inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.3-BUG-FIX to HEAD

Browse Source 
20954: Calendar Dashlet updates. Fixes: ALF-2907 (meeting workspace issue)
   20968: Minor VersionableAspect fix to onDeleteNode policy firing (follow-on for r19507)
   20981: Removed Install Jammer installers from V3.3.3
   20982: AVMTestSuite - run PurgeTestP after AVMServiceTest (investigating ALF-3611)
   20997: Fix for ALF-2605 - updated share-config-custom.xml.sample and removed obsolete extension files
   21030: Pulled XAMConnector AMP into main 3.3SP3 codeline.  Apart from build changes (incl. EOL), there are no repo changes.
   21032: StoreSelector passes through NodeContentContext allowing stores access to node information
   21036: Fix ALF-245: Can't delete space that contains "translation without content"
      - Delete triggers 'unmakeTranslation'
      - Empty translations are marked with sys:temporary before being deleted
   21051: More on fix ALF-245.  Reduced complexity by not deleting empty translations twice
   21064: Merged V3.3 to V3.3-BUG_FIX
      20898: Merged HEAD to V3.3
         20724: AVMTestSuite - temporarily comment out PurgeTestP
            - TODO: investigate intermittent test failure
      20903: Incremented version revision
      20921: AVM - fix purge store so that vr nodes are actually orphaned (ALF-3627)
      20952: Fix for ALF-3704: Module conflict - Alfresco web client config property page missing metadata. 
         This is application of a fix made to the config service in a hotfix. The change provides a deterministic load order for config files loaded via the ConfigBootstrap spring bean. More importantly it means that config files loaded by modules on different machines in a cluster load in the same order.

         The forms client and AWE config files have been updated to take advantage of the new loading order.
      21061: Merged PATCHES/V3.1.2 to V3.3 (RECORD ONLY)
         20890: ALF-3687: Apply LUCENE-1383 patch to Lucene 2.1.0 to reduce memory leaks from ThreadLocals
         20891: ALF-3687: Build classpath fix
         20892: Incremented version label
      21062: Merged PATCHES/V3.2.1 to V3.3
         20897: (RECORD ONLY) Incremented version label
         20901: (RECORD ONLY) ALF-3740: Merged V3.3 to PATCHES/V3.2.1
            20524: VersionMigrator - option to run as scheduled job (ALF-1000)
         20904: (RECORD ONLY) ALF-3732: Merged PATCHES/V3.2.r to PATCHES/V3.2.1
            19803: ALF-558: File servers (CIFS / FTP / NFS) can now handle concurrent write operations on Alfresco repository
               - ContentDiskDriver / AVMDiskDriver now use retrying transactions for write operations
               - Disable EagerContentStoreCleaner on ContentDiskDriver / AVMDiskDriver closeFile() operations so that they may be retried after rollback (Sony zero byte problem)
               - Allow manual association of AVM ContentData with nodes so that closeFile() may be retried
               - Propagation of new argument through AVM interfaces
         20905: (RECORD ONLY) ALF-3732: Rolled back the now unnecessary reference()/dereference() stuff from ALF-558
         20906: (RECORD ONLY) ALF-3732: Merged DEV/V3.3-BUG-FIX to PATCHES/V3.2.1
            20623: Fix for ALF-3188 : Access Denied when updating doc via CIFS
         20907: (RECORD ONLY) ALF-3732: Merged V3.3 to PATCHES/V3.2.1
            20173: Propagate IOExceptions from retryable write transactions in AlfrescoDiskDriver
         20950: ALF-3779: Upgrades on large repositories from v2.1 and v2.2 were failing on MySQL due to "The total number of locks exceeds the lock table size" errors
            - Solution was to add support for new --BEGIN TXN and --END TXN comments and execute LOCK TABLES statements in the same transaction as large INSERT - SELECT statements.
         20990: ALF-3789: Concurrency issues with InMemoryTicketComponentImpl
            - Previous ETHREEOH-1842 method of caching web session 'ref counts' against tickets could cause tickets to unpredictably fall out of the transactional cache
            - Rolled back original ETHREEOH-1842 fix. Would be too much overhead to keep these ref counts consistent across a cluster.
            - Instead, avoid invalidating tickets on web session timeout and only do it on explicit log out.
            - Now tickets maintained in non-transactional shared cache so they can't drop out unpredictably
            - Logic for ticket inactivity timeout caching improved so that it should work across a cluster
         20991: (RECORD ONLY) Incremented version label
         20993: ALF-3789: Fixed Spring configuration backward compatibily issue with previous fix
            - Ticket cache bean name restored to ticketsCache. This is actually now a non-transactional cache.
            - Also externalized parameters so that they can now be controlled by alfresco-global.properties without any bean overrides
               authentication.ticket.ticketsExpire=false
               authentication.ticket.expiryMode=AFTER_FIXED_TIME
               authentication.ticket.validDuration=PT1H
         20994: Eclipse classpath fixes for unit testing after ant build
         21057: ALF-3592: PassthruCifsAuthenticator now auto-creates / imports users who do not already exist in Alfresco
            - At least one of the following properties must be true for this to happen
               synchronization.autoCreatePeopleOnLogin
               synchronization.syncWhenMissingPeopleLogIn
            - Also improved debug logging of unknown passthru domains
      21063: Merged PATCHES/V3.2.r to V3.3
         21037: ALF-3793: Final attempt at realigning saved XForm data with a modified Schema
            - removeRemovedNodes / insertUpdatedNodes / insertPrototypeNodes replaced by a one stop recursive process that builds a new instance tree from scratch
            - Nodes copied over in correct order
            - Missing nodes added in and extra nodes discarded
            - Prototype nodes appended at appropriate points
         21038: (RECORD ONLY) Incremented version label


