inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-15 15:02:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACE-3542 "server.maxusers count does not work correctly - TicketCountAll can be greater MaxUsers"

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@114666 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Steven Glover
2015-10-19 11:10:00 +00:00
parent d79d0def14
commit 66157b10db
2 changed files with 53 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationService.java
View File

@@ -53,7 +53,7 @@ public abstract class AbstractAuthenticationService implements AuthenticationSer
Integer maxUsers = (Integer) sysAdminParams.getMaxUsers(); Integer maxUsers = (Integer) sysAdminParams.getMaxUsers();
if ((maxUsers != null) && (maxUsers > -1) && (getUsersWithTickets(true).size() > maxUsers)) if ((maxUsers != null) && (maxUsers > -1) && (getUsersWithTickets(true).size() >= maxUsers))
{ {
throw new AuthenticationMaxUsersException("Max users exceeded: " + maxUsers); throw new AuthenticationMaxUsersException("Max users exceeded: " + maxUsers);
} }

54
source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
View File

@@ -43,7 +43,9 @@ import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.repo.admin.SysAdminParamsImpl;
import org.alfresco.repo.cache.SimpleCache; import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory;
import org.alfresco.repo.management.subsystems.ChildApplicationContextManager; import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
import org.alfresco.repo.policy.BehaviourFilter; import org.alfresco.repo.policy.BehaviourFilter;
import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.PolicyComponent;
@@ -100,6 +102,7 @@ public class AuthenticationTest extends TestCase
private TransactionService transactionService; private TransactionService transactionService;
private PersonService pubPersonService; private PersonService pubPersonService;
private PersonService personService; private PersonService personService;
private SysAdminParamsImpl sysAdminParams;
private UserTransaction userTransaction; private UserTransaction userTransaction;
private NodeRef rootNodeRef; private NodeRef rootNodeRef;
@@ -141,7 +144,6 @@ public class AuthenticationTest extends TestCase
} }
dialect = (Dialect) ctx.getBean("dialect"); dialect = (Dialect) ctx.getBean("dialect");
nodeService = (NodeService) ctx.getBean("nodeService"); nodeService = (NodeService) ctx.getBean("nodeService");
authorityService = (AuthorityService) ctx.getBean("authorityService"); authorityService = (AuthorityService) ctx.getBean("authorityService");
tenantService = (TenantService) ctx.getBean("tenantService"); tenantService = (TenantService) ctx.getBean("tenantService");
@@ -163,6 +165,11 @@ public class AuthenticationTest extends TestCase
// ctx.getBean("permissionService"); // ctx.getBean("permissionService");
ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache"); ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache");
ChildApplicationContextFactory sysAdminSubsystem = (ChildApplicationContextFactory) ctx.getBean("sysAdmin");
assertNotNull("sysAdminSubsystem", sysAdminSubsystem);
ApplicationContext sysAdminCtx = sysAdminSubsystem.getApplicationContext();
sysAdminParams = (SysAdminParamsImpl) sysAdminCtx.getBean("sysAdminParams");
dao = (MutableAuthenticationDao) ctx.getBean("authenticationDao"); dao = (MutableAuthenticationDao) ctx.getBean("authenticationDao");
// Let's look inside the alfresco authentication subsystem to get the DAO-wired authentication manager // Let's look inside the alfresco authentication subsystem to get the DAO-wired authentication manager
@@ -1795,7 +1802,50 @@ public class AuthenticationTest extends TestCase
AuthenticationUtil.setMtEnabled(wasEnabled); AuthenticationUtil.setMtEnabled(wasEnabled);
} }
} }
/**
* ACE-3542: test that "server.maxusers" setting limits the number of unique logins to that number.
*/
public void testMaxUsers()
{
final String user1 = GUID.generate();
final String user2 = GUID.generate();
AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
{
@Override
public Void doWork() throws Exception
{
authenticationService.createAuthentication(user1, "password".toCharArray());
authenticationService.createAuthentication(user2, "password".toCharArray());
return null;
}
});
int maxUsers = sysAdminParams.getMaxUsers();
try
{
sysAdminParams.setMaxUsers(1);
authenticationService.authenticate(user1, "password".toCharArray());
try
{
authenticationService.authenticate(user2, "password".toCharArray());
fail("Number of logins should not exceed maxUsers setting");
}
catch (AuthenticationException e)
{
// it is expected exception
}
}
finally
{
sysAdminParams.setMaxUsers(maxUsers);
}
}
private String getUserName(Authentication authentication) private String getUserName(Authentication authentication)
{ {
String username = authentication.getPrincipal().toString(); String username = authentication.getPrincipal().toString();