used for authentication and protecting method calls on public --> <!-- Acegi is used for authentication and protecting method calls on public -->
<!-- services. To do this requires our authentication mechanism to work --> <!-- services. To do this requires our authentication mechanism to work -->
<!-- within the acegi framework. --> <!-- within the acegi framework. -->
<!-- --> <!-- -->
<!-- It is important to decide if user names are case sensitive or not. --> <!-- It is important to decide if user names are case sensitive or not. -->
<!-- This is configured in repository.properties. --> <!-- This is configured in repository.properties. -->
<!-- --> <!-- -->
<!-- --> <!-- -->
<!-- TODO: --> <!-- TODO: -->
<!-- --> <!-- -->
@@ -20,8 +20,8 @@
<!-- file. This should be done in the public services definitions. --> <!-- file. This should be done in the public services definitions. -->
<!-- This requires some tests to be fixed up. --> <!-- This requires some tests to be fixed up. -->
<!-- --> <!-- -->
<beans> <beans>
<!-- --> <!-- -->
<!-- The Acegi authentication manager. --> <!-- The Acegi authentication manager. -->
@@ -96,13 +96,10 @@
<property name="passwordEncoder"> <property name="passwordEncoder">
<ref bean="passwordEncoder" /> <ref bean="passwordEncoder" />
</property> </property>
<property name="authorityCapabilityRegistry">
<ref bean="authorityCapabilityRegistry"/>
</property>
</bean> </bean>
<!-- The DAO also acts as a salt provider. --> <!-- The DAO also acts as a salt provider. -->
<alias alias="saltSource" name="authenticationDao"/> <alias alias="saltSource" name="authenticationDao"/>
<!-- Passwords are encoded using MD4 --> <!-- Passwords are encoded using MD4 -->
@@ -119,7 +116,7 @@
<!-- --> <!-- -->
<!-- The permissions service is required so that permissions can be --> <!-- The permissions service is required so that permissions can be -->
<!-- cleaned up when a user is deleted. --> <!-- cleaned up when a user is deleted. -->
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl"> <bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao"> <property name="authenticationDao">
<ref bean="authenticationDao" /> <ref bean="authenticationDao" />
@@ -150,7 +147,7 @@
</props> </props>
</property> </property>
</bean> </bean>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl"> <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao"> <property name="authenticationDao">
<ref bean="authenticationDao" /> <ref bean="authenticationDao" />
@@ -163,19 +160,19 @@
</property> </property>
</bean> </bean>
<!-- Simple Authentication component that rejects all authentication requests --> <!-- Simple Authentication component that rejects all authentication requests -->
<!-- Use this defintion for Novell IChain integration. --> <!-- Use this defintion for Novell IChain integration. -->
<!-- It should never go to the login screen so this is not required --> <!-- It should never go to the login screen so this is not required -->
<!-- <!--
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl"> <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
<property name="accept"> <property name="accept">
<value>true</value> <value>true</value>
</property> </property>
</bean> </bean>
--> -->
<!-- The person service. --> <!-- The person service. -->
@@ -255,7 +252,7 @@
<ref bean="userHomesHomeFolderProvider" /> <ref bean="userHomesHomeFolderProvider" />
</property> </property>
</bean> </bean>
<bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider"> <bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <property name="serviceRegistry">
<ref bean="ServiceRegistry" /> <ref bean="ServiceRegistry" />
@@ -270,7 +267,7 @@
<ref bean="homeFolderManager" /> <ref bean="homeFolderManager" />
</property> </property>
</bean> </bean>
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider"> <bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <property name="serviceRegistry">
<ref bean="ServiceRegistry" /> <ref bean="ServiceRegistry" />
@@ -290,13 +287,13 @@
</set> </set>
</property> </property>
</bean> </bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider"> <bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
<property name="homeFolderManager"> <property name="homeFolderManager">
<ref bean="homeFolderManager" /> <ref bean="homeFolderManager" />
</property> </property>
</bean> </bean>
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider"> <bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <property name="serviceRegistry">
<ref bean="ServiceRegistry" /> <ref bean="ServiceRegistry" />
@@ -324,7 +321,7 @@
</set> </set>
</property> </property>
</bean> </bean>
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider"> <bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <property name="serviceRegistry">
<ref bean="ServiceRegistry" /> <ref bean="ServiceRegistry" />
@@ -352,8 +349,8 @@
</set> </set>
</property> </property>
</bean> </bean>
<!-- The ticket component. --> <!-- The ticket component. -->
<!-- Used for reauthentication --> <!-- Used for reauthentication -->
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl"> <bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">

13
config/alfresco/authority-services-context.xml
View File

@@ -9,9 +9,9 @@
<!-- This implementation supports the identification of users as admin users. --> <!-- This implementation supports the identification of users as admin users. -->
<!-- It also supports groups and allows groups and users to be arranged into --> <!-- It also supports groups and allows groups and users to be arranged into -->
<!-- hierarchies. --> <!-- hierarchies. -->
<!-- --> <!-- -->
<beans> <beans>
<bean id="authorityService" class="org.alfresco.repo.security.authority.AuthorityServiceImpl"> <bean id="authorityService" class="org.alfresco.repo.security.authority.AuthorityServiceImpl">
<property name="authenticationComponent"> <property name="authenticationComponent">
<ref bean="authenticationComponent" /> <ref bean="authenticationComponent" />
@@ -51,13 +51,13 @@
</set> </set>
</property> </property>
</bean> </bean>
<!-- Authority DAO that stores group information along with user information, --> <!-- Authority DAO that stores group information along with user information, -->
<!-- in the repository. --> <!-- in the repository. -->
<!-- --> <!-- -->
<!-- This bean uses the userToAuthorityCache configured in cache-context.xml --> <!-- This bean uses the userToAuthorityCache configured in cache-context.xml -->
<!-- --> <!-- -->
<bean id="authorityDAO" class="org.alfresco.repo.security.authority.AuthorityDAOImpl"> <bean id="authorityDAO" class="org.alfresco.repo.security.authority.AuthorityDAOImpl">
<property name="nodeService"> <property name="nodeService">
<ref bean="nodeService" /> <ref bean="nodeService" />
</property> </property>
@@ -73,9 +73,6 @@
<property name="userToAuthorityCache"> <property name="userToAuthorityCache">
<ref bean="userToAuthorityCache" /> <ref bean="userToAuthorityCache" />
</property> </property>
<property name="authorityCapabilityRegistry">
<ref bean="authorityCapabilityRegistry"/>
</property>
</bean> </bean>
</beans> </beans>

