inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-06-16 17:55:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V1.3 to HEAD (3218:3225)

Browse Source 
svn merge svn://www.alfresco.org:3691/alfresco/BRANCHES/V1.3@3218 svn://www.alfresco.org:3691/alfresco/BRANCHES/V1.3@3225 .


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3408 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley 2006-07-26 11:03:16 +00:00
parent f4e00169ab
commit 4e18df8f63
7 changed files with 127 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/alfresco/public-services-security-context.xml
View File

@ -64,6 +64,9 @@
</property>
<property name="accessCache">
<ref bean="permissionsAccessCache" />
</property>
<property name="policyComponent">
<ref bean="policyComponent" />
</property>
<!-- Dynamic authorites are evaluated in the context of a store/node etc -->
<!-- as opposed to being fixed like user name and groups. -->

4
source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java
View File

@ -91,7 +91,7 @@ public class AlfrescoAuthenticator extends CifsAuthenticator
if ( client.isGuest())
m_authComponent.setGuestUserAsCurrentUser();
else
m_authComponent.setCurrentUser(client.getUserName());
m_authComponent.setCurrentUser(mapUserNameToPerson(client.getUserName()));
// Debug
@ -229,7 +229,7 @@ public class AlfrescoAuthenticator extends CifsAuthenticator
// Set the current user to be authenticated, save the authentication token
client.setAuthenticationToken( m_authComponent.setCurrentUser(client.getUserName()));
client.setAuthenticationToken( m_authComponent.setCurrentUser(mapUserNameToPerson(client.getUserName())));
// Get the users home folder node, if available

46
source/java/org/alfresco/filesys/server/auth/CifsAuthenticator.java
View File

@ -890,4 +890,50 @@ public abstract class CifsAuthenticator
}
}
/**
* Map the case insensitive logon name to the internal person object user name
*
* @param userName String
* @return String
*/
protected final String mapUserNameToPerson(String userName)
{
// Get the home folder for the user
UserTransaction tx = m_transactionService.getUserTransaction();
String personName = null;
try
{
tx.begin();
personName = m_personService.getUserIdentifier( userName);
tx.commit();
}
catch (Throwable ex)
{
try
{
tx.rollback();
}
catch (Throwable ex2)
{
logger.error("Failed to rollback transaction", ex2);
}
// Re-throw the exception
if (ex instanceof RuntimeException)
{
throw (RuntimeException) ex;
}
else
{
throw new RuntimeException("Error during execution of transaction.", ex);
}
}
// Return the person name
return personName;
}
}

12
source/java/org/alfresco/filesys/server/auth/EnterpriseCifsAuthenticator.java
View File

@ -1106,7 +1106,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
// Setup the Acegi authenticated user
m_authComponent.setCurrentUser( krbDetails.getUserName());
m_authComponent.setCurrentUser( mapUserNameToPerson(krbDetails.getUserName()));
// Store the full user name in the client information, indicate that this is not a guest logon
@ -1236,7 +1236,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
// Setup the Acegi authenticated user
m_authComponent.setCurrentUser( userName);
m_authComponent.setCurrentUser( mapUserNameToPerson(userName));
// Store the full user name in the client information, indicate that this is not a guest logon
@ -1368,7 +1368,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
// Setup the Acegi authenticated user
m_authComponent.setCurrentUser( client.getUserName());
m_authComponent.setCurrentUser( mapUserNameToPerson( client.getUserName()));
// Store the full user name in the client information, indicate that this is not a guest logon
@ -1479,7 +1479,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
// Setup the Acegi authenticated user
m_authComponent.setCurrentUser( userName);
m_authComponent.setCurrentUser( mapUserNameToPerson( userName));
// Store the full user name in the client information, indicate that this is not a guest logon
@ -1602,7 +1602,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
// Setup the Acegi authenticated user
m_authComponent.setCurrentUser( client.getUserName());
m_authComponent.setCurrentUser( mapUserNameToPerson( client.getUserName()));
// Store the full user name in the client information, indicate that this is not a guest logon
@ -1765,7 +1765,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
// Setup the Acegi authenticated user
m_authComponent.setCurrentUser( userName);
m_authComponent.setCurrentUser( mapUserNameToPerson( userName));
// Store the full user name in the client information, indicate that this is not a guest logon

40
source/java/org/alfresco/filesys/server/auth/passthru/PassthruAuthenticator.java
View File

@ -125,7 +125,7 @@ public class PassthruAuthenticator extends CifsAuthenticator implements SessionL
{
// Use the existing authentication token
m_authComponent.setCurrentUser(client.getUserName());
m_authComponent.setCurrentUser( mapUserNameToPerson( client.getUserName()));
// Debug
@ -220,40 +220,28 @@ public class PassthruAuthenticator extends CifsAuthenticator implements SessionL
// Map the passthru username to an Alfresco person
String username = client.getUserName();
NodeRef userNode = m_personService.getPerson( username);
String personName = m_personService.getUserIdentifier( username);
if ( userNode != null)
if ( personName != null)
{
// Get the person name and use that as the current user to line up with permission checks
String personName = (String) m_nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
// Use the person name as the current user
m_authComponent.setCurrentUser(personName);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Setting current user using person " + personName + " (username " + username + ")");
// Allow the user full access to the server
authSts = CifsAuthenticator.AUTH_ALLOW;
// Debug
if (logger.isDebugEnabled())
logger.debug("Passthru authenticate user=" + client.getUserName() + ", FULL");
}
else
{
// Set using the user name
m_authComponent.setCurrentUser( username);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Setting current user using username " + username);
}
// Allow the user full access to the server
authSts = CifsAuthenticator.AUTH_ALLOW;
// Debug
if (logger.isDebugEnabled())
logger.debug("Passthru authenticate user=" + client.getUserName() + ", FULL");
}
finally
{

