RM: Added FilePlanAuthenticationService

* provides methods to allow code to be run as the rm admin user and to retrieve the rm admin user name
  * all unit tests now run as rm admin user by default
  * default bootstrap user name configurable (as well as pwd)



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46751 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties

@@ -23,5 +23,6 @@ audit.rm.enabled=true
 #
 cache.writersSharedCache.maxItems=10000
 
-# Global RM admin default pwd
+# Global RM admin default bootstrap details
-rm.rmadmin.pwd=rmadmin
+bootstrap.rmadmin.name=rmadmin
+bootstrap.rmadmin.pwd=rmadmin

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-patch-context.xml

@@ -89,7 +89,8 @@
        <property name="filePlanRoleService" ref="FilePlanRoleService"/>
        <property name="authenticationService" ref="AuthenticationService" />
        <property name="personService" ref="PersonService" />
-       <property name="password" value="${rm.rmadmin.pwd}" />
+       <property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
+       <property name="password" value="${bootstrap.rmadmin.pwd}" />
    </bean>
 
 </beans>

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml

@@ -84,8 +84,8 @@
         <property name="objectDefinitionSource">
             <value>
                 <![CDATA[
-                org.alfresco.module.org_alfresco_module_rm.RecordsManagementService.isFilePlanComponent=RM.Read.0
+                org.alfresco.module.org_alfresco_module_rm.RecordsManagementService.isFilePlanComponent=RM_ALLOW
-                org.alfresco.module.org_alfresco_module_rm.RecordsManagementService.getFilePlanComponentKind=ACL_NODE.0.sys:base.ReadProperties, RM.Read.0
+                org.alfresco.module.org_alfresco_module_rm.RecordsManagementService.getFilePlanComponentKind=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.RecordsManagementService.getFilePlanComponentKindFromType=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.RecordsManagementService.isRecordsManagementContainer=RM.Read.0
                 org.alfresco.module.org_alfresco_module_rm.RecordsManagementService.isFilePlan=RM.Read.0
@@ -545,6 +545,7 @@
         <property name="nodeService" ref="NodeService"/>
         <property name="policyComponent" ref="policyComponent"/>
         <property name="filePlanService" ref="FilePlanService" />
+        <property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
     </bean>
 
     <bean id="FilePlanRoleService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -1141,6 +1142,41 @@
             </value>
         </property>
     </bean>
+    
+    <!--  File Plan Authentication Service -->
+    
+    <bean id="filePlanAuthenticationService"
+          class="org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl">
+     	<property name="rmAdminUserName" value="${bootstrap.rmadmin.name}" />
+    </bean>
+
+    <bean id="FilePlanAuthenticationService" class="org.springframework.aop.framework.ProxyFactoryBean">
+        <property name="proxyInterfaces">
+            <value>org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService</value>
+        </property>
+        <property name="target">
+            <ref bean="filePlanAuthenticationService"/>
+        </property>
+        <property name="interceptorNames">
+            <list>
+                <idref local="FilePlanAuthenticationService_transaction"/>
+                <idref bean="exceptionTranslator"/>
+                <idref local="FilePlanAuthenticationService_security"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="FilePlanAuthenticationService_transaction" parent="baseTransaction"/>
+
+    <bean id="FilePlanAuthenticationService_security" parent="baseSecurity">
+        <property name="objectDefinitionSource">
+            <value>
+                <![CDATA[
+    			org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService.*=RM_ALLOW
+                ]]>
+            </value>
+        </property>
+    </bean>
 
     <!--  Custom EMail Mapping Service -->
 

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistry.java

@@ -29,6 +29,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecuritySe
 import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
 import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
 import org.alfresco.service.NotAuditable;
@@ -58,6 +59,7 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
     static final QName FILE_PLAN_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanService");
     static final QName FILE_PLAN_ROLE_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanRoleService");
     static final QName FILE_PLAN_PERMISSION_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanPermissionService");
+    static final QName FILE_PLAN_AUTHENTICATION_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "FilePlanAuthenticationService");
     @Deprecated
     static final QName RECORDS_MANAGEMENT_SECURITY_SERVICE = QName.createQName(NamespaceService.ALFRESCO_URI, "RecordsManagementSecurityService");
     
@@ -154,4 +156,10 @@ public interface RecordsManagementServiceRegistry extends ServiceRegistry
      */
     @NotAuditable
     FilePlanPermissionService getFilePlanPermissionService();
+    
+    /**
+     * @return file plan authentication service
+     * @since 2.1
+     */
+    FilePlanAuthenticationService getFilePlanAuthenticationService();
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/RecordsManagementServiceRegistryImpl.java

