diff --git a/config/alfresco/public-services-context.xml b/config/alfresco/public-services-context.xml
index 73f7b5cfe2..062aa7a905 100644
--- a/config/alfresco/public-services-context.xml
+++ b/config/alfresco/public-services-context.xml
@@ -633,6 +633,7 @@
PROPAGATION_NOT_SUPPORTED, readOnly
PROPAGATION_NOT_SUPPORTED, readOnly
PROPAGATION_NOT_SUPPORTED, readOnly
+ PROPAGATION_NOT_SUPPORTED, readOnly
PROPAGATION_NOT_SUPPORTED, readOnly
PROPAGATION_NOT_SUPPORTED, readOnly
PROPAGATION_NOT_SUPPORTED, readOnly
diff --git a/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java b/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java
index 449559371c..93d0e84d20 100644
--- a/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java
+++ b/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java
@@ -65,6 +65,7 @@ import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.workflow.WorkflowDefinition;
import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.service.cmr.workflow.WorkflowTaskDefinition;
+import org.alfresco.service.namespace.NamespaceException;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
@@ -806,7 +807,18 @@ public class DictionaryModelType implements ContentServicePolicies.OnContentUpda
for (WorkflowDefinition workflowDef : workflowDefs)
{
String workflowDefName = workflowDef.getName();
- String workflowNamespaceURI = QName.createQName(BPMEngineRegistry.getLocalId(workflowDefName), namespaceService).getNamespaceURI();
+
+ String workflowNamespaceURI = null;
+ try
+ {
+ workflowNamespaceURI = QName.createQName(BPMEngineRegistry.getLocalId(workflowDefName), namespaceService).getNamespaceURI();
+ }
+ catch (NamespaceException ne)
+ {
+ logger.warn("Skipped workflow when validating model delete - unknown namespace: "+ne);
+ continue;
+ }
+
for (NamespaceDefinition namespaceDef : namespaceDefs)
{
if (workflowNamespaceURI.equals(namespaceDef.getUri()))
diff --git a/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java b/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java
index 7dcdd8163a..7d512d1d99 100644
--- a/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java
+++ b/source/java/org/alfresco/repo/domain/node/AbstractNodeDAOImpl.java
@@ -165,9 +165,9 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO
* Cache for the Node parent assocs:
* KEY: ID
* VALUE: ParentAssocs
- * VALUE KEY: None
+ * VALUE KEY: ChildByNameKey
*/
- private EntityLookupCache parentAssocsCache;
+ private EntityLookupCache parentAssocsCache;
/**
* Constructor. Set up various instance-specific members such as caches and locks.
@@ -182,7 +182,7 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO
nodesCache = new EntityLookupCache(new NodesCacheCallbackDAO());
aspectsCache = new EntityLookupCache, Serializable>(new AspectsCallbackDAO());
propertiesCache = new EntityLookupCache, Serializable>(new PropertiesCallbackDAO());
- parentAssocsCache = new EntityLookupCache(new ParentAssocsCallbackDAO());
+ parentAssocsCache = new EntityLookupCache(new ParentAssocsCallbackDAO());
}
/**
@@ -338,7 +338,7 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO
*/
public void setParentAssocsCache(SimpleCache parentAssocsCache)
{
- this.parentAssocsCache = new EntityLookupCache(
+ this.parentAssocsCache = new EntityLookupCache(
parentAssocsCache,
CACHE_REGION_PARENT_ASSOCS,
new ParentAssocsCallbackDAO());
@@ -2733,7 +2733,37 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO
public Pair getChildAssoc(Long parentNodeId, QName assocTypeQName, String childName)
{
+ ChildByNameKey valueKey = new ChildByNameKey(parentNodeId, assocTypeQName, childName);
+
+ // cache-only operation: try reverse lookup on parentAssocs (note: for primary assoc only)
+ Long childNodeId = parentAssocsCache.getKey(valueKey);
+ if (childNodeId != null)
+ {
+ Pair value = parentAssocsCache.getByKey(childNodeId);
+ if (value != null)
+ {
+ ChildAssocEntity assoc = value.getSecond().getPrimaryParentAssoc();
+ if (assoc == null)
+ {
+ return null;
+ }
+
+ Pair result = assoc.getPair(qnameDAO);
+ if (result.getSecond().getTypeQName().equals(assocTypeQName))
+ {
+ return result;
+ }
+ }
+ }
+
+ // TODO could refactor as single select to get parent assocs by child name
ChildAssocEntity assoc = selectChildAssoc(parentNodeId, assocTypeQName, childName);
+ if (assoc != null)
+ {
+ // additional lookup to populate cache - note: also pulls in 2ndary assocs
+ parentAssocsCache.getByKey(assoc.getChildNode().getId());
+ }
+
return assoc == null ? null : assoc.getPair(qnameDAO);
}
@@ -3072,13 +3102,13 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO
* @author Derek Hulley
* @since 3.4
*/
- private class ParentAssocsCallbackDAO extends EntityLookupCallbackDAOAdaptor
+ private class ParentAssocsCallbackDAO extends EntityLookupCallbackDAOAdaptor
{
public Pair createValue(ParentAssocsInfo value)
{
throw new UnsupportedOperationException("Nodes are created independently.");
}
-
+
public Pair findByKey(Long nodeId)
{
// Find out if it is a root or store root
@@ -3093,6 +3123,24 @@ public abstract class AbstractNodeDAOImpl implements NodeDAO, BatchingDAO
// Done
return new Pair(nodeId, value);
}
+
+ @Override
+ public ChildByNameKey getValueKey(ParentAssocsInfo value)
+ {
+ ChildAssocEntity entity = value.getPrimaryParentAssoc();
+
+ if (entity != null)
+ {
+ return new ChildByNameKey(entity.getParentNode().getId(), qnameDAO.getQName(entity.getTypeQNameId()).getSecond(), entity.getChildNodeName());
+ }
+
+ return null;
+ }
+
+ public Pair findByValue(ParentAssocsInfo value)
+ {
+ return findByKey(value.getPrimaryParentAssoc().getChildNode().getId());
+ }
}
/*
diff --git a/source/java/org/alfresco/repo/domain/node/ChildByNameKey.java b/source/java/org/alfresco/repo/domain/node/ChildByNameKey.java
new file mode 100644
index 0000000000..8036eecd12
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/node/ChildByNameKey.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2005-2010 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of
+ * the GPL, you may redistribute this Program in connection with Free/Libre
