Merged V3.2 to HEAD

15579: Merged V3.1 to V3.2 14048: Fixed ETHREEOH-1612: Unable to modify the 'guest' username(s) 14093: Build/test fix - fallout from recent guest changes 15581: Removed reference to 'alfresco.messages.portlets' resource bundle 15582: Fixed merge errors after guest user changes 15583: Merged V3.1 to V3.2 14049: Minor addition to ETHREEOH-1612 fix: Guest and Admin usernames should not be changed AFTER INSTALLATION 14060: Handle null username in calls to authenticate 14086: Removed references to non-existent GROUP_ALFRESCO_GUESTS. 15584: Merged V3.1 to V3.2 14103: Build/test fix - fallout from recent guest changes (revert previous change + move makeHomeFolderIfRequired out of getPersonOrNull) 15585: Merged V3.1 to V3.2 14110: Build/test fix (CMISTest) - fallout from recent guest changes (test server ctx must be init'ed before calling runAs) 14166: Fixed ETHREEOH-2016: Usernames with domain-name separators lead to "bad filename" errors 14184: *RECORD ONLY* Fixed ETHREEOH-2018: NTLM SSO fails with NPE 14495: *RECORD ONLY* 14511: *RECORD ONLY* 14516: ETHREEOH-2162 (DB2 script key rename) ___________________________________________________________________ Modified: svn:mergeinfo Merged /alfresco/BRANCHES/V3.0:r14494 Merged /alfresco/BRANCHES/V3.1:r14048-14049,14060,14086,14093,14103,14110,14166,14184,14495,14511,14516 Merged /alfresco/BRANCHES/V3.2:r15579,15581-15585 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16859 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-10-13 11:51:40 +00:00
parent 2eeefe0a72
commit 69249332d3
38 changed files with 472 additions and 237 deletions
--- a/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
+++ b/source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -64,6 +64,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC

    private Set<String> defaultAdministratorUserNames = Collections.emptySet();

+    private Set<String> defaultGuestUserNames = Collections.emptySet();
+
    private AuthenticationContext authenticationContext;
    
    private PersonService personService;
@@ -142,6 +144,10 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
        {
            logger.debug("Authenticating user \"" + userName + '"');
        }
+        if (userName == null)
+        {
+            throw new AuthenticationException("Null user name");
+        }
        // Support guest login from the login screen
        if (isGuestUserName(userName))
        {
@@ -498,9 +504,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
        }
    }

-    /*
-     * (non-Javadoc)
-     * @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames()
+    /**
+     * {@inheritDoc}
     */
    public Set<String> getDefaultAdministratorUserNames()
    {
@@ -533,6 +538,40 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
        setDefaultAdministratorUserNames(nameSet);
    }

+    /**
+     * {@inheritDoc}
+     */
+    public Set<String> getDefaultGuestUserNames()
+    {
+        return this.defaultGuestUserNames;
+    }
+
+    /**
+     * Sets the user names who for this particular authentication system should be considered administrators by default.
+     * 
+     * @param defaultAdministratorUserNames
+     *            a set of user names
+     */
+    public void setDefaultGuestUserNames(Set<String> defaultGuestUserNames)
+    {
+        this.defaultGuestUserNames = defaultGuestUserNames;
+    }
+    
+    /**
+     * Convenience method to allow the administrator user names to be specified as a comma separated list
+     * 
+     * @param defaultAdministratorUserNames
+     */
+    public void setDefaultGuestUserNameList(String defaultGuestUserNames)
+    {
+        Set<String> nameSet = new TreeSet<String>();
+        if (defaultGuestUserNames.length() > 0)
+        {
+            nameSet.addAll(Arrays.asList(defaultGuestUserNames.split(",")));
+        }
+        setDefaultGuestUserNames(nameSet);
+    }
+
    public String getSystemUserName(String tenantDomain)
    {
        return authenticationContext.getSystemUserName(tenantDomain);
--- a/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationComponent.java
+++ b/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationComponent.java
@@ -144,9 +144,8 @@ public abstract class AbstractChainingAuthenticationComponent extends AbstractAu
        throw new AuthenticationException("Failed to set current user " + userName);
    }

-    /*
-     * (non-Javadoc)
-     * @see org.alfresco.repo.security.authentication.AbstractAuthenticationComponent#getDefaultAdministratorUserNames()
+    /**
+     * {@inheritDoc}
     */
    @Override
    public Set<String> getDefaultAdministratorUserNames()
@@ -159,4 +158,18 @@ public abstract class AbstractChainingAuthenticationComponent extends AbstractAu
        return defaultAdministratorUserNames;
    }

