inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.0 to HEAD

Browse Source 
12145: Merged V2.2 to V3.0 (AuthenticationUtil)
    12109: AuthenticationUtil and AuthenticationComponent refactor
  12152: Removed Lucene usage from lookup of 'sites' root folder
  12153: Fix InviteServiceTest by cleaning up leaking authentications
  12159: Fix for broken usage pattern of the Threadlocal values in recent AuthenticationUtil refactor.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12508 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2008-12-19 12:15:59 +00:00
parent 4fe9a4f345
commit 3ab0ccf0df
14 changed files with 53 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
View File

@@ -183,7 +183,7 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
private void addRepoParameters(Map<String, Object> params)
{
if (AlfrescoTransactionSupport.getTransactionId() != null &&
AuthenticationUtil.getCurrentAuthentication() != null)
AuthenticationUtil.getFullAuthentication() != null)
{
NodeRef rootHome = repository.getRootHome();
if (rootHome != null)
@@ -239,10 +239,11 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
try
{
AuthenticationUtil.pushAuthentication();
//
// Determine if user already authenticated
//
currentUser = AuthenticationUtil.getCurrentUserName();
currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
if (logger.isDebugEnabled())
{
logger.debug("Current authentication: " + (currentUser == null ? "unauthenticated" : "authenticated as " + currentUser));
@@ -255,7 +256,7 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
//
if (auth == null || auth.authenticate(required, isGuest))
{
if (required == RequiredAuthentication.admin && !(authorityService.hasAdminAuthority() || AuthenticationUtil.getCurrentUserName().equals(AuthenticationUtil.getSystemUserName())))
if (required == RequiredAuthentication.admin && !(authorityService.hasAdminAuthority() || AuthenticationUtil.getFullyAuthenticatedUser().equals(AuthenticationUtil.getSystemUserName())))
{
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires admin authentication; however, a non-admin has attempted access.");
}
@@ -269,14 +270,13 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
//
// Reset authentication for current thread
//
AuthenticationUtil.clearCurrentSecurityContext();
if (currentUser != null)
{
AuthenticationUtil.setCurrentUser(currentUser);
}
AuthenticationUtil.popAuthentication();
if (logger.isDebugEnabled())
logger.debug("Authentication reset: " + (currentUser == null ? "unauthenticated" : "authenticated as " + currentUser));
{
String user = AuthenticationUtil.getFullyAuthenticatedUser();
logger.debug("Authentication reset: " + (user == null ? "unauthenticated" : "authenticated as " + user));
}
}
}
}

2
source/java/org/alfresco/repo/web/scripts/TestWebScriptRepoServer.java
View File

@@ -74,7 +74,7 @@ public class TestWebScriptRepoServer extends TestWebScriptServer
try
{
TestWebScriptServer testServer = getTestServer();
AuthenticationUtil.setSystemUserAsCurrentUser();
AuthenticationUtil.setRunAsUserSystem();
testServer.rep();
}
catch(Throwable e)

2
source/java/org/alfresco/repo/web/scripts/activities/feed/SiteFeedRetrieverWebScript.java
View File

@@ -103,7 +103,7 @@ public class SiteFeedRetrieverWebScript extends DeclarativeWebScript
SiteInfo siteInfo = siteService.getSite(siteId);
if (siteInfo == null)
{
String currentUser = AuthenticationUtil.getCurrentUserName();
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
status.setCode(Status.STATUS_UNAUTHORIZED);
logger.warn("Unable to get site feed entries for '" + siteId + "' (site does not exist or is private) - currently logged in as '" + currentUser +"'");

5
source/java/org/alfresco/repo/web/scripts/activities/feed/UserFeedRetrieverWebScript.java
View File

@@ -30,7 +30,6 @@ import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.service.cmr.security.AuthorityService;
@@ -95,10 +94,10 @@ public class UserFeedRetrieverWebScript extends DeclarativeWebScript
if ((feedUserId == null) || (feedUserId.length() == 0))
{
feedUserId = AuthenticationUtil.getCurrentUserName();
feedUserId = AuthenticationUtil.getFullyAuthenticatedUser();
}
String currentUser = AuthenticationUtil.getCurrentUserName();
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
if (! ((currentUser == null) ||
(currentUser.equals(AuthenticationUtil.getSystemUserName())) ||
(authorityService.isAdminAuthority(currentUser)) ||

2
source/java/org/alfresco/repo/web/scripts/bean/LoginTicket.java
View File

@@ -79,7 +79,7 @@ public class LoginTicket extends DeclarativeWebScript
String ticketUser = ticketComponent.validateTicket(ticket);
// do not go any further if tickets are different
if (!AuthenticationUtil.getCurrentUserName().equals(ticketUser))
if (!AuthenticationUtil.getFullyAuthenticatedUser().equals(ticketUser))
{
status.setRedirect(true);
status.setCode(HttpServletResponse.SC_NOT_FOUND);

2
source/java/org/alfresco/repo/web/scripts/bean/LoginTicketDelete.java
View File

@@ -89,7 +89,7 @@ public class LoginTicketDelete extends DeclarativeWebScript
String ticketUser = ticketComponent.validateTicket(ticket);
// do not go any further if tickets are different
if (!AuthenticationUtil.getCurrentUserName().equals(ticketUser))
if (!AuthenticationUtil.getFullyAuthenticatedUser().equals(ticketUser))
{
status.setCode(HttpServletResponse.SC_NOT_FOUND);
status.setMessage("Ticket not found");

2
source/java/org/alfresco/repo/web/scripts/facebook/FacebookAuthenticatorFactory.java
View File