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@21065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
2010-07-11 14:22:26 +00:00
parent 596ee7e831
commit 53fc77ff7f
11 changed files with 273 additions and 444 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
source/java/org/alfresco/web/app/Application.java
View File

@@ -28,12 +28,15 @@ import java.util.ResourceBundle;
import javax.faces.context.FacesContext;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.importer.ImporterBootstrap;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.web.app.portlet.AlfrescoFacesPortlet;
import org.alfresco.web.app.servlet.AuthenticationHelper;
import org.alfresco.web.app.servlet.FacesHelper;
@@ -69,6 +72,7 @@ public class Application
public static final String BEAN_CONFIG_SERVICE = "webClientConfigService";
public static final String BEAN_DATA_DICTIONARY = "dataDictionary";
public static final String BEAN_IMPORTER_BOOTSTRAP = "spacesBootstrap";
private static final String BEAN_UNPROTECTED_AUTH_SERVICE = "authenticationService";
public static final String MESSAGE_BUNDLE = "alfresco.messages.webclient";
@@ -289,6 +293,60 @@ public class Application
}
}
/**
* Invalidate Alfresco ticket and Web/Portlet session and clear the Security context for this thread.
* @param context
*/
public static void logOut(FacesContext context)
{
String ticket = null;
if (Application.inPortalServer())
{
ticket = AlfrescoFacesPortlet.onLogOut(context.getExternalContext().getRequest());
}
else
{
SessionUser user = getCurrentUser(context);
if (user != null)
{
ticket = user.getTicket();
}
HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
HttpSession session = request.getSession(false);
if (session != null)
{
session.invalidate();
}
// remove the username cookie value
Cookie authCookie = AuthenticationHelper.getAuthCookie(request);
if (authCookie != null)
{
HttpServletResponse response = (HttpServletResponse) context.getExternalContext().getResponse();
if (response.isCommitted())
{
// It's too late to do it now, but we can ask the login page to do it
request.getSession().setAttribute(AuthenticationHelper.SESSION_INVALIDATED, true);
}
else
{
authCookie.setMaxAge(0);
response.addCookie(authCookie);
}
}
}
// Explicitly invalidate the Alfresco ticket. This no longer happens on session expiry to allow for ticket
// 'sharing'
WebApplicationContext wc = FacesContextUtils.getRequiredWebApplicationContext(context);
AuthenticationService unprotAuthService = (AuthenticationService) wc.getBean(BEAN_UNPROTECTED_AUTH_SERVICE);
if (ticket != null)
{
unprotAuthService.invalidateTicket(ticket);
}
unprotAuthService.clearCurrentSecurityContext();
}
/**
* @return Returns the repository store URL (retrieved from config service)
*/