51
config/alfresco/bootstrap-context.xml
View File

@@ -4,14 +4,14 @@
<!-- <!--
Repository Bootstrap Sequence. Repository Bootstrap Sequence.
This file specifies the initialisation (and order of initialisation) to perform during Repository startup. This file specifies the initialisation (and order of initialisation) to perform during Repository startup.
The pattern for adding new initialisation to the bootstrap sequence is as follows: The pattern for adding new initialisation to the bootstrap sequence is as follows:
1) Develop a bean that implements the Spring interface ApplicationListener 1) Develop a bean that implements the Spring interface ApplicationListener
2) Place the initialisation logic in the method onApplicationEvent(ApplicationEvent event)... 2) Place the initialisation logic in the method onApplicationEvent(ApplicationEvent event)...
public void onApplicationEvent(ApplicationEvent event) public void onApplicationEvent(ApplicationEvent event)
{ {
if (event instanceof ContextRefreshedEvent) if (event instanceof ContextRefreshedEvent)
@@ -19,7 +19,7 @@
// initialisation logic here // initialisation logic here
} }
} }
3) Add the bean definition to this file - Note: the beans are initialised in the order they are specified. 3) Add the bean definition to this file - Note: the beans are initialised in the order they are specified.
--> -->
@@ -60,7 +60,7 @@
</list> </list>
</property> </property>
</bean> </bean>
<!-- Bootstrap the AVM --> <!-- Bootstrap the AVM -->
<bean id="avmBootstrap" class="org.alfresco.repo.avm.AvmBootstrap" > <bean id="avmBootstrap" class="org.alfresco.repo.avm.AvmBootstrap" >
<property name="issuers"> <property name="issuers">
@@ -73,7 +73,7 @@
<ref bean="avmLockingAwareService"/> <ref bean="avmLockingAwareService"/>
</property> </property>
</bean> </bean>
<!-- Bootstrap AVM Locking Service. --> <!-- Bootstrap AVM Locking Service. -->
<bean id="avmLockingBootstrap" class="org.alfresco.repo.avm.locking.AVMLockingBootstrap"> <bean id="avmLockingBootstrap" class="org.alfresco.repo.avm.locking.AVMLockingBootstrap">
<property name="avmLockingService"> <property name="avmLockingService">
@@ -203,7 +203,7 @@
<prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop> <prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop>
<prop key="location">alfresco/bootstrap/webScriptsReadme.xml</prop> <prop key="location">alfresco/bootstrap/webScriptsReadme.xml</prop>
</props> </props>
<props> <props>
<prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop> <prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop>
<prop key="location">alfresco/bootstrap/customModelsSpace.acp</prop> <prop key="location">alfresco/bootstrap/customModelsSpace.acp</prop>
@@ -216,16 +216,16 @@
<prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop> <prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop>
<prop key="location">alfresco/bootstrap/customWebClientExtensionSpace.xml</prop> <prop key="location">alfresco/bootstrap/customWebClientExtensionSpace.xml</prop>
</props> </props>
<props> <props>
<prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop> <prop key="path">/${spaces.company_home.childname}/${spaces.dictionary.childname}</prop>
<prop key="location">alfresco/bootstrap/customWorkflowDefsSpace.acp</prop> <prop key="location">alfresco/bootstrap/customWorkflowDefsSpace.acp</prop>
</props> </props>
</list> </list>
</property> </property>
</bean> </bean>
<import resource="classpath:alfresco/bootstrap/st-admin-context.xml"/> <import resource="classpath:alfresco/bootstrap/st-admin-context.xml"/>
<import resource="classpath*:alfresco/extension/mt/mt-admin-context.xml"/> <import resource="classpath*:alfresco/extension/mt/mt-admin-context.xml"/>
@@ -274,15 +274,8 @@
</property> </property>
</bean> </bean>
<!-- Bootstrap for the authorityCapabilityRegistry -->
<bean id="authorityCapabilityBootstrap" class="org.alfresco.repo.simple.permission.AuthorityCapabilityBootstrap">
<property name="authorityCapabilityRegistry">
<ref bean="authorityCapabilityRegistry"/>
</property>
</bean>
<!-- Bootstrap any extensions --> <!-- Bootstrap any extensions -->
<import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" /> <import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" />
<!-- Descriptor Service --> <!-- Descriptor Service -->
@@ -310,13 +303,13 @@
<!-- Perform index recovery before applying any patches --> <!-- Perform index recovery before applying any patches -->
<!-- rebuild the index if required - before we check that it is there --> <!-- rebuild the index if required - before we check that it is there -->
<bean id="indexRecoveryBootstrap" class="org.alfresco.repo.node.index.IndexRecoveryBootstrapBean" > <bean id="indexRecoveryBootstrap" class="org.alfresco.repo.node.index.IndexRecoveryBootstrapBean" >
<property name="indexRecoveryComponent"> <property name="indexRecoveryComponent">
<ref bean="indexRecoveryComponent"/> <ref bean="indexRecoveryComponent"/>
</property> </property>
</bean> </bean>
<bean id="avmIndexRecoveryBootstrap" class="org.alfresco.repo.node.index.IndexRecoveryBootstrapBean" > <bean id="avmIndexRecoveryBootstrap" class="org.alfresco.repo.node.index.IndexRecoveryBootstrapBean" >
<property name="indexRecoveryComponent"> <property name="indexRecoveryComponent">
<ref bean="avmIndexRecoveryComponent"/> <ref bean="avmIndexRecoveryComponent"/>
@@ -385,15 +378,15 @@
<ref bean="fileServersConfigService"/> <ref bean="fileServersConfigService"/>
</property> </property>
</bean> </bean>
<bean id="cifsServer" class="org.alfresco.filesys.CIFSServer" destroy-method="stopServer"> <bean id="cifsServer" class="org.alfresco.filesys.CIFSServer" destroy-method="stopServer">
<constructor-arg> <constructor-arg>
<ref local="fileServerConfiguration"/> <ref local="fileServerConfiguration"/>
</constructor-arg> </constructor-arg>
</bean> </bean>
<!-- FTP Server --> <!-- FTP Server -->
<bean id="ftpServer" class="org.alfresco.filesys.FTPServer" destroy-method="stopServer"> <bean id="ftpServer" class="org.alfresco.filesys.FTPServer" destroy-method="stopServer">
<constructor-arg> <constructor-arg>
<ref local="fileServerConfiguration"/> <ref local="fileServerConfiguration"/>
@@ -401,7 +394,7 @@
</bean> </bean>
<!-- NFS Server --> <!-- NFS Server -->
<bean id="nfsServer" class="org.alfresco.filesys.NFSServer" destroy-method="stopServer"> <bean id="nfsServer" class="org.alfresco.filesys.NFSServer" destroy-method="stopServer">
<constructor-arg> <constructor-arg>
<ref local="fileServerConfiguration"/> <ref local="fileServerConfiguration"/>
@@ -409,13 +402,13 @@
</bean> </bean>
<!-- Start the quartz scheduler --> <!-- Start the quartz scheduler -->
<bean id="schedulerStarter" class="org.alfresco.util.SchedulerStarterBean" > <bean id="schedulerStarter" class="org.alfresco.util.SchedulerStarterBean" >
<property name="scheduler"> <property name="scheduler">
<ref bean="schedulerFactory"/> <ref bean="schedulerFactory"/>
</property> </property>
</bean> </bean>
<!-- Startup Message --> <!-- Startup Message -->
<bean id="openOfficeConnectionTester" class="org.alfresco.util.OpenOfficeConnectionTester" > <bean id="openOfficeConnectionTester" class="org.alfresco.util.OpenOfficeConnectionTester" >
@@ -432,7 +425,7 @@
<ref local="descriptorComponent"/> <ref local="descriptorComponent"/>
</property> </property>
</bean> </bean>
<!-- Workflow Scheduler --> <!-- Workflow Scheduler -->
<bean id="workflowScheduler" class="org.alfresco.repo.workflow.jbpm.JBPMScheduler"> <bean id="workflowScheduler" class="org.alfresco.repo.workflow.jbpm.JBPMScheduler">
<property name="JBPMTemplate" ref="jbpm_template" /> <property name="JBPMTemplate" ref="jbpm_template" />
@@ -446,5 +439,5 @@
</constructor-arg> </constructor-arg>
</bean> </bean>
--> -->
</beans> </beans>

37
config/alfresco/hibernate-context.xml
View File

@@ -3,7 +3,7 @@
<beans> <beans>
<!-- load hibernate configuration properties --> <!-- load hibernate configuration properties -->
<bean id="hibernateConfigProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <bean id="hibernateConfigProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="locations"> <property name="locations">
<list> <list>
@@ -11,7 +11,7 @@
</list> </list>
</property> </property>
</bean> </bean>
<!-- load hibernate entity cache strategies --> <!-- load hibernate entity cache strategies -->
<bean id="cacheStrategiesPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <bean id="cacheStrategiesPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="ignoreUnresolvablePlaceholders"> <property name="ignoreUnresolvablePlaceholders">
<value>true</value> <value>true</value>
@@ -38,7 +38,7 @@
<!-- --> <!-- -->
<!-- Alfresco Node Storage --> <!-- Alfresco Node Storage -->
<!-- --> <!-- -->
<value>org/alfresco/repo/domain/hibernate/Node.hbm.xml</value> <value>org/alfresco/repo/domain/hibernate/Node.hbm.xml</value>
<value>org/alfresco/repo/domain/hibernate/Store.hbm.xml</value> <value>org/alfresco/repo/domain/hibernate/Store.hbm.xml</value>
<value>org/alfresco/repo/domain/hibernate/Transaction.hbm.xml</value> <value>org/alfresco/repo/domain/hibernate/Transaction.hbm.xml</value>
@@ -47,8 +47,7 @@
<value>org/alfresco/repo/domain/hibernate/Permission.hbm.xml</value> <value>org/alfresco/repo/domain/hibernate/Permission.hbm.xml</value>
<value>org/alfresco/repo/avm/hibernate/AVM.hbm.xml</value> <value>org/alfresco/repo/avm/hibernate/AVM.hbm.xml</value>
<value>org/alfresco/repo/attributes/hibernate/Attributes.hbm.xml</value> <value>org/alfresco/repo/attributes/hibernate/Attributes.hbm.xml</value>
<value>org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml</value>
<!-- Audit config --> <!-- Audit config -->
<!-- TODO: Move into org/alfresco/repo/domain/hibernate/ --> <!-- TODO: Move into org/alfresco/repo/domain/hibernate/ -->
<value>org/alfresco/repo/audit/hibernate/Audit.hbm.xml</value> <value>org/alfresco/repo/audit/hibernate/Audit.hbm.xml</value>
@@ -111,7 +110,7 @@
<value>org/jbpm/job/ExecuteActionJob.hbm.xml</value> <value>org/jbpm/job/ExecuteActionJob.hbm.xml</value>
<value>org/jbpm/taskmgmt/exe/TaskMgmtInstance.hbm.xml</value> <value>org/jbpm/taskmgmt/exe/TaskMgmtInstance.hbm.xml</value>
<value>org/jbpm/taskmgmt/exe/TaskInstance.hbm.xml</value> <value>org/jbpm/taskmgmt/exe/TaskInstance.hbm.xml</value>
<value>org/alfresco/repo/workflow/jbpm/WorkflowTaskInstance.hbm.xml</value> <value>org/alfresco/repo/workflow/jbpm/WorkflowTaskInstance.hbm.xml</value>
<value>org/jbpm/taskmgmt/exe/PooledActor.hbm.xml</value> <value>org/jbpm/taskmgmt/exe/PooledActor.hbm.xml</value>
<value>org/jbpm/taskmgmt/exe/SwimlaneInstance.hbm.xml</value> <value>org/jbpm/taskmgmt/exe/SwimlaneInstance.hbm.xml</value>
<value>org/jbpm/logging/log/ProcessLog.hbm.xml</value> <value>org/jbpm/logging/log/ProcessLog.hbm.xml</value>
@@ -158,12 +157,12 @@
<prop key="org.alfresco.repo.domain.hibernate.ServerImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.domain.hibernate.ServerImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.domain.hibernate.VersionCountImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.domain.hibernate.VersionCountImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.domain.hibernate.AppliedPatchImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.domain.hibernate.AppliedPatchImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.domain.hibernate.DbPermissionImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.domain.hibernate.DbPermissionImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.domain.hibernate.DbAuthorityImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.domain.hibernate.DbAuthorityImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.audit.hibernate.AuditConfigImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.audit.hibernate.AuditConfigImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.audit.hibernate.AuditDateImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.audit.hibernate.AuditDateImpl">${cache.strategy}</prop>
<prop key="org.alfresco.repo.audit.hibernate.AuditSourceImpl">${cache.strategy}</prop> <prop key="org.alfresco.repo.audit.hibernate.AuditSourceImpl">${cache.strategy}</prop>
@@ -182,7 +181,7 @@
</props> </props>
</property> </property>
</bean> </bean>
<!-- create a transaction manager --> <!-- create a transaction manager -->
<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="transactionSynchronizationName"> <property name="transactionSynchronizationName">
@@ -192,14 +191,14 @@
<ref bean="sessionFactory" /> <ref bean="sessionFactory" />
</property> </property>
</bean> </bean>
<!-- Hibernate-specific implementations of persistence components --> <!-- Hibernate-specific implementations of persistence components -->
<bean id="versionCounterDaoComponent" class="org.alfresco.repo.domain.hibernate.VersionCounterDaoComponentImpl"> <bean id="versionCounterDaoComponent" class="org.alfresco.repo.domain.hibernate.VersionCounterDaoComponentImpl">
<property name="sessionFactory"> <property name="sessionFactory">
<ref bean="sessionFactory" /> <ref bean="sessionFactory" />
</property> </property>
</bean> </bean>
<bean id="permissionsDaoComponent" class="org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl"> <bean id="permissionsDaoComponent" class="org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl">
<property name="sessionFactory"> <property name="sessionFactory">
<ref bean="sessionFactory" /> <ref bean="sessionFactory" />
@@ -214,7 +213,7 @@
<ref bean="nodeACLDAO"/> <ref bean="nodeACLDAO"/>
</property> </property>
</bean> </bean>
<bean id="nodeACLDAO" class="org.alfresco.repo.domain.hibernate.NodeAccessControlListDAO"> <bean id="nodeACLDAO" class="org.alfresco.repo.domain.hibernate.NodeAccessControlListDAO">
<property name="nodeDaoService"> <property name="nodeDaoService">
<ref bean="nodeDaoService" /> <ref bean="nodeDaoService" />
@@ -223,13 +222,13 @@
<ref bean="sessionFactory"/> <ref bean="sessionFactory"/>
</property> </property>
</bean> </bean>
<bean id="avmACLDAO" class="org.alfresco.repo.domain.hibernate.AVMAccessControlListDAO"> <bean id="avmACLDAO" class="org.alfresco.repo.domain.hibernate.AVMAccessControlListDAO">
<property name="avmRepository"> <property name="avmRepository">
<ref bean="avmRepository"/> <ref bean="avmRepository"/>
</property> </property>
</bean> </bean>
<bean id="nodeDaoServiceImpl" class="org.alfresco.repo.node.db.hibernate.HibernateNodeDaoServiceImpl"> <bean id="nodeDaoServiceImpl" class="org.alfresco.repo.node.db.hibernate.HibernateNodeDaoServiceImpl">
<property name="sessionFactory"> <property name="sessionFactory">
<ref bean="sessionFactory" /> <ref bean="sessionFactory" />
@@ -239,9 +238,9 @@
</property> </property>
<property name="tenantService"> <property name="tenantService">
<ref bean="tenantService"/> <ref bean="tenantService"/>
</property> </property>
</bean> </bean>
<bean id="dbNodeDaoServiceTxnRegistration" class="org.alfresco.repo.transaction.TransactionalDaoInterceptor" > <bean id="dbNodeDaoServiceTxnRegistration" class="org.alfresco.repo.transaction.TransactionalDaoInterceptor" >
<property name="daoService"> <property name="daoService">
<ref bean="nodeDaoServiceImpl" /> <ref bean="nodeDaoServiceImpl" />
@@ -253,7 +252,7 @@
<ref bean="permissionsDaoComponent" /> <ref bean="permissionsDaoComponent" />
</property> </property>
</bean> </bean>
<bean id="nodeDaoService" class="org.springframework.aop.framework.ProxyFactoryBean"> <bean id="nodeDaoService" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"> <property name="proxyInterfaces">
<value>org.alfresco.repo.node.db.NodeDaoService</value> <value>org.alfresco.repo.node.db.NodeDaoService</value>
@@ -268,7 +267,7 @@
</property> </property>
</bean> </bean>
<bean id="auditDao" class="org.alfresco.repo.audit.hibernate.HibernateAuditDAO"> <bean id="auditDao" class="org.alfresco.repo.audit.hibernate.HibernateAuditDAO">
<property name="sessionFactory"> <property name="sessionFactory">
<ref bean="sessionFactory"/> <ref bean="sessionFactory"/>
@@ -280,5 +279,5 @@
<ref bean="&amp;sessionFactory"></ref> <!-- inject the actual factory, not a session --> <ref bean="&amp;sessionFactory"></ref> <!-- inject the actual factory, not a session -->
</property> </property>
</bean> </bean>
</beans> </beans>

