mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-10-15 15:02:20 +00:00
Merged V3.2 to HEAD
15579: Merged V3.1 to V3.2
14048: Fixed ETHREEOH-1612: Unable to modify the 'guest' username(s)
14093: Build/test fix - fallout from recent guest changes
15581: Removed reference to 'alfresco.messages.portlets' resource bundle
15582: Fixed merge errors after guest user changes
15583: Merged V3.1 to V3.2
14049: Minor addition to ETHREEOH-1612 fix: Guest and Admin usernames should not be changed AFTER INSTALLATION
14060: Handle null username in calls to authenticate
14086: Removed references to non-existent GROUP_ALFRESCO_GUESTS.
15584: Merged V3.1 to V3.2
14103: Build/test fix - fallout from recent guest changes (revert previous change + move makeHomeFolderIfRequired out of getPersonOrNull)
15585: Merged V3.1 to V3.2
14110: Build/test fix (CMISTest) - fallout from recent guest changes (test server ctx must be init'ed before calling runAs)
14166: Fixed ETHREEOH-2016: Usernames with domain-name separators lead to "bad filename" errors
14184: *RECORD ONLY* Fixed ETHREEOH-2018: NTLM SSO fails with NPE
14495: *RECORD ONLY*
14511: *RECORD ONLY*
14516: ETHREEOH-2162 (DB2 script key rename)
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V3.0:r14494
Merged /alfresco/BRANCHES/V3.1:r14048-14049,14060,14086,14093,14103,14110,14166,14184,14495,14511,14516
Merged /alfresco/BRANCHES/V3.2:r15579,15581-15585
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16859 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
@@ -39,6 +39,13 @@
|
||||
<value>ALFRESCO_ADMINISTRATORS</value>
|
||||
</set>
|
||||
</property>
|
||||
<!-- -->
|
||||
<!-- A list of groups with guest rights. -->
|
||||
<!-- -->
|
||||
<property name="guestGroups">
|
||||
<set>
|
||||
</set>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- Authority DAO that stores group information along with user information, -->
|
||||
|
||||
@@ -93,7 +93,7 @@ patch.systemWorkflowFolder.description=Ensures the existence of the system workf
|
||||
patch.systemWorkflowFolder.result.created=Created system workflow container {0}.
|
||||
|
||||
patch.rssTemplatesFolder.description=Ensures the existence of the 'RSS Templates' folder.
|
||||
patch.rssTemplatesFolder.result.exists=The RSS Templates folder already exists: {0}
|
||||
patch.rssTemplatesFolder.result.exists=The RSS Templates folder already exists: {0}. Re-applying guest permissions.
|
||||
patch.rssTemplatesFolder.result.created=The RSS Templates folder was successfully created: {0}
|
||||
|
||||
patch.uifacetsAspectRemovalPatch.description=Removes the incorrectly applied uifacets aspect from presentation template files.
|
||||
|
||||
@@ -231,13 +231,13 @@ alfresco_user_store.store=user://alfrescoUserStore
|
||||
alfresco_user_store.system_container.childname=sys:system
|
||||
alfresco_user_store.user_container.childname=sys:people
|
||||
|
||||
# note: default admin username - should not be changed
|
||||
# note: default admin username - should not be changed after installation
|
||||
alfresco_user_store.adminusername=admin
|
||||
|
||||
# Initial password - editing this will not have any effect once the repository is installed
|
||||
alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634
|
||||
|
||||
# note: default guest username - should not be changed
|
||||
# note: default guest username - should not be changed after installation
|
||||
alfresco_user_store.guestusername=guest
|
||||
|
||||
# Spaces Archive Configuration
|
||||
|
||||
@@ -9,9 +9,6 @@
|
||||
<property name="authenticationManager">
|
||||
<ref bean="authenticationManager" />
|
||||
</property>
|
||||
<property name="allowGuestLogin">
|
||||
<value>${alfresco.authentication.allowGuestLogin}</value>
|
||||
</property>
|
||||
<property name="nodeService">
|
||||
<ref bean="nodeService" />
|
||||
</property>
|
||||
@@ -21,6 +18,41 @@
|
||||
<property name="transactionService">
|
||||
<ref bean="transactionService" />
|
||||
</property>
|
||||
<property name="allowGuestLogin">
|
||||
<value>${alfresco.authentication.allowGuestLogin}</value>
|
||||
</property>
|
||||
<!-- -->
|
||||
<!-- A list of users with admin rights. -->
|
||||
<!-- -->
|
||||
<!-- If the security framework is case sensitive these values should -->
|
||||
<!-- be case sensitive user names. If the security framework is not -->
|
||||
<!-- case sensitive these values should be the lower-case user names. -->
|
||||
<!-- -->
|
||||
<!-- By default this includes: -->
|
||||
<!-- admin (the user name of default alfresco admin user) -->
|
||||
<!-- administrator (the windows default admin user) -->
|
||||
<!-- -->
|
||||
<!-- This assumes that user names are not case sensitive. -->
|
||||
<!-- -->
|
||||
<property name="adminUsers">
|
||||
<set>
|
||||
<value>${alfresco_user_store.adminusername}</value>
|
||||
<value>administrator</value>
|
||||
</set>
|
||||
</property>
|
||||
<!-- -->
|
||||
<!-- A list of users acting as guests. -->
|
||||
<!-- -->
|
||||
<!-- By default this includes: -->
|
||||
<!-- guest (the user name of default alfresco guest user) -->
|
||||
<!-- -->
|
||||
<!-- This assumes that user names are not case sensitive. -->
|
||||
<!-- -->
|
||||
<property name="guestUsers">
|
||||
<set>
|
||||
<value>${alfresco_user_store.guestusername}</value>
|
||||
</set>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- Wrapped version to be used within subsystem -->
|
||||
|
||||
@@ -29,12 +29,10 @@ import java.util.List;
|
||||
import org.alfresco.i18n.I18NUtil;
|
||||
import org.alfresco.repo.admin.patch.AbstractPatch;
|
||||
import org.alfresco.repo.importer.ImporterBootstrap;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.admin.PatchException;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.search.SearchService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.namespace.NamespaceService;
|
||||
|
||||
/**
|
||||
* Grant <b>Consumer</b> role to <b>Guest</b> in <b>Category Root</b> folder.
