diff --git a/config/alfresco/authority-services-context.xml b/config/alfresco/authority-services-context.xml index b19628a01d..8f1d199ed5 100644 --- a/config/alfresco/authority-services-context.xml +++ b/config/alfresco/authority-services-context.xml @@ -39,6 +39,13 @@ ALFRESCO_ADMINISTRATORS + + + + + + + diff --git a/config/alfresco/messages/patch-service.properties b/config/alfresco/messages/patch-service.properties index 7ab66be489..9b2abccbc5 100644 --- a/config/alfresco/messages/patch-service.properties +++ b/config/alfresco/messages/patch-service.properties @@ -93,7 +93,7 @@ patch.systemWorkflowFolder.description=Ensures the existence of the system workf patch.systemWorkflowFolder.result.created=Created system workflow container {0}. patch.rssTemplatesFolder.description=Ensures the existence of the 'RSS Templates' folder. -patch.rssTemplatesFolder.result.exists=The RSS Templates folder already exists: {0} +patch.rssTemplatesFolder.result.exists=The RSS Templates folder already exists: {0}. Re-applying guest permissions. patch.rssTemplatesFolder.result.created=The RSS Templates folder was successfully created: {0} patch.uifacetsAspectRemovalPatch.description=Removes the incorrectly applied uifacets aspect from presentation template files. diff --git a/config/alfresco/repository.properties b/config/alfresco/repository.properties index b33f404823..cad431893d 100644 --- a/config/alfresco/repository.properties +++ b/config/alfresco/repository.properties @@ -231,13 +231,13 @@ alfresco_user_store.store=user://alfrescoUserStore alfresco_user_store.system_container.childname=sys:system alfresco_user_store.user_container.childname=sys:people -# note: default admin username - should not be changed +# note: default admin username - should not be changed after installation alfresco_user_store.adminusername=admin # Initial password - editing this will not have any effect once the repository is installed alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634 -# note: default guest username - should not be changed +# note: default guest username - should not be changed after installation alfresco_user_store.guestusername=guest # Spaces Archive Configuration diff --git a/config/alfresco/subsystems/Authentication/alfresco/alfresco-authentication-context.xml b/config/alfresco/subsystems/Authentication/alfresco/alfresco-authentication-context.xml index 65c1708705..4059525b1e 100644 --- a/config/alfresco/subsystems/Authentication/alfresco/alfresco-authentication-context.xml +++ b/config/alfresco/subsystems/Authentication/alfresco/alfresco-authentication-context.xml @@ -9,9 +9,6 @@ - - ${alfresco.authentication.allowGuestLogin} - @@ -21,6 +18,41 @@ + + ${alfresco.authentication.allowGuestLogin} + + + + + + + + + + + + + + + + + ${alfresco_user_store.adminusername} + administrator + + + + + + + + + + + + + ${alfresco_user_store.guestusername} + + diff --git a/source/java/org/alfresco/repo/admin/patch/impl/CategoryRootPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/CategoryRootPermissionPatch.java index 4ac0e1ee50..70f7b27809 100644 --- a/source/java/org/alfresco/repo/admin/patch/impl/CategoryRootPermissionPatch.java +++ b/source/java/org/alfresco/repo/admin/patch/impl/CategoryRootPermissionPatch.java @@ -29,12 +29,10 @@ import java.util.List; import org.alfresco.i18n.I18NUtil; import org.alfresco.repo.admin.patch.AbstractPatch; import org.alfresco.repo.importer.ImporterBootstrap; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.admin.PatchException; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; -import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.security.PermissionService; -import org.alfresco.service.namespace.NamespaceService; /** * Grant Consumer role to Guest in Category Root folder. @@ -48,9 +46,6 @@ public class CategoryRootPermissionPatch extends AbstractPatch private PermissionService permissionService; private ImporterBootstrap spacesBootstrap; - private SearchService searchService; - private NamespaceService namespaceService; - private NodeService nodeService; public void setPermissionService(PermissionService permissionService) @@ -63,22 +58,6 @@ public class CategoryRootPermissionPatch extends AbstractPatch this.spacesBootstrap = spacesBootstrap; } - public void setNodeService(NodeService nodeService) - { - this.nodeService = nodeService; - } - - public void setSearchService(SearchService searchService) - { - this.searchService = searchService; - } - - public void setNamespaceService(NamespaceService namespaceService) - { - this.namespaceService = namespaceService; - } - - @Override protected String applyInternal() throws Exception { @@ -95,7 +74,11 @@ public class CategoryRootPermissionPatch extends AbstractPatch NodeRef categoryRootRef = nodeRefs.get(0); // apply permission - permissionService.setPermission(categoryRootRef, PermissionService.GUEST_AUTHORITY, PermissionService.READ, true); + permissionService.setPermission( + categoryRootRef, + AuthenticationUtil.getGuestUserName(), + PermissionService.READ, + true); // done String msg = I18NUtil.getMessage(MSG_RESULT, categoryRootPath); diff --git a/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java index b78b7fd9b7..6b231ea1b3 100644 --- a/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java +++ b/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java @@ -26,6 +26,7 @@ package org.alfresco.repo.admin.patch.impl; import org.alfresco.i18n.I18NUtil; import org.alfresco.repo.admin.patch.AbstractPatch; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; @@ -43,18 +44,11 @@ public class GuestPersonPermissionPatch extends AbstractPatch private PermissionService permissionService; - private String guestId = "guest"; - public GuestPersonPermissionPatch() { super(); } - public void setGuestId(String guestId) - { - this.guestId = guestId; - } - public void setPermissionService(PermissionService permissionService) { this.permissionService = permissionService; @@ -68,6 +62,7 @@ public class GuestPersonPermissionPatch extends AbstractPatch @Override protected String applyInternal() throws Exception { + String guestId = AuthenticationUtil.getGuestUserName(); if (personService.personExists(guestId)) { NodeRef personRef = personService.getPerson(guestId); diff --git a/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch2.java b/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch2.java index 4c8f7b76c1..3ed1924667 100644 --- a/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch2.java +++ b/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch2.java @@ -26,6 +26,7 @@ package org.alfresco.repo.admin.patch.impl; import org.alfresco.i18n.I18NUtil; import org.alfresco.repo.admin.patch.AbstractPatch; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; @@ -43,18 +44,11 @@ public class GuestPersonPermissionPatch2 extends AbstractPatch private PermissionService permissionService; - private String guestId = "guest"; - public GuestPersonPermissionPatch2() { super(); } - public void setGuestId(String guestId) - { - this.guestId = guestId; - } - public void setPermissionService(PermissionService permissionService) { this.permissionService = permissionService; @@ -68,6 +62,7 @@ public class GuestPersonPermissionPatch2 extends AbstractPatch @Override protected String applyInternal() throws Exception { + String guestId = AuthenticationUtil.getGuestUserName(); if (personService.personExists(guestId)) { NodeRef personRef = personService.getPerson(guestId); diff --git a/source/java/org/alfresco/repo/admin/patch/impl/GuestUserPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/GuestUserPatch.java index 2acd822463..6222b75a29 100644 --- a/source/java/org/alfresco/repo/admin/patch/impl/GuestUserPatch.java +++ b/source/java/org/alfresco/repo/admin/patch/impl/GuestUserPatch.java @@ -34,15 +34,13 @@ import org.alfresco.model.ApplicationModel; import org.alfresco.model.ContentModel; import org.alfresco.repo.admin.patch.AbstractPatch; import org.alfresco.repo.importer.ImporterBootstrap; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.admin.PatchException; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.StoreRef; -import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; -import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; import org.springframework.context.MessageSource; @@ -66,18 +64,10 @@ public class GuestUserPatch extends AbstractPatch private PersonService personService; - private NodeService nodeService; - - private SearchService searchService; - private PermissionService permissionService; private ImporterBootstrap importerBootstrap; - private NamespaceService namespaceService; - - private String guestId = "guest"; - private MessageSource messageSource; public GuestUserPatch() @@ -85,26 +75,11 @@ public class GuestUserPatch extends AbstractPatch super(); } - public void setGuestId(String guestId) - { - this.guestId = guestId; - } - public void setImporterBootstrap(ImporterBootstrap importerBootstrap) { this.importerBootstrap = importerBootstrap; } - public void setNamespaceService(NamespaceService namespaceService) - { - this.namespaceService = namespaceService; - } - - public void setNodeService(NodeService nodeService) - { - this.nodeService = nodeService; - } - public void setPermissionService(PermissionService permissionService) { this.permissionService = permissionService; @@ -115,11 +90,6 @@ public class GuestUserPatch extends AbstractPatch this.personService = personService; } - public void setSearchService(SearchService searchService) - { - this.searchService = searchService; - } - public void setMessageSource(MessageSource messageSource) { this.messageSource = messageSource; @@ -169,6 +139,7 @@ public class GuestUserPatch extends AbstractPatch private void addGuestUser(NodeRef guestHomeRef) { + String guestId = AuthenticationUtil.getGuestUserName(); if (!personService.personExists(guestId)) { HashMap properties = new HashMap(); @@ -245,6 +216,7 @@ public class GuestUserPatch extends AbstractPatch private void setGuestHomePermissions(NodeRef nodeRef) { + String guestId = AuthenticationUtil.getGuestUserName(); permissionService.setInheritParentPermissions(nodeRef, false); permissionService.setPermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.CONSUMER, true); permissionService.setPermission(nodeRef, guestId, PermissionService.CONSUMER, true); diff --git a/source/java/org/alfresco/repo/admin/patch/impl/RSSTemplatesFolderPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/RSSTemplatesFolderPatch.java index 9a5e0d1234..e694b9d90f 100644 --- a/source/java/org/alfresco/repo/admin/patch/impl/RSSTemplatesFolderPatch.java +++ b/source/java/org/alfresco/repo/admin/patch/impl/RSSTemplatesFolderPatch.java @@ -37,6 +37,7 @@ import org.alfresco.model.ContentModel; import org.alfresco.repo.admin.patch.AbstractPatch; import org.alfresco.repo.importer.ACPImportPackageHandler; import org.alfresco.repo.importer.ImporterBootstrap; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.admin.PatchException; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; @@ -231,7 +232,7 @@ public class RSSTemplatesFolderPatch extends AbstractPatch // apply Guest permission to the folder permissionService.setPermission( rssFolderNodeRef, - PermissionService.GUEST_AUTHORITY, + AuthenticationUtil.getGuestUserName(), PermissionService.CONSUMER, true); @@ -244,6 +245,11 @@ public class RSSTemplatesFolderPatch extends AbstractPatch else { // it already exists + permissionService.setPermission( + rssFolderNodeRef, + AuthenticationUtil.getGuestUserName(), + PermissionService.CONSUMER, + true); msg = I18NUtil.getMessage(MSG_EXISTS, rssFolderNodeRef); } // done diff --git a/source/java/org/alfresco/repo/admin/patch/impl/SpacesStoreGuestPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/SpacesStoreGuestPermissionPatch.java index 95056c4da5..b6bfb15885 100644 --- a/source/java/org/alfresco/repo/admin/patch/impl/SpacesStoreGuestPermissionPatch.java +++ b/source/java/org/alfresco/repo/admin/patch/impl/SpacesStoreGuestPermissionPatch.java @@ -30,6 +30,7 @@ import org.alfresco.i18n.I18NUtil; import org.alfresco.model.ContentModel; import org.alfresco.repo.admin.patch.AbstractPatch; import org.alfresco.repo.importer.ImporterBootstrap; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.admin.PatchException; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; @@ -89,7 +90,7 @@ public class SpacesStoreGuestPermissionPatch extends AbstractPatch logger.debug("Store Ref:" + store + " NodeRef: " + rootRef); } permissionService.setPermission( - rootRef, PermissionService.GUEST_AUTHORITY, PermissionService.READ, true); + rootRef, AuthenticationUtil.getGuestUserName(), PermissionService.READ, true); String sysQName = importerBootstrap.getConfiguration().getProperty("system.system_container.childname"); String catQName = "cm:categoryRoot"; @@ -107,7 +108,7 @@ public class SpacesStoreGuestPermissionPatch extends AbstractPatch else if (ref.getQName().equals(QName.createQName(catQName, namespaceService))) { // found cm:categoryRoot node - permissionService.clearPermission(ref.getChildRef(), PermissionService.GUEST_AUTHORITY); + permissionService.clearPermission(ref.getChildRef(), AuthenticationUtil.getGuestUserName()); } } diff --git a/source/java/org/alfresco/repo/avm/AVMRepository.java b/source/java/org/alfresco/repo/avm/AVMRepository.java index 359cb5055f..f449c3a054 100644 --- a/source/java/org/alfresco/repo/avm/AVMRepository.java +++ b/source/java/org/alfresco/repo/avm/AVMRepository.java @@ -61,6 +61,7 @@ import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.cmr.security.PermissionContext; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.QName; +import org.alfresco.util.FileNameValidator; import org.alfresco.util.Pair; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -2946,7 +2947,7 @@ public class AVMRepository { throw new AVMExistsException("Store Already Exists: " + destName); } - if (!FileNameValidator.IsValid(destName)) + if (!FileNameValidator.isValid(destName)) { throw new AVMBadArgumentException("Bad store name: " + destName); } diff --git a/source/java/org/alfresco/repo/avm/AVMServiceImpl.java b/source/java/org/alfresco/repo/avm/AVMServiceImpl.java index 93d7263461..1ce23659fe 100644 --- a/source/java/org/alfresco/repo/avm/AVMServiceImpl.java +++ b/source/java/org/alfresco/repo/avm/AVMServiceImpl.java @@ -53,6 +53,7 @@ import org.alfresco.service.cmr.repository.ContentData; import org.alfresco.service.cmr.repository.ContentReader; import org.alfresco.service.cmr.repository.ContentWriter; import org.alfresco.service.namespace.QName; +import org.alfresco.util.FileNameValidator; import org.alfresco.util.Pair; import org.alfresco.util.TempFileProvider; import org.apache.commons.logging.Log; @@ -361,7 +362,7 @@ public class AVMServiceImpl implements AVMService */ public OutputStream createFile(String path, String name) { - if (path == null || name == null || !FileNameValidator.IsValid(name)) + if (path == null || name == null || !FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Illegal argument."); } @@ -385,7 +386,7 @@ public class AVMServiceImpl implements AVMService */ public void createFile(String path, String name, InputStream in, List aspects, Map properties) { - if (path == null || name == null || in == null || !FileNameValidator.IsValid(name)) + if (path == null || name == null || in == null || !FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Illegal argument."); } @@ -433,7 +434,7 @@ public class AVMServiceImpl implements AVMService */ public void createDirectory(String path, String name, List aspects, Map properties) { - if (path == null || name == null || !FileNameValidator.IsValid(name)) + if (path == null || name == null || !FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Illegal argument."); } @@ -449,7 +450,7 @@ public class AVMServiceImpl implements AVMService public void createLayeredFile(String srcPath, String parent, String name) { if (srcPath == null || parent == null || name == null || - !FileNameValidator.IsValid(name)) + !FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Illegal argument."); } @@ -465,7 +466,7 @@ public class AVMServiceImpl implements AVMService public void createLayeredDirectory(String srcPath, String parent, String name) { if (srcPath == null || parent == null || name == null || - !FileNameValidator.IsValid(name)) + !FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Illegal argument."); } @@ -478,7 +479,7 @@ public class AVMServiceImpl implements AVMService */ public void createStore(String name) { - if (name == null || !FileNameValidator.IsValid(name)) + if (name == null || !FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Bad Name."); } @@ -496,7 +497,7 @@ public class AVMServiceImpl implements AVMService String name) { if (srcPath == null || dstPath == null || name == null || - !FileNameValidator.IsValid(name)) + !FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Illegal argument."); } @@ -547,7 +548,7 @@ public class AVMServiceImpl implements AVMService String dstName) { if (srcParent == null || srcName == null || dstParent == null || dstName == null || - !FileNameValidator.IsValid(dstName)) + !FileNameValidator.isValid(dstName)) { throw new AVMBadArgumentException("Illegal argument."); } @@ -1431,7 +1432,7 @@ public class AVMServiceImpl implements AVMService throw new AVMBadArgumentException("Infinite Copy."); } } - if (!FileNameValidator.IsValid(name)) + if (!FileNameValidator.isValid(name)) { throw new AVMBadArgumentException("Illegal name."); } diff --git a/source/java/org/alfresco/repo/avm/AVMTestSuite.java b/source/java/org/alfresco/repo/avm/AVMTestSuite.java index 1cf895abdf..aff36775ff 100644 --- a/source/java/org/alfresco/repo/avm/AVMTestSuite.java +++ b/source/java/org/alfresco/repo/avm/AVMTestSuite.java @@ -43,7 +43,6 @@ public class AVMTestSuite extends TestSuite suite.addTestSuite(AVMNodeConverterTest.class); suite.addTestSuite(AVMExpiredContentTest.class); - suite.addTestSuite(FileNameValidatorTest.class); suite.addTestSuite(AVMDeploymentAttemptCleanerTest.class); suite.addTestSuite(AVMServiceTestBase.class); diff --git a/source/java/org/alfresco/repo/model/ml/MultilingualContentServiceImpl.java b/source/java/org/alfresco/repo/model/ml/MultilingualContentServiceImpl.java index 354c5cea38..2d85a7b782 100644 --- a/source/java/org/alfresco/repo/model/ml/MultilingualContentServiceImpl.java +++ b/source/java/org/alfresco/repo/model/ml/MultilingualContentServiceImpl.java @@ -39,6 +39,7 @@ import org.alfresco.i18n.I18NUtil; import org.alfresco.model.ContentModel; import org.alfresco.repo.node.MLPropertyInterceptor; import org.alfresco.repo.policy.BehaviourFilter; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.ml.ContentFilterLanguagesService; import org.alfresco.service.cmr.ml.MultilingualContentService; import org.alfresco.service.cmr.model.FileExistsException; @@ -147,7 +148,7 @@ public class MultilingualContentServiceImpl implements MultilingualContentServic PermissionService.ALL_PERMISSIONS, true); permissionService.setPermission( mlContainerNodeRef, - PermissionService.GUEST_AUTHORITY, + AuthenticationUtil.getGuestUserName(), PermissionService.ALL_PERMISSIONS, true); // Done return mlContainerNodeRef; diff --git a/source/java/org/alfresco/repo/model/ml/tools/MultilingualContentServiceImplTest.java b/source/java/org/alfresco/repo/model/ml/tools/MultilingualContentServiceImplTest.java index f9a37eeb4c..6d08182b42 100644 --- a/source/java/org/alfresco/repo/model/ml/tools/MultilingualContentServiceImplTest.java +++ b/source/java/org/alfresco/repo/model/ml/tools/MultilingualContentServiceImplTest.java @@ -24,14 +24,10 @@ */ package org.alfresco.repo.model.ml.tools; -import java.util.ArrayList; -import java.util.Collection; import java.util.List; import java.util.Locale; import java.util.Map; -import net.sf.acegisecurity.Authentication; - import org.alfresco.i18n.I18NUtil; import org.alfresco.model.ContentModel; import org.alfresco.repo.security.authentication.AuthenticationComponent; @@ -237,7 +233,7 @@ public class MultilingualContentServiceImplTest extends AbstractMultilingualTest AuthenticationComponent authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); permissionService.setPermission( folderNodeRef, - PermissionService.GUEST_AUTHORITY, + AuthenticationUtil.getGuestUserName(), PermissionService.ALL_PERMISSIONS, true); // Get the current authentication @@ -267,7 +263,7 @@ public class MultilingualContentServiceImplTest extends AbstractMultilingualTest AuthenticationComponent authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent"); permissionService.setPermission( folderNodeRef, - PermissionService.GUEST_AUTHORITY, + AuthenticationUtil.getGuestUserName(), PermissionService.ALL_PERMISSIONS, true); // Push the current authentication diff --git a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java index e065eb7497..e7ab7a29a7 100644 --- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java +++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -64,6 +64,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC private Set defaultAdministratorUserNames = Collections.emptySet(); + private Set defaultGuestUserNames = Collections.emptySet(); + private AuthenticationContext authenticationContext; private PersonService personService; @@ -142,6 +144,10 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC { logger.debug("Authenticating user \"" + userName + '"'); } + if (userName == null) + { + throw new AuthenticationException("Null user name"); + } // Support guest login from the login screen if (isGuestUserName(userName)) { @@ -498,9 +504,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC } } - /* - * (non-Javadoc) - * @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames() + /** + * {@inheritDoc} */ public Set getDefaultAdministratorUserNames() { @@ -533,6 +538,40 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC setDefaultAdministratorUserNames(nameSet); } + /** + * {@inheritDoc} + */ + public Set getDefaultGuestUserNames() + { + return this.defaultGuestUserNames; + } + + /** + * Sets the user names who for this particular authentication system should be considered administrators by default. + * + * @param defaultAdministratorUserNames + * a set of user names + */ + public void setDefaultGuestUserNames(Set defaultGuestUserNames) + { + this.defaultGuestUserNames = defaultGuestUserNames; + } + + /** + * Convenience method to allow the administrator user names to be specified as a comma separated list + * + * @param defaultAdministratorUserNames + */ + public void setDefaultGuestUserNameList(String defaultGuestUserNames) + { + Set nameSet = new TreeSet(); + if (defaultGuestUserNames.length() > 0) + { + nameSet.addAll(Arrays.asList(defaultGuestUserNames.split(","))); + } + setDefaultGuestUserNames(nameSet); + } + public String getSystemUserName(String tenantDomain) { return authenticationContext.getSystemUserName(tenantDomain); diff --git