MT - System "runAs" will run in MT-context

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8277 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-24 17:32:48 +00:00 · 2008-02-14 10:21:12 +00:00
parent d141885e6d
commit 2bde146829
5 changed files with 48 additions and 17 deletions
--- a/source/java/org/alfresco/repo/audit/AuditableAspect.java
+++ b/source/java/org/alfresco/repo/audit/AuditableAspect.java
@@ -167,8 +167,8 @@ public class AuditableAspect
            // Set the updated property values (but do not cascade to update audit behaviour)
            onUpdateAudit.disable();
            
-            // note: special MT case - need to run in context of user's domain ... although checkForLock requires System
-            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain()));
+            // note: in MT case, this will run in System context of user's domain ... checkForLock requires System
+            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName());
        }
        finally
        {
@@ -201,8 +201,8 @@ public class AuditableAspect
            
            // Set the updated property values
            
-            // note: special MT case - need to run in context of user's domain ... although checkForLock requires System
-            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantService.getCurrentUserDomain()));
+            // note: in MT case, this will run in System context of user's domain ... checkForLock requires System
+            AuthenticationUtil.runAs(new SetAuditProperties(nodeService, nodeRef, properties), AuthenticationUtil.getSystemUserName());
            
            if (logger.isDebugEnabled())
                logger.debug("Auditable node " + nodeRef + " updated [modified=" + now + ";modifier=" + modifier + "]");
--- a/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java
+++ b/source/java/org/alfresco/repo/content/TenantRoutingFileContentStore.java
@@ -70,7 +70,7 @@ public class TenantRoutingFileContentStore extends AbstractRoutingContentStore i
        if (tenantService.isEnabled())
        {
            String currentUser = AuthenticationUtil.getCurrentUserName();
-            if ((currentUser == null) || (currentUser.equals(AuthenticationUtil.getSystemUserName())))
+            if ((currentUser == null) || (tenantService.getBaseNameUser(currentUser).equals(AuthenticationUtil.getSystemUserName())))
            {
                // return enabled stores across all tenants, if running as system/null user, for example, ContentStoreCleaner scheduled job      
                List<ContentStore> allEnabledStores = new ArrayList<ContentStore>();
--- a/source/java/org/alfresco/repo/module/ModuleComponentHelper.java
+++ b/source/java/org/alfresco/repo/module/ModuleComponentHelper.java
@@ -210,10 +210,6 @@ public class ModuleComponentHelper
        /*
         * Ensure transactionality and the correct authentication
         */
-        
-        // Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import
-        final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain();
-        
    	AuthenticationUtil.runAs(new RunAsWork<Object>()
        {
    		public Object doWork() throws Exception
@@ -230,6 +226,9 @@ public class ModuleComponentHelper
 		            final Map<String, Set<ModuleComponent>> mapExecutedComponents = new HashMap<String, Set<ModuleComponent>>(1);
 		            final Map<String, Set<String>> mapStartedModules = new HashMap<String, Set<String>>(1);

+		            // Note: for system bootstrap this will be the default domain, else tenant domain for tenant create/import
+		            final String tenantDomainCtx = tenantDeployerService.getCurrentUserDomain();
+		            
 		            mapExecutedComponents.put(tenantDomainCtx, new HashSet<ModuleComponent>(10));
 		            mapStartedModules.put(tenantDomainCtx, new HashSet<String>(2));
 		            
@@ -322,7 +321,7 @@ public class ModuleComponentHelper
 		        
 		        return null;
            }
-        }, tenantDeployerService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomainCtx));
+        }, AuthenticationUtil.getSystemUserName());
    }
    
    /**
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
@@ -54,11 +54,21 @@ public abstract class AuthenticationUtil

    public static final String SYSTEM_USER_NAME = "System";
    
+    private static boolean mtEnabled = false;
+
    private AuthenticationUtil()
    {
        super();
    }

+    public static void setMtEnabled(boolean mtEnabled)
+    {
+    	if (! AuthenticationUtil.mtEnabled)
+    	{
+    		AuthenticationUtil.mtEnabled = mtEnabled;
+    	}
+    }
+    
    public static Authentication setCurrentUser(String userName)
    {
        return setCurrentUser(userName, getDefaultUserDetails(userName));
@@ -178,10 +188,17 @@ public abstract class AuthenticationUtil
    {
        NDC.remove();
        
-        int idx = userName.indexOf(TenantService.SEPARATOR);
-        if ((idx != -1) && (idx < (userName.length()-1)))
+        if (mtEnabled == true)
        {
-            NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx));
+            int idx = userName.indexOf(TenantService.SEPARATOR);
+            if ((idx != -1) && (idx < (userName.length()-1)))
+            {
+                NDC.push("Tenant:"+userName.substring(idx+1)+" User:"+userName.substring(0,idx));
+            }
+            else
+            {
+                NDC.push("User:"+userName);
+            }
        }
        else
        {
@@ -278,6 +295,7 @@ public abstract class AuthenticationUtil
    {
        ContextHolder.setContext(null);
        InMemoryTicketComponentImpl.clearCurrentSecurityContext();
+        NDC.remove();
    }

    /**
@@ -295,6 +313,18 @@ public abstract class AuthenticationUtil
        R result = null;
        try
        {
+            if ((currentUser != null) && (mtEnabled == true))
+            {
+                int idx = currentUser.indexOf(TenantService.SEPARATOR);
+            if ((idx != -1) && (idx < (currentUser.length()-1)))
+            {
+                    if (uid.equals(AuthenticationUtil.getSystemUserName()))
+                    {
+                        uid = uid + TenantService.SEPARATOR + currentUser.substring(idx+1);
+                    }
+                }
+            }
+            
            AuthenticationUtil.setCurrentUser(uid);
            result = runAsWork.doWork();
            return result;
--- a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
@@ -228,7 +228,9 @@ public class MultiTAdminServiceImpl extends AbstractLifecycleBean implements Ten
    @Override
    protected void onBootstrap(ApplicationEvent event)
    {
-    	checkProperties();
+        checkProperties();
+        
+        AuthenticationUtil.setMtEnabled(true);
        
        // initialise the tenant admin service and status of tenants (using attribute service)
        // note: this requires that the repository schema has already been initialised