|
||||
@@ -48,9 +46,6 @@ public class CategoryRootPermissionPatch extends AbstractPatch
|
||||
|
||||
private PermissionService permissionService;
|
||||
private ImporterBootstrap spacesBootstrap;
|
||||
private SearchService searchService;
|
||||
private NamespaceService namespaceService;
|
||||
private NodeService nodeService;
|
||||
|
||||
|
||||
public void setPermissionService(PermissionService permissionService)
|
||||
@@ -63,22 +58,6 @@ public class CategoryRootPermissionPatch extends AbstractPatch
|
||||
this.spacesBootstrap = spacesBootstrap;
|
||||
}
|
||||
|
||||
public void setNodeService(NodeService nodeService)
|
||||
{
|
||||
this.nodeService = nodeService;
|
||||
}
|
||||
|
||||
public void setSearchService(SearchService searchService)
|
||||
{
|
||||
this.searchService = searchService;
|
||||
}
|
||||
|
||||
public void setNamespaceService(NamespaceService namespaceService)
|
||||
{
|
||||
this.namespaceService = namespaceService;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
protected String applyInternal() throws Exception
|
||||
{
|
||||
@@ -95,7 +74,11 @@ public class CategoryRootPermissionPatch extends AbstractPatch
|
||||
NodeRef categoryRootRef = nodeRefs.get(0);
|
||||
|
||||
// apply permission
|
||||
permissionService.setPermission(categoryRootRef, PermissionService.GUEST_AUTHORITY, PermissionService.READ, true);
|
||||
permissionService.setPermission(
|
||||
categoryRootRef,
|
||||
AuthenticationUtil.getGuestUserName(),
|
||||
PermissionService.READ,
|
||||
true);
|
||||
|
||||
// done
|
||||
String msg = I18NUtil.getMessage(MSG_RESULT, categoryRootPath);
|
||||
|
||||
@@ -26,6 +26,7 @@ package org.alfresco.repo.admin.patch.impl;
|
||||
|
||||
import org.alfresco.i18n.I18NUtil;
|
||||
import org.alfresco.repo.admin.patch.AbstractPatch;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
@@ -43,18 +44,11 @@ public class GuestPersonPermissionPatch extends AbstractPatch
|
||||
|
||||
private PermissionService permissionService;
|
||||
|
||||
private String guestId = "guest";
|
||||
|
||||
public GuestPersonPermissionPatch()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
public void setGuestId(String guestId)
|
||||
{
|
||||
this.guestId = guestId;
|
||||
}
|
||||
|
||||
public void setPermissionService(PermissionService permissionService)
|
||||
{
|
||||
this.permissionService = permissionService;
|
||||
@@ -68,6 +62,7 @@ public class GuestPersonPermissionPatch extends AbstractPatch
|
||||
@Override
|
||||
protected String applyInternal() throws Exception
|
||||
{
|
||||
String guestId = AuthenticationUtil.getGuestUserName();
|
||||
if (personService.personExists(guestId))
|
||||
{
|
||||
NodeRef personRef = personService.getPerson(guestId);
|
||||
|
||||
@@ -26,6 +26,7 @@ package org.alfresco.repo.admin.patch.impl;
|
||||
|
||||
import org.alfresco.i18n.I18NUtil;
|
||||
import org.alfresco.repo.admin.patch.AbstractPatch;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
@@ -43,18 +44,11 @@ public class GuestPersonPermissionPatch2 extends AbstractPatch
|
||||
|
||||
private PermissionService permissionService;
|
||||
|
||||
private String guestId = "guest";
|
||||
|
||||
public GuestPersonPermissionPatch2()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
public void setGuestId(String guestId)
|
||||
{
|
||||
this.guestId = guestId;
|
||||
}
|
||||
|
||||
public void setPermissionService(PermissionService permissionService)
|
||||
{
|
||||
this.permissionService = permissionService;
|
||||
@@ -68,6 +62,7 @@ public class GuestPersonPermissionPatch2 extends AbstractPatch
|
||||
@Override
|
||||
protected String applyInternal() throws Exception
|
||||
{
|
||||
String guestId = AuthenticationUtil.getGuestUserName();
|
||||
if (personService.personExists(guestId))
|
||||
{
|
||||
NodeRef personRef = personService.getPerson(guestId);
|
||||
|
||||
@@ -34,15 +34,13 @@ import org.alfresco.model.ApplicationModel;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.admin.patch.AbstractPatch;
|
||||
import org.alfresco.repo.importer.ImporterBootstrap;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.admin.PatchException;
|
||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.repository.StoreRef;
|
||||
import org.alfresco.service.cmr.search.SearchService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.alfresco.service.namespace.NamespaceService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.springframework.context.MessageSource;
|
||||
|
||||
@@ -66,18 +64,10 @@ public class GuestUserPatch extends AbstractPatch
|
||||
|
||||
private PersonService personService;
|
||||
|
||||
private NodeService nodeService;
|
||||
|
||||
private SearchService searchService;
|
||||
|
||||
private PermissionService permissionService;
|
||||
|
||||
private ImporterBootstrap importerBootstrap;
|
||||
|
||||
private NamespaceService namespaceService;
|
||||
|
||||
private String guestId = "guest";
|
||||
|
||||
private MessageSource messageSource;
|
||||
|
||||
public GuestUserPatch()
|
||||
@@ -85,26 +75,11 @@ public class GuestUserPatch extends AbstractPatch
|
||||
super();
|
||||
}
|
||||
|
||||
public void setGuestId(String guestId)
|
||||
{
|
||||
this.guestId = guestId;
|
||||
}
|
||||
|
||||
public void setImporterBootstrap(ImporterBootstrap importerBootstrap)
|
||||
{
|
||||
this.importerBootstrap = importerBootstrap;
|
||||
}
|
||||
|
||||
public void setNamespaceService(NamespaceService namespaceService)
|
||||
{
|
||||
this.namespaceService = namespaceService;
|
||||
}
|
||||
|
||||
public void setNodeService(NodeService nodeService)
|
||||
{
|
||||
this.nodeService = nodeService;
|
||||
}
|
||||
|
||||
public void setPermissionService(PermissionService permissionService)
|
||||
{
|
||||
this.permissionService = permissionService;
|
||||
@@ -115,11 +90,6 @@ public class GuestUserPatch extends AbstractPatch
|
||||
this.personService = personService;
|
||||
}
|
||||
|
||||
public void setSearchService(SearchService searchService)
|
||||
{
|
||||
this.searchService = searchService;
|
||||
}
|
||||
|
||||
public void setMessageSource(MessageSource messageSource)
|
||||
{
|
||||
this.messageSource = messageSource;
|
||||
@@ -169,6 +139,7 @@ public class GuestUserPatch extends AbstractPatch
|
||||
|
||||
private void addGuestUser(NodeRef guestHomeRef)
|
||||
{
|
||||
String guestId = AuthenticationUtil.getGuestUserName();
|
||||
if (!personService.personExists(guestId))
|
||||
{
|
||||
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
|
||||
@@ -245,6 +216,7 @@ public class GuestUserPatch extends AbstractPatch
|
||||
|
||||
private void setGuestHomePermissions(NodeRef nodeRef)
|
||||
{
|
||||
String guestId = AuthenticationUtil.getGuestUserName();
|
||||
permissionService.setInheritParentPermissions(nodeRef, false);
|
||||
permissionService.setPermission(nodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.CONSUMER, true);
|
||||
permissionService.setPermission(nodeRef, guestId, PermissionService.CONSUMER, true);
|
||||
|
||||
@@ -37,6 +37,7 @@ import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.admin.patch.AbstractPatch;
|
||||
import org.alfresco.repo.importer.ACPImportPackageHandler;
|
||||
import org.alfresco.repo.importer.ImporterBootstrap;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.admin.PatchException;
|
||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
@@ -231,7 +232,7 @@ public class RSSTemplatesFolderPatch extends AbstractPatch
|
||||
// apply Guest permission to the folder
|
||||
permissionService.setPermission(
|
||||
rssFolderNodeRef,
|
||||
PermissionService.GUEST_AUTHORITY,
|
||||
AuthenticationUtil.getGuestUserName(),
|
||||
PermissionService.CONSUMER,
|
||||
true);
|
||||
|
||||
@@ -244,6 +245,11 @@ public class RSSTemplatesFolderPatch extends AbstractPatch
|
||||
else
|
||||
{
|
||||
// it already exists
|
||||
permissionService.setPermission(
|
||||
rssFolderNodeRef,
|
||||
AuthenticationUtil.getGuestUserName(),
|
||||
PermissionService.CONSUMER,
|
||||
true);
|
||||
msg = I18NUtil.getMessage(MSG_EXISTS, rssFolderNodeRef);
|
||||
}
|
||||
// done
|
||||
|
||||
@@ -30,6 +30,7 @@ import org.alfresco.i18n.I18NUtil;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.admin.patch.AbstractPatch;
|
||||
import org.alfresco.repo.importer.ImporterBootstrap;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.admin.PatchException;
|
||||
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
@@ -89,7 +90,7 @@ public class SpacesStoreGuestPermissionPatch extends AbstractPatch
|
||||
logger.debug("Store Ref:" + store + " NodeRef: " + rootRef);
|
||||
}
|
||||
permissionService.setPermission(
|
||||
rootRef, PermissionService.GUEST_AUTHORITY, PermissionService.READ, true);
|
||||