a/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationComponent.java b/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationComponent.java index 90aef2cf8d..30281d7b0e 100644 --- a/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationComponent.java +++ b/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationComponent.java @@ -144,9 +144,8 @@ public abstract class AbstractChainingAuthenticationComponent extends AbstractAu throw new AuthenticationException("Failed to set current user " + userName); } - /* - * (non-Javadoc) - * @see org.alfresco.repo.security.authentication.AbstractAuthenticationComponent#getDefaultAdministratorUserNames() + /** + * {@inheritDoc} */ @Override public Set getDefaultAdministratorUserNames() @@ -159,4 +158,18 @@ public abstract class AbstractChainingAuthenticationComponent extends AbstractAu return defaultAdministratorUserNames; } + /** + * {@inheritDoc} + */ + @Override + public Set getDefaultGuestUserNames() + { + Set defaultGuestUserNames = new TreeSet(); + for (AuthenticationComponent authComponent : getUsableAuthenticationComponents()) + { + defaultGuestUserNames.addAll(authComponent.getDefaultGuestUserNames()); + } + return defaultGuestUserNames; + } + } \ No newline at end of file diff --git a/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationService.java b/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationService.java index 91a0510552..e2e618c0a4 100644 --- a/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationService.java +++ b/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationService.java @@ -91,8 +91,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#setAuthentication(java.lang.String, char[]) + /** + * {@inheritDoc} */ public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException { @@ -104,8 +104,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth getMutableAuthenticationService().setAuthentication(userName, newPassword); } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#deleteAuthentication(java.lang.String) + /** + * {@inheritDoc} */ public void deleteAuthentication(String userName) throws AuthenticationException { @@ -118,8 +118,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#setAuthenticationEnabled(java.lang.String, boolean) + /** + * {@inheritDoc} */ public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException { @@ -131,8 +131,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth getMutableAuthenticationService().setAuthenticationEnabled(userName, enabled); } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getAuthenticationEnabled(java.lang.String) + /** + * {@inheritDoc} */ public boolean getAuthenticationEnabled(String userName) throws AuthenticationException { @@ -153,8 +153,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return false; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#authenticate(java.lang.String, char[]) + /** + * {@inheritDoc} */ public void authenticate(String userName, char[] password) throws AuthenticationException { @@ -175,8 +175,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#authenticateAsGuest() + /** + * {@inheritDoc} */ public void authenticateAsGuest() throws AuthenticationException { @@ -196,8 +196,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth throw new AuthenticationException("Guest authentication not supported"); } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#guestUserAuthenticationAllowed() + /** + * {@inheritDoc} */ public boolean guestUserAuthenticationAllowed() { @@ -212,8 +212,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return false; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#authenticationExists(java.lang.String) + /** + * {@inheritDoc} */ public boolean authenticationExists(String userName) { @@ -228,8 +228,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return false; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getCurrentUserName() + /** + * {@inheritDoc} */ public String getCurrentUserName() throws AuthenticationException { @@ -247,8 +247,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return null; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#invalidateUserSession(java.lang.String) + /** + * {@inheritDoc} */ public void invalidateUserSession(String userName) throws AuthenticationException { @@ -268,8 +268,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#invalidateTicket(java.lang.String) + /** + * {@inheritDoc} */ public void invalidateTicket(String ticket) throws AuthenticationException { @@ -289,8 +289,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#validate(java.lang.String) + /** + * {@inheritDoc} */ public void validate(String ticket) throws AuthenticationException { @@ -310,8 +310,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getCurrentTicket() + /** + * {@inheritDoc} */ public String getCurrentTicket() { @@ -329,8 +329,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return null; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getNewTicket() + /** + * {@inheritDoc} */ public String getNewTicket() { @@ -348,8 +348,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return null; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#clearCurrentSecurityContext() + /** + * {@inheritDoc} */ public void clearCurrentSecurityContext() { @@ -369,8 +369,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#isCurrentUserTheSystemUser() + /** + * {@inheritDoc} */ public boolean isCurrentUserTheSystemUser() { @@ -388,8 +388,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return false; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getDomains() + /** + * {@inheritDoc} */ public Set getDomains() { @@ -401,8 +401,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return domains; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getDomainsThatAllowUserCreation() + /** + * {@inheritDoc} */ public Set getDomainsThatAllowUserCreation() { @@ -414,8 +414,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return domains; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getDomainsThatAllowUserDeletion() + /** + * {@inheritDoc} */ public Set getDomainsThatAllowUserDeletion() { @@ -427,8 +427,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return domains; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getDomiansThatAllowUserPasswordChanges() + /** + * {@inheritDoc} */ public Set getDomiansThatAllowUserPasswordChanges() { @@ -440,8 +440,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return domains; } - /* (non-Javadoc) - * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#getUsersWithTickets(boolean) + /** + * {@inheritDoc} */ @Override public Set getUsersWithTickets(boolean nonExpiredOnly) @@ -457,8 +457,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return users; } - /* (non-Javadoc) - * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#countTickets(boolean) + /** + * {@inheritDoc} */ @Override public int countTickets(boolean nonExpiredOnly) @@ -471,8 +471,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return count; } - /* (non-Javadoc) - * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#invalidateTickets(boolean) + /** + * {@inheritDoc} */ @Override public int invalidateTickets(boolean nonExpiredOnly) @@ -488,8 +488,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return count; } - /* (non-Javadoc) - * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#getTicketComponents() + /** + * {@inheritDoc} */ @Override public Set getTicketComponents() @@ -505,8 +505,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return tcs; } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getDefaultAdministratorUserNames() + /** + * {@inheritDoc} */ public Set getDefaultAdministratorUserNames() { @@ -518,4 +518,17 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth return defaultAdministratorUserNames; } + /** + * {@inheritDoc} + */ + public Set getDefaultGuestUserNames() + { + Set defaultGuestUserNames = new TreeSet(); + for (AuthenticationService authService : getUsableAuthenticationServices()) + { + defaultGuestUserNames.addAll(authService.getDefaultGuestUserNames()); + } + return defaultGuestUserNames; + } + } \ No newline at end of file diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java index 45e1eb95ca..1b9e0e4f48 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java @@ -75,4 +75,13 @@ public interface AuthenticationComponent extends AuthenticationContext * @return a set of user names */ public Set getDefaultAdministratorUserNames(); + + /** + * Gets a set of user names who for this particular authentication system should be considered guests by + * default. If the security framework is case sensitive these values should be case sensitive user names. If the + * security framework is not case sensitive these values should be the lower-case user names. + * + * @return a set of user names + */ + public Set getDefaultGuestUserNames(); } diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java index 76fc077ffd..3edce9c7c4 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java @@ -29,7 +29,6 @@ import java.util.Set; import org.alfresco.repo.management.subsystems.ActivateableBean; import org.alfresco.repo.security.authentication.AuthenticationComponent.UserNameValidationMode; -import org.alfresco.service.cmr.security.PermissionService; public class AuthenticationServiceImpl extends AbstractAuthenticationService implements ActivateableBean { @@ -118,7 +117,6 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp authenticationDao.setEnabled(userName, enabled); } - @SuppressWarnings("unchecked") public void authenticate(String userName, char[] password) throws AuthenticationException { try @@ -211,13 +209,13 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp return authenticationComponent.isSystemUserName(getCurrentUserName()); } - @SuppressWarnings("unchecked") public void authenticateAsGuest() throws AuthenticationException { - preAuthenticationCheck(PermissionService.GUEST_AUTHORITY); + preAuthenticationCheck(AuthenticationUtil.getGuestUserName()); authenticationComponent.setGuestUserAsCurrentUser(); + String guestUser = authenticationComponent.getCurrentUserName(); ticketComponent.clearCurrentTicket(); - ticketComponent.getCurrentTicket(PermissionService.GUEST_AUTHORITY); // to ensure new ticket is created (even if client does not explicitly call getCurrentTicket) + ticketComponent.getCurrentTicket(guestUser); // to ensure new ticket is created (even if client does not explicitly call getCurrentTicket) } public boolean guestUserAuthenticationAllowed() @@ -312,12 +310,19 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp return Collections.singleton(ticketComponent); } - /* - * (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthenticationService#getDefaultAdministratorUserNames() + /** + * {@inheritDoc} */ public Set getDefaultAdministratorUserNames() { return authenticationComponent.getDefaultAdministratorUserNames(); } + + /** + * {@inheritDoc} + */ + public Set getDefaultGuestUserNames() + { + return authenticationComponent.getDefaultGuestUserNames(); + } } diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java index ec177c75c7..e3a043353d 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java @@ -342,16 +342,15 @@ public class AuthenticationTest extends TestCase public void testGuest() { - authenticationService.authenticate("GUEST", "".toCharArray()); + authenticationService.authenticate(AuthenticationUtil.getGuestUserName(), "".toCharArray()); } public void testCreateUsers() { - authenticationService.createAuthentication("GUEST", "".toCharArray()); - authenticationService.authenticate("GUEST", "".toCharArray()); - // Guest is reported as lower case and the authentication basically - // ignored at the moment - assertEquals("guest", authenticationService.getCurrentUserName()); + authenticationService.createAuthentication(AuthenticationUtil.getGuestUserName(), "".toCharArray()); + authenticationService.authenticate(AuthenticationUtil.getGuestUserName(), "".toCharArray()); + // Guest is treated like any other user + assertEquals(AuthenticationUtil.getGuestUserName(), authenticationService.getCurrentUserName()); authenticationService.createAuthentication("Andy", "".toCharArray()); authenticationService.authenticate("Andy", "".toCharArray()); diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java index d15e16be4e..68d60d463f 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java @@ -99,7 +99,7 @@ public class AuthenticationUtil implements InitializingBean return AuthenticationUtil.mtEnabled; } - private AuthenticationUtil() + public AuthenticationUtil() { super(); } @@ -116,10 +116,10 @@ public class AuthenticationUtil implements InitializingBean gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM"); ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas); } - else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY)) + else if (userName.equalsIgnoreCase(getGuestUserName())) { GrantedAuthority[] gas = new GrantedAuthority[0]; - ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas); + ud = new User(getGuestUserName().toLowerCase(), "", true, true, true, true, gas); } else { @@ -452,6 +452,14 @@ public class AuthenticationUtil implements InitializingBean } return defaultGuestUserName; } + + /** + * Get the name of the guest role + */ + public static String getGuestRoleName() + { + return PermissionService.GUEST_AUTHORITY; + } /** * Remove the current security information diff --git a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java index 7f5d161a42..2ef1574188 100644 --- a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java @@ -162,6 +162,14 @@ public class ChainingAuthenticationComponentImpl extends AbstractChainingAuthent } + /** + * Get the guest user name + */ + public String getGuestUserName() + { + return AuthenticationUtil.getGuestUserName(); + } + /** * Get the MD4 password hash */ diff --git a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceTest.java b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceTest.java index fc70ced0e2..0880066ef5 100644 --- a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceTest.java +++ b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceTest.java @@ -28,11 +28,10 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; -import org.alfresco.service.cmr.security.AuthenticationService; -import org.alfresco.service.cmr.security.PermissionService; - import junit.framework.TestCase; +import org.alfresco.service.cmr.security.AuthenticationService; + public class ChainingAuthenticationServiceTest extends TestCase { private static final String EMPTY = "Empty"; @@ -73,6 +72,12 @@ public class ChainingAuthenticationServiceTest extends TestCase protected void setUp() throws Exception { super.setUp(); + + AuthenticationUtil authUtil = new AuthenticationUtil(); + authUtil.setDefaultAdminUserName("admin"); + authUtil.setDefaultGuestUserName("guest"); + authUtil.afterPropertiesSet(); + service1 = new TestAuthenticationServiceImpl(ALFRESCO, true, true, true, false); service1.createAuthentication("andy", "andy".toCharArray()); @@ -174,7 +179,7 @@ public class ChainingAuthenticationServiceTest extends TestCase