+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Set<String> getDefaultGuestUserNames()
+    {
+        Set<String> defaultGuestUserNames = new TreeSet<String>();
+        for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
+        {
+            defaultGuestUserNames.addAll(authComponent.getDefaultGuestUserNames());
+        }
+        return defaultGuestUserNames;
+    }
+
 }
--- a/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationService.java
+++ b/source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationService.java
@@ -91,8 +91,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth

    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#setAuthentication(java.lang.String, char[])
+    /**
+     * {@inheritDoc}
     */
    public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException
    {
@@ -104,8 +104,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        getMutableAuthenticationService().setAuthentication(userName, newPassword);
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#deleteAuthentication(java.lang.String)
+    /**
+     * {@inheritDoc}
     */
    public void deleteAuthentication(String userName) throws AuthenticationException
    {
@@ -118,8 +118,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth

    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#setAuthenticationEnabled(java.lang.String, boolean)
+    /**
+     * {@inheritDoc}
     */
    public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException
    {
@@ -131,8 +131,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        getMutableAuthenticationService().setAuthenticationEnabled(userName, enabled);
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getAuthenticationEnabled(java.lang.String)
+    /**
+     * {@inheritDoc}
     */
    public boolean getAuthenticationEnabled(String userName) throws AuthenticationException
    {
@@ -153,8 +153,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return false;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#authenticate(java.lang.String, char[])
+    /**
+     * {@inheritDoc}
     */
    public void authenticate(String userName, char[] password) throws AuthenticationException
    {
@@ -175,8 +175,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth

    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#authenticateAsGuest()
+    /**
+     * {@inheritDoc}
     */
    public void authenticateAsGuest() throws AuthenticationException
    {
@@ -196,8 +196,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        throw new AuthenticationException("Guest authentication not supported");
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#guestUserAuthenticationAllowed()
+    /**
+     * {@inheritDoc}
     */
    public boolean guestUserAuthenticationAllowed()
    {
@@ -212,8 +212,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return false;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#authenticationExists(java.lang.String)
+    /**
+     * {@inheritDoc}
     */
    public boolean authenticationExists(String userName)
    {
@@ -228,8 +228,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return false;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getCurrentUserName()
+    /**
+     * {@inheritDoc}
     */
    public String getCurrentUserName() throws AuthenticationException
    {
@@ -247,8 +247,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return null;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#invalidateUserSession(java.lang.String)
+    /**
+     * {@inheritDoc}
     */
    public void invalidateUserSession(String userName) throws AuthenticationException
    {
@@ -268,8 +268,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth

    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#invalidateTicket(java.lang.String)
+    /**
+     * {@inheritDoc}
     */
    public void invalidateTicket(String ticket) throws AuthenticationException
    {
@@ -289,8 +289,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth

    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#validate(java.lang.String)
+    /**
+     * {@inheritDoc}
     */
    public void validate(String ticket) throws AuthenticationException
    {
@@ -310,8 +310,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth

    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getCurrentTicket()
+    /**
+     * {@inheritDoc}
     */
    public String getCurrentTicket()
    {
@@ -329,8 +329,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return null;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getNewTicket()
+    /**
+     * {@inheritDoc}
     */
    public String getNewTicket()
    {
@@ -348,8 +348,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return null;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#clearCurrentSecurityContext()
+    /**
+     * {@inheritDoc}
     */
    public void clearCurrentSecurityContext()
    {
@@ -369,8 +369,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth

    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#isCurrentUserTheSystemUser()
+    /**
+     * {@inheritDoc}
     */
    public boolean isCurrentUserTheSystemUser()
    {
@@ -388,8 +388,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return false;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getDomains()
+    /**
+     * {@inheritDoc}
     */
    public Set<String> getDomains()
    {
@@ -401,8 +401,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return domains;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getDomainsThatAllowUserCreation()
+    /**
+     * {@inheritDoc}
     */
    public Set<String> getDomainsThatAllowUserCreation()
    {
@@ -414,8 +414,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return domains;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getDomainsThatAllowUserDeletion()
+    /**
+     * {@inheritDoc}
     */
    public Set<String> getDomainsThatAllowUserDeletion()
    {
@@ -427,8 +427,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return domains;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getDomiansThatAllowUserPasswordChanges()
+    /**
+     * {@inheritDoc}
     */
    public Set<String> getDomiansThatAllowUserPasswordChanges()
    {
@@ -440,8 +440,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return domains;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#getUsersWithTickets(boolean)
+    /**
+     * {@inheritDoc}
     */
    @Override
    public Set<String> getUsersWithTickets(boolean nonExpiredOnly)
@@ -457,8 +457,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return users;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#countTickets(boolean)
+    /**
+     * {@inheritDoc}
     */
    @Override
    public int countTickets(boolean nonExpiredOnly)
@@ -471,8 +471,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return count;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#invalidateTickets(boolean)
+    /**
+     * {@inheritDoc}
     */
    @Override
    public int invalidateTickets(boolean nonExpiredOnly)
@@ -488,8 +488,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return count;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#getTicketComponents()
+    /**
+     * {@inheritDoc}
     */
    @Override
    public Set<TicketComponent> getTicketComponents()
@@ -505,8 +505,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return tcs;
    }