rootRef, AuthenticationUtil.getGuestUserName(), PermissionService.READ, true);
|
||||
|
||||
String sysQName = importerBootstrap.getConfiguration().getProperty("system.system_container.childname");
|
||||
String catQName = "cm:categoryRoot";
|
||||
@@ -107,7 +108,7 @@ public class SpacesStoreGuestPermissionPatch extends AbstractPatch
|
||||
else if (ref.getQName().equals(QName.createQName(catQName, namespaceService)))
|
||||
{
|
||||
// found cm:categoryRoot node
|
||||
permissionService.clearPermission(ref.getChildRef(), PermissionService.GUEST_AUTHORITY);
|
||||
permissionService.clearPermission(ref.getChildRef(), AuthenticationUtil.getGuestUserName());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -61,6 +61,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
|
||||
import org.alfresco.service.cmr.security.PermissionContext;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.util.FileNameValidator;
|
||||
import org.alfresco.util.Pair;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
@@ -2946,7 +2947,7 @@ public class AVMRepository
|
||||
{
|
||||
throw new AVMExistsException("Store Already Exists: " + destName);
|
||||
}
|
||||
if (!FileNameValidator.IsValid(destName))
|
||||
if (!FileNameValidator.isValid(destName))
|
||||
{
|
||||
throw new AVMBadArgumentException("Bad store name: " + destName);
|
||||
}
|
||||
|
||||
@@ -53,6 +53,7 @@ import org.alfresco.service.cmr.repository.ContentData;
|
||||
import org.alfresco.service.cmr.repository.ContentReader;
|
||||
import org.alfresco.service.cmr.repository.ContentWriter;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.util.FileNameValidator;
|
||||
import org.alfresco.util.Pair;
|
||||
import org.alfresco.util.TempFileProvider;
|
||||
import org.apache.commons.logging.Log;
|
||||
@@ -361,7 +362,7 @@ public class AVMServiceImpl implements AVMService
|
||||
*/
|
||||
public OutputStream createFile(String path, String name)
|
||||
{
|
||||
if (path == null || name == null || !FileNameValidator.IsValid(name))
|
||||
if (path == null || name == null || !FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal argument.");
|
||||
}
|
||||
@@ -385,7 +386,7 @@ public class AVMServiceImpl implements AVMService
|
||||
*/
|
||||
public void createFile(String path, String name, InputStream in, List<QName> aspects, Map<QName, PropertyValue> properties)
|
||||
{
|
||||
if (path == null || name == null || in == null || !FileNameValidator.IsValid(name))
|
||||
if (path == null || name == null || in == null || !FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal argument.");
|
||||
}
|
||||
@@ -433,7 +434,7 @@ public class AVMServiceImpl implements AVMService
|
||||
*/
|
||||
public void createDirectory(String path, String name, List<QName> aspects, Map<QName, PropertyValue> properties)
|
||||
{
|
||||
if (path == null || name == null || !FileNameValidator.IsValid(name))
|
||||
if (path == null || name == null || !FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal argument.");
|
||||
}
|
||||
@@ -449,7 +450,7 @@ public class AVMServiceImpl implements AVMService
|
||||
public void createLayeredFile(String srcPath, String parent, String name)
|
||||
{
|
||||
if (srcPath == null || parent == null || name == null ||
|
||||
!FileNameValidator.IsValid(name))
|
||||
!FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal argument.");
|
||||
}
|
||||
@@ -465,7 +466,7 @@ public class AVMServiceImpl implements AVMService
|
||||
public void createLayeredDirectory(String srcPath, String parent, String name)
|
||||
{
|
||||
if (srcPath == null || parent == null || name == null ||
|
||||
!FileNameValidator.IsValid(name))
|
||||
!FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal argument.");
|
||||
}
|
||||
@@ -478,7 +479,7 @@ public class AVMServiceImpl implements AVMService
|
||||
*/
|
||||
public void createStore(String name)
|
||||
{
|
||||
if (name == null || !FileNameValidator.IsValid(name))
|
||||
if (name == null || !FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Bad Name.");
|
||||
}
|
||||
@@ -496,7 +497,7 @@ public class AVMServiceImpl implements AVMService
|
||||
String name)
|
||||
{
|
||||
if (srcPath == null || dstPath == null || name == null ||
|
||||
!FileNameValidator.IsValid(name))
|
||||
!FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal argument.");
|
||||
}
|
||||
@@ -547,7 +548,7 @@ public class AVMServiceImpl implements AVMService
|
||||
String dstName)
|
||||
{
|
||||
if (srcParent == null || srcName == null || dstParent == null || dstName == null ||
|
||||
!FileNameValidator.IsValid(dstName))
|
||||
!FileNameValidator.isValid(dstName))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal argument.");
|
||||
}
|
||||
@@ -1431,7 +1432,7 @@ public class AVMServiceImpl implements AVMService
|
||||
throw new AVMBadArgumentException("Infinite Copy.");
|
||||
}
|
||||
}
|
||||
if (!FileNameValidator.IsValid(name))
|
||||
if (!FileNameValidator.isValid(name))
|
||||
{
|
||||
throw new AVMBadArgumentException("Illegal name.");
|
||||
}
|
||||
|
||||
@@ -43,7 +43,6 @@ public class AVMTestSuite extends TestSuite
|
||||
|
||||
suite.addTestSuite(AVMNodeConverterTest.class);
|
||||
suite.addTestSuite(AVMExpiredContentTest.class);
|
||||
suite.addTestSuite(FileNameValidatorTest.class);
|
||||
suite.addTestSuite(AVMDeploymentAttemptCleanerTest.class);
|
||||
|
||||
suite.addTestSuite(AVMServiceTestBase.class);
|
||||
|
||||
@@ -39,6 +39,7 @@ import org.alfresco.i18n.I18NUtil;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.node.MLPropertyInterceptor;
|
||||
import org.alfresco.repo.policy.BehaviourFilter;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.service.cmr.ml.ContentFilterLanguagesService;
|
||||
import org.alfresco.service.cmr.ml.MultilingualContentService;
|
||||
import org.alfresco.service.cmr.model.FileExistsException;
|
||||
@@ -147,7 +148,7 @@ public class MultilingualContentServiceImpl implements MultilingualContentServic
|
||||
PermissionService.ALL_PERMISSIONS, true);
|
||||
permissionService.setPermission(
|
||||
mlContainerNodeRef,
|
||||
PermissionService.GUEST_AUTHORITY,
|
||||
AuthenticationUtil.getGuestUserName(),
|
||||
PermissionService.ALL_PERMISSIONS, true);
|
||||
// Done
|
||||
return mlContainerNodeRef;
|
||||
|
||||
@@ -24,14 +24,10 @@
|
||||
*/
|
||||
package org.alfresco.repo.model.ml.tools;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
|
||||
import org.alfresco.i18n.I18NUtil;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
@@ -237,7 +233,7 @@ public class MultilingualContentServiceImplTest extends AbstractMultilingualTest
|
||||
AuthenticationComponent authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
|
||||
permissionService.setPermission(
|
||||
folderNodeRef,
|
||||
PermissionService.GUEST_AUTHORITY,
|
||||
AuthenticationUtil.getGuestUserName(),
|
||||
PermissionService.ALL_PERMISSIONS,
|
||||
true);
|
||||
// Get the current authentication
|
||||
@@ -267,7 +263,7 @@ public class MultilingualContentServiceImplTest extends AbstractMultilingualTest
|
||||
AuthenticationComponent authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
|
||||
permissionService.setPermission(
|
||||
folderNodeRef,
|
||||
PermissionService.GUEST_AUTHORITY,
|
||||
AuthenticationUtil.getGuestUserName(),
|
||||
PermissionService.ALL_PERMISSIONS,
|
||||
true);
|
||||
// Push the current authentication
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
||||
* Copyright (C) 2005-2009 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
@@ -64,6 +64,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
|
||||
private Set<String> defaultAdministratorUserNames = Collections.emptySet();
|
||||
|
||||
private Set<String> defaultGuestUserNames = Collections.emptySet();
|
||||
|
||||
private AuthenticationContext authenticationContext;
|
||||
|
||||
private PersonService personService;
|
||||
@@ -142,6 +144,10 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
{
|
||||
logger.debug("Authenticating user \"" + userName + '"');
|
||||
}
|
||||
if (userName == null)
|
||||
{
|
||||
throw new AuthenticationException("Null user name");
|
||||
}
|
||||
// Support guest login from the login screen
|
||||
if (isGuestUserName(userName))
|
||||
{
|
||||
@@ -498,9 +504,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AuthenticationComponent#getDefaultAdministratorUserNames()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
@@ -533,6 +538,40 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
setDefaultAdministratorUserNames(nameSet);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDefaultGuestUserNames()
|
||||
{
|
||||
return this.defaultGuestUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the user names who for this particular authentication system should be considered administrators by default.