@@ -28,6 +28,7 @@ import org.alfresco.module.org_alfresco_module_rm.freeze.FreezeService;
 import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
 import org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService;
 import org.alfresco.repo.service.ServiceDescriptorRegistry;
@@ -166,4 +167,13 @@ public class RecordsManagementServiceRegistryImpl extends ServiceDescriptorRegis
     {
         return (FilePlanPermissionService) getService(FILE_PLAN_PERMISSION_SERVICE);
     }
+    
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.RecordsManagementServiceRegistry#getFilePlanAuthenticationService()
+     */
+    @Override
+    public FilePlanAuthenticationService getFilePlanAuthenticationService()
+    {
+        return (FilePlanAuthenticationService) getService(FILE_PLAN_AUTHENTICATION_SERVICE);
+    }
 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/patch/RMv2RMAdminUserPatch.java

@@ -26,6 +26,8 @@ import java.util.Map;
 import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
 import org.alfresco.repo.module.AbstractModuleComponent;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.MutableAuthenticationService;
@@ -45,7 +47,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
     /** Logger */
     private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
 
-    private String password = "rmadmin";
+    private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
     
     private MutableAuthenticationService authenticationService;
     
@@ -55,6 +57,8 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
     
     private FilePlanRoleService filePlanRoleService;
     
+    private FilePlanAuthenticationService filePlanAuthenticationService;
+    
     public void setPassword(String password)
     {
         this.password = password;
@@ -80,6 +84,11 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
         this.filePlanRoleService = filePlanRoleService;
     }
     
+    public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
+    {
+        this.filePlanAuthenticationService = filePlanAuthenticationService;
+    }
+    
     /**
      * @see org.alfresco.repo.module.AbstractModuleComponent#executeInternal()
      */
@@ -91,16 +100,17 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
             logger.debug("RM Module RMv2RMAdminUserPatch ...");
         }                
         
-        if (authenticationService.authenticationExists(FilePlanRoleService.RM_ADMIN_USER) == false)
+        String user = filePlanAuthenticationService.getRmAdminUserName();
+        if (authenticationService.authenticationExists(user) == false)
         {
             if (logger.isDebugEnabled() == true)
             {
                 logger.debug("   ... creating RM Admin user");
             }
             
-            authenticationService.createAuthentication(FilePlanRoleService.RM_ADMIN_USER, password.toCharArray());
+            authenticationService.createAuthentication(user, password.toCharArray());
             Map<QName, Serializable> properties = new HashMap<QName, Serializable>();
-            properties.put(ContentModel.PROP_USERNAME, FilePlanRoleService.RM_ADMIN_USER);
+            properties.put(ContentModel.PROP_USERNAME, user);
             personService.createPerson(properties);
             
             if (logger.isDebugEnabled() == true)
@@ -111,7 +121,7 @@ public class RMv2RMAdminUserPatch extends AbstractModuleComponent implements Bea
             List<NodeRef> filePlans = recordsManagementService.getFilePlans();
             for (NodeRef filePlan : filePlans)
             {
-                filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, FilePlanRoleService.RM_ADMIN_USER);
+                filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_ADMIN, user);
             }
             
             if (logger.isDebugEnabled() == true)

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleService.java

@@ -31,9 +31,6 @@ import org.alfresco.service.cmr.repository.NodeRef;
  */
 public interface FilePlanRoleService
 {
-    /** Default rm admin user */
-    public static final String RM_ADMIN_USER            = "rmadmin";
-    
     /** Default role names */
     public static final String ROLE_USER                = "User";
     public static final String ROLE_POWER_USER          = "PowerUser";

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java

@@ -33,6 +33,7 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.JavaBehaviour;
 import org.alfresco.repo.policy.PolicyComponent;
@@ -78,6 +79,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
 
     /** Node service */
     private NodeService nodeService;
+    
+    /** File plan authentication service */
+    private FilePlanAuthenticationService filePlanAuthenticationService;
 
     /** Records management role zone */
     public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -133,6 +137,14 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
         this.filePlanService = filePlanService;
     }
     
+    /**
+     * @param filePlanAuthenticationService file plan authentication service
+     */
+    public void setFilePlanAuthenticationService(FilePlanAuthenticationService filePlanAuthenticationService)
+    {
+        this.filePlanAuthenticationService = filePlanAuthenticationService;
+    }
+    
     /**
      * Initialisation method
      */
@@ -334,7 +346,7 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
                             authorityService.addAuthority(role.getRoleGroupName(), user);
                             
                             // add the dynamic admin authority
-                            authorityService.addAuthority(role.getRoleGroupName(), FilePlanRoleService.RM_ADMIN_USER);
+                            authorityService.addAuthority(role.getRoleGroupName(), filePlanAuthenticationService.getRmAdminUserName());
                         }
                     }
                 }