@@ -142,7 +142,7 @@ public class FacebookAuthenticatorFactory implements ServletAuthenticatorFactory
logger.debug("Facebook session established; authenticating as user " + user);
// session has been established, authenticate as Facebook user id
AuthenticationUtil.setCurrentUser(user);
AuthenticationUtil.setFullyAuthenticatedUser(user);
return true;
}
}

2
source/java/org/alfresco/repo/web/scripts/invite/CancelInviteAction.java
View File

@@ -82,7 +82,7 @@ public class CancelInviteAction extends JBPMSpringActionHandler
// throw http status 'forbidden' Web Script Exception if current user is not a Site Manager of the site
// associated with the invite (identified by inviteID)
String currentUserName = AuthenticationUtil.getCurrentUserName();
String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
String currentUserSiteRole = this.siteService.getMembersRole(siteShortName, currentUserName);
if ((currentUserSiteRole == null) || (currentUserSiteRole.equals(SiteModel.SITE_MANAGER) == false))
{

2
source/java/org/alfresco/repo/web/scripts/invite/InviteByTicket.java
View File

@@ -91,7 +91,7 @@ public class InviteByTicket extends DeclarativeWebScript
String inviteTicket = req.getServiceMatch().getTemplateVars().get("inviteTicket");
// authenticate as system for the rest of the webscript
AuthenticationUtil.setSystemUserAsCurrentUser();
AuthenticationUtil.setRunAsUserSystem();
// find the workflow for the given id
WorkflowTask workflowTask = InviteHelper.findInviteStartTask(inviteId, workflowService);

24
source/java/org/alfresco/repo/web/scripts/invite/InviteServiceTest.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
* Copyright (C) 2005-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -112,6 +112,12 @@ public class InviteServiceTest extends BaseWebScriptTest
protected void setUp() throws Exception
{
super.setUp();
/**
* We don't want to be authenticated as 'system' but run as 'InviterUser', because then
* 'system' will be the creator for the sites and 'inviterUser' will be a nobody.
*/
AuthenticationUtil.clearCurrentSecurityContext();
// get references to services
this.authorityService = (AuthorityService) getServer().getApplicationContext().getBean("AuthorityService");
@@ -140,7 +146,7 @@ public class InviteServiceTest extends BaseWebScriptTest
// Create new invitee email address list
this.inviteeEmailAddrs = new ArrayList<String>();
//
// various setup operations which need to be run as system user
//
@@ -158,6 +164,16 @@ public class InviteServiceTest extends BaseWebScriptTest
}
}, AuthenticationUtil.getSystemUserName());
// The creation of sites is heavily dependent on the authenticated user. We must ensure that,
// when doing the runAs below, the user both 'runAs' and 'fullyAuthenticated'. In order for
// this to be the case, the security context MUST BE EMPTY now. We could do the old
// "defensive clear", but really there should not be any lurking authentications on this thread
// after the context starts up. If there are, that is a bug, and we fail explicitly here.
String residuallyAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
assertNull(
"Residual authentication on context-initiating thread (this thread):" + residuallyAuthenticatedUser,
residuallyAuthenticatedUser);
//
// various setup operations which need to be run as inviter user
//
@@ -704,7 +720,7 @@ public class InviteServiceTest extends BaseWebScriptTest
public void testStartInviteForbiddenWhenInviterNotSiteManager() throws Exception
{
// inviter2 starts invite workflow, but he/she is not the site manager of the given site
AuthenticationUtil.setCurrentUser(USER_INVITER_2);
AuthenticationUtil.setFullyAuthenticatedUser(USER_INVITER_2);
startInvite(INVITEE_FIRSTNAME,
INVITEE_LASTNAME, INVITEE_SITE_ROLE, SITE_SHORT_NAME_INVITE_3, Status.STATUS_FORBIDDEN);
}
@@ -720,7 +736,7 @@ public class InviteServiceTest extends BaseWebScriptTest
// when inviter 2 (who is not Site Manager of the given site) tries to cancel invite
// http status FORBIDDEN must be returned
AuthenticationUtil.setCurrentUser(USER_INVITER_2);
AuthenticationUtil.setFullyAuthenticatedUser(USER_INVITER_2);
cancelInvite(inviteId, Status.STATUS_FORBIDDEN);
}

2
source/java/org/alfresco/repo/web/scripts/person/PersonPut.java
View File

@@ -93,7 +93,7 @@ public class PersonPut extends DeclarativeWebScript
catch (AccessDeniedException err)
{
// catch security exception if the user does not have permissions
String currentUserName = AuthenticationUtil.getCurrentUserName();
String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
String personUserName = (String)nodeService.getProperty(person, ContentModel.PROP_USERNAME);
throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Current user: "
+ currentUserName + " does not have the appropriate permissons to update "

4
source/java/org/alfresco/repo/web/scripts/portlet/JSR168PortletAuthenticatorFactory.java
View File

@@ -127,7 +127,7 @@ public class JSR168PortletAuthenticatorFactory implements PortletAuthenticatorFa
logger.debug("Authenticating as Guest");
// authenticate as guest
AuthenticationUtil.setCurrentUser(AuthenticationUtil.getGuestUserName());
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getGuestUserName());
}
else
{
@@ -144,7 +144,7 @@ public class JSR168PortletAuthenticatorFactory implements PortletAuthenticatorFa
{
throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "User " + portalUser + " is not a known Alfresco user");
}
AuthenticationUtil.setCurrentUser(portalUser);
AuthenticationUtil.setFullyAuthenticatedUser(portalUser);
}
catch (Throwable err)
{