-    /* (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getDefaultAdministratorUserNames()
+    /**
+     * {@inheritDoc}
     */
    public Set<String> getDefaultAdministratorUserNames()
    {
@@ -518,4 +518,17 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
        return defaultAdministratorUserNames;
    }

+    /**
+     * {@inheritDoc}
+     */
+    public Set<String> getDefaultGuestUserNames()
+    {
+        Set<String> defaultGuestUserNames = new TreeSet<String>();
+        for (AuthenticationService authService : getUsableAuthenticationServices())
+        {
+            defaultGuestUserNames.addAll(authService.getDefaultGuestUserNames());
+        }
+        return defaultGuestUserNames;
+    }
+
 }
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationComponent.java
@@ -75,4 +75,13 @@ public interface AuthenticationComponent extends AuthenticationContext
     * @return a set of user names
     */
    public Set<String> getDefaultAdministratorUserNames();
+    
+    /**
+     * Gets a set of user names who for this particular authentication system should be considered guests by
+     * default. If the security framework is case sensitive these values should be case sensitive user names. If the
+     * security framework is not case sensitive these values should be the lower-case user names.
+     * 
+     * @return a set of user names
+     */
+    public Set<String> getDefaultGuestUserNames();
 }
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
@@ -29,7 +29,6 @@ import java.util.Set;

 import org.alfresco.repo.management.subsystems.ActivateableBean;
 import org.alfresco.repo.security.authentication.AuthenticationComponent.UserNameValidationMode;
-import org.alfresco.service.cmr.security.PermissionService;

 public class AuthenticationServiceImpl extends AbstractAuthenticationService implements ActivateableBean
 {
@@ -118,7 +117,6 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
        authenticationDao.setEnabled(userName, enabled);
    }

-    @SuppressWarnings("unchecked")
    public void authenticate(String userName, char[] password) throws AuthenticationException
    {
        try
@@ -211,13 +209,13 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
        return authenticationComponent.isSystemUserName(getCurrentUserName());
    }

-    @SuppressWarnings("unchecked")
    public void authenticateAsGuest() throws AuthenticationException
    {
-        preAuthenticationCheck(PermissionService.GUEST_AUTHORITY);
+        preAuthenticationCheck(AuthenticationUtil.getGuestUserName());
        authenticationComponent.setGuestUserAsCurrentUser();
+        String guestUser = authenticationComponent.getCurrentUserName();
        ticketComponent.clearCurrentTicket();
-        ticketComponent.getCurrentTicket(PermissionService.GUEST_AUTHORITY); // to ensure new ticket is created (even if client does not explicitly call getCurrentTicket)
+        ticketComponent.getCurrentTicket(guestUser); // to ensure new ticket is created (even if client does not explicitly call getCurrentTicket)
    }
    
    public boolean guestUserAuthenticationAllowed()
@@ -312,12 +310,19 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
        return Collections.singleton(ticketComponent);
    }

-    /*
-     * (non-Javadoc)
-     * @see org.alfresco.service.cmr.security.AuthenticationService#getDefaultAdministratorUserNames()
+    /**
+     * {@inheritDoc}
     */
    public Set<String> getDefaultAdministratorUserNames()
    {
        return authenticationComponent.getDefaultAdministratorUserNames();
    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Set<String> getDefaultGuestUserNames()
+    {
+        return authenticationComponent.getDefaultGuestUserNames();
+    }
 }
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
@@ -342,16 +342,15 @@ public class AuthenticationTest extends TestCase
    
    public void testGuest()
    {
-        authenticationService.authenticate("GUEST", "".toCharArray());
+        authenticationService.authenticate(AuthenticationUtil.getGuestUserName(), "".toCharArray());
    }

    public void testCreateUsers()
    {
-        authenticationService.createAuthentication("GUEST", "".toCharArray());
-        authenticationService.authenticate("GUEST", "".toCharArray());
-        // Guest is reported as lower case and the authentication basically
-        // ignored at the moment
-        assertEquals("guest", authenticationService.getCurrentUserName());
+        authenticationService.createAuthentication(AuthenticationUtil.getGuestUserName(), "".toCharArray());
+        authenticationService.authenticate(AuthenticationUtil.getGuestUserName(), "".toCharArray());
+        // Guest is treated like any other user
+        assertEquals(AuthenticationUtil.getGuestUserName(), authenticationService.getCurrentUserName());

        authenticationService.createAuthentication("Andy", "".toCharArray());
        authenticationService.authenticate("Andy", "".toCharArray());
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
@@ -99,7 +99,7 @@ public class AuthenticationUtil implements InitializingBean
        return AuthenticationUtil.mtEnabled;
    }