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
* a set of user names
|
||||
*/
|
||||
public void setDefaultGuestUserNames(Set<String> defaultGuestUserNames)
|
||||
{
|
||||
this.defaultGuestUserNames = defaultGuestUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convenience method to allow the administrator user names to be specified as a comma separated list
|
||||
*
|
||||
* @param defaultAdministratorUserNames
|
||||
*/
|
||||
public void setDefaultGuestUserNameList(String defaultGuestUserNames)
|
||||
{
|
||||
Set<String> nameSet = new TreeSet<String>();
|
||||
if (defaultGuestUserNames.length() > 0)
|
||||
{
|
||||
nameSet.addAll(Arrays.asList(defaultGuestUserNames.split(",")));
|
||||
}
|
||||
setDefaultGuestUserNames(nameSet);
|
||||
}
|
||||
|
||||
public String getSystemUserName(String tenantDomain)
|
||||
{
|
||||
return authenticationContext.getSystemUserName(tenantDomain);
|
||||
|
||||
@@ -144,9 +144,8 @@ public abstract class AbstractChainingAuthenticationComponent extends AbstractAu
|
||||
throw new AuthenticationException("Failed to set current user " + userName);
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AbstractAuthenticationComponent#getDefaultAdministratorUserNames()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
@@ -159,4 +158,18 @@ public abstract class AbstractChainingAuthenticationComponent extends AbstractAu
|
||||
return defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public Set<String> getDefaultGuestUserNames()
|
||||
{
|
||||
Set<String> defaultGuestUserNames = new TreeSet<String>();
|
||||
for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
|
||||
{
|
||||
defaultGuestUserNames.addAll(authComponent.getDefaultGuestUserNames());
|
||||
}
|
||||
return defaultGuestUserNames;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -91,8 +91,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#setAuthentication(java.lang.String, char[])
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException
|
||||
{
|
||||
@@ -104,8 +104,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
getMutableAuthenticationService().setAuthentication(userName, newPassword);
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#deleteAuthentication(java.lang.String)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void deleteAuthentication(String userName) throws AuthenticationException
|
||||
{
|
||||
@@ -118,8 +118,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#setAuthenticationEnabled(java.lang.String, boolean)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException
|
||||
{
|
||||
@@ -131,8 +131,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
getMutableAuthenticationService().setAuthenticationEnabled(userName, enabled);
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getAuthenticationEnabled(java.lang.String)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public boolean getAuthenticationEnabled(String userName) throws AuthenticationException
|
||||
{
|
||||
@@ -153,8 +153,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#authenticate(java.lang.String, char[])
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void authenticate(String userName, char[] password) throws AuthenticationException
|
||||
{
|
||||
@@ -175,8 +175,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#authenticateAsGuest()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void authenticateAsGuest() throws AuthenticationException
|
||||
{
|
||||
@@ -196,8 +196,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
throw new AuthenticationException("Guest authentication not supported");
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#guestUserAuthenticationAllowed()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public boolean guestUserAuthenticationAllowed()
|
||||
{
|
||||
@@ -212,8 +212,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#authenticationExists(java.lang.String)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public boolean authenticationExists(String userName)
|
||||
{
|
||||
@@ -228,8 +228,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getCurrentUserName()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public String getCurrentUserName() throws AuthenticationException
|
||||
{
|
||||
@@ -247,8 +247,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return null;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#invalidateUserSession(java.lang.String)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void invalidateUserSession(String userName) throws AuthenticationException
|
||||
{
|
||||
@@ -268,8 +268,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#invalidateTicket(java.lang.String)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void invalidateTicket(String ticket) throws AuthenticationException
|
||||
{
|
||||
@@ -289,8 +289,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#validate(java.lang.String)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void validate(String ticket) throws AuthenticationException
|
||||
{
|
||||
@@ -310,8 +310,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getCurrentTicket()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public String getCurrentTicket()
|
||||
{
|
||||
@@ -329,8 +329,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return null;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getNewTicket()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public String getNewTicket()
|
||||
{
|
||||
@@ -348,8 +348,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return null;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#clearCurrentSecurityContext()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public void clearCurrentSecurityContext()
|
||||
{
|
||||
@@ -369,8 +369,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#isCurrentUserTheSystemUser()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public boolean isCurrentUserTheSystemUser()
|
||||
{
|
||||
@@ -388,8 +388,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getDomains()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDomains()
|
||||
{
|
||||
@@ -401,8 +401,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return domains;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getDomainsThatAllowUserCreation()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDomainsThatAllowUserCreation()
|
||||
{
|
||||
@@ -414,8 +414,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return domains;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getDomainsThatAllowUserDeletion()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDomainsThatAllowUserDeletion()
|
||||
{
|
||||
@@ -427,8 +427,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return domains;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getDomiansThatAllowUserPasswordChanges()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDomiansThatAllowUserPasswordChanges()
|
||||
{
|
||||
@@ -440,8 +440,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return domains;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#getUsersWithTickets(boolean)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public Set<String> getUsersWithTickets(boolean nonExpiredOnly)
|
||||
@@ -457,8 +457,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return users;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#countTickets(boolean)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public int countTickets(boolean nonExpiredOnly)
|
||||
@@ -471,8 +471,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return count;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#invalidateTickets(boolean)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public int invalidateTickets(boolean nonExpiredOnly)
|
||||
@@ -488,8 +488,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return count;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.authentication.AbstractAuthenticationService#getTicketComponents()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public Set<TicketComponent> getTicketComponents()
|
||||
@@ -505,8 +505,8 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return tcs;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getDefaultAdministratorUserNames()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
@@ -518,4 +518,17 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
|
||||
return defaultAdministratorUserNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDefaultGuestUserNames()
|
||||
{
|
||||
Set<String> defaultGuestUserNames = new TreeSet<String>();
|
||||
for (AuthenticationService authService : getUsableAuthenticationServices())
|
||||
{
|
||||
defaultGuestUserNames.addAll(authService.getDefaultGuestUserNames());
|
||||
}
|
||||
return defaultGuestUserNames;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -75,4 +75,13 @@ public interface AuthenticationComponent extends AuthenticationContext
|
||||
* @return a set of user names
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames();
|
||||
|
||||
/**
|
||||
* Gets a set of user names who for this particular authentication system should be considered guests by
|
||||
* default. If the security framework is case sensitive these values should be case sensitive user names. If the
|
||||
* security framework is not case sensitive these values should be the lower-case user names.