41
config/alfresco/simple-permissions-context.xml
View File

@@ -1,41 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" >
<beans>
<bean id="authorityEntryDAO" class="org.alfresco.repo.simple.permission.AuthorityEntryDAOHibernate">
<property name="sessionFactory">
<ref bean="sessionFactory"/>
</property>
</bean>
<bean id="capabilityEntryDAO" class="org.alfresco.repo.simple.permission.CapabilityEntryDAOHibernate">
<property name="sessionFactory">
<ref bean="sessionFactory"/>
</property>
</bean>
<bean id="authorityCapabilityRegistry" class="org.alfresco.repo.simple.permission.AuthorityCapabilityRegistryImpl">
<property name="authorityEntryDAO">
<ref bean="authorityEntryDAO"/>
</property>
<property name="capabilityEntryDAO">
<ref bean="capabilityEntryDAO"/>
</property>
<property name="capabilities">
<set>
<value>read</value>
<value>write</value>
<value>delete</value>
<value>shimmy</value>
<value>shake</value>
</set>
</property>
<property name="retryingTransactionHelper">
<ref bean="retryingTransactionHelper"/>
</property>
<property name="authorityService">
<ref bean="authorityService"/>
</property>
</bean>
</beans>

2
config/alfresco/version.properties
View File

@@ -19,4 +19,4 @@ version.build=@build-number@
# Schema number # Schema number
version.schema=107 version.schema=108

59
source/java/org/alfresco/repo/avm/util/RawServices.java
View File

@@ -1,5 +1,5 @@
/** /**
* *
*/ */
package org.alfresco.repo.avm.util; package org.alfresco.repo.avm.util;
@@ -10,7 +10,6 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ContentService; import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.MimetypeService; import org.alfresco.service.cmr.repository.MimetypeService;
import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware; import org.springframework.context.ApplicationContextAware;
@@ -24,75 +23,70 @@ public class RawServices implements ApplicationContextAware
* The instance of RawServices * The instance of RawServices
*/ */
private static RawServices fgInstance; private static RawServices fgInstance;
/** /**
* The Application Context. * The Application Context.
*/ */
private ApplicationContext fContext; private ApplicationContext fContext;
/** /**
* The AuthenticationComponent. * The AuthenticationComponent.
*/ */
private AuthenticationComponent fAuthenticationComponent; private AuthenticationComponent fAuthenticationComponent;
/** /**
* The Content Service. * The Content Service.
*/ */
private ContentService fContentService; private ContentService fContentService;
/** /**
* The Mimetype Service. * The Mimetype Service.
*/ */
private MimetypeService fMimetypeService; private MimetypeService fMimetypeService;
/** /**
* The Dictionary Service. * The Dictionary Service.
*/ */
private DictionaryService fDictionaryService; private DictionaryService fDictionaryService;
/** /**
* The Content Store. * The Content Store.
*/ */
private ContentStore fContentStore; private ContentStore fContentStore;
/** /**
* The LookupCache. * The LookupCache.
*/ */
private LookupCache fLookupCache; private LookupCache fLookupCache;
/** /**
* The Authority Service. * The Authority Service.
*/ */
private AuthorityService fAuthorityService; private AuthorityService fAuthorityService;
/**
* The CapabilityRegistry.
*/
private AuthorityCapabilityRegistry fCapabilityRegistry;
/** /**
* Default constructor. * Default constructor.
*/ */
public RawServices() public RawServices()
{ {
fgInstance = this; fgInstance = this;
} }
public static RawServices Instance() public static RawServices Instance()
{ {
return fgInstance; return fgInstance;
} }
public void setApplicationContext(ApplicationContext applicationContext) public void setApplicationContext(ApplicationContext applicationContext)
{ {
fContext = applicationContext; fContext = applicationContext;
} }
public AuthenticationComponent getAuthenticationComponent() public AuthenticationComponent getAuthenticationComponent()
{ {
if (fAuthenticationComponent == null) if (fAuthenticationComponent == null)
{ {
fAuthenticationComponent = fAuthenticationComponent =
(AuthenticationComponent)fContext.getBean("authenticationComponent"); (AuthenticationComponent)fContext.getBean("authenticationComponent");
} }
return fAuthenticationComponent; return fAuthenticationComponent;
@@ -102,7 +96,7 @@ public class RawServices implements ApplicationContextAware
{ {
if (fContentService == null) if (fContentService == null)
{ {
fContentService = fContentService =
(ContentService)fContext.getBean("contentService"); (ContentService)fContext.getBean("contentService");
} }
return fContentService; return fContentService;
@@ -112,12 +106,12 @@ public class RawServices implements ApplicationContextAware
{ {
if (fMimetypeService == null) if (fMimetypeService == null)
{ {
fMimetypeService = fMimetypeService =
(MimetypeService)fContext.getBean("mimetypeService"); (MimetypeService)fContext.getBean("mimetypeService");
} }
return fMimetypeService; return fMimetypeService;
} }
public DictionaryService getDictionaryService() public DictionaryService getDictionaryService()
{ {
if (fDictionaryService == null) if (fDictionaryService == null)
@@ -127,7 +121,7 @@ public class RawServices implements ApplicationContextAware
} }
return fDictionaryService; return fDictionaryService;
} }
public ContentStore getContentStore() public ContentStore getContentStore()
{ {
if (fContentStore == null) if (fContentStore == null)
@@ -137,7 +131,7 @@ public class RawServices implements ApplicationContextAware
} }
return fContentStore; return fContentStore;
} }
public LookupCache getLookupCache() public LookupCache getLookupCache()
{ {
if (fLookupCache == null) if (fLookupCache == null)
@@ -146,7 +140,7 @@ public class RawServices implements ApplicationContextAware
} }
return fLookupCache; return fLookupCache;
} }
public AuthorityService getAuthorityService() public AuthorityService getAuthorityService()
{ {
if (fAuthorityService == null) if (fAuthorityService == null)
@@ -157,15 +151,6 @@ public class RawServices implements ApplicationContextAware
return fAuthorityService; return fAuthorityService;
} }
public AuthorityCapabilityRegistry getAuthorityCapabilityRegistry()
{
if (fCapabilityRegistry == null)
{
fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry");
}
return fCapabilityRegistry;
}
public ApplicationContext getContext() public ApplicationContext getContext()
{ {
return fContext; return fContext;