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's
+ * FLOSS exception. You should have recieved a copy of the text describing
+ * the FLOSS exception, and it is also available here:
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.domain.node;
+
+import java.io.Serializable;
+
+import org.alfresco.service.namespace.QName;
+
+/**
+ * @author janv
+ * @since 4.0
+ */
+/* package */ class ChildByNameKey implements Serializable
+{
+ private static final long serialVersionUID = -2167221525380802365L;
+
+ private final Long parentNodeId;
+ private QName assocTypeQName;
+ private String childNodeName;
+
+ ChildByNameKey(Long parentNodeId, QName assocTypeQName, String childNodeName)
+ {
+ this.parentNodeId = parentNodeId;
+ this.assocTypeQName = assocTypeQName;
+ this.childNodeName = childNodeName;
+ }
+
+ public Long getParentNodeId()
+ {
+ return parentNodeId;
+ }
+
+ public QName getAssocTypeQName()
+ {
+ return assocTypeQName;
+ }
+
+ public String getChildNodeName()
+ {
+ return childNodeName;
+ }
+
+
+ @Override
+ public boolean equals(Object other)
+ {
+ if (this == other)
+ {
+ return true;
+ }
+ if (!(other instanceof ChildByNameKey))
+ {
+ return false;
+ }
+ ChildByNameKey o = (ChildByNameKey)other;
+ return parentNodeId.equals(o.getParentNodeId()) &&
+ assocTypeQName.equals(o.getAssocTypeQName()) &&
+ childNodeName.equalsIgnoreCase(o.getChildNodeName());
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return parentNodeId.hashCode() + assocTypeQName.hashCode() + childNodeName.toLowerCase().hashCode();
+ }
+
+ @Override
+ public String toString()
+ {
+ StringBuilder builder = new StringBuilder();
+ builder.append("ChildByNameInfo ")
+ .append("[parentNodeId=").append(parentNodeId)
+ .append(", assocTypeQName=").append(assocTypeQName)
+ .append(", childNodeName=").append(childNodeName)
+ .append("]");
+ return builder.toString();
+ }
+}
diff --git a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
index 33c1415698..583e174c4e 100644
--- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
+++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
@@ -1,4 +1,4 @@
-/*
+/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
@@ -14,114 +14,114 @@
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see .
- */
-package org.alfresco.repo.security.authentication;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Set;
-import java.util.TreeSet;
-
-import net.sf.acegisecurity.Authentication;
-import net.sf.acegisecurity.GrantedAuthority;
-import net.sf.acegisecurity.GrantedAuthorityImpl;
-import net.sf.acegisecurity.UserDetails;
-import net.sf.acegisecurity.providers.dao.User;
-
-import org.alfresco.model.ContentModel;
-import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
-import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
-import org.alfresco.repo.tenant.TenantService;
-import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
-import org.alfresco.repo.transaction.RetryingTransactionHelper;
-import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.repository.NodeService;
-import org.alfresco.service.cmr.security.PersonService;
-import org.alfresco.service.transaction.TransactionService;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-/**
- * This class abstract the support required to set up and query the Acegi context for security enforcement. There are
- * some simple default method implementations to support simple authentication.
- *
- * @author Andy Hind
- */
-public abstract class AbstractAuthenticationComponent implements AuthenticationComponent
-{
- /**
- * The abstract class keeps track of support for guest login
- */
- private Boolean allowGuestLogin = null;
-
- private Set defaultAdministratorUserNames = Collections.emptySet();
-
- private Set defaultGuestUserNames = Collections.emptySet();
-
- private AuthenticationContext authenticationContext;
-
- private PersonService personService;
-
- private NodeService nodeService;
-
- private TransactionService transactionService;
-
- private UserRegistrySynchronizer userRegistrySynchronizer;
-
- private final Log logger = LogFactory.getLog(getClass());
-
- public AbstractAuthenticationComponent()
- {
- super();
- }
-
- /**
- * Set if guest login is supported.
- *
- * @param allowGuestLogin
- */
- public void setAllowGuestLogin(Boolean allowGuestLogin)
- {
- this.allowGuestLogin = allowGuestLogin;
- }
-
- public void setAuthenticationContext(AuthenticationContext authenticationContext)
- {
- this.authenticationContext = authenticationContext;
- }
-
- public void setPersonService(PersonService personService)
- {
- this.personService = personService;
- }
-
- public void setNodeService(NodeService nodeService)
- {
- this.nodeService = nodeService;
- }
-
- public void setTransactionService(TransactionService transactionService)
- {
- this.transactionService = transactionService;
- }
-
- public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)
- {
- this.userRegistrySynchronizer = userRegistrySynchronizer;
- }
-
- public TransactionService getTransactionService()
- {
- return transactionService;
- }
-
- public Boolean getAllowGuestLogin()
- {
- return allowGuestLogin;
- }
-
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.repo.security.authentication;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Set;
+import java.util.TreeSet;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.UserDetails;
+import net.sf.acegisecurity.providers.dao.User;
+
+import org.alfresco.model.ContentModel;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
+import org.alfresco.repo.tenant.TenantService;
+import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
+import org.alfresco.repo.transaction.RetryingTransactionHelper;
+import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.cmr.security.PersonService;
+import org.alfresco.service.transaction.TransactionService;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * This class abstract the support required to set up and query the Acegi context for security enforcement. There are
+ * some simple default method implementations to support simple authentication.
