diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
index 1c7d41af91..34c19ce0b6 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
@@ -23,5 +23,6 @@ audit.rm.enabled=true
#
cache.writersSharedCache.maxItems=10000
-# Global RM admin default pwd
-rm.rmadmin.pwd=rmadmin
\ No newline at end of file
+# Global RM admin default bootstrap details
+bootstrap.rmadmin.name=rmadmin
+bootstrap.rmadmin.pwd=rmadmin
\ No newline at end of file
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml
index e76c17d6c4..0b8b340d7a 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml
@@ -89,7 +89,8 @@
-
+
+
\ No newline at end of file
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
index 1381d6c39e..6dc4a7e278 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -84,8 +84,8 @@
+
@@ -1141,6 +1142,41 @@
+
+
+
+
+
+
+
+
+
+ org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
index 85c7fc058b..5e6c979bf1 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
@@ -29,6 +29,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecuritySe
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.service.NotAuditable;
@@ -58,6 +59,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
static final QName FILE_PLAN_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanService");
static final QName FILE_PLAN_ROLE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanRoleService");
static final QName FILE_PLAN_PERMISSION_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanPermissionService");
+ static final QName FILE_PLAN_AUTHENTICATION_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanAuthenticationService");
@Deprecated
static final QName RECORDS_MANAGEMENT_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementSecurityService");
@@ -154,4 +156,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
*/
@NotAuditable
FilePlanPermissionService getFilePlanPermissionService();
+
+ /**
+ * @return file plan authentication service
+ * @since 2.1
+ */
+ FilePlanAuthenticationService getFilePlanAuthenticationService();
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
index d920d250c5..b6476de81e 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
@@ -28,6 +28,7 @@ import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.repo.service.ServiceDescriptorRegistry;
@@ -166,4 +167,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
{
return (FilePlanPermissionService) getService(FILE_PLAN_PERMISSION_SERVICE);
}
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFilePlanAuthenticationService()
+ */
+ @Override
+ public FilePlanAuthenticationService getFilePlanAuthenticationService()
+ {
+ return (FilePlanAuthenticationService) getService(FILE_PLAN_AUTHENTICATION_SERVICE);
+ }
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java
index 30fb517c94..a333c8cffc 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java
@@ -26,6 +26,8 @@ import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
import org.alfresco.repo.module.AbstractModuleComponent;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
@@ -45,7 +47,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
/** Logger */
private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
- private String password = "rmadmin";
+ private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
private MutableAuthenticationService authenticationService;
@@ -55,6 +57,8 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
private FilePlanRoleService filePlanRoleService;
+ private FilePlanAuthenticationService filePlanAuthenticationService;
+
public void setPassword(String password)
{
this.password = password;
@@ -80,6 +84,11 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
this.filePlanRoleService = filePlanRoleService;
}
+ public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
+ {
+ this.filePlanAuthenticationService = filePlanAuthenticationService;
+ }
+
/**
* @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
*/
@@ -91,16 +100,17 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
logger.debug("RM Module RMv2RMAdminUserPatch ...");
}
- if (authenticationService.authenticationExists(FilePlanRoleService.RM_ADMIN_USER) == false)
+ String user = filePlanAuthenticationService.getRmAdminUserName();
+ if (authenticationService.authenticationExists(user) == false)
{
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... creating RM Admin user");
}
- authenticationService.createAuthentication(FilePlanRoleService.RM_ADMIN_USER, password.toCharArray());
+ authenticationService.createAuthentication(user, password.toCharArray());
Map properties = new HashMap();
- properties.put(ContentModel.PROP_USERNAME, FilePlanRoleService.RM_ADMIN_USER);
+ properties.put(ContentModel.PROP_USERNAME, user);
personService.createPerson(properties);
if (logger.isDebugEnabled() == true)
@@ -111,7 +121,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
List filePlans = recordsManagementService.getFilePlans();
for (NodeRef filePlan : filePlans)
{
- filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, FilePlanRoleService.RM_ADMIN_USER);
+ filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user);
}
if (logger.isDebugEnabled() == true)
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
index 5649abc597..afb260d62a 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
@@ -31,9 +31,6 @@ import org.alfresco.service.cmr.repository.NodeRef;
*/
public interface FilePlanRoleService
{
- /** Default rm admin user */
- public static final String RM_ADMIN_USER = "rmadmin";
-
/** Default role names */
public static final String ROLE_USER = "User";
public static final String ROLE_POWER_USER = "PowerUser";
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
index ad07d9a4af..d4fa48190c 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
@@ -33,6 +33,7 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
@@ -78,6 +79,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Node service */
private NodeService nodeService;
+
+ /** File plan authentication service */
+ private FilePlanAuthenticationService filePlanAuthenticationService;
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -133,6 +137,14 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
this.filePlanService = filePlanService;
}
+ /**
+ * @param filePlanAuthenticationService file plan authentication service
+ */
+ public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
+ {
+ this.filePlanAuthenticationService = filePlanAuthenticationService;
+ }
+
/**
* Initialisation method
*/
@@ -334,7 +346,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
authorityService.addAuthority(role.getRoleGroupName(), user);
// add the dynamic admin authority
- authorityService.addAuthority(role.getRoleGroupName(), FilePlanRoleService.RM_ADMIN_USER);
+ authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
}
}
}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java
new file mode 100644
index 0000000000..6158697e04
--- /dev/null
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005-2012 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.security;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+
+/**
+ * File plan authentication service.