|
||||
*
|
||||
* @return a set of user names
|
||||
*/
|
||||
public Set<String> getDefaultGuestUserNames();
|
||||
}
|
||||
|
||||
@@ -29,7 +29,6 @@ import java.util.Set;
|
||||
|
||||
import org.alfresco.repo.management.subsystems.ActivateableBean;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent.UserNameValidationMode;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
|
||||
public class AuthenticationServiceImpl extends AbstractAuthenticationService implements ActivateableBean
|
||||
{
|
||||
@@ -118,7 +117,6 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
|
||||
authenticationDao.setEnabled(userName, enabled);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public void authenticate(String userName, char[] password) throws AuthenticationException
|
||||
{
|
||||
try
|
||||
@@ -211,13 +209,13 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
|
||||
return authenticationComponent.isSystemUserName(getCurrentUserName());
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public void authenticateAsGuest() throws AuthenticationException
|
||||
{
|
||||
preAuthenticationCheck(PermissionService.GUEST_AUTHORITY);
|
||||
preAuthenticationCheck(AuthenticationUtil.getGuestUserName());
|
||||
authenticationComponent.setGuestUserAsCurrentUser();
|
||||
String guestUser = authenticationComponent.getCurrentUserName();
|
||||
ticketComponent.clearCurrentTicket();
|
||||
ticketComponent.getCurrentTicket(PermissionService.GUEST_AUTHORITY); // to ensure new ticket is created (even if client does not explicitly call getCurrentTicket)
|
||||
ticketComponent.getCurrentTicket(guestUser); // to ensure new ticket is created (even if client does not explicitly call getCurrentTicket)
|
||||
}
|
||||
|
||||
public boolean guestUserAuthenticationAllowed()
|
||||
@@ -312,12 +310,19 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
|
||||
return Collections.singleton(ticketComponent);
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthenticationService#getDefaultAdministratorUserNames()
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDefaultAdministratorUserNames()
|
||||
{
|
||||
return authenticationComponent.getDefaultAdministratorUserNames();
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public Set<String> getDefaultGuestUserNames()
|
||||
{
|
||||
return authenticationComponent.getDefaultGuestUserNames();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -342,16 +342,15 @@ public class AuthenticationTest extends TestCase
|
||||
|
||||
public void testGuest()
|
||||
{
|
||||
authenticationService.authenticate("GUEST", "".toCharArray());
|
||||
authenticationService.authenticate(AuthenticationUtil.getGuestUserName(), "".toCharArray());
|
||||
}
|
||||
|
||||
public void testCreateUsers()
|
||||
{
|
||||
authenticationService.createAuthentication("GUEST", "".toCharArray());
|
||||
authenticationService.authenticate("GUEST", "".toCharArray());
|
||||
// Guest is reported as lower case and the authentication basically
|
||||
// ignored at the moment
|
||||
assertEquals("guest", authenticationService.getCurrentUserName());
|
||||
authenticationService.createAuthentication(AuthenticationUtil.getGuestUserName(), "".toCharArray());
|
||||
authenticationService.authenticate(AuthenticationUtil.getGuestUserName(), "".toCharArray());
|
||||
// Guest is treated like any other user
|
||||
assertEquals(AuthenticationUtil.getGuestUserName(), authenticationService.getCurrentUserName());
|
||||
|
||||
authenticationService.createAuthentication("Andy", "".toCharArray());
|
||||
authenticationService.authenticate("Andy", "".toCharArray());
|
||||
|
||||
@@ -99,7 +99,7 @@ public class AuthenticationUtil implements InitializingBean
|
||||
return AuthenticationUtil.mtEnabled;
|
||||
}
|
||||
|
||||
private AuthenticationUtil()
|
||||
public AuthenticationUtil()
|
||||
{
|
||||
super();
|
||||
}
|
||||
@@ -116,10 +116,10 @@ public class AuthenticationUtil implements InitializingBean
|
||||
gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
|
||||
ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas);
|
||||
}
|
||||
else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
|
||||
else if (userName.equalsIgnoreCase(getGuestUserName()))
|
||||
{
|
||||
GrantedAuthority[] gas = new GrantedAuthority[0];
|
||||
ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas);
|
||||
ud = new User(getGuestUserName().toLowerCase(), "", true, true, true, true, gas);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -452,6 +452,14 @@ public class AuthenticationUtil implements InitializingBean
|
||||
}
|
||||
return defaultGuestUserName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the name of the guest role
|
||||
*/
|
||||
public static String getGuestRoleName()
|
||||
{
|
||||
return PermissionService.GUEST_AUTHORITY;
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the current security information
|
||||
|
||||
@@ -162,6 +162,14 @@ public class ChainingAuthenticationComponentImpl extends AbstractChainingAuthent
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the guest user name
|
||||
*/
|
||||
public String getGuestUserName()
|
||||
{
|
||||
return AuthenticationUtil.getGuestUserName();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the MD4 password hash
|
||||
*/
|
||||
|
||||
@@ -28,11 +28,10 @@ import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
|
||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||
|
||||
public class ChainingAuthenticationServiceTest extends TestCase
|
||||
{
|
||||
private static final String EMPTY = "Empty";
|
||||
@@ -73,6 +72,12 @@ public class ChainingAuthenticationServiceTest extends TestCase
|
||||
protected void setUp() throws Exception
|
||||
{
|
||||
super.setUp();
|
||||
|
||||
AuthenticationUtil authUtil = new AuthenticationUtil();
|
||||
authUtil.setDefaultAdminUserName("admin");
|
||||
authUtil.setDefaultGuestUserName("guest");
|
||||
authUtil.afterPropertiesSet();
|
||||
|
||||
service1 = new TestAuthenticationServiceImpl(ALFRESCO, true, true, true, false);
|
||||
service1.createAuthentication("andy", "andy".toCharArray());
|
||||
|
||||
@@ -174,7 +179,7 @@ public class ChainingAuthenticationServiceTest extends TestCase
|
||||
ases.add(service2);
|
||||
as.setAuthenticationServices(ases);
|
||||
as.authenticateAsGuest();
|
||||
assertEquals(as.getCurrentUserName(), PermissionService.GUEST_AUTHORITY);
|
||||
assertEquals(as.getCurrentUserName(), AuthenticationUtil.getGuestUserName());
|
||||
as.clearCurrentSecurityContext();
|
||||
assertNull(as.getCurrentUserName());
|
||||
}
|
||||
@@ -581,7 +586,7 @@ public class ChainingAuthenticationServiceTest extends TestCase
|
||||
ases.add(service6);
|
||||
as.setAuthenticationServices(ases);
|
||||
as.authenticateAsGuest();
|
||||
assertEquals(as.getCurrentUserName(), PermissionService.GUEST_AUTHORITY);
|
||||
assertEquals(as.getCurrentUserName(), AuthenticationUtil.getGuestUserName());
|
||||
as.clearCurrentSecurityContext();
|
||||
assertNull(as.getCurrentUserName());
|
||||
}
|
||||
|
||||
@@ -42,7 +42,6 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
|
||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.util.EqualsHelper;
|
||||
import org.alfresco.util.GUID;
|
||||
|
||||
@@ -230,7 +229,7 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
|
||||
{
|
||||
if (allowGuest)
|
||||
{
|
||||
setCurrentUser(PermissionService.GUEST_AUTHORITY);
|
||||
setCurrentUser(AuthenticationUtil.getGuestUserName());
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -419,10 +418,10 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
|
||||
gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
|
||||
ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas);
|
||||
}
|
||||