27
source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
View File

@@ -15,11 +15,11 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of * As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre * the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's * and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing * FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here: * the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" * http://www.alfresco.com/legal/licensing"
*/ */
package org.alfresco.repo.security.authentication; package org.alfresco.repo.security.authentication;
@@ -61,7 +61,6 @@ import org.alfresco.service.namespace.DynamicNamespacePrefixResolver;
import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.alfresco.service.transaction.TransactionService; import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper; import org.alfresco.util.ApplicationContextHelper;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
@@ -72,7 +71,7 @@ public class AuthenticationTest extends TestCase
private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext(); private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
private NodeService nodeService; private NodeService nodeService;
private TenantService tenantService; private TenantService tenantService;
private SearchService searchService; private SearchService searchService;
@@ -96,7 +95,7 @@ public class AuthenticationTest extends TestCase
private SaltSource saltSource; private SaltSource saltSource;
private TicketComponent ticketComponent; private TicketComponent ticketComponent;
private SimpleCache<String, Ticket> ticketsCache; private SimpleCache<String, Ticket> ticketsCache;
private AuthenticationService authenticationService; private AuthenticationService authenticationService;
@@ -109,8 +108,6 @@ public class AuthenticationTest extends TestCase
private AuthenticationComponent authenticationComponentImpl; private AuthenticationComponent authenticationComponentImpl;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
public AuthenticationTest() public AuthenticationTest()
{ {
super(); super();
@@ -134,7 +131,6 @@ public class AuthenticationTest extends TestCase
pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService"); pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService");
authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent"); authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authorityCapabilityRegistry = (AuthorityCapabilityRegistry) ctx.getBean("authorityCapabilityRegistry");
// permissionServiceSPI = (PermissionServiceSPI) // permissionServiceSPI = (PermissionServiceSPI)
// ctx.getBean("permissionService"); // ctx.getBean("permissionService");
ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache"); ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache");
@@ -242,7 +238,7 @@ public class AuthenticationTest extends TestCase
{ {
authenticationService.authenticate("GUEST", "".toCharArray()); authenticationService.authenticate("GUEST", "".toCharArray());
} }
public void testCreateUsers() public void testCreateUsers()
{ {
authenticationService.createAuthentication("GUEST", "".toCharArray()); authenticationService.createAuthentication("GUEST", "".toCharArray());
@@ -265,7 +261,7 @@ public class AuthenticationTest extends TestCase
{ {
// TODO - could create tenant domain 'chocolate.chip.cookie.com' // TODO - could create tenant domain 'chocolate.chip.cookie.com'
} }
authenticationService.createAuthentication("Andy_Woof/Domain", "".toCharArray()); authenticationService.createAuthentication("Andy_Woof/Domain", "".toCharArray());
authenticationService.authenticate("Andy_Woof/Domain", "".toCharArray()); authenticationService.authenticate("Andy_Woof/Domain", "".toCharArray());
assertEquals("Andy_Woof/Domain", authenticationService.getCurrentUserName()); assertEquals("Andy_Woof/Domain", authenticationService.getCurrentUserName());
@@ -273,7 +269,7 @@ public class AuthenticationTest extends TestCase
authenticationService.createAuthentication("Andy_ Woof/Domain", "".toCharArray()); authenticationService.createAuthentication("Andy_ Woof/Domain", "".toCharArray());
authenticationService.authenticate("Andy_ Woof/Domain", "".toCharArray()); authenticationService.authenticate("Andy_ Woof/Domain", "".toCharArray());
assertEquals("Andy_ Woof/Domain", authenticationService.getCurrentUserName()); assertEquals("Andy_ Woof/Domain", authenticationService.getCurrentUserName());
if (! tenantService.isEnabled()) if (! tenantService.isEnabled())
{ {
authenticationService.createAuthentication("Andy `\u00ac\u00a6!\u00a3$%^&*()-_=+\t\n\u0000[]{};'#:@~,./<>?\\|", "".toCharArray()); authenticationService.createAuthentication("Andy `\u00ac\u00a6!\u00a3$%^&*()-_=+\t\n\u0000[]{};'#:@~,./<>?\\|", "".toCharArray());
@@ -295,7 +291,6 @@ public class AuthenticationTest extends TestCase
dao.setDictionaryService(dictionaryService); dao.setDictionaryService(dictionaryService);
dao.setNamespaceService(getNamespacePrefixReolsver("")); dao.setNamespaceService(getNamespacePrefixReolsver(""));
dao.setPasswordEncoder(passwordEncoder); dao.setPasswordEncoder(passwordEncoder);
dao.setAuthorityCapabilityRegistry(authorityCapabilityRegistry);
dao.createUser("Andy", "cabbage".toCharArray()); dao.createUser("Andy", "cabbage".toCharArray());
assertNotNull(dao.getUserOrNull("Andy")); assertNotNull(dao.getUserOrNull("Andy"));
@@ -702,7 +697,7 @@ public class AuthenticationTest extends TestCase
tc.validateTicket(ticket); tc.validateTicket(ticket);
assertEquals(ticketComponent.getCurrentTicket("Andy"), ticket); assertEquals(ticketComponent.getCurrentTicket("Andy"), ticket);
dao.deleteUser("Andy"); dao.deleteUser("Andy");
// assertNull(dao.getUserOrNull("Andy")); // assertNull(dao.getUserOrNull("Andy"));

26
source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
View File

@@ -15,11 +15,11 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of * As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre * the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's * and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing * FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here: * the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" * http://www.alfresco.com/legal/licensing"
*/ */
package org.alfresco.repo.security.authentication; package org.alfresco.repo.security.authentication;
@@ -53,7 +53,6 @@ import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
public class RepositoryAuthenticationDao implements MutableAuthenticationDao public class RepositoryAuthenticationDao implements MutableAuthenticationDao
@@ -71,8 +70,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
private SearchService searchService; private SearchService searchService;
private PasswordEncoder passwordEncoder; private PasswordEncoder passwordEncoder;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
private boolean userNamesAreCaseSensitive; private boolean userNamesAreCaseSensitive;
@@ -115,11 +112,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
{ {
this.searchService = searchService; this.searchService = searchService;
} }
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry)
{
this.authorityCapabilityRegistry = registry;
}
public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException, public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException,
DataAccessException DataAccessException
@@ -156,11 +148,11 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
{ {
return null; return null;
} }
SearchParameters sp = new SearchParameters(); SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE); sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("@usr\\:username:\"" + searchUserName + "\""); sp.setQuery("@usr\\:username:\"" + searchUserName + "\"");
try try
{ {
sp.addStore(tenantService.getName(searchUserName, STOREREF_USERS)); sp.addStore(tenantService.getName(searchUserName, STOREREF_USERS));
@@ -219,7 +211,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
} }
} }
} }
return returnRef; return returnRef;
} }
finally finally
@@ -252,7 +244,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false)); properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false));
nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER, nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER,
properties); properties);
authorityCapabilityRegistry.addAuthority(caseSensitiveUserName, null);
} }
private NodeRef getUserFolderLocation(String caseSensitiveUserName) private NodeRef getUserFolderLocation(String caseSensitiveUserName)
@@ -312,7 +303,6 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
throw new AuthenticationException("User name does not exist: " + userName); throw new AuthenticationException("User name does not exist: " + userName);
} }
nodeService.deleteNode(userRef); nodeService.deleteNode(userRef);
authorityCapabilityRegistry.removeAuthority(userName);
} }
public Object getSalt(UserDetails userDetails) public Object getSalt(UserDetails userDetails)

22
source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@@ -15,11 +15,11 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of * As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre * the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's * and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing * FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here: * the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" * http://www.alfresco.com/legal/licensing"
*/ */
package org.alfresco.repo.security.authority; package org.alfresco.repo.security.authority;
@@ -51,7 +51,6 @@ import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern; import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.alfresco.util.ISO9075; import org.alfresco.util.ISO9075;
public class AuthorityDAOImpl implements AuthorityDAO public class AuthorityDAOImpl implements AuthorityDAO
@@ -71,8 +70,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
private DictionaryService dictionaryService; private DictionaryService dictionaryService;
private SimpleCache<String, HashSet<String>> userToAuthorityCache; private SimpleCache<String, HashSet<String>> userToAuthorityCache;
private AuthorityCapabilityRegistry authorityCapabilityRegistry;
public AuthorityDAOImpl() public AuthorityDAOImpl()
{ {
@@ -106,11 +103,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
this.userToAuthorityCache = userToAuthorityCache; this.userToAuthorityCache = userToAuthorityCache;
} }
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry)
{
this.authorityCapabilityRegistry = registry;
}
public boolean authorityExists(String name) public boolean authorityExists(String name)
{ {
NodeRef ref = getAuthorityOrNull(name); NodeRef ref = getAuthorityOrNull(name);
@@ -150,7 +142,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
throw new AlfrescoRuntimeException("Authorities of the type " throw new AlfrescoRuntimeException("Authorities of the type "
+ AuthorityType.getAuthorityType(childName) + " may not be added to other authorities"); + AuthorityType.getAuthorityType(childName) + " may not be added to other authorities");
} }
authorityCapabilityRegistry.addAuthority(childName, parentName);
} }
public void createAuthority(String parentName, String name) public void createAuthority(String parentName, String name)
@@ -173,7 +164,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
nodeService.createNode(authorityContainerRef, ContentModel.ASSOC_CHILDREN, QName.createQName("usr", name, nodeService.createNode(authorityContainerRef, ContentModel.ASSOC_CHILDREN, QName.createQName("usr", name,
namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props); namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, props);
} }
authorityCapabilityRegistry.addAuthority(name, parentName);
} }
public void deleteAuthority(String name) public void deleteAuthority(String name)
@@ -185,7 +175,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
} }
nodeService.deleteNode(nodeRef); nodeService.deleteNode(nodeRef);
userToAuthorityCache.clear(); userToAuthorityCache.clear();
authorityCapabilityRegistry.removeAuthority(name);
} }
public Set<String> getAllRootAuthorities(AuthorityType type) public Set<String> getAllRootAuthorities(AuthorityType type)
@@ -256,7 +245,6 @@ public class AuthorityDAOImpl implements AuthorityDAO
nodeService.removeChild(parentRef, childRef); nodeService.removeChild(parentRef, childRef);
userToAuthorityCache.clear(); userToAuthorityCache.clear();
} }
authorityCapabilityRegistry.removeAuthorityChild(parentName, childName);
} }
public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate) public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate)