16
source/java/org/alfresco/web/app/ContextListener.java
View File

@@ -18,8 +18,6 @@
*/
package org.alfresco.web.app;
import java.util.Enumeration;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
@@ -28,7 +26,6 @@ import javax.servlet.http.HttpSessionListener;
import javax.transaction.UserTransaction;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.cache.InternalEhCacheManagerFactoryBean;
import org.alfresco.repo.security.authentication.AuthenticationContext;
import org.alfresco.service.ServiceRegistry;
@@ -36,10 +33,8 @@ import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.web.app.servlet.AuthenticationHelper;
import org.alfresco.web.bean.repository.Repository;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -156,16 +151,5 @@ public class ContextListener implements ServletContextListener, HttpSessionListe
{
if (logger.isDebugEnabled())
logger.debug("HTTP session destroyed: " + event.getSession().getId());
SessionUser user = (SessionUser)event.getSession().getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
if (user != null)
{
// invalidate ticket and clear the Security context for this thread
WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
AuthenticationService authService = (AuthenticationService)ctx.getBean("authenticationService");
authService.invalidateTicket(user.getTicket(), event.getSession().getId());
authService.clearCurrentSecurityContext();
event.getSession().removeAttribute(AuthenticationHelper.AUTHENTICATION_USER);
}
}
}

39
source/java/org/alfresco/web/app/portlet/AlfrescoFacesPortlet.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.web.app.portlet;
import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
@@ -179,7 +180,7 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
WebApplicationContext ctx = (WebApplicationContext)getPortletContext().getAttribute(
WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
AuthenticationService auth = (AuthenticationService)ctx.getBean("AuthenticationService");
auth.validate(user.getTicket(), null);
auth.validate(user.getTicket());
// save last username into portlet preferences, get from LoginBean state
LoginBean loginBean = (LoginBean)request.getPortletSession().getAttribute(AuthenticationHelper.LOGIN_BEAN);
@@ -361,7 +362,7 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
logger.debug("Validating ticket: " + user.getTicket());
// setup the authentication context
auth.validate(user.getTicket(), null);
auth.validate(user.getTicket());
}
// do the normal JSF processing
@@ -580,6 +581,38 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
return FacesHelper.getFacesContext(portletReq, portletRes, portletConfig.getPortletContext());
}
public static String onLogOut(Object req)
{
PortletRequest portletReq = null;
if (req instanceof ServletRequest)
{
portletReq = (PortletRequest) ((ServletRequest) req).getAttribute("javax.portlet.request");
}
else if (req instanceof PortletRequest)
{
portletReq = (PortletRequest) req;
}
if (portletReq == null)
{
return null;
}
// remove all objects from our session by hand
// we do this as invalidating the Portal session would invalidate all other portlets!
PortletSession session = portletReq.getPortletSession();
SessionUser user = (SessionUser) session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER,
PortletSession.APPLICATION_SCOPE);
Enumeration<String> i = session.getAttributeNames();
while (i.hasMoreElements())
{
session.removeAttribute(i.nextElement());
}
session.setAttribute(AuthenticationHelper.SESSION_INVALIDATED, true);
return user == null ? null : user.getTicket();
}
/**
* Handles errors that occur during a render request
*/
@@ -641,7 +674,7 @@ public class AlfrescoFacesPortlet extends MyFacesGenericPortlet
*/
private static User portalGuestAuthenticate(WebApplicationContext ctx, PortletSession session, AuthenticationService auth)
{
User user = AuthenticationHelper.portalGuestAuthenticate(ctx, session.getId(), auth);
User user = AuthenticationHelper.portalGuestAuthenticate(ctx, auth);
if (user != null)
{

