diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/site/sites.post.json.js b/config/alfresco/templates/webscripts/org/alfresco/repository/site/sites.post.json.js index d91cb0ba28..22dd25e352 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/site/sites.post.json.js +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/site/sites.post.json.js @@ -1,5 +1,12 @@ function main() { + // Ensure the user has Create Site capability + if (!siteService.hasCreateSitePermissions()) + { + status.setCode(status.STATUS_FORBIDDEN, "error.noPermissions"); + return; + } + // Get the details of the site if (json.has("shortName") == false || json.get("shortName").length == 0) { diff --git a/source/java/org/alfresco/repo/web/scripts/BaseWebScriptTest.java b/source/java/org/alfresco/repo/web/scripts/BaseWebScriptTest.java index 59228ba7fe..29c0847c75 100644 --- a/source/java/org/alfresco/repo/web/scripts/BaseWebScriptTest.java +++ b/source/java/org/alfresco/repo/web/scripts/BaseWebScriptTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2010 Alfresco Software Limited. + * Copyright (C) 2005-2012 Alfresco Software Limited. * * This file is part of Alfresco * @@ -32,6 +32,7 @@ import junit.textui.ResultPrinter; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork; +import org.alfresco.repo.web.scripts.servlet.LocalTestRunAsAuthenticatorFactory; import org.apache.commons.httpclient.Header; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpMethod; @@ -338,6 +339,14 @@ public abstract class BaseWebScriptTest extends TestCase throws IOException { asUser = (asUser == null) ? defaultRunAs : asUser; + + TestWebScriptServer tws = getServer(); + if (AuthenticationUtil.isMtEnabled()) + { + // MT repository container requires non-none authentication (ie. guest or higher) + tws.setServletAuthenticatorFactory(new LocalTestRunAsAuthenticatorFactory()); + } + if (asUser == null) { return getServer().submitRequest(req.getMethod(), req.getFullUri(), req.getHeaders(), req.getBody(), req.getEncoding(), req.getType()); @@ -345,7 +354,6 @@ public abstract class BaseWebScriptTest extends TestCase else { // send request in context of specified user - getServer(); return AuthenticationUtil.runAs(new RunAsWork() { @SuppressWarnings("synthetic-access") diff --git a/source/java/org/alfresco/repo/web/scripts/servlet/LocalTestRunAsAuthenticatorFactory.java b/source/java/org/alfresco/repo/web/scripts/servlet/LocalTestRunAsAuthenticatorFactory.java new file mode 100644 index 0000000000..4c6d5a0bf8 --- /dev/null +++ b/source/java/org/alfresco/repo/web/scripts/servlet/LocalTestRunAsAuthenticatorFactory.java @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2005-2011 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.repo.web.scripts.servlet; + +import javax.servlet.ServletContext; + +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.springframework.extensions.webscripts.Authenticator; +import org.springframework.extensions.webscripts.Description.RequiredAuthentication; +import org.springframework.extensions.webscripts.servlet.ServletAuthenticatorFactory; +import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest; +import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse; +import org.springframework.web.context.ServletContextAware; + + +/** + * Used for local web script tests when MT is enabled - eg. WebScriptTestSuite, BaseCMISTest (AspectTest, PolicyTest), etc. + * + * When MT is enabled the repository container required authentication must be "guest" or higher (ie. not "none") to determine the tenant domain. + * + * This dummy authenticator will effectively pass-through the runAs user ... note: it needs to set the runAs user since it will be cleared first (by RepositoryContainer.authenticate). + * + * @author janv + * @since 4.0 (thor) + */ +public class LocalTestRunAsAuthenticatorFactory implements ServletAuthenticatorFactory, ServletContextAware +{ + @Override + public void setServletContext(ServletContext context) + { + } + + @Override + public Authenticator create(WebScriptServletRequest req, WebScriptServletResponse res) + { + String runAsUser = AuthenticationUtil.getRunAsUser(); + if (runAsUser == null) + { + runAsUser = AuthenticationUtil.getSystemUserName(); + } + return new LocalTestRunAsAuthenticator(runAsUser); + } + + public class LocalTestRunAsAuthenticator implements Authenticator + { + private String userName; + + public LocalTestRunAsAuthenticator(String userName) + { + this.userName = userName; + } + + @Override + public boolean authenticate(RequiredAuthentication required, boolean isGuest) + { + if (! emptyCredentials()) + { + AuthenticationUtil.setRunAsUser(userName); + return true; + } + return false; + } + + @Override + public boolean emptyCredentials() + { + return (userName == null || userName.length() == 0); + } + } + +} \ No newline at end of file