inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-21 18:09:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.2 to HEAD

Browse Source 
15602: Merged V3.1 to V3.2
      13861: Web Script 'Index' pages now require admin access
      13868: Fix org.alfresco.error.AlfrescoRuntimeException: Read-Write transaction started within read-only transaction
      13873: MT - fix ETHREEOH-1735 (web scripts re-directed to a different tenant's noderef - HTTP 500)
      13905: MT - fix ETHREEOH-1735 (follow-on ... fix the !)
   15798: ETHREEOH-2686: Resolved problem with site dashboards disappearing after NTLM login / session expiry
      - RemoteStore.hasDocument() throws IOException rather than returning false if a non HTTP 200 response is received from the remoteavm web ScriptContent
      - This prevents us from incorrectly caching the non-existence of certain pages
      - remoteavm webscript authentication changed back to "none" so that the share NTLMAuthenticationFilter can pre-fetch pages to determine their required authentication level
      - Multi-tenancy implications resolved by making "guest" the minimum required authentication for scripts in the Repository Webscript Container when MT is enabled


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15800 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
2009-08-18 17:45:05 +00:00
parent 5c5e799ded
commit 634fb92904
3 changed files with 91 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/alfresco/templates/webscripts/org/alfresco/repository/store/remoteavm.get.desc.xml
View File

@@ -7,7 +7,7 @@
<url>/remotestore/{method}/s/{store}/{path}</url>
<url>/remotestore/{method}/s/{store}/w/{webapp}</url>
<url>/remotestore/{method}/s/{store}/w/{webapp}/{path}</url>
<authentication>guest</authentication>
<authentication>none</authentication>
<transaction>required</transaction>
<format default="">argument</format>
</webscript>

8
config/alfresco/web-scripts-application-context.xml
View File

@@ -1,5 +1,5 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans-2.0.dtd'>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN 2.0//EN' 'http://www.springframework.org/dtd/spring-beans-2.0.dtd'>
<beans>
@@ -143,7 +143,11 @@
<property name="webScriptsRegistryCache" ref="webScriptsRegistryCache"/>
</bean>
<bean id="webscripts.registry.prototype" parent="webscripts.registry" scope="prototype"/>
<bean id="webscripts.index.prototype" class="org.alfresco.web.scripts.JaxRSUriIndex" scope="prototype"/>
<bean id="webscripts.registry.prototype" parent="webscripts.registry" scope="prototype">
<property name="uriIndex" ref="webscripts.index.prototype" />
</bean>
<!-- -->

88
source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2008 Alfresco Software Limited.
* Copyright (C) 2005-2009 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -70,6 +70,9 @@ import org.alfresco.web.scripts.Description.TransactionCapability;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.event.ContextRefreshedEvent;
/**
@@ -239,17 +242,22 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
{
WebScript script = scriptReq.getServiceMatch().getWebScript();
Description desc = script.getDescription();
// Escalate the webscript declared level of authentication to the container required authentication (must be
// guest if MT is enabled)
RequiredAuthentication required = desc.getRequiredAuthentication();
RequiredAuthentication containerRequiredAuthentication = getRequiredAuthentication();
if (required.compareTo(containerRequiredAuthentication) < 0)
{
required = containerRequiredAuthentication;
}
boolean isGuest = scriptReq.isGuest();
if (required == RequiredAuthentication.none)
{
// MT-context will pre-authenticate (see MTWebScriptAuthenticationFilter)
if (! AuthenticationUtil.isMtEnabled())
{
// TODO revisit - cleared here, in-lieu of WebClient clear
AuthenticationUtil.clearCurrentSecurityContext();
}
transactionedExecuteAs(script, scriptReq, scriptRes);
}
else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest)
@@ -284,6 +292,12 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires admin authentication; however, a non-admin has attempted access.");
}
if (logger.isDebugEnabled())
{
currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
logger.debug("Authentication: " + (currentUser == null ? "unauthenticated" : "authenticated as " + currentUser));
}
// Execute Web Script
transactionedExecuteAs(script, scriptReq, scriptRes);
}
@@ -443,6 +457,15 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
@Override
public Registry getRegistry()
{
if (AuthenticationUtil.isMtEnabled())
{
String user = AuthenticationUtil.getRunAsUser();
if (user == null)
{
throw new RuntimeException("Failed to getRegistry: need to pre-authenticate in MT environment");
}
}
String tenantDomain = tenantAdminService.getCurrentUserDomain();
Registry registry = webScriptsRegistryCache.get(tenantDomain);
if (registry == null)
@@ -453,6 +476,61 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
return registry;
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.AbstractRuntimeContainer#onApplicationEvent(org.springframework.context.ApplicationEvent)
*/
@Override
public void onApplicationEvent(ApplicationEvent event)
{
if (event instanceof ContextRefreshedEvent)
{
ContextRefreshedEvent refreshEvent = (ContextRefreshedEvent)event;
ApplicationContext refreshContext = refreshEvent.getApplicationContext();
if (refreshContext != null && refreshContext.equals(applicationContext))
{
RunAsWork<Object> work = new RunAsWork<Object>()
{
public Object doWork() throws Exception
{
reset();
return null;
}
};
AuthenticationUtil.runAs(work, AuthenticationUtil.getSystemUserName());
}
}
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.AbstractRuntimeContainer#getRequiredAuthentication()
*/
@Override
public RequiredAuthentication getRequiredAuthentication()
{
if (AuthenticationUtil.isMtEnabled())
{
return RequiredAuthentication.guest; // user or guest (ie. at least guest)
}
return RequiredAuthentication.none;
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.RuntimeContainer#authenticate(org.alfresco.web.scripts.Authenticator, org.alfresco.web.scripts.Description.RequiredAuthentication)
*/
@Override
public boolean authenticate(Authenticator auth, RequiredAuthentication required)
{
if (auth != null)
{
AuthenticationUtil.clearCurrentSecurityContext();
return auth.authenticate(required, false);
}
return false;
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.AbstractRuntimeContainer#reset()
*/