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationService.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005-2012 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.security;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+
+/**
+ * File plan authentication service.
+ * 
+ * @author Roy Wetherall
+ * @since 2.1
+ */
+public interface FilePlanAuthenticationService
+{
+    /**
+     * @return  rm admin user name
+     */
+    String getRmAdminUserName();
+    
+    /**
+     * Run provided work as the global rm admin user.
+     * 
+     * @param <R>       return type
+     * @param runAsWork work to execute as the rm admin user
+     * @return R        result of work execution
+     */
+    <R> R runAsRmAdmin(RunAsWork<R> runAsWork);
+}

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanAuthenticationServiceImpl.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.security;
+
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+
+/**
+ * @author Roy Wetherall
+ * @since 2.1
+ */
+public class FilePlanAuthenticationServiceImpl implements FilePlanAuthenticationService
+{
+    /** Default rm admin user values */
+    public static final String DEFAULT_RM_ADMIN_USER = "rmadmin";
+    public static final String DEFAULT_RM_ADMIN_PWD = "rmadmin";
+    
+    private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
+    
+    /**
+     * @param rmAdminUserName   rm admin user name
+     */
+    public void setRmAdminUserName(String rmAdminUserName)
+    {
+        this.rmAdminUserName = rmAdminUserName;
+    }
+    
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminUserName()
+     */
+    @Override
+    public String getRmAdminUserName()
+    {
+        return rmAdminUserName;
+    }
+
+    /**
+     * @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
+     */
+    @Override
+    public <R> R runAsRmAdmin(RunAsWork<R> runAsWork)
+    {
+        return AuthenticationUtil.runAs(runAsWork, getRmAdminUserName());
+    }
+}

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/ServicesTestSuite.java

@@ -25,6 +25,7 @@ import org.alfresco.module.org_alfresco_module_rm.test.service.CapabilityService
 import org.alfresco.module.org_alfresco_module_rm.test.service.DataSetServiceImplTest;
 import org.alfresco.module.org_alfresco_module_rm.test.service.DispositionServiceImplTest;
 import org.alfresco.module.org_alfresco_module_rm.test.service.ExtendedSecurityServiceImplTest;
+import org.alfresco.module.org_alfresco_module_rm.test.service.FilePlanRoleServiceImplTest;
 import org.alfresco.module.org_alfresco_module_rm.test.service.FreezeServiceImplTest;
 import org.alfresco.module.org_alfresco_module_rm.test.service.ModelSecurityServiceImplTest;
 import org.alfresco.module.org_alfresco_module_rm.test.service.RecordServiceImplTest;
@@ -65,6 +66,7 @@ public class ServicesTestSuite extends TestSuite
         suite.addTestSuite(FreezeServiceImplTest.class);
         suite.addTestSuite(RecordServiceImplTest.class);
         suite.addTestSuite(CapabilityServiceImplTest.class);
+        suite.addTestSuite(FilePlanRoleServiceImplTest.class);
         return suite;
     }
 }

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java

@@ -29,6 +29,7 @@ import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
 import org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService;
 import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
 import org.alfresco.repo.content.MimetypeMap;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.service.cmr.action.ActionService;
 import org.alfresco.service.cmr.repository.ContentWriter;
@@ -491,7 +492,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
 
                 assertNotNull(nodeService.getProperty(record, PROP_DATE_FILED));
             }
-        });
+        }, AuthenticationUtil.getSystemUserName());
     }
 
     private void checkPermissions(String permission, AccessStatus filePlanExpected,

rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java

@@ -39,6 +39,7 @@ import org.alfresco.module.org_alfresco_module_rm.model.behaviour.RmSiteType;
 import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.module.org_alfresco_module_rm.search.RecordsManagementSearchService;
+import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanPermissionService;
 import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordService;
 import org.alfresco.repo.policy.PolicyComponent;
@@ -132,6 +133,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
     protected FreezeService freezeService;
     protected RecordService recordService;
     protected FilePlanService filePlanService;
+    protected FilePlanAuthenticationService filePlanAuthenticationService;
     
     /** test data */
     protected StoreRef storeRef;
@@ -350,6 +352,7 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
         freezeService = (FreezeService) applicationContext.getBean("FreezeService");
         recordService = (RecordService) applicationContext.getBean("RecordService");
         filePlanService = (FilePlanService) applicationContext.getBean("FilePlanService");
+        filePlanAuthenticationService = (FilePlanAuthenticationService) applicationContext.getBean("FilePlanAuthenticationService");
     }
     
     /**
@@ -668,13 +671,13 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
     @Override
     protected <A> A doTestInTransaction(Test<A> test)
     {
-        return super.doTestInTransaction(test, FilePlanRoleService.RM_ADMIN_USER);
+        return super.doTestInTransaction(test, filePlanAuthenticationService.getRmAdminUserName());
     }
     
     @Override
     protected void doTestInTransaction(FailureTest test)
     {
-        super.doTestInTransaction(test, FilePlanRoleService.RM_ADMIN_USER);
+        super.doTestInTransaction(test, filePlanAuthenticationService.getRmAdminUserName());
     }
     
     /**