else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
|
||||
else if (userName.equalsIgnoreCase(AuthenticationUtil.getGuestUserName()))
|
||||
{
|
||||
GrantedAuthority[] gas = new GrantedAuthority[0];
|
||||
ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas);
|
||||
ud = new User(AuthenticationUtil.getGuestUserName().toLowerCase(), "", true, true, true, true, gas);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -478,6 +477,11 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
|
||||
return Collections.singleton(AuthenticationUtil.getAdminUserName());
|
||||
}
|
||||
|
||||
public Set<String> getDefaultGuestUserNames()
|
||||
{
|
||||
return Collections.singleton(AuthenticationUtil.getGuestUserName());
|
||||
}
|
||||
|
||||
private static final String SYSTEM_USER_NAME = "System";
|
||||
|
||||
}
|
||||
|
||||
@@ -40,8 +40,6 @@ import org.alfresco.service.cmr.security.AuthorityService;
|
||||
import org.alfresco.service.cmr.security.AuthorityType;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
|
||||
/**
|
||||
@@ -51,8 +49,6 @@ import org.springframework.beans.factory.InitializingBean;
|
||||
*/
|
||||
public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
{
|
||||
private static Log logger = LogFactory.getLog(AuthorityServiceImpl.class);
|
||||
|
||||
private static Set<String> DEFAULT_ZONES = new HashSet<String>();
|
||||
|
||||
private PersonService personService;
|
||||
@@ -66,7 +62,7 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
private AuthenticationService authenticationService;
|
||||
|
||||
private PermissionServiceSPI permissionServiceSPI;
|
||||
|
||||
|
||||
private Set<String> adminSet = Collections.singleton(PermissionService.ADMINISTRATOR_AUTHORITY);
|
||||
|
||||
private Set<String> guestSet = Collections.singleton(PermissionService.GUEST_AUTHORITY);
|
||||
@@ -75,6 +71,8 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
|
||||
private Set<String> adminGroups = Collections.emptySet();
|
||||
|
||||
private Set<String> guestGroups = Collections.emptySet();
|
||||
|
||||
static
|
||||
{
|
||||
DEFAULT_ZONES.add(AuthorityService.ZONE_APP_DEFAULT);
|
||||
@@ -115,15 +113,17 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
{
|
||||
this.permissionServiceSPI = permissionServiceSPI;
|
||||
}
|
||||
|
||||
|
||||
public void setAdminGroups(Set<String> adminGroups)
|
||||
{
|
||||
this.adminGroups = adminGroups;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
|
||||
*/
|
||||
public void setGuestGroups(Set<String> guestGroups)
|
||||
{
|
||||
this.guestGroups = guestGroups;
|
||||
}
|
||||
|
||||
public void afterPropertiesSet() throws Exception
|
||||
{
|
||||
// Fully qualify the admin group names
|
||||
@@ -136,6 +136,16 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
}
|
||||
this.adminGroups = adminGroups;
|
||||
}
|
||||
// Fully qualify the guest group names
|
||||
if (!this.guestGroups.isEmpty())
|
||||
{
|
||||
Set<String> guestGroups = new HashSet<String>(this.guestGroups.size());
|
||||
for (String group : this.guestGroups)
|
||||
{
|
||||
guestGroups.add(getName(AuthorityType.GROUP, group));
|
||||
}
|
||||
this.guestGroups = guestGroups;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean hasAdminAuthority()
|
||||
@@ -158,6 +168,26 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
return getAuthoritiesForUser(canonicalName).contains(PermissionService.ADMINISTRATOR_AUTHORITY);
|
||||
}
|
||||
|
||||
public boolean hasGuestAuthority()
|
||||
{
|
||||
String currentUserName = AuthenticationUtil.getRunAsUser();
|
||||
|
||||
// Determine whether the guest role is mapped to this user or one of their groups
|
||||
return ((currentUserName != null) && getAuthoritiesForUser(currentUserName).contains(PermissionService.GUEST_AUTHORITY));
|
||||
}
|
||||
|
||||
public boolean isGuestAuthority(String authorityName)
|
||||
{
|
||||
String canonicalName = personService.getUserIdentifier(authorityName);
|
||||
if (canonicalName == null)
|
||||
{
|
||||
canonicalName = authorityName;
|
||||
}
|
||||
|
||||
// Determine whether the administrator role is mapped to this user or one of their groups
|
||||
return getAuthoritiesForUser(canonicalName).contains(PermissionService.GUEST_AUTHORITY);
|
||||
}
|
||||
|
||||
public Set<String> getAuthorities()
|
||||
{
|
||||
String currentUserName = AuthenticationUtil.getRunAsUser();
|
||||
@@ -172,12 +202,17 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
|
||||
// Work out mapped roles
|
||||
|
||||
// Check named admin users
|
||||
// Check named guest and admin users
|
||||
Set<String> adminUsers = this.authenticationService.getDefaultAdministratorUserNames();
|
||||
|
||||
Set<String> guestUsers = this.authenticationService.getDefaultGuestUserNames();
|
||||
|
||||
// note: for multi-tenancy, this currently relies on a naming convention which assumes that all tenant admins will
|
||||
// have the same base name as the default non-tenant specific admin. Typically "admin" is the default required admin user,
|
||||
// although, if for example "bob" is also listed as an admin then all tenant-specific bob's will also have admin authority
|
||||
String currentUserBaseName = tenantService.getBaseNameUser(currentUserName);
|
||||
|
||||
boolean isAdminUser = false;
|
||||
boolean isGuestUser = false;
|
||||
if (tenantService.isEnabled())
|
||||
{
|
||||
// note: for multi-tenancy, this currently relies on a naming convention which assumes that all tenant admins will
|
||||
@@ -192,13 +227,25 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!isAdminUser)
|
||||
{
|
||||
for (String guestUser : guestUsers)
|
||||
{
|
||||
if (guestUser.equals(currentUserName) || tenantService.getBaseNameUser(guestUser).equals(currentUserBaseName))
|
||||
{
|
||||
isGuestUser = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
isAdminUser = adminUsers.contains(currentUserName);
|
||||
isAdminUser = (adminUsers.contains(currentUserName) || adminUsers.contains(currentUserBaseName));
|
||||
isGuestUser = (guestUsers.contains(currentUserName) || guestUsers.contains(currentUserBaseName));
|
||||
}
|
||||
|
||||
// Check named admin groups
|
||||
// Check if any of the user's groups are listed as admin groups
|
||||
if (!isAdminUser && !adminGroups.isEmpty())
|
||||
{
|
||||
for (String authority : authorities)
|
||||
@@ -210,15 +257,33 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean
|
||||
}
|
||||
}
|
||||
}
|
||||
// Check if any of the user's groups are listed as guest groups
|
||||
if (!isAdminUser && !isGuestUser && !guestGroups.isEmpty())
|
||||
{
|
||||
for (String authority : authorities)
|
||||
{
|
||||
if (guestGroups.contains(authority) || guestGroups.contains(tenantService.getBaseNameUser(authority)))
|
||||
{
|
||||
isAdminUser = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Give admin user's the ADMINISTRATOR authorities
|
||||
if (isAdminUser)
|
||||
{
|
||||
authorities.addAll(adminSet);
|
||||
}
|
||||
if (AuthorityType.getAuthorityType(currentUserBaseName) != AuthorityType.GUEST)
|
||||
// Give all non-guest users the ALL authorities
|
||||
if (!isGuestUser)
|
||||
{
|
||||
authorities.addAll(allSet);
|
||||
}
|
||||
else
|
||||
{
|
||||
authorities.addAll(guestSet);
|
||||
}
|
||||
return authorities;
|
||||
}
|
||||
|
||||
|
||||
@@ -59,6 +59,8 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
|
||||
private Set<String> adminUsers;
|
||||
|
||||
private AuthenticationContext authenticationContext;
|
||||
|
||||
private Set<String> guestUsers;
|
||||
|
||||
private TenantService tenantService;
|
||||
|
||||
@@ -84,10 +86,6 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Currently the admin authority is granted only to the ALFRESCO_ADMIN_USER
|
||||
* user.