ases.add(service2); as.setAuthenticationServices(ases); as.authenticateAsGuest(); - assertEquals(as.getCurrentUserName(), PermissionService.GUEST_AUTHORITY); + assertEquals(as.getCurrentUserName(), AuthenticationUtil.getGuestUserName()); as.clearCurrentSecurityContext(); assertNull(as.getCurrentUserName()); } @@ -581,7 +586,7 @@ public class ChainingAuthenticationServiceTest extends TestCase ases.add(service6); as.setAuthenticationServices(ases); as.authenticateAsGuest(); - assertEquals(as.getCurrentUserName(), PermissionService.GUEST_AUTHORITY); + assertEquals(as.getCurrentUserName(), AuthenticationUtil.getGuestUserName()); as.clearCurrentSecurityContext(); assertNull(as.getCurrentUserName()); } diff --git a/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java b/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java index 47adeab1bf..d6f97e8062 100644 --- a/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java @@ -42,7 +42,6 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.dao.User; import org.alfresco.service.cmr.security.AuthenticationService; -import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.util.EqualsHelper; import org.alfresco.util.GUID; @@ -230,7 +229,7 @@ public class TestAuthenticationServiceImpl implements AuthenticationService { if (allowGuest) { - setCurrentUser(PermissionService.GUEST_AUTHORITY); + setCurrentUser(AuthenticationUtil.getGuestUserName()); } else { @@ -419,10 +418,10 @@ public class TestAuthenticationServiceImpl implements AuthenticationService gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM"); ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas); } - else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY)) + else if (userName.equalsIgnoreCase(AuthenticationUtil.getGuestUserName())) { GrantedAuthority[] gas = new GrantedAuthority[0]; - ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas); + ud = new User(AuthenticationUtil.getGuestUserName().toLowerCase(), "", true, true, true, true, gas); } else { @@ -478,6 +477,11 @@ public class TestAuthenticationServiceImpl implements AuthenticationService return Collections.singleton(AuthenticationUtil.getAdminUserName()); } + public Set getDefaultGuestUserNames() + { + return Collections.singleton(AuthenticationUtil.getGuestUserName()); + } + private static final String SYSTEM_USER_NAME = "System"; } diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java index 24ed24ff61..301800d3a4 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java @@ -40,8 +40,6 @@ import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityType; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.InitializingBean; /** @@ -51,8 +49,6 @@ import org.springframework.beans.factory.InitializingBean; */ public class AuthorityServiceImpl implements AuthorityService, InitializingBean { - private static Log logger = LogFactory.getLog(AuthorityServiceImpl.class); - private static Set DEFAULT_ZONES = new HashSet(); private PersonService personService; @@ -66,7 +62,7 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean private AuthenticationService authenticationService; private PermissionServiceSPI permissionServiceSPI; - + private Set adminSet = Collections.singleton(PermissionService.ADMINISTRATOR_AUTHORITY); private Set guestSet = Collections.singleton(PermissionService.GUEST_AUTHORITY); @@ -75,6 +71,8 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean private Set adminGroups = Collections.emptySet(); + private Set guestGroups = Collections.emptySet(); + static { DEFAULT_ZONES.add(AuthorityService.ZONE_APP_DEFAULT); @@ -115,15 +113,17 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean { this.permissionServiceSPI = permissionServiceSPI; } - + public void setAdminGroups(Set adminGroups) { this.adminGroups = adminGroups; } - /* (non-Javadoc) - * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet() - */ + public void setGuestGroups(Set guestGroups) + { + this.guestGroups = guestGroups; + } + public void afterPropertiesSet() throws Exception { // Fully qualify the admin group names @@ -136,6 +136,16 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean } this.adminGroups = adminGroups; } + // Fully qualify the guest group names + if (!this.guestGroups.isEmpty()) + { + Set guestGroups = new HashSet(this.guestGroups.size()); + for (String group : this.guestGroups) + { + guestGroups.add(getName(AuthorityType.GROUP, group)); + } + this.guestGroups = guestGroups; + } } public boolean hasAdminAuthority() @@ -158,6 +168,26 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean return getAuthoritiesForUser(canonicalName).contains(PermissionService.ADMINISTRATOR_AUTHORITY); } + public boolean hasGuestAuthority() + { + String currentUserName = AuthenticationUtil.getRunAsUser(); + + // Determine whether the guest role is mapped to this user or one of their groups + return ((currentUserName != null) && getAuthoritiesForUser(currentUserName).contains(PermissionService.GUEST_AUTHORITY)); + } + + public boolean isGuestAuthority(String authorityName) + { + String canonicalName = personService.getUserIdentifier(authorityName); + if (canonicalName == null) + { + canonicalName = authorityName; + } + + // Determine whether the administrator role is mapped to this user or one of their groups + return getAuthoritiesForUser(canonicalName).contains(PermissionService.GUEST_AUTHORITY); + } + public Set getAuthorities() { String currentUserName = AuthenticationUtil.getRunAsUser(); @@ -172,12 +202,17 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean // Work out mapped roles - // Check named admin users + // Check named guest and admin users Set adminUsers = this.authenticationService.getDefaultAdministratorUserNames(); - + Set guestUsers = this.authenticationService.getDefaultGuestUserNames(); + + // note: for multi-tenancy, this currently relies on a naming convention which assumes that all tenant admins will + // have the same base name as the default non-tenant specific admin. Typically "admin" is the default required admin user, + // although, if for example "bob" is also listed as an admin then all tenant-specific bob's will also have admin authority String currentUserBaseName = tenantService.getBaseNameUser(currentUserName); boolean isAdminUser = false; + boolean isGuestUser = false; if (tenantService.isEnabled()) { // note: for multi-tenancy, this currently relies on a naming convention which assumes that all tenant admins will @@ -192,13 +227,25 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean break; } } + if (!isAdminUser) + { + for (String guestUser : guestUsers) + { + if (guestUser.equals(currentUserName) || tenantService.getBaseNameUser(guestUser).equals(currentUserBaseName)) + { + isGuestUser = true; + break; + } + } + } } else { - isAdminUser = adminUsers.contains(currentUserName); + isAdminUser = (adminUsers.contains(currentUserName) || adminUsers.contains(currentUserBaseName)); + isGuestUser = (guestUsers.contains(currentUserName) || guestUsers.contains(currentUserBaseName)); } - // Check named admin groups + // Check if any of the user's groups are listed as admin groups if (!isAdminUser && !adminGroups.isEmpty()) { for (String authority : authorities) @@ -210,15 +257,33 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean } } } + // Check if any of the user's groups are listed as guest groups + if (!isAdminUser && !isGuestUser && !guestGroups.isEmpty()) + { + for (String authority : authorities) + { + if (guestGroups.contains(authority) || guestGroups.contains(tenantService.getBaseNameUser(authority))) + { + isAdminUser = true; + break; + } + } + } + // Give admin user's the ADMINISTRATOR authorities if (isAdminUser) { authorities.addAll(adminSet); } - if (AuthorityType.getAuthorityType(currentUserBaseName) != AuthorityType.GUEST) + // Give