MT - System "runAs" will run in MT-context

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8277 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-24 17:32:48 +00:00 · 2008-02-14 10:21:12 +00:00
parent d141885e6d
commit 2bde146829
5 changed files with 48 additions and 17 deletions
--- a/source/java/org/alfresco/repo/audit/AuditableAspect.java
+++ b/source/java/org/alfresco/repo/audit/AuditableAspect.java
@@ -167,8 +167,8 @@ public class AuditableAspect
            // Set the updated property values (but do not cascade to update audit behaviour)
            onUpdateAudit.disable();
-            // note: special MT case - need to run in context of user's domain ... although checkForLock requires System
+            // note: in MT case, this will run in System context of user's domain ... checkForLock requires System
-            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain()));
+            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName());
        }
        finally
        {
@@ -201,8 +201,8 @@ public class AuditableAspect
            // Set the updated property values
-            // note: special MT case - need to run in context of user's domain ... although checkForLock requires System
+            // note: in MT case, this will run in System context of user's domain ... checkForLock requires System
-            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain()));
+            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName());
            if (logger.isDebugEnabled())
                logger.debug("Auditable node " + nodeRef + " updated [modified=" + now + ";modifier=" + modifier + "]");
--- a/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java
+++ b/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java
@@ -70,7 +70,7 @@ public class TenantRoutingFileContentStore extends AbstractRoutingContentStore i
        if (tenantService.isEnabled())
        {
            String currentUser = AuthenticationUtil.getCurrentUserName();
-            if ((currentUser == null) || (currentUser.equals(AuthenticationUtil.getSystemUserName())))
+            if ((currentUser == null) || (tenantService.getBaseNameUser(currentUser).equals(AuthenticationUtil.getSystemUserName())))
            {
                // return enabled stores across all tenants, if running as system/null user, for example, ContentStoreCleaner scheduled job      
                List<ContentStore> allEnabledStores = new ArrayList<ContentStore>();
--- a/source/java/org/alfresco/repo/module/ModuleComponentHelper.java
+++ b/source/java/org/alfresco/repo/module/ModuleComponentHelper.java
@@ -210,10 +210,6 @@ public class ModuleComponentHelper
        /*
         * Ensure transactionality and the correct authentication
         */
        // Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import
        final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain();
    	AuthenticationUtil.runAs(new RunAsWork<Object>()
        {
    		public Object doWork() throws Exception
@@ -229,6 +225,9 @@ public class ModuleComponentHelper
 		            // Process each module in turn.  Ordering is not important.
 		            final Map<String, Set<ModuleComponent>> mapExecutedComponents = new HashMap<String, Set<ModuleComponent>>(1);
 		            final Map<String, Set<String>> mapStartedModules = new HashMap<String, Set<String>>(1);
 		            // Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import
 		            final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain();
 		            mapExecutedComponents.put(tenantDomainCtx, new HashSet<ModuleComponent>(10));
 		            mapStartedModules.put(tenantDomainCtx, new HashSet<String>(2));
@@ -322,7 +321,7 @@ public class ModuleComponentHelper
 		        return null;
            }
-        }, tenantDeployerService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomainCtx));
+        }, AuthenticationUtil.getSystemUserName());
    }
    /**
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
@@ -53,12 +53,22 @@ public abstract class AuthenticationUtil
    }
    public static final String SYSTEM_USER_NAME = "System";
    private static boolean mtEnabled = false;
    private AuthenticationUtil()
    {
        super();
    }
    public static void setMtEnabled(boolean mtEnabled)
    {
    	if (! AuthenticationUtil.mtEnabled)
    	{
    		AuthenticationUtil.mtEnabled = mtEnabled;
    	}
    }
    public static Authentication setCurrentUser(String userName)
    {
        return setCurrentUser(userName, getDefaultUserDetails(userName));
@@ -177,11 +187,18 @@ public abstract class AuthenticationUtil
    public static void logNDC(String userName)
    {
        NDC.remove();
-
+        
-        int idx = userName.indexOf(TenantService.SEPARATOR);
+        if (mtEnabled == true)
-        if ((idx != -1) && (idx < (userName.length()-1)))
+        {
-        {            
+            int idx = userName.indexOf(TenantService.SEPARATOR);
-            NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx));
+            if ((idx != -1) && (idx < (userName.length()-1)))
            {
                NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx));
            }
            else
            {
                NDC.push("User:"+userName);
            }
        }
        else
        {
@@ -278,6 +295,7 @@ public abstract class AuthenticationUtil
    {
        ContextHolder.setContext(null);
        InMemoryTicketComponentImpl.clearCurrentSecurityContext();
        NDC.remove();
    }
    /**
@@ -295,6 +313,18 @@ public abstract class AuthenticationUtil
        R result = null;
        try
        {
            if ((currentUser != null) && (mtEnabled == true))
            {
                int idx = currentUser.indexOf(TenantService.SEPARATOR);
            if ((idx != -1) && (idx < (currentUser.length()-1)))
            {
                    if (uid.equals(AuthenticationUtil.getSystemUserName()))
                    {
                        uid = uid + TenantService.SEPARATOR + currentUser.substring(idx+1);
                    }
                }
            }
            AuthenticationUtil.setCurrentUser(uid);
            result = runAsWork.doWork();
            return result;
--- a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
@@ -228,8 +228,10 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten
    @Override
    protected void onBootstrap(ApplicationEvent event)
    {
-    	checkProperties();
+        checkProperties();
-    	
+        
        AuthenticationUtil.setMtEnabled(true);
        // initialise the tenant admin service and status of tenants (using attribute service)
        // note: this requires that the repository schema has already been initialised