|
||||
*/
|
||||
public boolean hasAdminAuthority()
|
||||
{
|
||||
String currentUserName = authenticationContext.getCurrentUserName();
|
||||
@@ -99,9 +97,6 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
|
||||
return ((currentUserName != null) && (adminUsers.contains(currentUserName) || adminUsers.contains(tenantService.getBaseNameUser(currentUserName))));
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.service.cmr.security.AuthorityService#isAdminAuthority(java.lang.String)
|
||||
*/
|
||||
public boolean isAdminAuthority(String authorityName)
|
||||
{
|
||||
String canonicalName = personService.getUserIdentifier(authorityName);
|
||||
@@ -112,6 +107,26 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
|
||||
return adminUsers.contains(canonicalName);
|
||||
}
|
||||
|
||||
public boolean hasGuestAuthority()
|
||||
{
|
||||
String currentUserName = authenticationContext.getCurrentUserName();
|
||||
|
||||
// note: for MT, this currently relies on a naming convention which assumes that all tenant admins will
|
||||
// have the same base name as the default non-tenant specific guest.
|
||||
|
||||
return ((currentUserName != null) && (guestUsers.contains(currentUserName) || guestUsers.contains(tenantService.getBaseNameUser(currentUserName))));
|
||||
}
|
||||
|
||||
public boolean isGuestAuthority(String authorityName)
|
||||
{
|
||||
String canonicalName = personService.getUserIdentifier(authorityName);
|
||||
if (canonicalName == null)
|
||||
{
|
||||
canonicalName = authorityName;
|
||||
}
|
||||
return guestUsers.contains(canonicalName);
|
||||
}
|
||||
|
||||
// IOC
|
||||
|
||||
public void setAuthenticationContext(AuthenticationContext authenticationContext)
|
||||
@@ -124,6 +139,11 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
|
||||
this.adminUsers = adminUsers;
|
||||
}
|
||||
|
||||
public void setGuestUsers(Set<String> guestUsers)
|
||||
{
|
||||
this.guestUsers = guestUsers;
|
||||
}
|
||||
|
||||
public Set<String> getAuthorities()
|
||||
{
|
||||
Set<String> authorities = new HashSet<String>();
|
||||
@@ -132,9 +152,9 @@ public class SimpleAuthorityServiceImpl implements AuthorityService
|
||||
{
|
||||
authorities.addAll(adminSet);
|
||||
}
|
||||
if(AuthorityType.getAuthorityType(currentUserName) != AuthorityType.GUEST)
|
||||
else if (!guestUsers.contains(currentUserName))
|
||||
{
|
||||
authorities.addAll(allSet);
|
||||
authorities.addAll(allSet);
|
||||
}
|
||||
return authorities;
|
||||
}
|
||||
|
||||
@@ -732,7 +732,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
String username = user.getUsername();
|
||||
auths.add(username);
|
||||
|
||||
if (tenantService.getBaseNameUser(username).equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
|
||||
if (tenantService.getBaseNameUser(username).equalsIgnoreCase(AuthenticationUtil.getGuestUserName()))
|
||||
{
|
||||
auths.add(PermissionService.GUEST_AUTHORITY);
|
||||
}
|
||||
|
||||
@@ -302,6 +302,7 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
|
||||
}
|
||||
else
|
||||
{
|
||||
makeHomeFolderIfRequired(personNode);
|
||||
return personNode;
|
||||
}
|
||||
}
|
||||
@@ -329,7 +330,6 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
|
||||
// add to cache
|
||||
this.personCache.put(searchUserName, returnRef);
|
||||
}
|
||||
makeHomeFolderIfRequired(returnRef);
|
||||
return returnRef;
|
||||
}
|
||||
|
||||
@@ -531,10 +531,10 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
|
||||
{
|
||||
throw new PersonException("No person found for user name " + userName);
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
makeHomeFolderIfRequired(personNode);
|
||||
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
|
||||
properties.put(ContentModel.PROP_USERNAME, realUserName);
|
||||
}
|
||||
|
||||
@@ -25,10 +25,13 @@
|
||||
package org.alfresco.repo.security.person;
|
||||
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.service.cmr.model.FileFolderService;
|
||||
import org.alfresco.service.cmr.model.FileInfo;
|
||||
import org.alfresco.service.cmr.model.FileNotFoundException;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
|
||||
import org.alfresco.util.FileNameValidator;
|
||||
|
||||
/**
|
||||
* Create home spaces based on the UID of the user.
|
||||
@@ -55,42 +58,51 @@ public class UIDBasedHomeFolderProvider extends ExistingPathBasedHomeFolderProvi
|
||||
|
||||
protected HomeSpaceNodeRef getHomeFolder(NodeRef person)
|
||||
{
|
||||
NodeRef existingHomeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, getServiceRegistry()
|
||||
.getNodeService().getProperty(person, ContentModel.PROP_HOMEFOLDER));
|
||||
FileFolderService fileFolderService = getServiceRegistry().getFileFolderService();
|
||||
NodeService nodeService = getServiceRegistry().getNodeService();
|
||||
|
||||
NodeRef existingHomeFolder = DefaultTypeConverter.INSTANCE.convert(
|
||||
NodeRef.class, nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER));
|
||||
if (existingHomeFolder == null)
|
||||
{
|
||||
String uid = DefaultTypeConverter.INSTANCE.convert(String.class, getServiceRegistry().getNodeService()
|
||||
.getProperty(person, ContentModel.PROP_USERNAME));
|
||||
String uid = DefaultTypeConverter.INSTANCE.convert(
|
||||
String.class,
|
||||
nodeService.getProperty(person, ContentModel.PROP_USERNAME));
|
||||
|
||||
if((uid == null) || (uid.length() == 0))
|
||||
{
|
||||
throw new PersonException("Can not create a home space when the uid is null or empty");
|
||||
}
|
||||
|
||||
// ETHREEOH-1612: Convert the username to file- and folder-safe names
|
||||
String homeFolderName = FileNameValidator.getValidFileName(uid);
|
||||
|
||||
FileInfo fileInfo;
|
||||
|
||||
// Test if it already exists
|
||||
|
||||
NodeRef exising = getServiceRegistry().getFileFolderService().searchSimple(getPathNodeRef(), uid);
|
||||
NodeRef exising = fileFolderService.searchSimple(getPathNodeRef(), homeFolderName);
|
||||
if (exising != null)
|
||||
{
|
||||
fileInfo = getServiceRegistry().getFileFolderService().getFileInfo(exising);
|
||||
fileInfo = fileFolderService.getFileInfo(exising);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
if (templatePath == null)
|
||||
{
|
||||
fileInfo = getServiceRegistry().getFileFolderService().create(getPathNodeRef(), uid,
|
||||
fileInfo = fileFolderService.create(
|
||||
getPathNodeRef(),
|
||||
homeFolderName,
|
||||
ContentModel.TYPE_FOLDER);
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
try
|
||||
{
|
||||
fileInfo = getServiceRegistry().getFileFolderService().copy(getTemplateNodeRef(),
|
||||
getPathNodeRef(), uid);
|
||||
fileInfo = fileFolderService.copy(
|
||||
getTemplateNodeRef(),
|
||||
getPathNodeRef(),
|
||||
homeFolderName);
|
||||
}
|
||||
catch (FileNotFoundException e)
|
||||
{
|
||||
|
||||
@@ -149,7 +149,7 @@ public class SiteAVMBootstrap extends AbstractLifecycleBean
|
||||
// set default permissions on the new store
|
||||
StoreRef store = new StoreRef(StoreRef.PROTOCOL_AVM, storeName);
|
||||
this.permissionService.setPermission(store, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
|
||||
this.permissionService.setPermission(store, PermissionService.GUEST_AUTHORITY, PermissionService.READ, true);
|
||||
this.permissionService.setPermission(store, AuthenticationUtil.getGuestUserName(), PermissionService.READ, true);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -38,6 +38,7 @@ import java.util.Set;
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.policy.PolicyScope;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.version.common.VersionHistoryImpl;
|
||||
import org.alfresco.repo.version.common.VersionImpl;
|
||||
import org.alfresco.repo.version.common.VersionUtil;
|
||||
@@ -455,7 +456,7 @@ public class Version2ServiceImpl extends VersionServiceImpl implements VersionSe
|
||||
PermissionService.ALL_PERMISSIONS, true);
|
||||
permissionService.setPermission(
|
||||
versionNodeRef,
|
||||
PermissionService.GUEST_AUTHORITY,
|
||||
AuthenticationUtil.getGuestUserName(),
|
||||
PermissionService.ALL_PERMISSIONS, true);
|
||||
}
|
||||
|
||||
|
||||
@@ -233,11 +233,19 @@ public interface AuthenticationService
|
||||
public Set<String> getDomiansThatAllowUserPasswordChanges();
|
||||
|
||||
/**
|
||||
* Gets a set of user names who should be considered administrators by default.