425
source/java/org/alfresco/repo/simple/permission/ACLImpl.java
View File

@@ -1,425 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.avm.util.RawServices;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.simple.permission.ACL;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
/**
* Basic implementation of a simple ACL.
* @author britt
*/
public class ACLImpl implements ACL
{
private static final long serialVersionUID = -8720314753104805631L;
/**
* Map of capabilities to authorities allowed.
*/
private Map<String, Set<String>> fAllowed;
/**
* Map of capabilities to authorities denied.
*/
private Map<String, Set<String>> fDenied;
/**
* Should this ACL be inherited.
*/
private boolean fInherit;
/**
* String (compact) representation of ACL.
*/
private String fStringRep;
/**
* Reference to the capability registry.
*/
private transient AuthorityCapabilityRegistry fCapabilityRegistry;
/**
* Initialize a brand new one.
* @param inherit Should this ACL be inherited.
*/
public ACLImpl(boolean inherit)
{
fInherit = inherit;
fCapabilityRegistry = RawServices.Instance().getAuthorityCapabilityRegistry();
fAllowed = new HashMap<String, Set<String>>();
fDenied = new HashMap<String, Set<String>>();
fStringRep = null;
}
/**
* Initialize from an external string representation.
* @param rep
*/
public ACLImpl(String rep)
{
this(true);
fStringRep = rep;
}
public ACLImpl(ACL other)
{
this(true);
fStringRep = other.getStringRepresentation();
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#allow(java.lang.String, java.lang.String[])
*/
public void allow(String capability, String... authorities)
{
capability = capability.toLowerCase();
List<String> auths = new ArrayList<String>();
for (String auth : authorities)
{
auths.add(fCapabilityRegistry.normalizeAuthority(auth));
}
digest();
// First remove any explicit denies.
Set<String> denied = fDenied.get(capability);
if (denied != null)
{
for (String authority : auths)
{
denied.remove(authority);
}
}
// Add the authorities to the allowed list.
Set<String> allowed = fAllowed.get(capability);
if (allowed == null)
{
allowed = new HashSet<String>();
fAllowed.put(capability, allowed);
}
for (String authority : auths)
{
allowed.add(authority);
}
}
/**
* Helper to decode from the string representation.
*/
private void digest()
{
if (fStringRep == null)
{
return;
}
String[] segments = fStringRep.split("\\|");
fInherit = segments[0].equals("i");
digestMap(segments[1], fAllowed);
digestMap(segments[2], fDenied);
fStringRep = null;
}
/**
* Sub helper for decoding string representation.
* @param string The partial string representation.
* @param map The map to update.
*/
private void digestMap(String rep, Map<String, Set<String>> map)
{
String[] segments = rep.split(":");
if (segments.length == 0 || segments[0].equals(""))
{
// This means there are no explicit entries.
return;
}
for (String entryRep : segments)
{
String[] entryRegs = entryRep.split(";");
String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 32));
if (capability == null)
{
continue;
}
Set<String> authorities = new HashSet<String>();
map.put(capability, authorities);
for (int i = 1; i < entryRegs.length; ++i)
{
String authority = fCapabilityRegistry.getAuthorityName(Integer.parseInt(entryRegs[i], 32));
if (authority == null)
{
continue;
}
authorities.add(authority);
}
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#can(java.lang.String, boolean, java.lang.String)
*/
public boolean can(String authority, boolean isOwner, String capability)
{
authority = fCapabilityRegistry.normalizeAuthority(authority);
capability = capability.toLowerCase();
digest();
AuthorityType type = AuthorityType.getAuthorityType(authority);
// Admin trumps.
if (type == AuthorityType.ADMIN)
{
return true;
}
// Look for denies first.
Set<String> denied = fDenied.get(capability);
if (denied != null)
{
if (denied.contains(authority))
{
return false;
}
for (String auth : denied)
{
if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{
return false;
}
}
}
// Now look for allows.
Set<String> allowed = fAllowed.get(capability);
if (allowed != null)
{
if (allowed.contains(authority))
{
return true;
}
for (String auth : allowed)
{
if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{
return true;
}
}
}
return false;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#deny(java.lang.String, java.lang.String[])
*/
public void deny(String capability, String ... authorities)
{
capability = capability.toLowerCase();
List<String> auths = new ArrayList<String>();
for (String auth : authorities)
{
auths.add(fCapabilityRegistry.normalizeAuthority(auth));
}
digest();
// Remove corresponding explicit allows.
Set<String> allowed = fAllowed.get(capability);
if (allowed != null)
{
for (String authority : auths)
{
allowed.remove(authority);
}
}
// Now add denies.
Set<String> denied = fDenied.get(capability);
if (denied == null)
{
denied = new HashSet<String>();
fDenied.put(capability, denied);
}
for (String authority : auths)
{
if (AuthorityType.getAuthorityType(authority) == AuthorityType.ADMIN)
{
continue;
}
denied.add(authority);
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#getAllowed(java.lang.String)
*/
public Set<String> getAllowed(String capability)
{
capability = capability.toLowerCase();
digest();
Set<String> allowed = new HashSet<String>();
allowed.add(AuthorityType.ADMIN.getFixedString());
// Add the explicitly allowed.
Set<String> expAllowed = fAllowed.get(capability);
if (expAllowed == null)
{
return allowed;
}
allowed.addAll(expAllowed);
for (String authority : expAllowed)
{
allowed.addAll(fCapabilityRegistry.getContainedAuthorities(authority));
}
// Now remove based on denials.
Set<String> denied = fDenied.get(capability);
if (denied == null)
{
return allowed;
}
allowed.removeAll(denied);
// Now those that are indirectly denied.
for (String authority : denied)
{
allowed.removeAll(fCapabilityRegistry.getContainedAuthorities(authority));
}
return allowed;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#getCapabilities(java.lang.String, boolean)
*/
public Set<String> getCapabilities(String authority, boolean isOwner)
{
authority = fCapabilityRegistry.normalizeAuthority(authority);
digest();
AuthorityType type = AuthorityType.getAuthorityType(authority);
if (type == AuthorityType.ADMIN)
{
return fCapabilityRegistry.getAllCapabilities();
}
Set<String> capabilities = new HashSet<String>();
// First run through the allowed entries.
Set<String> containers = null;
for (Map.Entry<String, Set<String>> entry : fAllowed.entrySet())
{
if (entry.getValue().contains(authority))
{
capabilities.add(entry.getKey());
continue;
}
if (containers == null)
{
containers = fCapabilityRegistry.getContainerAuthorities(authority);
}
for (String auth : containers)
{
if (entry.getValue().contains(auth))
{
capabilities.add(entry.getKey());
break;
}
}
}
// Now go through the denials.
for (Map.Entry<String, Set<String>> entry : fDenied.entrySet())
{
if (!capabilities.contains(entry.getKey()))
{
continue;
}
Set<String> denied = entry.getValue();
if (denied.contains(authority))
{
capabilities.remove(entry.getKey());
continue;
}
if (containers == null)
{
containers = fCapabilityRegistry.getContainerAuthorities(authority);
}
for (String auth : containers)
{
if (denied.contains(auth))
{
capabilities.remove(entry.getKey());
break;
}
}
}
return capabilities;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#getStringRepresentation()
*/
public String getStringRepresentation()
{
if (fStringRep != null)
{
return fStringRep;
}
StringBuilder builder = new StringBuilder();
builder.append(fInherit ? 'i' : 'n');
builder.append('|');
int count = 0;
for (Map.Entry<String, Set<String>> entry : fAllowed.entrySet())
{
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue())
{
builder.append(';');
builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
}
if (count++ < fAllowed.size() - 1)
{
builder.append(':');
}
}
builder.append('|');
count = 0;
for (Map.Entry<String, Set<String>> entry : fDenied.entrySet())
{
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue())
{
builder.append(';');
builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
}
if (count++ < fDenied.size() - 1)
{
builder.append(':');
}
}
return builder.toString();
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.ACL#inherits()
*/
public boolean inherits()
{
digest();
return fInherit;
}
}