+ *
+ * @author Andy Hind
+ */
+public abstract class AbstractAuthenticationComponent implements AuthenticationComponent
+{
+ /**
+ * The abstract class keeps track of support for guest login
+ */
+ private Boolean allowGuestLogin = null;
+
+ private Set defaultAdministratorUserNames = Collections.emptySet();
+
+ private Set defaultGuestUserNames = Collections.emptySet();
+
+ private AuthenticationContext authenticationContext;
+
+ private PersonService personService;
+
+ private NodeService nodeService;
+
+ private TransactionService transactionService;
+
+ private UserRegistrySynchronizer userRegistrySynchronizer;
+
+ private final Log logger = LogFactory.getLog(getClass());
+
+ public AbstractAuthenticationComponent()
+ {
+ super();
+ }
+
+ /**
+ * Set if guest login is supported.
+ *
+ * @param allowGuestLogin
+ */
+ public void setAllowGuestLogin(Boolean allowGuestLogin)
+ {
+ this.allowGuestLogin = allowGuestLogin;
+ }
+
+ public void setAuthenticationContext(AuthenticationContext authenticationContext)
+ {
+ this.authenticationContext = authenticationContext;
+ }
+
+ public void setPersonService(PersonService personService)
+ {
+ this.personService = personService;
+ }
+
+ public void setNodeService(NodeService nodeService)
+ {
+ this.nodeService = nodeService;
+ }
+
+ public void setTransactionService(TransactionService transactionService)
+ {
+ this.transactionService = transactionService;
+ }
+
+ public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)
+ {
+ this.userRegistrySynchronizer = userRegistrySynchronizer;
+ }
+
+ public TransactionService getTransactionService()
+ {
+ return transactionService;
+ }
+
+ public Boolean getAllowGuestLogin()
+ {
+ return allowGuestLogin;
+ }
+
public NodeService getNodeService()
{
return nodeService;
@@ -131,67 +131,67 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
{
return personService;
}
-
- public void authenticate(String userName, char[] password) throws AuthenticationException
- {
- if (logger.isDebugEnabled())
- {
- logger.debug("Authenticating user \"" + userName + '"');
- }
+
+ public void authenticate(String userName, char[] password) throws AuthenticationException
+ {
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("Authenticating user \"" + userName + '"');
+ }
if (userName == null)
{
throw new AuthenticationException("Null user name");
}
- // Support guest login from the login screen
- if (isGuestUserName(userName))
- {
- if (logger.isDebugEnabled())
- {
- logger.debug("User \"" + userName + "\" recognized as a guest user");
- }
- setGuestUserAsCurrentUser(getUserDomain(userName));
- }
- else
- {
- try
- {
- authenticateImpl(userName, password);
- }
- catch (RuntimeException e)
- {
- if (logger.isDebugEnabled())
- {
- logger.debug("Failed to authenticate user \"" + userName + '"', e);
- }
- throw e;
- }
- }
- if (logger.isDebugEnabled())
- {
- logger.debug("User \"" + userName + "\" authenticated successfully");
- }
- }
-
- /**
- * Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own
- * authentication component as it will support guest login - prior to this direct over ride for authenticate(String ,
- * char[]) was used. This will still work.
- *
- * @param userName
- * @param password
- */
- protected void authenticateImpl(String userName, char[] password)
- {
- throw new UnsupportedOperationException();
- }
-
+ // Support guest login from the login screen
+ if (isGuestUserName(userName))
+ {
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("User \"" + userName + "\" recognized as a guest user");
+ }
+ setGuestUserAsCurrentUser(getUserDomain(userName));
+ }
+ else
+ {
+ try
+ {
+ authenticateImpl(userName, password);
+ }
+ catch (RuntimeException e)
+ {
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("Failed to authenticate user \"" + userName + '"', e);
+ }
+ throw e;
+ }
+ }
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("User \"" + userName + "\" authenticated successfully");
+ }
+ }
+
+ /**
+ * Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own
+ * authentication component as it will support guest login - prior to this direct over ride for authenticate(String ,
+ * char[]) was used. This will still work.
