diff --git a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationService.java b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationService.java index 1bb8e750a1..1a434a25d1 100644 --- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationService.java +++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationService.java @@ -53,7 +53,7 @@ public abstract class AbstractAuthenticationService implements AuthenticationSer Integer maxUsers = (Integer) sysAdminParams.getMaxUsers(); - if ((maxUsers != null) && (maxUsers > -1) && (getUsersWithTickets(true).size() > maxUsers)) + if ((maxUsers != null) && (maxUsers > -1) && (getUsersWithTickets(true).size() >= maxUsers)) { throw new AuthenticationMaxUsersException("Max users exceeded: " + maxUsers); } diff --git a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java index 6304e1a505..d78334c103 100644 --- a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java +++ b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java @@ -43,7 +43,9 @@ import net.sf.acegisecurity.providers.encoding.PasswordEncoder; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; +import org.alfresco.repo.admin.SysAdminParamsImpl; import org.alfresco.repo.cache.SimpleCache; +import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory; import org.alfresco.repo.management.subsystems.ChildApplicationContextManager; import org.alfresco.repo.policy.BehaviourFilter; import org.alfresco.repo.policy.PolicyComponent; @@ -100,6 +102,7 @@ public class AuthenticationTest extends TestCase private TransactionService transactionService; private PersonService pubPersonService; private PersonService personService; + private SysAdminParamsImpl sysAdminParams; private UserTransaction userTransaction; private NodeRef rootNodeRef; @@ -141,7 +144,6 @@ public class AuthenticationTest extends TestCase } dialect = (Dialect) ctx.getBean("dialect"); - nodeService = (NodeService) ctx.getBean("nodeService"); authorityService = (AuthorityService) ctx.getBean("authorityService"); tenantService = (TenantService) ctx.getBean("tenantService"); @@ -163,6 +165,11 @@ public class AuthenticationTest extends TestCase // ctx.getBean("permissionService"); ticketsCache = (SimpleCache) ctx.getBean("ticketsCache"); + ChildApplicationContextFactory sysAdminSubsystem = (ChildApplicationContextFactory) ctx.getBean("sysAdmin"); + assertNotNull("sysAdminSubsystem", sysAdminSubsystem); + ApplicationContext sysAdminCtx = sysAdminSubsystem.getApplicationContext(); + sysAdminParams = (SysAdminParamsImpl) sysAdminCtx.getBean("sysAdminParams"); + dao = (MutableAuthenticationDao) ctx.getBean("authenticationDao"); // Let's look inside the alfresco authentication subsystem to get the DAO-wired authentication manager @@ -1795,7 +1802,50 @@ public class AuthenticationTest extends TestCase AuthenticationUtil.setMtEnabled(wasEnabled); } } - + + /** + * ACE-3542: test that "server.maxusers" setting limits the number of unique logins to that number. + */ + public void testMaxUsers() + { + final String user1 = GUID.generate(); + final String user2 = GUID.generate(); + + AuthenticationUtil.runAsSystem(new RunAsWork() + { + @Override + public Void doWork() throws Exception + { + authenticationService.createAuthentication(user1, "password".toCharArray()); + authenticationService.createAuthentication(user2, "password".toCharArray()); + return null; + } + }); + + int maxUsers = sysAdminParams.getMaxUsers(); + + try + { + sysAdminParams.setMaxUsers(1); + + authenticationService.authenticate(user1, "password".toCharArray()); + + try + { + authenticationService.authenticate(user2, "password".toCharArray()); + fail("Number of logins should not exceed maxUsers setting"); + } + catch (AuthenticationException e) + { + // it is expected exception + } + } + finally + { + sysAdminParams.setMaxUsers(maxUsers); + } + } + private String getUserName(Authentication authentication) { String username = authentication.getPrincipal().toString();