From 2bde146829e2cadff251ee23be13fdfbcca3b034 Mon Sep 17 00:00:00 2001 From: Jan Vonka Date: Thu, 14 Feb 2008 10:21:12 +0000 Subject: [PATCH] MT - System "runAs" will run in MT-context git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8277 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../alfresco/repo/audit/AuditableAspect.java | 8 ++-- .../TenantRoutingFileContentStore.java | 2 +- .../repo/module/ModuleComponentHelper.java | 9 ++--- .../authentication/AuthenticationUtil.java | 40 ++++++++++++++++--- .../repo/tenant/MultiTAdminServiceImpl.java | 6 ++- 5 files changed, 48 insertions(+), 17 deletions(-) diff --git a/source/java/org/alfresco/repo/audit/AuditableAspect.java b/source/java/org/alfresco/repo/audit/AuditableAspect.java index 6f1e662889..792bd2e4b2 100644 --- a/source/java/org/alfresco/repo/audit/AuditableAspect.java +++ b/source/java/org/alfresco/repo/audit/AuditableAspect.java @@ -167,8 +167,8 @@ public class AuditableAspect // Set the updated property values (but do not cascade to update audit behaviour) onUpdateAudit.disable(); - // note: special MT case - need to run in context of user's domain ... although checkForLock requires System - AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain())); + // note: in MT case, this will run in System context of user's domain ... checkForLock requires System + AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName()); } finally { @@ -201,8 +201,8 @@ public class AuditableAspect // Set the updated property values - // note: special MT case - need to run in context of user's domain ... although checkForLock requires System - AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain())); + // note: in MT case, this will run in System context of user's domain ... checkForLock requires System + AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName()); if (logger.isDebugEnabled()) logger.debug("Auditable node " + nodeRef + " updated [modified=" + now + ";modifier=" + modifier + "]"); diff --git a/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java b/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java index ab8d386f44..40f504caa7 100755 --- a/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java +++ b/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java @@ -70,7 +70,7 @@ public class TenantRoutingFileContentStore extends AbstractRoutingContentStore i if (tenantService.isEnabled()) { String currentUser = AuthenticationUtil.getCurrentUserName(); - if ((currentUser == null) || (currentUser.equals(AuthenticationUtil.getSystemUserName()))) + if ((currentUser == null) || (tenantService.getBaseNameUser(currentUser).equals(AuthenticationUtil.getSystemUserName()))) { // return enabled stores across all tenants, if running as system/null user, for example, ContentStoreCleaner scheduled job List allEnabledStores = new ArrayList(); diff --git a/source/java/org/alfresco/repo/module/ModuleComponentHelper.java b/source/java/org/alfresco/repo/module/ModuleComponentHelper.java index 29ee3d6cbd..90587dffeb 100644 --- a/source/java/org/alfresco/repo/module/ModuleComponentHelper.java +++ b/source/java/org/alfresco/repo/module/ModuleComponentHelper.java @@ -210,10 +210,6 @@ public class ModuleComponentHelper /* * Ensure transactionality and the correct authentication */ - - // Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import - final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain(); - AuthenticationUtil.runAs(new RunAsWork() { public Object doWork() throws Exception @@ -229,6 +225,9 @@ public class ModuleComponentHelper // Process each module in turn. Ordering is not important. final Map> mapExecutedComponents = new HashMap>(1); final Map> mapStartedModules = new HashMap>(1); + + // Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import + final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain(); mapExecutedComponents.put(tenantDomainCtx, new HashSet(10)); mapStartedModules.put(tenantDomainCtx, new HashSet(2)); @@ -322,7 +321,7 @@ public class ModuleComponentHelper return null; } - }, tenantDeployerService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomainCtx)); + }, AuthenticationUtil.getSystemUserName()); } /** diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java index 2cd5805c91..fefae53391 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java @@ -53,12 +53,22 @@ public abstract class AuthenticationUtil } public static final String SYSTEM_USER_NAME = "System"; + + private static boolean mtEnabled = false; private AuthenticationUtil() { super(); } + public static void setMtEnabled(boolean mtEnabled) + { + if (! AuthenticationUtil.mtEnabled) + { + AuthenticationUtil.mtEnabled = mtEnabled; + } + } + public static Authentication setCurrentUser(String userName) { return setCurrentUser(userName, getDefaultUserDetails(userName)); @@ -177,11 +187,18 @@ public abstract class AuthenticationUtil public static void logNDC(String userName) { NDC.remove(); - - int idx = userName.indexOf(TenantService.SEPARATOR); - if ((idx != -1) && (idx < (userName.length()-1))) - { - NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx)); + + if (mtEnabled == true) + { + int idx = userName.indexOf(TenantService.SEPARATOR); + if ((idx != -1) && (idx < (userName.length()-1))) + { + NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx)); + } + else + { + NDC.push("User:"+userName); + } } else { @@ -278,6 +295,7 @@ public abstract class AuthenticationUtil { ContextHolder.setContext(null); InMemoryTicketComponentImpl.clearCurrentSecurityContext(); + NDC.remove(); } /** @@ -295,6 +313,18 @@ public abstract class AuthenticationUtil R result = null; try { + if ((currentUser != null) && (mtEnabled == true)) + { + int idx = currentUser.indexOf(TenantService.SEPARATOR); + if ((idx != -1) && (idx < (currentUser.length()-1))) + { + if (uid.equals(AuthenticationUtil.getSystemUserName())) + { + uid = uid + TenantService.SEPARATOR + currentUser.substring(idx+1); + } + } + } + AuthenticationUtil.setCurrentUser(uid); result = runAsWork.doWork(); return result; diff --git a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java index a8e705f140..c2da58c963 100755 --- a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java +++ b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java @@ -228,8 +228,10 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten @Override protected void onBootstrap(ApplicationEvent event) { - checkProperties(); - + checkProperties(); + + AuthenticationUtil.setMtEnabled(true); + // initialise the tenant admin service and status of tenants (using attribute service) // note: this requires that the repository schema has already been initialised