+ *
+ * @param userName
+ * @param password
+ */
+ protected void authenticateImpl(String userName, char[] password)
+ {
+ throw new UnsupportedOperationException();
+ }
+
public Authentication setCurrentUser(final String userName) throws AuthenticationException
- {
+ {
return setCurrentUser(userName, UserNameValidationMode.CHECK_AND_FIX);
- }
-
+ }
+
public Authentication setCurrentUser(String userName, UserNameValidationMode validationMode)
- {
+ {
if (validationMode == UserNameValidationMode.NONE || isSystemUserName(userName))
{
return setCurrentUserImpl(userName);
@@ -209,12 +209,16 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
authentication = transactionService.getRetryingTransactionHelper().doInTransaction(callback, true,
false);
}
- // Otherwise, we want a writeable transaction, so if the current transaction is read only we set the
+ // Otherwise,
+ // - for check-only mode we want a readable txn or
+ // - for check-and-fix mode we want a writeable transaction, so if the current transaction is read only we set the
// requiresNew flag to true
else
{
- authentication = transactionService.getRetryingTransactionHelper().doInTransaction(callback, false,
- AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY);
+ boolean readOnly = (validationMode == UserNameValidationMode.CHECK);
+ boolean requiresNew = ((!readOnly) && (AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY));
+
+ authentication = transactionService.getRetryingTransactionHelper().doInTransaction(callback, readOnly, requiresNew);
}
if ((authentication == null) || (callback.ae != null))
{
@@ -239,30 +243,30 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
throw new AuthenticationException("Null user name");
}
- if (isSystemUserName(userName))
- {
- return setSystemUserAsCurrentUser(getUserDomain(userName));
- }
-
+ if (isSystemUserName(userName))
+ {
+ return setSystemUserAsCurrentUser(getUserDomain(userName));
+ }
+
try
{
UserDetails ud = null;
if (isGuestUserName(userName))
{
String tenantDomain = getUserDomain(userName);
- if (logger.isDebugEnabled())
- {
- logger.debug("Setting the current user to the guest user of tenant domain \"" + tenantDomain + '"');
- }
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("Setting the current user to the guest user of tenant domain \"" + tenantDomain + '"');
+ }
GrantedAuthority[] gas = new GrantedAuthority[0];
ud = new User(getGuestUserName(tenantDomain), "", true, true, true, true, gas);
}
else
{
- if (logger.isDebugEnabled())
- {
- logger.debug("Setting the current user to \"" + userName + '"');
- }
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("Setting the current user to \"" + userName + '"');
+ }
ud = getUserDetails(userName);
if(!userName.equals(ud.getUsername()))
{
@@ -291,163 +295,163 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
UserDetails ud = new User(userName, "", true, true, true, true, gas);
return ud;
- }
-
- /**
- * {@inheritDoc}
- */
- public Authentication setCurrentAuthentication(Authentication authentication)
- {
- return this.authenticationContext.setCurrentAuthentication(authentication);
- }
-
- /**
- * Get the current authentication context
- *
- * @return Authentication
- * @throws AuthenticationException
- */
- public Authentication getCurrentAuthentication() throws AuthenticationException
- {
- return authenticationContext.getCurrentAuthentication();
- }
-
- /**
- * Get the current user name.
- *
- * @return String
- * @throws AuthenticationException
- */
- public String getCurrentUserName() throws AuthenticationException
- {
- return authenticationContext.getCurrentUserName();
- }
-
- /**
- * Set the system user as the current user note: for MT, will set to default domain only
- *
- * @return Authentication
- */
- public Authentication setSystemUserAsCurrentUser()
- {
- return authenticationContext.setSystemUserAsCurrentUser();
- }
-
- /**
- * Get the name of the system user note: for MT, will get system for default domain only
- *
- * @return String
- */
- public String getSystemUserName()
- {
- return authenticationContext.getSystemUserName();
- }
-
- /**
- * Is this the system user ?
- *
- * @return boolean
- */
- public boolean isSystemUserName(String userName)
- {
- return authenticationContext.isSystemUserName(userName);
- }
-
- /**
- * Is the current user the system user?
- *
- * @return boolean
- */
- public boolean isCurrentUserTheSystemUser()
- {
- return authenticationContext.isCurrentUserTheSystemUser();
- }
-
- /**
- * Get the name of the Guest User note: for MT, will get guest for default domain only
- *
- * @return String
- */
- public String getGuestUserName()
- {
- return authenticationContext.getGuestUserName();
- }
-
- public String getGuestUserName(String tenantDomain)
- {
- return authenticationContext.getGuestUserName(tenantDomain);
- }
-
- /**
- * Set the guest user as the current user. note: for MT, will set to default domain only
- */
- public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
- {
- return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
- }
-
- /**
- * Set the guest user as the current user.
- */
- private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
- {
- if (allowGuestLogin == null)
- {
- if (implementationAllowsGuestLogin())
- {
- return setCurrentUser(getGuestUserName(tenantDomain));
- }
- else
- {
- throw new AuthenticationException("Guest authentication is not allowed");
- }
- }
- else
- {
- if (allowGuestLogin.booleanValue())
- {
- return setCurrentUser(getGuestUserName(tenantDomain));
- }
- else
-{
- throw new AuthenticationException("Guest authentication is not allowed");
- }
-
- }
- }
-
- public boolean isGuestUserName(String userName)
- {
- return authenticationContext.isGuestUserName(userName);
- }
-
-
- protected abstract boolean implementationAllowsGuestLogin();
-
-
- /**
- * @return true if Guest user authentication is allowed, false otherwise
- */
- public boolean guestUserAuthenticationAllowed()
- {
- if (allowGuestLogin == null)
- {
- return (implementationAllowsGuestLogin());
- }
- else
- {
- return (allowGuestLogin.booleanValue());
- }
- }
-
- /**
- * Remove the current security information
- */
- public void clearCurrentSecurityContext()
- {
- authenticationContext.clearCurrentSecurityContext();
- }
-
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public Authentication setCurrentAuthentication(Authentication authentication)
+ {
+ return this.authenticationContext.setCurrentAuthentication(authentication);
+ }
+
+ /**
+ * Get the current authentication context
+ *
+ * @return Authentication
+ * @throws AuthenticationException
+ */
+ public Authentication getCurrentAuthentication() throws AuthenticationException
+ {
+ return authenticationContext.getCurrentAuthentication();
+ }
+
+ /**
+ * Get the current user name.