175
source/java/org/alfresco/repo/simple/permission/ACLTest.java
View File

@@ -1,175 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.simple.permission.ACL;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import junit.framework.TestCase;
/**
* Rudimentary test of ACLs.
* @author britt
*/
public class ACLTest extends TestCase
{
private static FileSystemXmlApplicationContext fContext = null;
private static PersonService fPersonService;
private static AuthorityService fAuthorityService;
private static AuthenticationService fAuthenticationService;
private static AuthenticationComponent fAuthenticationComponent;
private static AuthorityCapabilityRegistry fCapabilityRegistry;
/* (non-Javadoc)
* @see junit.framework.TestCase#setUp()
*/
protected void setUp() throws Exception
{
if (fContext == null)
{
fContext = new FileSystemXmlApplicationContext("config/alfresco/application-context.xml");
fPersonService = (PersonService)fContext.getBean("PersonService");
fAuthorityService = (AuthorityService)fContext.getBean("AuthorityService");
fAuthenticationService = (AuthenticationService)fContext.getBean("AuthenticationService");
fAuthenticationComponent = (AuthenticationComponent)fContext.getBean("AuthenticationComponent");
fAuthenticationComponent.setSystemUserAsCurrentUser();
fCapabilityRegistry = (AuthorityCapabilityRegistry)fContext.getBean("authorityCapabilityRegistry");
}
// Set up sample users groups and roles.
try
{
fAuthenticationService.createAuthentication("Buffy", "Buffy".toCharArray());
fPersonService.getPerson("Buffy");
fAuthorityService.createAuthority(AuthorityType.GROUP, null, "Scoobies");
fAuthorityService.addAuthority("GROUP_Scoobies", "Buffy");
fAuthenticationService.createAuthentication("Willow", "Willow".toCharArray());
fPersonService.getPerson("Willow");
fAuthorityService.addAuthority("GROUP_Scoobies", "Willow");
fAuthenticationService.createAuthentication("Xander", "Xander".toCharArray());
fPersonService.getPerson("Xander");
fAuthorityService.addAuthority("GROUP_Scoobies", "Xander");
fAuthenticationService.createAuthentication("Tara", "Tara".toCharArray());
fPersonService.getPerson("Tara");
fAuthenticationService.createAuthentication("Spike", "Spike".toCharArray());
fPersonService.getPerson("Spike");
fAuthorityService.createAuthority(AuthorityType.GROUP, null, "vampires");
fAuthorityService.addAuthority("GROUP_vampires", "Spike");
fAuthorityService.createAuthority(AuthorityType.GROUP, null, "soulless");
fAuthorityService.addAuthority("GROUP_soulless", "Spike");
}
catch (Exception e)
{
tearDown();
setUp();
}
}
/* (non-Javadoc)
* @see junit.framework.TestCase#tearDown()
*/
protected void tearDown() throws Exception
{
fAuthenticationService.deleteAuthentication("Buffy");
fAuthenticationService.deleteAuthentication("Willow");
fAuthenticationService.deleteAuthentication("Xander");
fAuthenticationService.deleteAuthentication("Tara");
fAuthenticationService.deleteAuthentication("Spike");
fPersonService.deletePerson("Buffy");
fPersonService.deletePerson("Willow");
fPersonService.deletePerson("Tara");
fPersonService.deletePerson("Xander");
fPersonService.deletePerson("Spike");
fAuthorityService.deleteAuthority("GROUP_Scoobies");
fAuthorityService.deleteAuthority("GROUP_vampires");
fAuthorityService.deleteAuthority("GROUP_soulless");
}
public void testBasic()
{
try
{
Set<String> allCaps = fCapabilityRegistry.getAllCapabilities();
System.out.println(allCaps);
System.out.println(fCapabilityRegistry.getAllAuthorities());
ACL acl = new ACLImpl(true);
acl.allow("read", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("write", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("delete", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("shimmy", "GROUP_Scoobies", "GROUP_vampires");
acl.allow("shake", "GROUP_vampires", "Tara");
acl.deny("delete", "Xander", "GROUP_soulless");
acl.deny("shake", "Spike");
checkEvaluation(allCaps, acl, "Spike");
checkEvaluation(allCaps, acl, "Tara");
checkEvaluation(allCaps, acl, "Xander");
checkEvaluation(allCaps, acl, "Buffy");
String stringRep = acl.getStringRepresentation();
System.out.println(stringRep);
ACL acl2 = new ACLImpl(stringRep);
System.out.println(acl2.getStringRepresentation());
checkEvaluation(allCaps, acl2, "Spike");
checkEvaluation(allCaps, acl2, "Tara");
checkEvaluation(allCaps, acl2, "Xander");
checkEvaluation(allCaps, acl2, "Buffy");
System.out.println(acl2.getStringRepresentation());
}
catch (Exception e)
{
e.printStackTrace();
fail();
}
}
private void checkEvaluation(Set<String> allCaps, ACL acl, String authority)
{
Set<String> caps = acl.getCapabilities(authority, false);
System.out.println(caps);
for (String cap : caps)
{
assertTrue(acl.can(authority, false, cap));
}
Set<String> inverse = new HashSet<String>(allCaps);
inverse.removeAll(caps);
for (String cap : inverse)
{
assertFalse(acl.can(authority, false, cap));
}
}
}

29
source/java/org/alfresco/repo/simple/permission/AuthorityCapability.hbm.xml
View File

@@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping package="org.alfresco.repo.simple.permission">
<!-- All the authorities and their containment relationships. -->
<class name="AuthorityEntryImpl" proxy="AuthorityEntry" optimistic-lock="version"
table="alf_authority_entries">
<id name="id" column="id" type="int">
<generator class="native"/>
</id>
<version name="version" type="long" column="version"/>
<property name="name" type="string" length="100" column="name" unique="true"/>
<set name="children" table="alf_auth_children" optimistic-lock="true"
sort="unsorted">
<key column="parent_id" foreign-key="fk_child_auth"/>
<many-to-many class="AuthorityEntryImpl" column="child_id" foreign-key="fk_auth_child"/>
</set>
</class>
<!-- All the capabilities. -->
<class name="CapabilityEntryImpl" proxy="CapabilityEntry" optimistic-lock="version"
table="alf_capability_entries">
<id name="id" column="id" type="int">
<generator class="native"/>
</id>
<version name="version" type="long" column="version"/>
<property name="name" type="string" length="100" column="name" unique="true"/>
</class>
</hibernate-mapping>

64
source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityBootstrap.java
View File

@@ -1,64 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import org.alfresco.util.AbstractLifecycleBean;
import org.springframework.context.ApplicationEvent;
/**
* Bootstrapping for the AuthorityCapabilityRegistry.
* @author britt
*/
public class AuthorityCapabilityBootstrap extends AbstractLifecycleBean
{
private AuthorityCapabilityRegistryImpl fRegistry;
public AuthorityCapabilityBootstrap()
{
}
public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistryImpl registry)
{
fRegistry = registry;
}
/* (non-Javadoc)
* @see org.alfresco.util.AbstractLifecycleBean#onBootstrap(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onBootstrap(ApplicationEvent event)
{
fRegistry.bootstrap();
}
/* (non-Javadoc)
* @see org.alfresco.util.AbstractLifecycleBean#onShutdown(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onShutdown(ApplicationEvent event)
{
}
}

588
source/java/org/alfresco/repo/simple/permission/AuthorityCapabilityRegistryImpl.java
View File

@@ -1,588 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.TransactionListener;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Implementation of a registry for Authorities and Capabilities.
* @author britt
*/
public class AuthorityCapabilityRegistryImpl implements
AuthorityCapabilityRegistry, TransactionListener
{
private static Log fgLogger = LogFactory.getLog(AuthorityCapabilityRegistryImpl.class);
private Map<String, Integer> fAuthorityToID;
private Map<Integer, String> fIDToAuthority;
private Map<String, Set<String>> fAuthorityToChild;
private Map<String, Set<String>> fChildToAuthority;
private Map<String, Integer> fCapabilityToID;
private Map<Integer, String> fIDToCapability;
private AuthorityEntryDAO fAuthorityEntryDAO;
private CapabilityEntryDAO fCapabilityEntryDAO;
private Set<String> fInitialCapabilities;
private RetryingTransactionHelper fTransactionHelper;
private AuthorityService fAuthorityService;
public AuthorityCapabilityRegistryImpl()
{
fAuthorityToID = new HashMap<String, Integer>();
fIDToAuthority = new HashMap<Integer, String>();
fAuthorityToChild = new HashMap<String, Set<String>>();
fChildToAuthority = new HashMap<String, Set<String>>();
fCapabilityToID = new HashMap<String, Integer>();
fIDToCapability = new HashMap<Integer, String>();
}
public void setAuthorityEntryDAO(AuthorityEntryDAO dao)
{
fAuthorityEntryDAO = dao;
}
public void setCapabilityEntryDAO(CapabilityEntryDAO dao)
{
fCapabilityEntryDAO = dao;
}
public void setCapabilities(Set<String> capabilities)
{
fInitialCapabilities = capabilities;
}
public void setRetryingTransactionHelper(RetryingTransactionHelper helper)
{
fTransactionHelper = helper;
}
public void setAuthorityService(AuthorityService service)
{
fAuthorityService = service;
}
public void bootstrap()
{
fTransactionHelper.doInTransaction(
new RetryingTransactionHelper.RetryingTransactionCallback<Object>()
{
public Object execute()
{
init();
return null;
}
});
}
public void init()
{
List<CapabilityEntry> entries = fCapabilityEntryDAO.getAll();
for (CapabilityEntry entry : entries)
{
String capability = entry.getName().toLowerCase();
fCapabilityToID.put(capability, entry.getId());
fIDToCapability.put(entry.getId(), capability);
}
for (String entry : fInitialCapabilities)
{
entry = entry.toLowerCase();
if (!fCapabilityToID.containsKey(entry))
{
CapabilityEntry newEntry = new CapabilityEntryImpl(entry);
fCapabilityEntryDAO.save(newEntry);
fCapabilityToID.put(entry, newEntry.getId());
fIDToCapability.put(newEntry.getId(), entry);
}
}
List<AuthorityEntry> authorities = fAuthorityEntryDAO.get();
for (AuthorityEntry entry : authorities)
{
String name = normalizeAuthority(entry.getName());
Integer id = entry.getId();
fAuthorityToID.put(name, id);
fIDToAuthority.put(id, name);
for (AuthorityEntry child : entry.getChildren())
{
String childName = normalizeAuthority(child.getName());
Set<String> children = fAuthorityToChild.get(name);
if (children == null)
{
children = new HashSet<String>();
fAuthorityToChild.put(name, children);
}
children.add(childName);
Set<String> parents = fChildToAuthority.get(childName);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(childName, parents);
}
parents.add(name);
}
}
// Now go to AuthorityService to fill anything that might be missing.
AuthorityType[] types = AuthorityType.values();
for (AuthorityType type : types)
{
Set<String> auths = fAuthorityService.getAllAuthorities(type);
for (String auth : auths)
{
auth = normalizeAuthority(auth);
if (fAuthorityToID.containsKey(auth))
{
continue;
}
AuthorityEntry entry = new AuthorityEntryImpl(auth);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(auth, entry.getId());
fIDToAuthority.put(entry.getId(), auth);
}
}
for (AuthorityType type : types)
{
Set<String> auths = fAuthorityService.getAllAuthorities(type);
for (String auth : auths)
{
AuthorityType aType = AuthorityType.getAuthorityType(auth);
if (aType == AuthorityType.ROLE || aType == AuthorityType.EVERYONE ||
aType == AuthorityType.GUEST)
{
continue;
}
Set<String> children = fAuthorityService.getContainedAuthorities(null, auth, true);
auth = normalizeAuthority(auth);
Set<String> found = fAuthorityToChild.get(auth);
if (found == null)
{
found = new HashSet<String>();
fAuthorityToChild.put(auth, found);
}
AuthorityEntry entry = null;
if (!fAuthorityToID.containsKey(auth))
{
entry = new AuthorityEntryImpl(auth);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(auth, entry.getId());
fIDToAuthority.put(entry.getId(), auth);
}
else
{
entry = fAuthorityEntryDAO.get(fAuthorityToID.get(auth));
}
for (String child : children)
{
child = normalizeAuthority(child);
if (found.contains(child))
{
continue;
}
AuthorityEntry childEntry = null;
if (!fAuthorityToID.containsKey(child))
{
childEntry = new AuthorityEntryImpl(child);
fAuthorityEntryDAO.save(childEntry);
fAuthorityToID.put(child, childEntry.getId());
fIDToAuthority.put(childEntry.getId(), child);
}
else
{
childEntry = fAuthorityEntryDAO.get(fAuthorityToID.get(child));
}
entry.getChildren().add(childEntry);
found.add(child);
Set<String> parents = fChildToAuthority.get(child);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(child, parents);
}
parents.add(auth);
}
}
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addAuthority(java.lang.String, java.lang.String)
*/
public synchronized void addAuthority(String authority, String parent)
{
authority = normalizeAuthority(authority);
parent = normalizeAuthority(parent);
AlfrescoTransactionSupport.bindListener(this);
AuthorityEntry entry = null;
if (!fAuthorityToID.containsKey(authority))
{
entry = new AuthorityEntryImpl(authority);
fAuthorityEntryDAO.save(entry);
fAuthorityToID.put(authority, entry.getId());
fIDToAuthority.put(entry.getId(), authority);
}
if (parent != null)
{
if (entry == null)
{
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
entry = fAuthorityEntryDAO.get(id);
}
Integer id = fAuthorityToID.get(parent);
if (id == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
AuthorityEntry pEntry = fAuthorityEntryDAO.get(id);
pEntry.getChildren().add(entry);
Set<String> children = fAuthorityToChild.get(parent);
if (children == null)
{
children = new HashSet<String>();
fAuthorityToChild.put(parent, children);
}
children.add(authority);
Set<String> parents = fChildToAuthority.get(authority);
if (parents == null)
{
parents = new HashSet<String>();
fChildToAuthority.put(authority, parents);
}
parents.add(parent);
}
}
/**
* Get case normalized authority.
*/
public String normalizeAuthority(String authority)
{
if (authority == null)
{
return null;
}
AuthorityType type = AuthorityType.getAuthorityType(authority);
switch (type)
{
case ADMIN :
{
return authority;
}
case EVERYONE :
{
return PermissionService.ALL_AUTHORITIES;
}
case GROUP :
{
return PermissionService.GROUP_PREFIX + authority.substring(PermissionService.GROUP_PREFIX.length()).toLowerCase();
}
case USER :
case GUEST :
{
return authority.toLowerCase();
}
case OWNER :
{
return PermissionService.OWNER_AUTHORITY;
}
case ROLE :
{
return PermissionService.ROLE_PREFIX + authority.substring(PermissionService.ROLE_PREFIX.length()).toLowerCase();
}
default :
{
return null;
}
}
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthority(java.lang.String)
*/
public synchronized void removeAuthority(String authority)
{
authority = normalizeAuthority(authority);
AlfrescoTransactionSupport.bindListener(this);
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
return;
}
AuthorityEntry entry = fAuthorityEntryDAO.get(id);
if (entry == null)
{
fgLogger.error("Authority Doesn't exist: " + authority, new Exception());
return;
}
List<AuthorityEntry> parents = fAuthorityEntryDAO.getParents(entry);
for (AuthorityEntry parent : parents)
{
parent.getChildren().remove(entry);
}
fAuthorityEntryDAO.delete(entry);
Set<String> pNames = fChildToAuthority.get(authority);
if (pNames != null)
{
for (String parent : pNames)
{
fAuthorityToChild.get(parent).remove(authority);
}
}
fChildToAuthority.remove(authority);
id = fAuthorityToID.remove(authority);
fIDToAuthority.remove(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#removeAuthorityChild(java.lang.String, java.lang.String)
*/
public synchronized void removeAuthorityChild(String parent, String child)
{
parent = normalizeAuthority(parent);
child = normalizeAuthority(child);
AlfrescoTransactionSupport.bindListener(this);
Integer id = fAuthorityToID.get(child);
if (id == null)
{
return;
}
AuthorityEntry cEntry = fAuthorityEntryDAO.get(id);
id = fAuthorityToID.get(parent);
if (id == null)
{
return;
}
AuthorityEntry cParent = fAuthorityEntryDAO.get(parent);
cParent.getChildren().remove(cEntry);
fAuthorityToChild.get(parent).remove(child);
fChildToAuthority.get(child).remove(parent);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#addCapability(java.lang.String)
*/
public synchronized void addCapability(String capability)
{
capability = capability.toLowerCase();
AlfrescoTransactionSupport.bindListener(this);
CapabilityEntry entry = fCapabilityEntryDAO.get(capability);
if (entry != null)
{
return;
}
entry = new CapabilityEntryImpl(capability);
fCapabilityEntryDAO.save(entry);
entry = fCapabilityEntryDAO.get(capability);
fCapabilityToID.put(capability, entry.getId());
fIDToCapability.put(entry.getId(), capability);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllAuthorities()
*/
public synchronized Set<String> getAllAuthorities()
{
return new HashSet<String>(fAuthorityToID.keySet());
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAllCapabilities()
*/
public synchronized Set<String> getAllCapabilities()
{
return new HashSet<String>(fCapabilityToID.keySet());
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityID(java.lang.String)
*/
public synchronized int getAuthorityID(String authority)
{
authority = normalizeAuthority(authority);
Integer id = fAuthorityToID.get(authority);
if (id == null)
{
return -1;
}
return id;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getAuthorityName(int)
*/
public synchronized String getAuthorityName(int id)
{
return fIDToAuthority.get(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityID(java.lang.String)
*/
public synchronized int getCapabilityID(String capability)
{
capability = capability.toLowerCase();
Integer id = fCapabilityToID.get(capability);
if (id == null)
{
return -1;
}
return id;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getCapabilityName(int)
*/
public synchronized String getCapabilityName(int id)
{
return fIDToCapability.get(id);
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainedAuthorities(java.lang.String)
*/
public synchronized Set<String> getContainedAuthorities(String authority)
{
authority = normalizeAuthority(authority);
Set<String> contained = new HashSet<String>();
contained.add(authority);
int count = 1;
int oldCount = -1;
while (count != oldCount)
{
Set<String> more = new HashSet<String>();
for (String auth : contained)
{
Set<String> children = fAuthorityToChild.get(auth);
if (children != null)
{
more.addAll(children);
}
}
contained.addAll(more);
oldCount = count;
count = contained.size();
}
contained.remove(authority);
return contained;
}
/* (non-Javadoc)
* @see org.alfresco.service.simple.permission.AuthorityCapabilityRegistry#getContainerAuthorities(java.lang.String)
*/
public Set<String> getContainerAuthorities(String authority)
{
authority = normalizeAuthority(authority);
Set<String> containers = new HashSet<String>();
containers.add(authority);
int count = 1;
int oldCount = -1;
while (count != oldCount)
{
Set<String> more = new HashSet<String>();
for (String auth : containers)
{
Set<String> parents = fChildToAuthority.get(auth);
if (parents != null)
{
more.addAll(parents);
}
}
containers.addAll(more);
oldCount = count;
count = containers.size();
}
containers.remove(authority);
return containers;
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#afterCommit()
*/
public void afterCommit()
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#afterRollback()
*/
public synchronized void afterRollback()
{
fAuthorityToID.clear();
fIDToAuthority.clear();
fAuthorityToChild.clear();
fChildToAuthority.clear();
fCapabilityToID.clear();
fIDToCapability.clear();
bootstrap();
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#beforeCommit(boolean)
*/
public void beforeCommit(boolean readOnly)
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#beforeCompletion()
*/
public void beforeCompletion()
{
}
/* (non-Javadoc)
* @see org.alfresco.repo.transaction.TransactionListener#flush()
*/
public void flush()
{
}
}

55
source/java/org/alfresco/repo/simple/permission/AuthorityEntry.java
View File

@@ -1,55 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.io.Serializable;
import java.util.Set;
/**
* Interface for an Authority entry, an aggregate of an authority name, id,
* and a set of children.
* @author britt
*/
public interface AuthorityEntry extends Serializable
{
/**
* Get the Primary Key.
* @return The id.
*/
public int getId();
/**
* Get the name of the authority.
* @return The name.
*/
public String getName();
/**
* Get the children of this entry.
* @return The set of children.
*/
public Set<AuthorityEntry> getChildren();
}

74
source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAO.java
View File

@@ -1,74 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
/**
* DAO interface for Authority Entries.
* @author britt
*/
public interface AuthorityEntryDAO
{
/**
* Save one. Recursive.
* @param entry The one to save.
*/
public void save(AuthorityEntry entry);
/**
* Get all the entries.
* @return What you asked for.
*/
public List<AuthorityEntry> get();
/**
* Get the parents of an authority.
* @param entry The child.
* @return The parents.
*/
public List<AuthorityEntry> getParents(AuthorityEntry entry);
/**
* Get one by name.
* @param name The authority name.
* @return The entry or null if not found.
*/
public AuthorityEntry get(String name);
/**
* Get one by primary key.
* @param id
* @return The entry or null if not found.
*/
public AuthorityEntry get(int id);
/**
* Delete an authority.
* @param entry The authority.
*/
public void delete(AuthorityEntry entry);
}

95
source/java/org/alfresco/repo/simple/permission/AuthorityEntryDAOHibernate.java
View File

@@ -1,95 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
import org.hibernate.Query;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* Hibernate DAO for Authority Entries.
* @author britt
*/
public class AuthorityEntryDAOHibernate extends HibernateDaoSupport implements
AuthorityEntryDAO
{
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(java.lang.String)
*/
public AuthorityEntry get(String name)
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae where ae.name = :name");
query.setString("name", name);
return (AuthorityEntry)query.uniqueResult();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#get(int)
*/
public AuthorityEntry get(int id)
{
return (AuthorityEntry)getSession().get(AuthorityEntryImpl.class, id);
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getRoots()
*/
@SuppressWarnings("unchecked")
public List<AuthorityEntry> get()
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae");
return (List<AuthorityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#save(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
public void save(AuthorityEntry entry)
{
getSession().save(entry);
getSession().flush();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#getParents(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
@SuppressWarnings("unchecked")
public List<AuthorityEntry> getParents(AuthorityEntry entry)
{
Query query = getSession().createQuery("from AuthorityEntryImpl ae where :child in elements(ae.children)");
query.setEntity("child", entry);
return (List<AuthorityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntryDAO#delete(org.alfresco.repo.simple.permission.AuthorityEntry)
*/
public void delete(AuthorityEntry entry)
{
getSession().delete(entry);
}
}

140
source/java/org/alfresco/repo/simple/permission/AuthorityEntryImpl.java
View File

@@ -1,140 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.HashSet;
import java.util.Set;
/**
* Persistent Hibernate implementation of an AuthorityEntry.
* @author britt
*/
public class AuthorityEntryImpl implements AuthorityEntry
{
private static final long serialVersionUID = -3265592070954983948L;
private int fID;
private long fVersion;
private String fName;
private Set<AuthorityEntry> fChildren;
public AuthorityEntryImpl()
{
}
public AuthorityEntryImpl(String name)
{
fName = name;
fChildren = new HashSet<AuthorityEntry>();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getChildren()
*/
public Set<AuthorityEntry> getChildren()
{
return fChildren;
}
public void setChildren(Set<AuthorityEntry> children)
{
fChildren = children;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getId()
*/
public int getId()
{
return fID;
}
public void setId(int id)
{
fID = id;
}
public long getVersion()
{
return fVersion;
}
public void setVersion(long version)
{
fVersion = version;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.AuthorityEntry#getName()
*/
public String getName()
{
return fName;
}
public void setName(String name)
{
fName = name;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj)
{
if (this == obj)
{
return true;
}
if (!(obj instanceof AuthorityEntry))
{
return false;
}
return fID == ((AuthorityEntry)obj).getId();
}
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode()
{
return fID;
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString()
{
return "[AuthorityEntry:" + fName + ":" + fID + "]";
}
}

47
source/java/org/alfresco/repo/simple/permission/CapabilityEntry.java
View File

@@ -1,47 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.io.Serializable;
/**
* Interface for a capability entry.
* @author britt
*/
public interface CapabilityEntry extends Serializable
{
/**
* Get the primary key.
* @return The id.
*/
public int getId();
/**
* Get the name of the Capability.
* @return The name of the Capability.
*/
public String getName();
}

54
source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAO.java
View File

@@ -1,54 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
/**
* DAO Interface for capability entries.
* @author britt
*/
public interface CapabilityEntryDAO
{
/**
* Save one.
* @param entry The one to save.
*/
public void save(CapabilityEntry entry);
/**
* Get all the CapabilityEntries.
* @return All of them.
*/
public List<CapabilityEntry> getAll();
/**
* Get an entry by name.
* @param name The name of the entry.
* @return The entry or null if it doesn't exist.
*/
public CapabilityEntry get(String name);
}

67
source/java/org/alfresco/repo/simple/permission/CapabilityEntryDAOHibernate.java
View File

@@ -1,67 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
import java.util.List;
import org.hibernate.Query;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* Hibernate implementation of a CapabilityEntryDAO.
* @author britt
*/
public class CapabilityEntryDAOHibernate extends HibernateDaoSupport implements CapabilityEntryDAO
{
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#get(java.lang.String)
*/
public CapabilityEntry get(String name)
{
Query query = getSession().createQuery("from CapabilityEntryImpl ce where ce.name = :name");
query.setString("name", name);
return (CapabilityEntry)query.uniqueResult();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#getAll()
*/
@SuppressWarnings("unchecked")
public List<CapabilityEntry> getAll()
{
Query query = getSession().createQuery("from CapabilityEntryImpl ce");
return (List<CapabilityEntry>)query.list();
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntryDAO#save(org.alfresco.repo.simple.permission.CapabilityEntry)
*/
public void save(CapabilityEntry entry)
{
getSession().save(entry);
getSession().flush();
}
}

86
source/java/org/alfresco/repo/simple/permission/CapabilityEntryImpl.java
View File

@@ -1,86 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.simple.permission;
/**
* Implementation of Capability Entry.
* @author britt
*/
public class CapabilityEntryImpl implements CapabilityEntry
{
private static final long serialVersionUID = 7235803886625308634L;
private int fID;
private String fName;
private long fVersion;
public CapabilityEntryImpl()
{
}
public CapabilityEntryImpl(String name)
{
fName = name;
}
public long getVersion()
{
return fVersion;
}
public void setVersion(long version)
{
fVersion = version;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntry#getId()
*/
public int getId()
{
return fID;
}
public void setId(int id)
{
fID = id;
}
/* (non-Javadoc)
* @see org.alfresco.repo.simple.permission.CapabilityEntry#getName()
*/
public String getName()
{
return fName;
}
public void setName(String name)
{
fName = name;
}
}

92
source/java/org/alfresco/service/simple/permission/ACL.java
View File

@@ -1,92 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.service.simple.permission;
import java.io.Serializable;
import java.util.Set;
/**
* Interface for ACLs. ACLs express the capabilities granted to
* different authorities (users, groups, or roles (one hopes that roles can go away as they are
* operationally just another name for a group)). ACLs contain explicit entries made of
* a capability and a list of agents plus an indication of whether the entry denies or allows
* the capability. Entries that deny override any entries that allow.
* @author britt
*/
public interface ACL extends Serializable
{
/**
* Insert an allow entry.
* Removes any denials explicitly for the authorities and capability given.
* @param capability The capability to grant.
* @param authorities The authorities granted the capability.
*/
public void allow(String capability, String ... authorities);
/**
* Insert a deny entry.
* Removes any allows explicitly for the authorities and capability given.
* @param capability The capability to deny.
* @param authorities The authorities to deny.
*/
public void deny(String capability, String ... authorities);
/**
* Does the given authority have the given capability
* @param authority The authority (user)
* @param isOwner Is the authority the owner of the controlled entity.
* @param capability The capability.
* @return Whether the authority can.
*/
public boolean can(String authority, boolean isOwner, String capability);
/**
* Get the capabilities for the given authority.
* @param authority The authority.
* @param isOwner is the authority the owner of the controlled entity.
* @return A set of capabilities.
*/
public Set<String> getCapabilities(String authority, boolean isOwner);
/**
* Get the authorities with the given capability.
* @param capability The capability under consideration.
* @return The set of authorities.
*/
public Set<String> getAllowed(String capability);
/**
* Get a string representation of this ACL, suitable for persistence.
* @return The string representation.
*/
public String getStringRepresentation();
/**
* Should this ACL be inherited.
* @return Whether it should.
*/
public boolean inherits();
}

121
source/java/org/alfresco/service/simple/permission/AuthorityCapabilityRegistry.java
View File

@@ -1,121 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.service.simple.permission;
import java.util.Set;
/**
* Interface for a registry of capabilities.
* @author britt
*/
public interface AuthorityCapabilityRegistry
{
/**
* Get all known capabilities.
* @return A list of all the capabilities.
*/
public Set<String> getAllCapabilities();
/**
* Get all authorities know to the system.
* @return
*/
public Set<String> getAllAuthorities();
/**
* Get the integer id corresponding to the given capability.
* @return The id.
*/
public int getCapabilityID(String capability);
/**
* Get the name of a capability from it's unique id.
* @param id
* @return The capability name or null if the id is invalid.
*/
public String getCapabilityName(int id);
/**
* Add a capability.
* @param capability
*/
public void addCapability(String capability);
/**
* Get the id for an authority.
* @param authority
* @return The id for the authority.
*/
public int getAuthorityID(String authority);
/**
* Get the name from an authority id.
* @param id The authority id.
* @return The authority name.
*/
public String getAuthorityName(int id);
/**
* Add a new authority.
* @param authority The authority name.
* @param parent The parent authority. May be null.
*/
public void addAuthority(String authority, String parent);
/**
* Remove an authority completely from the system.
* @param authority The authority to move.
*/
public void removeAuthority(String authority);
/**
* Remove a containment relationship.
* @param parent The parent.
* @param child The child.
*/
public void removeAuthorityChild(String parent, String child);
/**
* Get all authorities which are contained directly or transitively by the given authority.
* @param authority The authority to check.
* @return The contained authorities.
*/
public Set<String> getContainedAuthorities(String authority);
/**
* Get all authorities which directly or indirectly contain the given authority.
* @param authority The authority to check.
* @return The container authorities.
*/
public Set<String> getContainerAuthorities(String authority);
/**
* Get the case normalized version of authority.
* @param authority The authority.
* @return The case normalized version.
*/
public String normalizeAuthority(String authority);
}

73
source/java/org/alfresco/service/simple/permission/SimplePermissionService.java
View File

@@ -1,73 +0,0 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.service.simple.permission;
import java.util.List;
/**
* Interface for a simple permission mechanism.
* Nothing but String valued capabilities, and ACLs.
* @author britt
*/
public interface SimplePermissionService
{
/**
* Can the current user perform the action indicated by the capability.
* @param capability The capability: marker for an ability to perform an action
* governed by an ACL.
* @param acl The ACL. If this is null then the permission is granted.
* @param owner The owner. The owner can always has the "changepermission" capability.
* @return Whether permission is granted.
*/
boolean can(String capability, ACL acl, String owner);
/**
* Can the user (agent) specified perform the action indicated by the capability.
* @param agent The agent (user) to check.
* @param capability The capability to check.
* @param acl The ACL. If this is null then the permission is granted.
* @param owner The owner.
* @return Whether permission is granted.
*/
boolean can(String agent, String capability, ACL acl, String owner);
/**
* Get the capabilities that this acl grants the current user.
* @param acl The ACL.
* @param owner The owner of the controlled entity.
* @return A list of capabilities.
*/
List<String> getCapabilities(ACL acl, String owner);
/**
* Get the capabilities that this agent grants the specifiec agent.
* @param agent The agent (user).
* @param acl The ACL.
* @param owner The owner of the controlled entity.
* @return A list of capabilities.
*/
List<String> getCapabilities(String agent, ACL acl, String owner);
}