36
source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@ -61,7 +61,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
private DictionaryService dictionaryService;
private SimpleCache<String, ArrayList<NodeRef>> userToAuthorityCache;
private SimpleCache<String, HashSet<String>> userToAuthorityCache;
public AuthorityDAOImpl()
{
@ -90,7 +90,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
this.searchService = searchService;
}
public void setUserToAuthorityCache(SimpleCache<String, ArrayList<NodeRef>> userToAuthorityCache)
public void setUserToAuthorityCache(SimpleCache<String, HashSet<String>> userToAuthorityCache)
{
this.userToAuthorityCache = userToAuthorityCache;
}
@ -127,6 +127,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
}
nodeService.addChild(parentRef, childRef, ContentModel.ASSOC_MEMBER, QName.createQName("usr", childName,
namespacePrefixResolver));
userToAuthorityCache.clear();
}
else
{
@ -165,7 +166,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
throw new UnknownAuthorityException("An authority was not found for " + name);
}
nodeService.deleteNode(nodeRef);
userToAuthorityCache.clear();
}
public Set<String> getAllRootAuthorities(AuthorityType type)
@ -234,15 +235,31 @@ public class AuthorityDAOImpl implements AuthorityDAO
throw new UnknownAuthorityException("An authority was not found for " + childName);
}
nodeService.removeChild(parentRef, childRef);
userToAuthorityCache.clear();
}
}
public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate)
{
HashSet<String> authorities = new HashSet<String>();
findAuthorities(type, name, authorities, true, !immediate);
return authorities;
if (AuthorityType.getAuthorityType(name).equals(AuthorityType.USER) && ! immediate && (type == null))
{
// Cache user to authority look ups
HashSet<String> authorities = userToAuthorityCache.get(name);
if(authorities == null)
{
authorities = new HashSet<String>();
findAuthorities(type, name, authorities, true, !immediate);
userToAuthorityCache.put(name, authorities);
}
return authorities;
}
else
{
HashSet<String> authorities = new HashSet<String>();
findAuthorities(type, name, authorities, true, !immediate);
return authorities;
}
}
private void findAuthorities(AuthorityType type, String name, Set<String> authorities, boolean parents,
@ -276,12 +293,7 @@ public class AuthorityDAOImpl implements AuthorityDAO
private ArrayList<NodeRef> getUserContainers(String name)
{
ArrayList<NodeRef> containers = userToAuthorityCache.get(name);
if (containers == null)
{
containers = findUserContainers(name);
userToAuthorityCache.put(name, containers);
}
ArrayList<NodeRef> containers = findUserContainers(name);
return containers;
}

39
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@ -26,7 +26,10 @@ import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
@ -43,6 +46,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.EqualsHelper;
import org.apache.commons.logging.Log;
@ -102,6 +106,8 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
*/
private List<DynamicAuthority> dynamicAuthorities;
private PolicyComponent policyComponent;
/*
* Standard spring construction.
*/
@ -152,13 +158,24 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
/**
* Set the permissions access cache.
*
* @param accessCache a transactionally safe cache
* @param accessCache
* a transactionally safe cache
*/
public void setAccessCache(SimpleCache<Serializable, AccessStatus> accessCache)
{
this.accessCache = accessCache;
}
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
public void onMoveNode(ChildAssociationRef oldChildAssocRef, ChildAssociationRef newChildAssocRef)
{
accessCache.clear();
}
public void afterPropertiesSet() throws Exception
{
if (dictionaryService == null)
@ -189,6 +206,13 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
{
throw new IllegalArgumentException("Property 'accessCache' has not been set");
}
if (policyComponent == null)
{
throw new IllegalArgumentException("Property 'policyComponent' has not been set");
}
policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onMoveNode"), ContentModel.ASPECT_AUDITABLE, new JavaBehaviour(this, "onMoveNode"));
}
//
@ -372,7 +396,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
Set<String> authorisations = getAuthorisations(auth, nodeRef);
Serializable key = generateKey(
authorisations,
nodeService.getPath(nodeRef),
nodeRef,
perm);
AccessStatus status = accessCache.get(key);
if (status != null)
@ -423,16 +447,17 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
}
/**
* Key for a cache object is built from all the known Authorities (which can change
* dynamically so they must all be used) the NodeRef ID and the permission reference itself.
* This gives a unique key for each permission test.
* Key for a cache object is built from all the known Authorities (which can
* change dynamically so they must all be used) the NodeRef ID and the
* permission reference itself. This gives a unique key for each permission
* test.
*/
static Serializable generateKey(Set<String> auths, Path path, PermissionReference perm)
static Serializable generateKey(Set<String> auths, NodeRef nodeRef, PermissionReference perm)
{
LinkedHashSet<Serializable> key = new LinkedHashSet<Serializable>();
key.add(perm.toString());
key.addAll(auths);
key.add(path);
key.add(nodeRef);
return key;
}