+ *
+ * @author Roy Wetherall
+ * @since 2.1
+ */
+public interface FilePlanAuthenticationService
+{
+ /**
+ * @return rm admin user name
+ */
+ String getRmAdminUserName();
+
+ /**
+ * Run provided work as the global rm admin user.
+ *
+ * @param return type
+ * @param runAsWork work to execute as the rm admin user
+ * @return R result of work execution
+ */
+ R runAsRmAdmin(RunAsWork runAsWork);
+}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
new file mode 100644
index 0000000000..474b1b6280
--- /dev/null
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.security;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+
+/**
+ * @author Roy Wetherall
+ * @since 2.1
+ */
+public class FilePlanAuthenticationServiceImpl implements FilePlanAuthenticationService
+{
+ /** Default rm admin user values */
+ public static final String DEFAULT_RM_ADMIN_USER = "rmadmin";
+ public static final String DEFAULT_RM_ADMIN_PWD = "rmadmin";
+
+ private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
+
+ /**
+ * @param rmAdminUserName rm admin user name
+ */
+ public void setRmAdminUserName(String rmAdminUserName)
+ {
+ this.rmAdminUserName = rmAdminUserName;
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminUserName()
+ */
+ @Override
+ public String getRmAdminUserName()
+ {
+ return rmAdminUserName;
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
+ */
+ @Override
+ public R runAsRmAdmin(RunAsWork runAsWork)
+ {
+ return AuthenticationUtil.runAs(runAsWork, getRmAdminUserName());
+ }
+}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
index 1c99a85a78..5ceecf10df 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java
@@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.test.service.CapabilityService
import org.alfresco.module.org_alfresco_module_rm.test.service.DataSetServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.DispositionServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedSecurityServiceImplTest;
+import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanRoleServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.FreezeServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.ModelSecurityServiceImplTest;
import org.alfresco.module.org_alfresco_module_rm.test.service.RecordServiceImplTest;
@@ -65,6 +66,7 @@ public class ServicesTestSuite extends TestSuite
suite.addTestSuite(FreezeServiceImplTest.class);
suite.addTestSuite(RecordServiceImplTest.class);
suite.addTestSuite(CapabilityServiceImplTest.class);
+ suite.addTestSuite(FilePlanRoleServiceImplTest.class);
return suite;
}
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
index 10dd0ad686..bd4b1895a8 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
@@ -29,6 +29,7 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.action.ActionService;
import org.alfresco.service.cmr.repository.ContentWriter;
@@ -491,7 +492,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
assertNotNull(nodeService.getProperty(record, PROP_DATE_FILED));
}
- });
+ }, AuthenticationUtil.getSystemUserName());
}
private void checkPermissions(String permission, AccessStatus filePlanExpected,
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
index 37fc55d70d..049541d91f 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
@@ -39,6 +39,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.behaviour.RmSiteType;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService;
import org.alfresco.repo.policy.PolicyComponent;
@@ -132,6 +133,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
protected FreezeService freezeService;
protected RecordService recordService;
protected FilePlanService filePlanService;
+ protected FilePlanAuthenticationService filePlanAuthenticationService;
/** test data */
protected StoreRef storeRef;
@@ -350,6 +352,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
freezeService = (FreezeService) applicationContext.getBean("FreezeService");
recordService = (RecordService) applicationContext.getBean("RecordService");
filePlanService = (FilePlanService) applicationContext.getBean("FilePlanService");
+ filePlanAuthenticationService = (FilePlanAuthenticationService) applicationContext.getBean("FilePlanAuthenticationService");
}
/**
@@ -668,13 +671,13 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
@Override
protected A doTestInTransaction(Test test)
{
- return super.doTestInTransaction(test, FilePlanRoleService.RM_ADMIN_USER);
+ return super.doTestInTransaction(test, filePlanAuthenticationService.getRmAdminUserName());
}
@Override
protected void doTestInTransaction(FailureTest test)
{
- super.doTestInTransaction(test, FilePlanRoleService.RM_ADMIN_USER);
+ super.doTestInTransaction(test, filePlanAuthenticationService.getRmAdminUserName());
}
/**