+ *
+ * @return String
+ * @throws AuthenticationException
+ */
+ public String getCurrentUserName() throws AuthenticationException
+ {
+ return authenticationContext.getCurrentUserName();
+ }
+
+ /**
+ * Set the system user as the current user note: for MT, will set to default domain only
+ *
+ * @return Authentication
+ */
+ public Authentication setSystemUserAsCurrentUser()
+ {
+ return authenticationContext.setSystemUserAsCurrentUser();
+ }
+
+ /**
+ * Get the name of the system user note: for MT, will get system for default domain only
+ *
+ * @return String
+ */
+ public String getSystemUserName()
+ {
+ return authenticationContext.getSystemUserName();
+ }
+
+ /**
+ * Is this the system user ?
+ *
+ * @return boolean
+ */
+ public boolean isSystemUserName(String userName)
+ {
+ return authenticationContext.isSystemUserName(userName);
+ }
+
+ /**
+ * Is the current user the system user?
+ *
+ * @return boolean
+ */
+ public boolean isCurrentUserTheSystemUser()
+ {
+ return authenticationContext.isCurrentUserTheSystemUser();
+ }
+
+ /**
+ * Get the name of the Guest User note: for MT, will get guest for default domain only
+ *
+ * @return String
+ */
+ public String getGuestUserName()
+ {
+ return authenticationContext.getGuestUserName();
+ }
+
+ public String getGuestUserName(String tenantDomain)
+ {
+ return authenticationContext.getGuestUserName(tenantDomain);
+ }
+
+ /**
+ * Set the guest user as the current user. note: for MT, will set to default domain only
+ */
+ public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
+ {
+ return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
+ }
+
+ /**
+ * Set the guest user as the current user.
+ */
+ private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
+ {
+ if (allowGuestLogin == null)
+ {
+ if (implementationAllowsGuestLogin())
+ {
+ return setCurrentUser(getGuestUserName(tenantDomain));
+ }
+ else
+ {
+ throw new AuthenticationException("Guest authentication is not allowed");
+ }
+ }
+ else
+ {
+ if (allowGuestLogin.booleanValue())
+ {
+ return setCurrentUser(getGuestUserName(tenantDomain));
+ }
+ else
+{
+ throw new AuthenticationException("Guest authentication is not allowed");
+ }
+
+ }
+ }
+
+ public boolean isGuestUserName(String userName)
+ {
+ return authenticationContext.isGuestUserName(userName);
+ }
+
+
+ protected abstract boolean implementationAllowsGuestLogin();
+
+
+ /**
+ * @return true if Guest user authentication is allowed, false otherwise
+ */
+ public boolean guestUserAuthenticationAllowed()
+ {
+ if (allowGuestLogin == null)
+ {
+ return (implementationAllowsGuestLogin());
+ }
+ else
+ {
+ return (allowGuestLogin.booleanValue());
+ }
+ }
+
+ /**
+ * Remove the current security information
+ */
+ public void clearCurrentSecurityContext()
+ {
+ authenticationContext.clearCurrentSecurityContext();
+ }
+
abstract class CurrentUserCallback implements RetryingTransactionHelper.RetryingTransactionCallback
{
AuthenticationException ae = null;
@@ -517,7 +521,7 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
{
public String doWork() throws Exception
{
- if (!personService.personExists(userName))
+ if (!personService.personExists(userName))
{
if (logger.isDebugEnabled())
{
@@ -525,19 +529,19 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
+ "\" does not exist in Alfresco. Attempting to import / create the user.");
}
if (!userRegistrySynchronizer.createMissingPerson(userName))
- {
- if (logger.isDebugEnabled())
- {
+ {
+ if (logger.isDebugEnabled())
+ {
logger.debug("Failed to import / create user \"" + userName + '"');
- }
- throw new AuthenticationException("User \"" + userName
- + "\" does not exist in Alfresco");
- }
- }
- NodeRef userNode = personService.getPerson(userName);
- // Get the person name and use that as the current user to line up with permission
- // checks
- return (String) nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
+ }
+ throw new AuthenticationException("User \"" + userName
+ + "\" does not exist in Alfresco");
+ }
+ }
+ NodeRef userNode = personService.getPerson(userName);
+ // Get the person name and use that as the current user to line up with permission
+ // checks
+ return (String) nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
}
}, getSystemUserName(getUserDomain(userName))));
}
@@ -549,95 +553,95 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
}
}
- /**
- * {@inheritDoc}
- */
- public Set getDefaultAdministratorUserNames()
- {
- return this.defaultAdministratorUserNames;
- }
-
- /**
- * Sets the user names who for this particular authentication system should be considered administrators by default.
- *
- * @param defaultAdministratorUserNames
- * a set of user names
- */
- public void setDefaultAdministratorUserNames(Set defaultAdministratorUserNames)
- {
- this.defaultAdministratorUserNames = defaultAdministratorUserNames;
- }
-
- /**
- * Convenience method to allow the administrator user names to be specified as a comma separated list
- *
- * @param defaultAdministratorUserNames
- */
- public void setDefaultAdministratorUserNameList(String defaultAdministratorUserNames)
- {
- Set nameSet = new TreeSet();
- if (defaultAdministratorUserNames.length() > 0)
- {
- nameSet.addAll(Arrays.asList(defaultAdministratorUserNames.split(",")));
- }
- setDefaultAdministratorUserNames(nameSet);
- }
-
- /**
- * {@inheritDoc}
- */
- public Set getDefaultGuestUserNames()
- {
- return this.defaultGuestUserNames;
- }
-
- /**
- * Sets the user names who for this particular authentication system should be considered administrators by default.
