Merged V3.2E to HEAD

17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
         - Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
         - Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
         - Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
         - Works with authentication chain containing mixture of internally and externally authenticated users
   17247: Fix failing unit tests
         - rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
   17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
   17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/invitation/InvitationServiceImpl.java

@@ -32,19 +32,30 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.alfresco.model.ContentModel;
+import org.alfresco.repo.invitation.site.InviteHelper;
+import org.alfresco.repo.node.NodeServicePolicies;
+import org.alfresco.repo.policy.JavaBehaviour;
+import org.alfresco.repo.policy.PolicyComponent;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.PasswordGenerator;
+import org.alfresco.repo.security.authentication.UserNameGenerator;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.site.SiteModel;
+import org.alfresco.repo.workflow.WorkflowModel;
 import org.alfresco.service.cmr.invitation.Invitation;
+import org.alfresco.service.cmr.invitation.InvitationException;
 import org.alfresco.service.cmr.invitation.InvitationExceptionForbidden;
 import org.alfresco.service.cmr.invitation.InvitationExceptionNotFound;
 import org.alfresco.service.cmr.invitation.InvitationExceptionUserError;
 import org.alfresco.service.cmr.invitation.InvitationSearchCriteria;
+import org.alfresco.service.cmr.invitation.InvitationService;
 import org.alfresco.service.cmr.invitation.ModeratedInvitation;
 import org.alfresco.service.cmr.invitation.NominatedInvitation;
-import org.alfresco.service.cmr.invitation.InvitationService;
-import org.alfresco.service.cmr.invitation.InvitationException;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
-import org.alfresco.service.cmr.security.AuthenticationService;
+import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
 import org.alfresco.service.cmr.site.SiteService;
@@ -60,18 +71,6 @@ import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.GUID;
 import org.springframework.extensions.surf.util.PropertyCheck;
-import org.alfresco.model.ContentModel;
-import org.alfresco.repo.invitation.site.*;
-import org.alfresco.repo.node.NodeServicePolicies;
-import org.alfresco.repo.policy.JavaBehaviour;
-import org.alfresco.repo.policy.PolicyComponent;
-import org.alfresco.repo.security.authentication.AuthenticationUtil;
-import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
-import org.alfresco.repo.security.authentication.PasswordGenerator;
-import org.alfresco.repo.security.authentication.UserNameGenerator;
-import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
-import org.alfresco.repo.site.SiteModel;
-import org.alfresco.repo.workflow.WorkflowModel;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -94,9 +93,8 @@ public class InvitationServiceImpl implements InvitationService, NodeServicePoli
 	private WorkflowService workflowService;
 	private PersonService personService;
 	private SiteService siteService;
-	private AuthenticationService authenticationService;
+	private MutableAuthenticationService authenticationService;
 	private PermissionService permissionService;
-	private MutableAuthenticationDao mutableAuthenticationDao;
 	private NamespaceService namespaceService;
 	private NodeService nodeService;
 	// user name and password generation beans
@@ -132,7 +130,6 @@ public class InvitationServiceImpl implements InvitationService, NodeServicePoli
         PropertyCheck.mandatory(this, "SiteService", siteService);
         PropertyCheck.mandatory(this, "AuthenticationService", authenticationService);
         PropertyCheck.mandatory(this, "PermissionService", permissionService);
-        PropertyCheck.mandatory(this, "MutableAuthenticationDao", mutableAuthenticationDao);
         PropertyCheck.mandatory(this, "NamespaceService", namespaceService);
         PropertyCheck.mandatory(this, "NodeService", nodeService);
         PropertyCheck.mandatory(this, "UserNameGenerator", usernameGenerator);
@@ -467,7 +464,6 @@ public class InvitationServiceImpl implements InvitationService, NodeServicePoli
 
 		if (invitation instanceof ModeratedInvitation) {
 			WorkflowTaskQuery wfModeratedTaskQuery = new WorkflowTaskQuery();
-			HashMap<QName, Object> wfQueryModifiedProps = new HashMap<QName, Object>(3, 1.0f);
 
 			// Check rejecter is a site manager and throw and exception if not
 			String rejecterUserName = this.authenticationService.getCurrentUserName();
@@ -910,11 +906,11 @@ public class InvitationServiceImpl implements InvitationService, NodeServicePoli
 	}
 
 	public void setAuthenticationService(
-			AuthenticationService authenticationService) {
+	        MutableAuthenticationService authenticationService) {
 		this.authenticationService = authenticationService;
 	}
 
-	public AuthenticationService getAuthenticationService() {
+	public MutableAuthenticationService getAuthenticationService() {
 		return authenticationService;
 	}
 
@@ -950,15 +946,6 @@ public class InvitationServiceImpl implements InvitationService, NodeServicePoli
 		return permissionService;
 	}
 
-	public void setMutableAuthenticationDao(
-			MutableAuthenticationDao mutableAuthenticationDao) {
-		this.mutableAuthenticationDao = mutableAuthenticationDao;
-	}
-
-	public MutableAuthenticationDao getMutableAuthenticationDao() {
-		return mutableAuthenticationDao;
-	}
-
 	public void setNodeService(NodeService nodeService) {
 		this.nodeService = nodeService;
 	}
@@ -1038,11 +1025,9 @@ public class InvitationServiceImpl implements InvitationService, NodeServicePoli
 		char[] generatedPassword = passwordGenerator.generatePassword()
 				.toCharArray();
 
-		// create disabled user account for invitee user name with generated
-		// password
-		this.mutableAuthenticationDao.createUser(inviteeUserName,
-				generatedPassword);
-		this.mutableAuthenticationDao.setEnabled(inviteeUserName, false);
+		// create disabled user account for invitee user name with generated password
+        this.authenticationService.createAuthentication(inviteeUserName, generatedPassword);
+        this.authenticationService.setAuthenticationEnabled(inviteeUserName, false);
 
 		return String.valueOf(generatedPassword);
 	}
@@ -1302,7 +1287,7 @@ public class InvitationServiceImpl implements InvitationService, NodeServicePoli
 		// user name, then local reference to invitee password will be "null"
 		//
 		String inviteePassword = null;
-		if (this.mutableAuthenticationDao.userExists(inviteeUserName) == false) {
+		if (!this.authenticationService.authenticationExists(inviteeUserName)) {
 			if (logger.isDebugEnabled())
 				logger
 						.debug("Invitee user account does not exist, creating disabled account.");