all non-guest users the ALL authorities + if (!isGuestUser) { authorities.addAll(allSet); } + else + { + authorities.addAll(guestSet); + } return authorities; } diff --git a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java index d1573bb42d..55644e2a28 100644 --- a/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/SimpleAuthorityServiceImpl.java @@ -59,6 +59,8 @@ public class SimpleAuthorityServiceImpl implements AuthorityService private Set adminUsers; private AuthenticationContext authenticationContext; + + private Set guestUsers; private TenantService tenantService; @@ -84,10 +86,6 @@ public class SimpleAuthorityServiceImpl implements AuthorityService } - /** - * Currently the admin authority is granted only to the ALFRESCO_ADMIN_USER - * user. - */ public boolean hasAdminAuthority() { String currentUserName = authenticationContext.getCurrentUserName(); @@ -99,9 +97,6 @@ public class SimpleAuthorityServiceImpl implements AuthorityService return ((currentUserName != null) && (adminUsers.contains(currentUserName) || adminUsers.contains(tenantService.getBaseNameUser(currentUserName)))); } - /* (non-Javadoc) - * @see org.alfresco.service.cmr.security.AuthorityService#isAdminAuthority(java.lang.String) - */ public boolean isAdminAuthority(String authorityName) { String canonicalName = personService.getUserIdentifier(authorityName); @@ -112,6 +107,26 @@ public class SimpleAuthorityServiceImpl implements AuthorityService return adminUsers.contains(canonicalName); } + public boolean hasGuestAuthority() + { + String currentUserName = authenticationContext.getCurrentUserName(); + + // note: for MT, this currently relies on a naming convention which assumes that all tenant admins will + // have the same base name as the default non-tenant specific guest. + + return ((currentUserName != null) && (guestUsers.contains(currentUserName) || guestUsers.contains(tenantService.getBaseNameUser(currentUserName)))); + } + + public boolean isGuestAuthority(String authorityName) + { + String canonicalName = personService.getUserIdentifier(authorityName); + if (canonicalName == null) + { + canonicalName = authorityName; + } + return guestUsers.contains(canonicalName); + } + // IOC public void setAuthenticationContext(AuthenticationContext authenticationContext) @@ -124,6 +139,11 @@ public class SimpleAuthorityServiceImpl implements AuthorityService this.adminUsers = adminUsers; } + public void setGuestUsers(Set guestUsers) + { + this.guestUsers = guestUsers; + } + public Set getAuthorities() { Set authorities = new HashSet(); @@ -132,9 +152,9 @@ public class SimpleAuthorityServiceImpl implements AuthorityService { authorities.addAll(adminSet); } - if(AuthorityType.getAuthorityType(currentUserName) != AuthorityType.GUEST) + else if (!guestUsers.contains(currentUserName)) { - authorities.addAll(allSet); + authorities.addAll(allSet); } return authorities; } diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java index 0d7b4da7e9..3b7fc0bb85 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java @@ -732,7 +732,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing String username = user.getUsername(); auths.add(username); - if (tenantService.getBaseNameUser(username).equalsIgnoreCase(PermissionService.GUEST_AUTHORITY)) + if (tenantService.getBaseNameUser(username).equalsIgnoreCase(AuthenticationUtil.getGuestUserName())) { auths.add(PermissionService.GUEST_AUTHORITY); } diff --git a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java index af6e8d8d38..ffc1acc5c6 100644 --- a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java +++ b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java @@ -302,6 +302,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per } else { + makeHomeFolderIfRequired(personNode); return personNode; } } @@ -329,7 +330,6 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per // add to cache this.personCache.put(searchUserName, returnRef); } - makeHomeFolderIfRequired(returnRef); return returnRef; } @@ -531,10 +531,10 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per { throw new PersonException("No person found for user name " + userName); } - } else { + makeHomeFolderIfRequired(personNode); String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME)); properties.put(ContentModel.PROP_USERNAME, realUserName); } diff --git a/source/java/org/alfresco/repo/security/person/UIDBasedHomeFolderProvider.java b/source/java/org/alfresco/repo/security/person/UIDBasedHomeFolderProvider.java index bd73df601f..cfeca7ef1d 100644 --- a/source/java/org/alfresco/repo/security/person/UIDBasedHomeFolderProvider.java +++ b/source/java/org/alfresco/repo/security/person/UIDBasedHomeFolderProvider.java @@ -25,10 +25,13 @@ package org.alfresco.repo.security.person; import org.alfresco.model.ContentModel; +import org.alfresco.service.cmr.model.FileFolderService; import org.alfresco.service.cmr.model.FileInfo; import org.alfresco.service.cmr.model.FileNotFoundException; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter; +import org.alfresco.util.FileNameValidator; /** * Create home spaces based on the UID of the user. @@ -55,42 +58,51 @@ public class UIDBasedHomeFolderProvider extends ExistingPathBasedHomeFolderProvi protected HomeSpaceNodeRef getHomeFolder(NodeRef person) { - NodeRef existingHomeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, getServiceRegistry() - .getNodeService().getProperty(person, ContentModel.PROP_HOMEFOLDER)); + FileFolderService fileFolderService = getServiceRegistry().getFileFolderService(); + NodeService nodeService = getServiceRegistry().getNodeService(); + + NodeRef existingHomeFolder = DefaultTypeConverter.INSTANCE.convert( + NodeRef.class, nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER)); if (existingHomeFolder == null) { - String uid = DefaultTypeConverter.INSTANCE.convert(String.class, getServiceRegistry().getNodeService() - .getProperty(person, ContentModel.PROP_USERNAME)); + String uid = DefaultTypeConverter.INSTANCE.convert( + String.class, + nodeService.getProperty(person, ContentModel.PROP_USERNAME)); if((uid == null) || (uid.length() == 0)) { throw new PersonException("Can not create a home space when the uid is null or empty"); } + // ETHREEOH-1612: Convert the username to file- and folder-safe names + String homeFolderName = FileNameValidator.getValidFileName(uid); + FileInfo fileInfo; // Test if it already exists - NodeRef exising = getServiceRegistry().getFileFolderService().searchSimple(getPathNodeRef(), uid); + NodeRef exising = fileFolderService.searchSimple(getPathNodeRef(), homeFolderName); if (exising != null) { - fileInfo = getServiceRegistry().getFileFolderService().getFileInfo(exising); + fileInfo = fileFolderService.getFileInfo(exising); } else { - if (templatePath == null) { - fileInfo = getServiceRegistry().getFileFolderService().create(getPathNodeRef(), uid, + fileInfo = fileFolderService.create( + getPathNodeRef(), + homeFolderName, ContentModel.TYPE_FOLDER); - } else { try { - fileInfo = getServiceRegistry().getFileFolderService().copy(getTemplateNodeRef(), - getPathNodeRef(), uid); + fileInfo = fileFolderService.copy( + getTemplateNodeRef(), + getPathNodeRef(), + homeFolderName); } catch (FileNotFoundException e) { diff --git a/source/java/org/alfresco/repo/site/SiteAVMBootstrap.java b/source/java/org/alfresco/repo/site/SiteAVMBootstrap.java index e292d19a40..05b16823b1 100644 --- a/source/java/org/alfresco/repo/site/SiteAVMBootstrap.java +++ b/source/java/org/alfresco/repo/site/SiteAVMBootstrap.java @@ -149,7 +149,7 @@ public class SiteAVMBootstrap extends AbstractLifecycleBean // set default