inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

MT - System "runAs" will run in MT-context

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8277 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2008-02-14 10:21:12 +00:00
parent d141885e6d
commit 2bde146829
5 changed files with 48 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
source/java/org/alfresco/repo/audit/AuditableAspect.java
View File

@@ -167,8 +167,8 @@ public class AuditableAspect
// Set the updated property values (but do not cascade to update audit behaviour) // Set the updated property values (but do not cascade to update audit behaviour)
onUpdateAudit.disable(); onUpdateAudit.disable();
// note: special MT case - need to run in context of user's domain ... although checkForLock requires System // note: in MT case, this will run in System context of user's domain ... checkForLock requires System
AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain())); AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName());
} }
finally finally
{ {
@@ -201,8 +201,8 @@ public class AuditableAspect
// Set the updated property values // Set the updated property values
// note: special MT case - need to run in context of user's domain ... although checkForLock requires System // note: in MT case, this will run in System context of user's domain ... checkForLock requires System
AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain())); AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName());
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
logger.debug("Auditable node " + nodeRef + " updated [modified=" + now + ";modifier=" + modifier + "]"); logger.debug("Auditable node " + nodeRef + " updated [modified=" + now + ";modifier=" + modifier + "]");

2
source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java
View File

@@ -70,7 +70,7 @@ public class TenantRoutingFileContentStore extends AbstractRoutingContentStore i
if (tenantService.isEnabled()) if (tenantService.isEnabled())
{ {
String currentUser = AuthenticationUtil.getCurrentUserName(); String currentUser = AuthenticationUtil.getCurrentUserName();
if ((currentUser == null) || (currentUser.equals(AuthenticationUtil.getSystemUserName()))) if ((currentUser == null) || (tenantService.getBaseNameUser(currentUser).equals(AuthenticationUtil.getSystemUserName())))
{ {
// return enabled stores across all tenants, if running as system/null user, for example, ContentStoreCleaner scheduled job // return enabled stores across all tenants, if running as system/null user, for example, ContentStoreCleaner scheduled job
List<ContentStore> allEnabledStores = new ArrayList<ContentStore>(); List<ContentStore> allEnabledStores = new ArrayList<ContentStore>();

9
source/java/org/alfresco/repo/module/ModuleComponentHelper.java
View File

@@ -210,10 +210,6 @@ public class ModuleComponentHelper
/* /*
* Ensure transactionality and the correct authentication * Ensure transactionality and the correct authentication
*/ */
// Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import
final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain();
AuthenticationUtil.runAs(new RunAsWork<Object>() AuthenticationUtil.runAs(new RunAsWork<Object>()
{ {
public Object doWork() throws Exception public Object doWork() throws Exception
@@ -230,6 +226,9 @@ public class ModuleComponentHelper
final Map<String, Set<ModuleComponent>> mapExecutedComponents = new HashMap<String, Set<ModuleComponent>>(1); final Map<String, Set<ModuleComponent>> mapExecutedComponents = new HashMap<String, Set<ModuleComponent>>(1);
final Map<String, Set<String>> mapStartedModules = new HashMap<String, Set<String>>(1); final Map<String, Set<String>> mapStartedModules = new HashMap<String, Set<String>>(1);
// Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import
final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain();
mapExecutedComponents.put(tenantDomainCtx, new HashSet<ModuleComponent>(10)); mapExecutedComponents.put(tenantDomainCtx, new HashSet<ModuleComponent>(10));
mapStartedModules.put(tenantDomainCtx, new HashSet<String>(2)); mapStartedModules.put(tenantDomainCtx, new HashSet<String>(2));
@@ -322,7 +321,7 @@ public class ModuleComponentHelper
return null; return null;
} }
}, tenantDeployerService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomainCtx)); }, AuthenticationUtil.getSystemUserName());
} }
/** /**

36
source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
View File

@@ -54,11 +54,21 @@ public abstract class AuthenticationUtil
public static final String SYSTEM_USER_NAME = "System"; public static final String SYSTEM_USER_NAME = "System";
private static boolean mtEnabled = false;
private AuthenticationUtil() private AuthenticationUtil()
{ {
super(); super();
} }
public static void setMtEnabled(boolean mtEnabled)
{
if (! AuthenticationUtil.mtEnabled)
{
AuthenticationUtil.mtEnabled = mtEnabled;
}
}
public static Authentication setCurrentUser(String userName) public static Authentication setCurrentUser(String userName)
{ {
return setCurrentUser(userName, getDefaultUserDetails(userName)); return setCurrentUser(userName, getDefaultUserDetails(userName));
@@ -178,10 +188,17 @@ public abstract class AuthenticationUtil
{ {
NDC.remove(); NDC.remove();
int idx = userName.indexOf(TenantService.SEPARATOR); if (mtEnabled == true)
if ((idx != -1) && (idx < (userName.length()-1)))
{ {
NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx)); int idx = userName.indexOf(TenantService.SEPARATOR);
if ((idx != -1) && (idx < (userName.length()-1)))
{
NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx));
}
else
{
NDC.push("User:"+userName);
}
} }
else else
{ {
@@ -278,6 +295,7 @@ public abstract class AuthenticationUtil
{ {
ContextHolder.setContext(null); ContextHolder.setContext(null);
InMemoryTicketComponentImpl.clearCurrentSecurityContext(); InMemoryTicketComponentImpl.clearCurrentSecurityContext();
NDC.remove();
} }
/** /**
@@ -295,6 +313,18 @@ public abstract class AuthenticationUtil
R result = null; R result = null;
try try
{ {
if ((currentUser != null) && (mtEnabled == true))
{
int idx = currentUser.indexOf(TenantService.SEPARATOR);
if ((idx != -1) && (idx < (currentUser.length()-1)))
{
if (uid.equals(AuthenticationUtil.getSystemUserName()))
{
uid = uid + TenantService.SEPARATOR + currentUser.substring(idx+1);
}
}
}
AuthenticationUtil.setCurrentUser(uid); AuthenticationUtil.setCurrentUser(uid);
result = runAsWork.doWork(); result = runAsWork.doWork();
return result; return result;

4
source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
View File

@@ -228,7 +228,9 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten
@Override @Override
protected void onBootstrap(ApplicationEvent event) protected void onBootstrap(ApplicationEvent event)
{ {
checkProperties(); checkProperties();
AuthenticationUtil.setMtEnabled(true);
// initialise the tenant admin service and status of tenants (using attribute service) // initialise the tenant admin service and status of tenants (using attribute service)
// note: this requires that the repository schema has already been initialised // note: this requires that the repository schema has already been initialised