26
source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
View File

@@ -204,7 +204,7 @@ public final class AuthenticationHelper
auth.authenticateAsGuest();
// if we get here then Guest access was allowed and successful
setUser(sc, req, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(session.getId()), false);
setUser(sc, req, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(), false);
// Set up the thread context
setupThread(sc, req, res);
@@ -223,8 +223,7 @@ public final class AuthenticationHelper
{
// Guest is unable to access either properties on Person
AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
String sessionId = session.getId();
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
logger.warn("Unable to login as Guest: " + accessError.getMessage());
}
@@ -232,8 +231,7 @@ public final class AuthenticationHelper
{
// Some other kind of serious failure to report
AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
String sessionId = session.getId();
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
}
@@ -288,7 +286,7 @@ public final class AuthenticationHelper
}
// Validate the ticket and associate it with the session
auth.validate(ticket, session.getId());
auth.validate(ticket);
// Cache a new user in the session if required
if (user == null)
@@ -309,8 +307,7 @@ public final class AuthenticationHelper
{
// Some other kind of serious failure
AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
String sessionId = session.getId();
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
return AuthenticationStatus.Failure;
}
@@ -414,13 +411,13 @@ public final class AuthenticationHelper
* @param auth
* AuthenticationService
*/
public static User portalGuestAuthenticate(WebApplicationContext ctx, String sessionId, AuthenticationService auth)
public static User portalGuestAuthenticate(WebApplicationContext ctx, AuthenticationService auth)
{
try
{
auth.authenticateAsGuest();
return createUser(ctx, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(sessionId));
return createUser(ctx, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket());
}
catch (AuthenticationException guestError)
{
@@ -430,7 +427,7 @@ public final class AuthenticationHelper
{
// Guest is unable to access either properties on Person
AuthenticationService unprotAuthService = (AuthenticationService) ctx.getBean(UNPROTECTED_AUTH_SERVICE);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
logger.warn("Unable to login as Guest: " + accessError.getMessage());
}
@@ -438,7 +435,7 @@ public final class AuthenticationHelper
{
// Some other kind of serious failure to report
AuthenticationService unprotAuthService = (AuthenticationService) ctx.getBean(UNPROTECTED_AUTH_SERVICE);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket(sessionId), sessionId);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
}
@@ -481,7 +478,7 @@ public final class AuthenticationHelper
AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
try
{
auth.validate(sessionUser.getTicket(), session.getId());
auth.validate(sessionUser.getTicket());
if (sessionUser instanceof User)
{
user = (User)sessionUser;
@@ -523,8 +520,7 @@ public final class AuthenticationHelper
.getBean(AUTHENTICATION_COMPONENT);
authenticationComponent.setCurrentUser(userId);
AuthenticationService authenticationService = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
session = httpRequest.getSession();
user = setUser(sc, httpRequest, userId, authenticationService.getCurrentTicket(session.getId()), true);
user = setUser(sc, httpRequest, userId, authenticationService.getCurrentTicket(), true);
}
}
return user;

3
source/java/org/alfresco/web/app/servlet/ExternalAccessServlet.java
View File

@@ -327,7 +327,8 @@ public class ExternalAccessServlet extends BaseServlet
else if (OUTCOME_LOGOUT.equals(outcome))
{
// special case for logout
req.getSession().invalidate();
// invalidate ticket and clear the Security context for this thread
Application.logOut(fc);
res.sendRedirect(req.getContextPath() + FACES_SERVLET + Application.getLoginPage(getServletContext()));
return;
}

3
source/java/org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.java
View File

@@ -230,8 +230,7 @@ public class HTTPRequestAuthenticationFilter implements Filter
authComponent.setCurrentUser(userName);
// Set up the user information
AuthenticationHelper.setUser(context, req, userName, authenticationService.getCurrentTicket(req.getSession()
.getId()), true);
AuthenticationHelper.setUser(context, req, userName, authenticationService.getCurrentTicket(), true);
// Set the locale using the session
AuthenticationHelper.setupThread(this.context, req, res);