permissions on the new store StoreRef store = new StoreRef(StoreRef.PROTOCOL_AVM, storeName); this.permissionService.setPermission(store, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); - this.permissionService.setPermission(store, PermissionService.GUEST_AUTHORITY, PermissionService.READ, true); + this.permissionService.setPermission(store, AuthenticationUtil.getGuestUserName(), PermissionService.READ, true); } } diff --git a/source/java/org/alfresco/repo/version/Version2ServiceImpl.java b/source/java/org/alfresco/repo/version/Version2ServiceImpl.java index 36907cc2e3..2a6ffd95b3 100644 --- a/source/java/org/alfresco/repo/version/Version2ServiceImpl.java +++ b/source/java/org/alfresco/repo/version/Version2ServiceImpl.java @@ -38,6 +38,7 @@ import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.model.ContentModel; import org.alfresco.repo.policy.PolicyScope; +import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.version.common.VersionHistoryImpl; import org.alfresco.repo.version.common.VersionImpl; import org.alfresco.repo.version.common.VersionUtil; @@ -455,7 +456,7 @@ public class Version2ServiceImpl extends VersionServiceImpl implements VersionSe PermissionService.ALL_PERMISSIONS, true); permissionService.setPermission( versionNodeRef, - PermissionService.GUEST_AUTHORITY, + AuthenticationUtil.getGuestUserName(), PermissionService.ALL_PERMISSIONS, true); } diff --git a/source/java/org/alfresco/service/cmr/security/AuthenticationService.java b/source/java/org/alfresco/service/cmr/security/AuthenticationService.java index a9089e2de6..b9fb0d1858 100644 --- a/source/java/org/alfresco/service/cmr/security/AuthenticationService.java +++ b/source/java/org/alfresco/service/cmr/security/AuthenticationService.java @@ -233,11 +233,19 @@ public interface AuthenticationService public Set getDomiansThatAllowUserPasswordChanges(); /** - * Gets a set of user names who should be considered administrators by default. + * Gets a set of user names who should be considered 'administrators' by default. * * @return a set of user names */ @Auditable public Set getDefaultAdministratorUserNames(); + + /** + * Gets a set of user names who should be considered 'guests' by default. + * + * @return a set of user names + */ + @Auditable + public Set getDefaultGuestUserNames(); } diff --git a/source/java/org/alfresco/service/cmr/security/AuthorityService.java b/source/java/org/alfresco/service/cmr/security/AuthorityService.java index 2653739924..6fd74fa9cb 100644 --- a/source/java/org/alfresco/service/cmr/security/AuthorityService.java +++ b/source/java/org/alfresco/service/cmr/security/AuthorityService.java @@ -90,11 +90,32 @@ public interface AuthorityService * Does the given authority have admin authority. * * @param authorityName The name of the authority. - * @return Whether the authority is an admin. + * @return Whether the authority is an 'administrator'. */ @Auditable(parameters = {"authorityName"}) public boolean isAdminAuthority(String authorityName); + /** + * Check of the current user has guest authority. + * + * There is no contract for who should have this authority, only that it can + * be tested here. It could be determined by group membership, role, + * authentication mechanism, ... + * + * @return true if the currently authenticated user has the guest authority + */ + @Auditable + public boolean hasGuestAuthority(); + + /** + * Does the given authority have guest authority. + * + * @param authorityName The name of the authority. + * @return Whether the authority is a 'guest'. + */ + @Auditable(parameters = {"authorityName"}) + public boolean isGuestAuthority(String authorityName); + /** * Get the authorities for the current user * diff --git a/source/java/org/alfresco/service/cmr/security/PermissionService.java b/source/java/org/alfresco/service/cmr/security/PermissionService.java index 184bbd1550..8a783a0a76 100644 --- a/source/java/org/alfresco/service/cmr/security/PermissionService.java +++ b/source/java/org/alfresco/service/cmr/security/PermissionService.java @@ -81,7 +81,7 @@ public interface PermissionService /** * The guest authority */ - public static final String GUEST_AUTHORITY = "guest"; + public static final String GUEST_AUTHORITY = "ROLE_GUEST"; /** * The permission for all - not defined in the model. Repsected in the code. diff --git a/source/java/org/alfresco/repo/avm/FileNameValidator.java b/source/java/org/alfresco/util/FileNameValidator.java similarity index 61% rename from source/java/org/alfresco/repo/avm/FileNameValidator.java rename to source/java/org/alfresco/util/FileNameValidator.java index 669b1e43c1..023bd6f0a2 100644 --- a/source/java/org/alfresco/repo/avm/FileNameValidator.java +++ b/source/java/org/alfresco/util/FileNameValidator.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -20,29 +20,37 @@ * FLOSS exception. You should have recieved a copy of the text describing * the FLOSS exception, and it is also available here: * http://www.alfresco.com/legal/licensing" */ - -package org.alfresco.repo.avm; +package org.alfresco.util; import java.util.regex.Pattern; /** * Static checker for valid file names. - * @author britt + * + * @author Derek Hulley */ public class FileNameValidator { /** * The bad file name pattern. */ - private static String fgBadPattern = ".*[\"\\*\\\\><\\?/:\\|]+.*"; + private static final Pattern FILENAME_ILLEGAL_PATTERN = Pattern.compile(".*[\"\\*\\\\><\\?/:\\|]+.*"); + private static final Pattern FILENAME_ILLEGAL_PATTERN_REPLACE = Pattern.compile("[\\\"\\*\\\\\\>\\<\\?\\/\\:\\|]"); + + public static boolean isValid(String name) + { + return !FILENAME_ILLEGAL_PATTERN.matcher(name).matches(); + } /** - * The compiled regex. + * Replaces illegal filename characters with '_' */ - private static Pattern fgPattern = Pattern.compile(fgBadPattern); - - public static boolean IsValid(String name) + public static String getValidFileName(String fileName) { - return !fgPattern.matcher(name).matches(); + if (fileName == null || fileName.length() == 0) + { + throw new IllegalArgumentException("File name cannot be corrected if it is null or empty."); + } + return FILENAME_ILLEGAL_PATTERN_REPLACE.matcher(fileName).replaceAll("_"); } } diff --git a/source/java/org/alfresco/repo/avm/FileNameValidatorTest.java b/source/java/org/alfresco/util/FileNameValidatorTest.java similarity index 76% rename from source/java/org/alfresco/repo/avm/FileNameValidatorTest.java rename to source/java/org/alfresco/util/FileNameValidatorTest.java index e9577e48a8..e974725d13 100644 --- a/source/java/org/alfresco/repo/avm/FileNameValidatorTest.java +++ b/source/java/org/alfresco/util/FileNameValidatorTest.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2009 Alfresco Software Limited. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -20,14 +20,14 @@ * FLOSS exception. You should have recieved a copy of the text describing * the FLOSS exception, and it is also available here: * http://www.alfresco.com/legal/licensing" */ - -package org.alfresco.repo.avm; +package org.alfresco.util; import junit.framework.TestCase; /** * Test File Name validation. - * @author britt + * + * @author Derek Hulley */ public class FileNameValidatorTest extends TestCase { @@ -37,7 +37,14 @@ public class FileNameValidatorTest extends TestCase ":", "|" }; for (String name : badNames) { - assertFalse(FileNameValidator.IsValid(name)); + assertFalse(FileNameValidator.isValid(name)); } } + + public void testGetValidFileName() + { + // " * \ > < ? / : | + assertEquals("ABCDEFG.txt", FileNameValidator.getValidFileName("ABCDEFG.txt")); + assertEquals("A_B_C_D_E_F_G_H_I_J.txt", FileNameValidator.getValidFileName("A\"B*C\\D>E