|
||||
* Gets a set of user names who should be considered 'administrators' by default.
|
||||
*
|
||||
* @return a set of user names
|
||||
*/
|
||||
@Auditable
|
||||
public Set<String> getDefaultAdministratorUserNames();
|
||||
|
||||
/**
|
||||
* Gets a set of user names who should be considered 'guests' by default.
|
||||
*
|
||||
* @return a set of user names
|
||||
*/
|
||||
@Auditable
|
||||
public Set<String> getDefaultGuestUserNames();
|
||||
}
|
||||
|
||||
|
||||
@@ -90,11 +90,32 @@ public interface AuthorityService
|
||||
* Does the given authority have admin authority.
|
||||
*
|
||||
* @param authorityName The name of the authority.
|
||||
* @return Whether the authority is an admin.
|
||||
* @return Whether the authority is an 'administrator'.
|
||||
*/
|
||||
@Auditable(parameters = {"authorityName"})
|
||||
public boolean isAdminAuthority(String authorityName);
|
||||
|
||||
/**
|
||||
* Check of the current user has guest authority.
|
||||
*
|
||||
* There is no contract for who should have this authority, only that it can
|
||||
* be tested here. It could be determined by group membership, role,
|
||||
* authentication mechanism, ...
|
||||
*
|
||||
* @return true if the currently authenticated user has the guest authority
|
||||
*/
|
||||
@Auditable
|
||||
public boolean hasGuestAuthority();
|
||||
|
||||
/**
|
||||
* Does the given authority have guest authority.
|
||||
*
|
||||
* @param authorityName The name of the authority.
|
||||
* @return Whether the authority is a 'guest'.
|
||||
*/
|
||||
@Auditable(parameters = {"authorityName"})
|
||||
public boolean isGuestAuthority(String authorityName);
|
||||
|
||||
/**
|
||||
* Get the authorities for the current user
|
||||
*
|
||||
|
||||
@@ -81,7 +81,7 @@ public interface PermissionService
|
||||
/**
|
||||
* The guest authority
|
||||
*/
|
||||
public static final String GUEST_AUTHORITY = "guest";
|
||||
public static final String GUEST_AUTHORITY = "ROLE_GUEST";
|
||||
|
||||
/**
|
||||
* The permission for all - not defined in the model. Repsected in the code.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
||||
* Copyright (C) 2005-2009 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
@@ -20,29 +20,37 @@
|
||||
* FLOSS exception. You should have recieved a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing" */
|
||||
|
||||
package org.alfresco.repo.avm;
|
||||
package org.alfresco.util;
|
||||
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* Static checker for valid file names.
|
||||
* @author britt
|
||||
*
|
||||
* @author Derek Hulley
|
||||
*/
|
||||
public class FileNameValidator
|
||||
{
|
||||
/**
|
||||
* The bad file name pattern.
|
||||
*/
|
||||
private static String fgBadPattern = ".*[\"\\*\\\\><\\?/:\\|]+.*";
|
||||
private static final Pattern FILENAME_ILLEGAL_PATTERN = Pattern.compile(".*[\"\\*\\\\><\\?/:\\|]+.*");
|
||||
private static final Pattern FILENAME_ILLEGAL_PATTERN_REPLACE = Pattern.compile("[\\\"\\*\\\\\\>\\<\\?\\/\\:\\|]");
|
||||
|
||||
public static boolean isValid(String name)
|
||||
{
|
||||
return !FILENAME_ILLEGAL_PATTERN.matcher(name).matches();
|
||||
}
|
||||
|
||||
/**
|
||||
* The compiled regex.
|
||||
* Replaces illegal filename characters with '_'
|
||||
*/
|
||||
private static Pattern fgPattern = Pattern.compile(fgBadPattern);
|
||||
|
||||
public static boolean IsValid(String name)
|
||||
public static String getValidFileName(String fileName)
|
||||
{
|
||||
return !fgPattern.matcher(name).matches();
|
||||
if (fileName == null || fileName.length() == 0)
|
||||
{
|
||||
throw new IllegalArgumentException("File name cannot be corrected if it is null or empty.");
|
||||
}
|
||||
return FILENAME_ILLEGAL_PATTERN_REPLACE.matcher(fileName).replaceAll("_");
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
||||
* Copyright (C) 2005-2009 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
@@ -20,14 +20,14 @@
|
||||
* FLOSS exception. You should have recieved a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing" */
|
||||
|
||||
package org.alfresco.repo.avm;
|
||||
package org.alfresco.util;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* Test File Name validation.
|
||||
* @author britt
|
||||
*
|
||||
* @author Derek Hulley
|
||||
*/
|
||||
public class FileNameValidatorTest extends TestCase
|
||||
{
|
||||
@@ -37,7 +37,14 @@ public class FileNameValidatorTest extends TestCase
|
||||
":", "|" };
|
||||
for (String name : badNames)
|
||||
{
|
||||
assertFalse(FileNameValidator.IsValid(name));
|
||||
assertFalse(FileNameValidator.isValid(name));
|
||||
}
|
||||
}
|
||||
|
||||
public void testGetValidFileName()
|
||||
{
|
||||
// " * \ > < ? / : |
|
||||
assertEquals("ABCDEFG.txt", FileNameValidator.getValidFileName("ABCDEFG.txt"));
|
||||
assertEquals("A_B_C_D_E_F_G_H_I_J.txt", FileNameValidator.getValidFileName("A\"B*C\\D>E<F?G/H:I|J.txt"));
|
||||
}
|
||||
}
|
||||
@@ -45,13 +45,13 @@ import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.service.namespace.RegexQNamePattern;
|
||||
import org.alfresco.util.FileNameValidator;
|
||||
import org.alfresco.util.ParameterCheck;
|
||||
import org.alfresco.util.VirtServerUtils;
|
||||
import org.alfresco.wcm.sandbox.SandboxConstants;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
|
||||
/**
|
||||
* Helper methods and constants related to WCM directories, paths and store name manipulation.
|
||||
*
|
||||
@@ -351,8 +351,9 @@ public class WCMUtil
|
||||
final String userName)
|
||||
{
|
||||
ParameterCheck.mandatoryString("userName", userName);
|
||||
String fixedUserName = FileNameValidator.getValidFileName(userName);
|
||||
return (WCMUtil.buildStagingStoreName(storeId) + WCMUtil.STORE_SEPARATOR +
|
||||
userName);
|
||||
fixedUserName);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user