- *
- * @param defaultAdministratorUserNames
- * a set of user names
- */
- public void setDefaultGuestUserNames(Set defaultGuestUserNames)
- {
- this.defaultGuestUserNames = defaultGuestUserNames;
- }
-
- /**
- * Convenience method to allow the administrator user names to be specified as a comma separated list
- *
- * @param defaultAdministratorUserNames
- */
- public void setDefaultGuestUserNameList(String defaultGuestUserNames)
- {
- Set nameSet = new TreeSet();
- if (defaultGuestUserNames.length() > 0)
- {
- nameSet.addAll(Arrays.asList(defaultGuestUserNames.split(",")));
- }
- setDefaultGuestUserNames(nameSet);
- }
-
- public String getSystemUserName(String tenantDomain)
- {
- return authenticationContext.getSystemUserName(tenantDomain);
- }
-
- public String getUserDomain(String userName)
- {
- return authenticationContext.getUserDomain(userName);
- }
-
- public Authentication setSystemUserAsCurrentUser(String tenantDomain)
- {
- if (logger.isDebugEnabled())
- {
- logger.debug("Setting the current user to the system user of tenant domain \"" + tenantDomain + '"');
- }
- return authenticationContext.setSystemUserAsCurrentUser(tenantDomain);
- }
-
- public Authentication setUserDetails(UserDetails ud)
- {
- return authenticationContext.setUserDetails(ud);
- }
-}
+ /**
+ * {@inheritDoc}
+ */
+ public Set getDefaultAdministratorUserNames()
+ {
+ return this.defaultAdministratorUserNames;
+ }
+
+ /**
+ * Sets the user names who for this particular authentication system should be considered administrators by default.
+ *
+ * @param defaultAdministratorUserNames
+ * a set of user names
+ */
+ public void setDefaultAdministratorUserNames(Set defaultAdministratorUserNames)
+ {
+ this.defaultAdministratorUserNames = defaultAdministratorUserNames;
+ }
+
+ /**
+ * Convenience method to allow the administrator user names to be specified as a comma separated list
+ *
+ * @param defaultAdministratorUserNames
+ */
+ public void setDefaultAdministratorUserNameList(String defaultAdministratorUserNames)
+ {
+ Set nameSet = new TreeSet();
+ if (defaultAdministratorUserNames.length() > 0)
+ {
+ nameSet.addAll(Arrays.asList(defaultAdministratorUserNames.split(",")));
+ }
+ setDefaultAdministratorUserNames(nameSet);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public Set getDefaultGuestUserNames()
+ {
+ return this.defaultGuestUserNames;
+ }
+
+ /**
+ * Sets the user names who for this particular authentication system should be considered administrators by default.
+ *
+ * @param defaultAdministratorUserNames
+ * a set of user names
+ */
+ public void setDefaultGuestUserNames(Set defaultGuestUserNames)
+ {
+ this.defaultGuestUserNames = defaultGuestUserNames;
+ }
+
+ /**
+ * Convenience method to allow the administrator user names to be specified as a comma separated list
+ *
+ * @param defaultAdministratorUserNames
+ */
+ public void setDefaultGuestUserNameList(String defaultGuestUserNames)
+ {
+ Set nameSet = new TreeSet();
+ if (defaultGuestUserNames.length() > 0)
+ {
+ nameSet.addAll(Arrays.asList(defaultGuestUserNames.split(",")));
+ }
+ setDefaultGuestUserNames(nameSet);
+ }
+
+ public String getSystemUserName(String tenantDomain)
+ {
+ return authenticationContext.getSystemUserName(tenantDomain);
+ }
+
+ public String getUserDomain(String userName)
+ {
+ return authenticationContext.getUserDomain(userName);
+ }
+
+ public Authentication setSystemUserAsCurrentUser(String tenantDomain)
+ {
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("Setting the current user to the system user of tenant domain \"" + tenantDomain + '"');
+ }
+ return authenticationContext.setSystemUserAsCurrentUser(tenantDomain);
+ }
+
+ public Authentication setUserDetails(UserDetails ud)
+ {
+ return authenticationContext.setUserDetails(ud);
+ }
+}
diff --git a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
index 4ed45a305c..171513a5e2 100644
--- a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
@@ -38,6 +38,7 @@ import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl;
+import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.admin.RepoAdminService;
import org.alfresco.service.cmr.coci.CheckOutCheckInService;
import org.alfresco.service.cmr.dictionary.ClassDefinition;
@@ -63,6 +64,7 @@ import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.usage.UsageService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
+import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -92,6 +94,7 @@ public class MultiTDemoTest extends TestCase
private RepoAdminService repoAdminService;
private DictionaryService dictionaryService;
private UsageService usageService;
+ private TransactionService transactionService;
public static int NUM_TENANTS = 2;
@@ -152,6 +155,7 @@ public class MultiTDemoTest extends TestCase
repoAdminService = (RepoAdminService) ctx.getBean("RepoAdminService");
dictionaryService = (DictionaryService) ctx.getBean("DictionaryService");
usageService = (UsageService) ctx.getBean("usageService");
+ transactionService = (TransactionService) ctx.getBean("TransactionService");
createTenants();
}
@@ -270,58 +274,66 @@ public class MultiTDemoTest extends TestCase
final String tenantDomain1 = TEST_RUN+".groupdel1";
final String tenantDomain2 = TEST_RUN+".groupdel2";
- final String[] tenantUniqueGroupNames = new String[10];
- final String[] superadminUniqueGroupNames = new String[10];
- for (int i = 0; i < tenantUniqueGroupNames.length; i++)
+ try
{
- tenantUniqueGroupNames[i] = TEST_RUN + "test_group" + i;
- superadminUniqueGroupNames[i] = TEST_RUN + "test_group_sa" + i;
+ final String[] tenantUniqueGroupNames = new String[10];
+ final String[] superadminUniqueGroupNames = new String[10];
+ for (int i = 0; i < tenantUniqueGroupNames.length; i++)
+ {
+ tenantUniqueGroupNames[i] = TEST_RUN + "test_group" + i;
+ superadminUniqueGroupNames[i] = TEST_RUN + "test_group_sa" + i;