-    private AuthenticationUtil()
+    public AuthenticationUtil()
    {
        super();
    }
@@ -116,10 +116,10 @@ public class AuthenticationUtil implements InitializingBean
            gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
            ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas);
        }
-        else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
+        else if (userName.equalsIgnoreCase(getGuestUserName()))
        {
            GrantedAuthority[] gas = new GrantedAuthority[0];
-            ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas);
+            ud = new User(getGuestUserName().toLowerCase(), "", true, true, true, true, gas);
        }
        else
        {
@@ -452,6 +452,14 @@ public class AuthenticationUtil implements InitializingBean
        }
        return defaultGuestUserName;
    }
+    
+    /**
+     * Get the name of the guest role
+     */
+    public static String getGuestRoleName()
+    {
+        return PermissionService.GUEST_AUTHORITY;
+    }

    /**
     * Remove the current security information
--- a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java
@@ -162,6 +162,14 @@ public class ChainingAuthenticationComponentImpl extends AbstractChainingAuthent

    }

+    /**
+     * Get the guest user name
+     */
+    public String getGuestUserName()
+    {
+        return AuthenticationUtil.getGuestUserName();
+    }
+
    /**
     * Get the MD4 password hash
     */
--- a/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceTest.java
+++ b/source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceTest.java
@@ -28,11 +28,10 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;

-import org.alfresco.service.cmr.security.AuthenticationService;
-import org.alfresco.service.cmr.security.PermissionService;
-
 import junit.framework.TestCase;

+import org.alfresco.service.cmr.security.AuthenticationService;
+
 public class ChainingAuthenticationServiceTest extends TestCase
 {
    private static final String EMPTY = "Empty";
@@ -73,6 +72,12 @@ public class ChainingAuthenticationServiceTest extends TestCase
    protected void setUp() throws Exception
    {
        super.setUp();
+        
+        AuthenticationUtil authUtil = new AuthenticationUtil();
+        authUtil.setDefaultAdminUserName("admin");
+        authUtil.setDefaultGuestUserName("guest");
+        authUtil.afterPropertiesSet();
+        
        service1 = new TestAuthenticationServiceImpl(ALFRESCO, true, true, true, false);
        service1.createAuthentication("andy", "andy".toCharArray());

@@ -174,7 +179,7 @@ public class ChainingAuthenticationServiceTest extends TestCase
        ases.add(service2);
        as.setAuthenticationServices(ases);
        as.authenticateAsGuest();
-        assertEquals(as.getCurrentUserName(), PermissionService.GUEST_AUTHORITY);
+        assertEquals(as.getCurrentUserName(), AuthenticationUtil.getGuestUserName());
        as.clearCurrentSecurityContext();
        assertNull(as.getCurrentUserName());
    }
@@ -581,7 +586,7 @@ public class ChainingAuthenticationServiceTest extends TestCase
        ases.add(service6);
        as.setAuthenticationServices(ases);
        as.authenticateAsGuest();
-        assertEquals(as.getCurrentUserName(), PermissionService.GUEST_AUTHORITY);
+        assertEquals(as.getCurrentUserName(), AuthenticationUtil.getGuestUserName());
        as.clearCurrentSecurityContext();
        assertNull(as.getCurrentUserName());
    }
--- a/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java
@@ -42,7 +42,6 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import net.sf.acegisecurity.providers.dao.User;

 import org.alfresco.service.cmr.security.AuthenticationService;
-import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.util.EqualsHelper;
 import org.alfresco.util.GUID;

@@ -230,7 +229,7 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
    {
        if (allowGuest)
        {
-            setCurrentUser(PermissionService.GUEST_AUTHORITY);
+            setCurrentUser(AuthenticationUtil.getGuestUserName());
        }
        else
        {
@@ -419,10 +418,10 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
                gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
                ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas);
            }
-            else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
+            else if (userName.equalsIgnoreCase(AuthenticationUtil.getGuestUserName()))
            {
                GrantedAuthority[] gas = new GrantedAuthority[0];
-                ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas);
+                ud = new User(AuthenticationUtil.getGuestUserName().toLowerCase(), "", true, true, true, true, gas);
            }
            else
            {
@@ -478,6 +477,11 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
        return Collections.singleton(AuthenticationUtil.getAdminUserName());
    }

+    public Set<String> getDefaultGuestUserNames()
+    {
+        return Collections.singleton(AuthenticationUtil.getGuestUserName());
+    }
+
    private static final String SYSTEM_USER_NAME = "System";

 }