ACE-3542 "server.maxusers count does not work correctly - TicketCountAll can be greater MaxUsers"

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@114666 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-15 15:02:20 +00:00 · 2015-10-19 11:10:00 +00:00
parent d79d0def14
commit 66157b10db
2 changed files with 53 additions and 3 deletions
--- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationService.java
+++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationService.java
@@ -53,7 +53,7 @@ public abstract class AbstractAuthenticationService implements AuthenticationSer

            Integer maxUsers = (Integer) sysAdminParams.getMaxUsers();

-            if ((maxUsers != null) && (maxUsers > -1) && (getUsersWithTickets(true).size() > maxUsers))
+            if ((maxUsers != null) && (maxUsers > -1) && (getUsersWithTickets(true).size() >= maxUsers))
            {
                throw new AuthenticationMaxUsersException("Max users exceeded: " + maxUsers);
            }
--- a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
+++ b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
@@ -43,7 +43,9 @@ import net.sf.acegisecurity.providers.encoding.PasswordEncoder;

 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.model.ContentModel;
+import org.alfresco.repo.admin.SysAdminParamsImpl;
 import org.alfresco.repo.cache.SimpleCache;
+import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory;
 import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
 import org.alfresco.repo.policy.BehaviourFilter;
 import org.alfresco.repo.policy.PolicyComponent;
@@ -100,6 +102,7 @@ public class AuthenticationTest extends TestCase
    private TransactionService transactionService;
    private PersonService pubPersonService;
    private PersonService personService;
+    private SysAdminParamsImpl sysAdminParams;

    private UserTransaction userTransaction;
    private NodeRef rootNodeRef;
@@ -141,7 +144,6 @@ public class AuthenticationTest extends TestCase
        }
        
        dialect = (Dialect) ctx.getBean("dialect");
-        
        nodeService = (NodeService) ctx.getBean("nodeService");
        authorityService = (AuthorityService) ctx.getBean("authorityService");
        tenantService = (TenantService) ctx.getBean("tenantService");
@@ -163,6 +165,11 @@ public class AuthenticationTest extends TestCase
        // ctx.getBean("permissionService");
        ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache");

+        ChildApplicationContextFactory sysAdminSubsystem = (ChildApplicationContextFactory) ctx.getBean("sysAdmin");
+        assertNotNull("sysAdminSubsystem", sysAdminSubsystem);
+        ApplicationContext sysAdminCtx  = sysAdminSubsystem.getApplicationContext();
+        sysAdminParams = (SysAdminParamsImpl) sysAdminCtx.getBean("sysAdminParams");
+
        dao = (MutableAuthenticationDao) ctx.getBean("authenticationDao");
        
        // Let's look inside the alfresco authentication subsystem to get the DAO-wired authentication manager
@@ -1796,6 +1803,49 @@ public class AuthenticationTest extends TestCase
        }
    }

+    /**
+     * ACE-3542: test that "server.maxusers" setting limits the number of unique logins to that number.
+     */
+    public void testMaxUsers()
+    {
+        final String user1 = GUID.generate();
+        final String user2 = GUID.generate();
+
+        AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
+        {
+            @Override
+            public Void doWork() throws Exception
+            {
+                authenticationService.createAuthentication(user1, "password".toCharArray());
+                authenticationService.createAuthentication(user2, "password".toCharArray());
+                return null;
+            }
+        });
+
+        int maxUsers = sysAdminParams.getMaxUsers();
+
+        try
+        {
+            sysAdminParams.setMaxUsers(1);
+
+            authenticationService.authenticate(user1, "password".toCharArray());
+
+            try
+            {
+                authenticationService.authenticate(user2, "password".toCharArray());
+                fail("Number of logins should not exceed maxUsers setting");
+            }
+            catch (AuthenticationException e)
+            {
+                // it is expected exception
+            }
+        }
+        finally
+        {
+            sysAdminParams.setMaxUsers(maxUsers);
+        }
+    }
+
    private String getUserName(Authentication authentication)
    {
        String username = authentication.getPrincipal().toString();