+ }
+
+ clearUsage(AuthenticationUtil.getAdminUserName());
+
+ createTenant(tenantDomain1);
+ createTenant(tenantDomain2);
+
+ final String tenantAdminName1 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain1);
+ final String tenantAdminName2 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain2);
+ final String superAdmin = "admin";
+
+ // Create test authorities that are visible only to tenant1
+ clearUsage(tenantDomain1);
+ createTestAuthoritiesForTenant(tenantUniqueGroupNames, tenantAdminName1);
+ // Check that tenant1's authorities are visible to tenant1
+ clearUsage(tenantDomain1);
+ checkTestAuthoritiesPresence(tenantUniqueGroupNames, tenantAdminName1, true);
+ // Check that tenant1's authorities are not visible to tenant2
+ clearUsage(tenantDomain2);
+ checkTestAuthoritiesPresence(tenantUniqueGroupNames, tenantAdminName2, false);
+ // Check that tenant1's authorities are not visible to super-admin
+ checkTestAuthoritiesPresence(tenantUniqueGroupNames, superAdmin, false);
+
+
+ // Create test authorities that are visible only to super-admin
+ createTestAuthoritiesForTenant(superadminUniqueGroupNames, superAdmin);
+ // Check that super-admin's authorities are not visible to tenant1
+ clearUsage(tenantDomain1);
+ checkTestAuthoritiesPresence(superadminUniqueGroupNames, tenantAdminName1, false);
+ // Check that super-admin's authorities are not visible to tenant2
+ clearUsage(tenantDomain2);
+ checkTestAuthoritiesPresence(superadminUniqueGroupNames, tenantAdminName2, false);
+ // Check that super-admin's authorities are visible to super-admin
+ checkTestAuthoritiesPresence(superadminUniqueGroupNames, superAdmin, true);
+
+
+ // Delete tenant1's authorities
+ clearUsage(tenantDomain1);
+ deleteTestAuthoritiesForTenant(tenantUniqueGroupNames, tenantAdminName1);
+ // Check that tenant1's authorities are not visible to tenant1
+ checkTestAuthoritiesPresence(tenantUniqueGroupNames, tenantAdminName1, false);
+
+ // Delete super-admin's authorities
+ deleteTestAuthoritiesForTenant(superadminUniqueGroupNames, superAdmin);
+ // Check that super-admin's authorities are not visible to super-admin
+ checkTestAuthoritiesPresence(superadminUniqueGroupNames, superAdmin, false);
+ }
+ finally
+ {
+ deleteTenant(tenantDomain1);
+ deleteTenant(tenantDomain2);
}
-
- clearUsage(AuthenticationUtil.getAdminUserName());
-
- createTenant(tenantDomain1);
- createTenant(tenantDomain2);
-
- final String tenantAdminName1 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain1);
- final String tenantAdminName2 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain2);
- final String superAdmin = "admin";
-
- // Create test authorities that are visible only to tenant1
- clearUsage(tenantDomain1);
- createTestAuthoritiesForTenant(tenantUniqueGroupNames, tenantAdminName1);
- // Check that tenant1's authorities are visible to tenant1
- clearUsage(tenantDomain1);
- checkTestAuthoritiesPresence(tenantUniqueGroupNames, tenantAdminName1, true);
- // Check that tenant1's authorities are not visible to tenant2
- clearUsage(tenantDomain2);
- checkTestAuthoritiesPresence(tenantUniqueGroupNames, tenantAdminName2, false);
- // Check that tenant1's authorities are not visible to super-admin
- checkTestAuthoritiesPresence(tenantUniqueGroupNames, superAdmin, false);
-
-
- // Create test authorities that are visible only to super-admin
- createTestAuthoritiesForTenant(superadminUniqueGroupNames, superAdmin);
- // Check that super-admin's authorities are not visible to tenant1
- clearUsage(tenantDomain1);
- checkTestAuthoritiesPresence(superadminUniqueGroupNames, tenantAdminName1, false);
- // Check that super-admin's authorities are not visible to tenant2
- clearUsage(tenantDomain2);
- checkTestAuthoritiesPresence(superadminUniqueGroupNames, tenantAdminName2, false);
- // Check that super-admin's authorities are visible to super-admin
- checkTestAuthoritiesPresence(superadminUniqueGroupNames, superAdmin, true);
-
-
- // Delete tenant1's authorities
- clearUsage(tenantDomain1);
- deleteTestAuthoritiesForTenant(tenantUniqueGroupNames, tenantAdminName1);
- // Check that tenant1's authorities are not visible to tenant1
- checkTestAuthoritiesPresence(tenantUniqueGroupNames, tenantAdminName1, false);
-
- // Delete super-admin's authorities
- deleteTestAuthoritiesForTenant(superadminUniqueGroupNames, superAdmin);
- // Check that super-admin's authorities are not visible to super-admin
- checkTestAuthoritiesPresence(superadminUniqueGroupNames, superAdmin, false);
}
public void testSharedGroupDeletion()
@@ -329,79 +341,89 @@ public class MultiTDemoTest extends TestCase
final String tenantDomain1 = TEST_RUN+".groupdel3";
final String tenantDomain2 = TEST_RUN+".groupdel4";
- final String[] commonTenantUniqueGroupNames = new String[10];
- for (int i = 0; i < commonTenantUniqueGroupNames.length; i++)
+ try
{
- commonTenantUniqueGroupNames[i] = TEST_RUN + "test_group" + i;
+ final String[] commonTenantUniqueGroupNames = new String[10];
+ for (int i = 0; i < commonTenantUniqueGroupNames.length; i++)
+ {
+ commonTenantUniqueGroupNames[i] = TEST_RUN + "test_group" + i;
+ }
+
+ clearUsage(AuthenticationUtil.getAdminUserName());
+
+ createTenant(tenantDomain1);
+ createTenant(tenantDomain2);
+
+ final String tenantAdminName1 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain1);
+ final String tenantAdminName2 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain2);
+ final String superAdmin = "admin";
+
+ // Create test common authorities for tenant1
+ clearUsage(tenantDomain1);
+ createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName1);
+ // Create test common authorities for tenant2
+ clearUsage(tenantDomain2);
+ createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName2);
+ // Create test common authorities for super-admin
+ createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, superAdmin);
+
+ // Check that authorities are visible to tenant1
+ clearUsage(tenantDomain1);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, true);
+ // Check that authorities are visible to tenant2
+ clearUsage(tenantDomain2);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, true);
+ // Check that authorities are visible to super-admin
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, true);
+
+ // Delete tenant1's authorities
+ clearUsage(tenantDomain1);
+ deleteTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName1);
+ // Check that authorities are not visible to tenant1
+ clearUsage(tenantDomain1);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, false);
+ // Check that authorities are visible to tenant2
+ clearUsage(tenantDomain2);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, true);
+ // Check that authorities are visible to super-admin
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, true);
+
+ // Create test common authorities for tenant1
+ clearUsage(tenantDomain1);
+ createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName1);
+ // Delete tenant2's authorities
+ clearUsage(tenantDomain2);
+ deleteTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName2);
+ // Check that authorities are visible to tenant1
+ clearUsage(tenantDomain1);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, true);
+ // Check that authorities are not visible to tenant2
+ clearUsage(tenantDomain2);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, false);
+ // Check that authorities are visible to super-admin
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, true);
+
+ // Create test common authorities for tenant2
+ clearUsage(tenantDomain2);
+ createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName2);
+ // Delete super-admin's authorities
+ deleteTestAuthoritiesForTenant(commonTenantUniqueGroupNames, superAdmin);
+ // Check that authorities are visible to tenant1
+ clearUsage(tenantDomain1);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, true);
+ // Check that authorities are visible to tenant2
+ clearUsage(tenantDomain2);
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, true);
+ // Check that authorities are not visible to super-admin
+ checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, false);
+ }
+ finally
+ {
+ AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
+
+ deleteTenant(tenantDomain1);
+ deleteTenant(tenantDomain2);
}
-
- clearUsage(AuthenticationUtil.getAdminUserName());
-
- createTenant(tenantDomain1);
- createTenant(tenantDomain2);
-
- final String tenantAdminName1 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain1);
- final String tenantAdminName2 = tenantService.getDomainUser(AuthenticationUtil.getAdminUserName(), tenantDomain2);
- final String superAdmin = "admin";
-
- // Create test common authorities for tenant1
- clearUsage(tenantDomain1);
- createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName1);
- // Create test common authorities for tenant2
- clearUsage(tenantDomain2);
- createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName2);
- // Create test common authorities for super-admin
- createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, superAdmin);
-
- // Check that authorities are visible to tenant1
- clearUsage(tenantDomain1);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, true);
- // Check that authorities are visible to tenant2
- clearUsage(tenantDomain2);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, true);
- // Check that authorities are visible to super-admin
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, true);
-
- // Delete tenant1's authorities
- clearUsage(tenantDomain1);
- deleteTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName1);
- // Check that authorities are not visible to tenant1
- clearUsage(tenantDomain1);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, false);
- // Check that authorities are visible to tenant2
- clearUsage(tenantDomain2);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, true);
- // Check that authorities are visible to super-admin
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, true);
-
- // Create test common authorities for tenant1
- clearUsage(tenantDomain1);
- createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName1);
- // Delete tenant2's authorities
- clearUsage(tenantDomain2);
- deleteTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName2);
- // Check that authorities are visible to tenant1
- clearUsage(tenantDomain1);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, true);
- // Check that authorities are not visible to tenant2
- clearUsage(tenantDomain2);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, false);
- // Check that authorities are visible to super-admin
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, true);
-
- // Create test common authorities for tenant2
- clearUsage(tenantDomain2);
- createTestAuthoritiesForTenant(commonTenantUniqueGroupNames, tenantAdminName2);
- // Delete super-admin's authorities
- deleteTestAuthoritiesForTenant(commonTenantUniqueGroupNames, superAdmin);
- // Check that authorities are visible to tenant1
- clearUsage(tenantDomain1);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName1, true);
- // Check that authorities are visible to tenant2
- clearUsage(tenantDomain2);
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, tenantAdminName2, true);
- // Check that authorities are not visible to super-admin
- checkTestAuthoritiesPresence(commonTenantUniqueGroupNames, superAdmin, false);
}
@@ -425,6 +447,32 @@ public class MultiTDemoTest extends TestCase
}, AuthenticationUtil.getSystemUserName());
}
+ private void deleteTenant(final String tenantDomain)
+ {
+ transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback