Merged V3.2 to HEAD

17475: ETHREEOH-3295: Fix to AuthorityMigrationPatch - Forces transaction retry if worker thread reaches child authority before a parent authority - Tested on Kev's 3.1.1 repository with ~20,000 bulk loaded users and ~2,000 Share sites - Now completes in 5 minutes as opposed to 45 17461: ETHREEOH-3268: Added MutableAuthenticationService.isAuthenticationCreationAllowed () to allow conditional display of external user invitation UI 17450: ETHREEOH-2762: Correction to previous fix. Do not generate new name when working copy copied back on check in. 17440: ETHREEOH-3295: Fixed logging in FixNameCrcValuesPatch 17439: ETHREEOH-2762: Improved behaviour when a working copy is copied - Working copy aspect already removed the working copy aspect on copy - Now derives a new name from the node checked out from and a UUID, preserving the extension 17438: ETHREEOH-2690: Fix sequencing of jgroups system property setting - declared dependency between internalEHCacheManager and jgroupsPropertySetter 17436: ETHREEOH-3295: Further performance improvements to AuthorityMigrationPatch - authority created at same time as all its parent associations to save lots of reindexing, as per LDAP sync - multi-threaded BatchProcessor (as used by LDAP sync, FixNameCrcValuesPatch) used to process work in 2 threads in batches of 20, report progress every 100 entries and handle transaction retries - BatchProcessor now promoted to its own package 17394: Fix for license issue in local enterprise builds. - Replace Community with Enterprise in version.properties during enterprise war building 17365: ETHREEOH-3229: Visited and fixed all SearchService result set leaks 17362: ETHREEOH-3254: Eliminate needless ping to LDAP server in LDAPAuthenticationComponentImpl.implementationAllowsGuestLogin() 17348: ETHREEOH-3003: Fix NPE in Hyperic when LicenseDescriptor has null fields 17316: Merged V3.1 to V3.2 17315: ETHREEOH-3092: PersonService won't let you create duplicate persons anymore. 17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods - AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use. 17312: ETHREEOH-3219: Enable resolution of JMX server password file path on JBoss 5 17299: Merged V3.2 to V3.1 (Record only) 17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly 17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters 17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly - thanks Kev! 17292: ETHREEOH-1842: Ticket association with HttpSession IDs tracked so that we don't invalidate a ticket in use by multiple sessions prematurely - AuthenticationService validate, getCurrentTicket, etc. methods now take optional sessionId arguments 17269: Fix failing unit test - reinstate original behaviour of AbstractChainingAuthenticationService.getAuthenticationEnabled() 17268: Fix InvitationService - Runs as system to do privileged AuthenticationService actions git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18105 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2010-01-18 17:41:59 +00:00
parent b96d174e1f
commit 1c1a35e500
55 changed files with 1153 additions and 711 deletions
--- a/source/java/org/alfresco/service/cmr/security/AuthenticationService.java
+++ b/source/java/org/alfresco/service/cmr/security/AuthenticationService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -103,37 +103,58 @@ public interface AuthenticationService
    @Auditable(parameters = {"userName"})
    public void invalidateUserSession(String userName) throws AuthenticationException;
    
-   /**
-    * Invalidate a single ticket by ID
-    * 
-    * @param ticket
-    * @throws AuthenticationException
-    */
-    @Auditable(parameters = {"ticket"}, recordable = {false})
-    public void invalidateTicket(String ticket) throws AuthenticationException;
-    
-   /**
-    * Validate a ticket. Set the current user name accordingly. 
-    * 
-    * @param ticket
-    * @throws AuthenticationException
-    */
-    @Auditable(parameters = {"ticket"}, recordable = {false})
-    public void validate(String ticket) throws AuthenticationException;
+    /**
+     * Invalidate a single ticket by ID or remove its association with a given session ID.
+     *
+     * @param ticket
+     * @param sessionId
+     *            the app server session ID (e.g. HttpSession ID) or <code>null</code> if not applicable.
+     * @throws AuthenticationException
+     */
+    @Auditable(parameters = {"ticket", "sessionId"}, recordable = {false, false})
+    public void invalidateTicket(String ticket, String sessionId) throws AuthenticationException;
    
    /**
-     * Get the current ticket as a string
-     * @return
+     * Validate a ticket and associate it with a given app server session ID. Set the current user name accordingly. 
+     * 
+     * @param ticket
+     * @param sessionId
+     *            the app server session ID (e.g. HttpSession ID) or <code>null</code> if not applicable.
+     * @throws AuthenticationException
+     */
+    @Auditable(parameters = {"ticket", "sessionId"}, recordable = {false, false})
+    public void validate(String ticket, String sessionId) throws AuthenticationException;
+
+    /**
+     * Gets the current ticket as a string. If there isn't an appropriate current ticket, a new ticket will be made the
+     * current ticket.
+     * 
+     * @param sessionId
+     *            the app server session ID (e.g. HttpSession ID) or <code>null</code> if not applicable. If non-null,
+     *            the ticket returned is either a new one or one previously associated with the same sessionId by
+     *            {@link #validate(String, String)} or {@link #getCurrentTicket(String)}.
+     * @return the current ticket as a string
+     */
+    @Auditable(parameters = {"sessionId"}, recordable = {false})
+    public String getCurrentTicket(String sessionId);
+    
+    /**
+     * Gets the current ticket as a string. If there isn't an appropriate current ticket, a new ticket will be made the
+     * current ticket.
+     * 
+     * @return the current ticket as a string
     */
    @Auditable
    public String getCurrentTicket();
-    
+
    /**
-     * Get the current ticket as a string
+     * Get a new ticket as a string
+     * @param sessionId
+     *            the app server session ID (e.g. HttpSession ID) or <code>null</code> if not applicable.
     * @return
     */
-    @Auditable
-    public String getNewTicket();
+    @Auditable(parameters = {"sessionId"}, recordable = {false})
+    public String getNewTicket(String sessionId);
    
    /**
     * Remove the current security information