inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM: Added FilePlanAuthenticationService

Browse Source 
* provides methods to allow code to be run as the rm admin user and to retrieve the rm admin user name
  * all unit tests now run as rm admin user by default
  * default bootstrap user name configurable (as well as pwd)



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46751 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2013-02-19 04:09:21 +00:00
parent 23206d29a3
commit 5df0c1e114
13 changed files with 203 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java
View File

@@ -29,6 +29,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecuritySe
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.service.NotAuditable;
@@ -58,6 +59,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
static final QName FILE_PLAN_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanService");
static final QName FILE_PLAN_ROLE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanRoleService");
static final QName FILE_PLAN_PERMISSION_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanPermissionService");
static final QName FILE_PLAN_AUTHENTICATION_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanAuthenticationService");
@Deprecated
static final QName RECORDS_MANAGEMENT_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementSecurityService");
@@ -154,4 +156,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
*/
@NotAuditable
FilePlanPermissionService getFilePlanPermissionService();
/**
* @return file plan authentication service
* @since 2.1
*/
FilePlanAuthenticationService getFilePlanAuthenticationService();
}

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java
View File

@@ -28,6 +28,7 @@ import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
import org.alfresco.repo.service.ServiceDescriptorRegistry;
@@ -166,4 +167,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
{
return (FilePlanPermissionService) getService(FILE_PLAN_PERMISSION_SERVICE);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFilePlanAuthenticationService()
*/
@Override
public FilePlanAuthenticationService getFilePlanAuthenticationService()
{
return (FilePlanAuthenticationService) getService(FILE_PLAN_AUTHENTICATION_SERVICE);
}
}

20
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java
View File

@@ -26,6 +26,8 @@ import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
import org.alfresco.repo.module.AbstractModuleComponent;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
@@ -45,7 +47,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
/** Logger */
private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
private String password = "rmadmin";
private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
private MutableAuthenticationService authenticationService;
@@ -55,6 +57,8 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
private FilePlanRoleService filePlanRoleService;
private FilePlanAuthenticationService filePlanAuthenticationService;
public void setPassword(String password)
{
this.password = password;
@@ -80,6 +84,11 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
this.filePlanRoleService = filePlanRoleService;
}
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
*/
@@ -91,16 +100,17 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
logger.debug("RM Module RMv2RMAdminUserPatch ...");
}
if (authenticationService.authenticationExists(FilePlanRoleService.RM_ADMIN_USER) == false)
String user = filePlanAuthenticationService.getRmAdminUserName();
if (authenticationService.authenticationExists(user) == false)
{
if (logger.isDebugEnabled() == true)
{
logger.debug(" ... creating RM Admin user");
}
authenticationService.createAuthentication(FilePlanRoleService.RM_ADMIN_USER, password.toCharArray());
authenticationService.createAuthentication(user, password.toCharArray());
Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, FilePlanRoleService.RM_ADMIN_USER);
properties.put(ContentModel.PROP_USERNAME, user);
personService.createPerson(properties);
if (logger.isDebugEnabled() == true)
@@ -111,7 +121,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
List<NodeRef> filePlans = recordsManagementService.getFilePlans();
for (NodeRef filePlan : filePlans)
{
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, FilePlanRoleService.RM_ADMIN_USER);
filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user);
}
if (logger.isDebugEnabled() == true)

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java
View File

@@ -31,9 +31,6 @@ import org.alfresco.service.cmr.repository.NodeRef;
*/
public interface FilePlanRoleService
{
/** Default rm admin user */
public static final String RM_ADMIN_USER = "rmadmin";
/** Default role names */
public static final String ROLE_USER = "User";
public static final String ROLE_POWER_USER = "PowerUser";

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
View File

@@ -33,6 +33,7 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
@@ -78,6 +79,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
/** Node service */
private NodeService nodeService;
/** File plan authentication service */
private FilePlanAuthenticationService filePlanAuthenticationService;
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -133,6 +137,14 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
this.filePlanService = filePlanService;
}
/**
* @param filePlanAuthenticationService file plan authentication service
*/
public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
{
this.filePlanAuthenticationService = filePlanAuthenticationService;
}
/**
* Initialisation method
*/
@@ -334,7 +346,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
authorityService.addAuthority(role.getRoleGroupName(), user);
// add the dynamic admin authority
authorityService.addAuthority(role.getRoleGroupName(), FilePlanRoleService.RM_ADMIN_USER);
authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
}
}
}

44
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java Normal file
View File

@@ -0,0 +1,44 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
/**
* File plan authentication service.
*
* @author Roy Wetherall
* @since 2.1
*/
public interface FilePlanAuthenticationService
{
/**
* @return rm admin user name
*/
String getRmAdminUserName();
/**
* Run provided work as the global rm admin user.
*
* @param <R> return type
* @param runAsWork work to execute as the rm admin user
* @return R result of work execution
*/
<R> R runAsRmAdmin(RunAsWork<R> runAsWork);
}

61
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java Normal file
View File

@@ -0,0 +1,61 @@
/*
* Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
/**
* @author Roy Wetherall
* @since 2.1
*/
public class FilePlanAuthenticationServiceImpl implements FilePlanAuthenticationService
{
/** Default rm admin user values */
public static final String DEFAULT_RM_ADMIN_USER = "rmadmin";
public static final String DEFAULT_RM_ADMIN_PWD = "rmadmin";
private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
/**
* @param rmAdminUserName rm admin user name
*/
public void setRmAdminUserName(String rmAdminUserName)
{
this.rmAdminUserName = rmAdminUserName;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminUserName()
*/
@Override
public String getRmAdminUserName()
{
return rmAdminUserName;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
*/
@Override
public <R> R runAsRmAdmin(RunAsWork<R> runAsWork)
{
return AuthenticationUtil.runAs(runAsWork, getRmAdminUserName());
}
}