inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.2E to HEAD

Browse Source 
17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
         - Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
         - Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
         - Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
         - Works with authentication chain containing mixture of internally and externally authenticated users
   17247: Fix failing unit tests
         - rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
   17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
   17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2010-01-18 15:32:57 +00:00
parent 0399805772
commit 7f24c8c4e7
59 changed files with 742 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
source/java/org/alfresco/repo/security/authentication/AbstractChainingAuthenticationService.java
View File

@@ -30,6 +30,7 @@ import java.util.Set;
import java.util.TreeSet;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
/**
* A base class for chaining authentication services. Where appropriate, methods will 'chain' across multiple
@@ -37,9 +38,8 @@ import org.alfresco.service.cmr.security.AuthenticationService;
*
* @author dward
*/
public abstract class AbstractChainingAuthenticationService extends AbstractAuthenticationService
public abstract class AbstractChainingAuthenticationService extends AbstractAuthenticationService implements MutableAuthenticationService
{
/**
* Instantiates a new abstract chaining authentication service.
*/
@@ -53,7 +53,7 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
*
* @return the mutable authentication service
*/
public abstract AuthenticationService getMutableAuthenticationService();
public abstract MutableAuthenticationService getMutableAuthenticationService();
/**
* Gets the authentication services across which methods will chain.
@@ -130,6 +130,16 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
getMutableAuthenticationService().setAuthenticationEnabled(userName, enabled);
}
/**
* {@inheritDoc}
*/
public boolean isAuthenticationMutable(String userName)
{
MutableAuthenticationService mutableAuthenticationService = getMutableAuthenticationService();
return mutableAuthenticationService == null ? false : mutableAuthenticationService
.isAuthenticationMutable(userName);
}
/**
* {@inheritDoc}
*/
@@ -149,7 +159,7 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
// Ignore and chain
}
}
return false;
return true;
}
/**
@@ -226,7 +236,7 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
// it doesn't exist in any of the authentication components
return false;
}
/**
* {@inheritDoc}
*/
@@ -529,5 +539,7 @@ public abstract class AbstractChainingAuthenticationService extends AbstractAuth
}
return defaultGuestUserNames;
}
}

68
source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
View File

@@ -32,8 +32,6 @@ import org.alfresco.repo.security.authentication.AuthenticationComponent.UserNam
public class AuthenticationServiceImpl extends AbstractAuthenticationService implements ActivateableBean
{
MutableAuthenticationDao authenticationDao;
AuthenticationComponent authenticationComponent;
TicketComponent ticketComponent;
@@ -51,11 +49,6 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
super();
}
public void setAuthenticationDao(MutableAuthenticationDao authenticationDao)
{
this.authenticationDao = authenticationDao;
}
public void setTicketComponent(TicketComponent ticketComponent)
{
this.ticketComponent = ticketComponent;
@@ -76,46 +69,6 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
|| ((ActivateableBean) this.authenticationComponent).isActive();
}
public void createAuthentication(String userName, char[] password) throws AuthenticationException
{
authenticationDao.createUser(userName, password);
}
public void updateAuthentication(String userName, char[] oldPassword, char[] newPassword)
throws AuthenticationException
{
// Need to preserve the run-as user
String currentUser = AuthenticationUtil.getRunAsUser();
try
{
authenticate(userName, oldPassword);
}
finally
{
AuthenticationUtil.setRunAsUser(currentUser);
}
authenticationDao.updateUser(userName, newPassword);
}
public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException
{
authenticationDao.updateUser(userName, newPassword);
}
public void deleteAuthentication(String userName) throws AuthenticationException
{
authenticationDao.deleteUser(userName);
}
public boolean getAuthenticationEnabled(String userName) throws AuthenticationException
{
return authenticationDao.getEnabled(userName);
}
public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException
{
authenticationDao.setEnabled(userName, enabled);
}
public void authenticate(String userName, char[] password) throws AuthenticationException
{
@@ -136,11 +89,6 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
ticketComponent.getCurrentTicket(userName); // to ensure new ticket is created (even if client does not explicitly call getCurrentTicket)
}
public boolean authenticationExists(String userName)
{
return authenticationDao.userExists(userName);
}
public String getCurrentUserName() throws AuthenticationException
{
return authenticationComponent.getCurrentUserName();
@@ -327,4 +275,20 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
{
return authenticationComponent.getDefaultGuestUserNames();
}
/**
* {@inheritDoc}
*/
public boolean authenticationExists(String userName)
{
return true;
}
/**
* {@inheritDoc}
*/
public boolean getAuthenticationEnabled(String userName) throws AuthenticationException
{
return true;
}
}

12
source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
View File

@@ -44,11 +44,9 @@ import net.sf.acegisecurity.DisabledException;
import net.sf.acegisecurity.LockedException;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.SaltSource;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.management.subsystems.ApplicationContextFactory;
import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl.ExpiryMode;
@@ -62,7 +60,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.DynamicNamespacePrefixResolver;
import org.alfresco.service.namespace.NamespacePrefixResolver;
@@ -103,9 +101,9 @@ public class AuthenticationTest extends TestCase
private SimpleCache<String, Ticket> ticketsCache;
private AuthenticationService authenticationService;
private MutableAuthenticationService authenticationService;
private AuthenticationService pubAuthenticationService;
private MutableAuthenticationService pubAuthenticationService;
private AuthenticationComponent authenticationComponent;
@@ -140,8 +138,8 @@ public class AuthenticationTest extends TestCase
dictionaryService = (DictionaryService) ctx.getBean("dictionaryService");
passwordEncoder = (MD4PasswordEncoder) ctx.getBean("passwordEncoder");
ticketComponent = (TicketComponent) ctx.getBean("ticketComponent");
authenticationService = (AuthenticationService) ctx.getBean("authenticationService");
pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService");
authenticationService = (MutableAuthenticationService) ctx.getBean("authenticationService");
pubAuthenticationService = (MutableAuthenticationService) ctx.getBean("AuthenticationService");
authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent");
pubPersonService = (PersonService) ctx.getBean("PersonService");

7
source/java/org/alfresco/repo/security/authentication/ChainingAuthenticationServiceImpl.java
View File

@@ -28,6 +28,7 @@ import java.util.ArrayList;
import java.util.List;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
/**
* This class implements a simple chaining authentication service. It chains together other authentication services so
@@ -47,7 +48,7 @@ public class ChainingAuthenticationServiceImpl extends AbstractChainingAuthentic
List<AuthenticationService> authenticationServices;
AuthenticationService mutableAuthenticationService;
MutableAuthenticationService mutableAuthenticationService;
public ChainingAuthenticationServiceImpl()
{
@@ -60,12 +61,12 @@ public class ChainingAuthenticationServiceImpl extends AbstractChainingAuthentic
}
@Override
public AuthenticationService getMutableAuthenticationService()
public MutableAuthenticationService getMutableAuthenticationService()
{
return this.mutableAuthenticationService;
}
public void setMutableAuthenticationService(AuthenticationService mutableAuthenticationService)
public void setMutableAuthenticationService(MutableAuthenticationService mutableAuthenticationService)
{
this.mutableAuthenticationService = mutableAuthenticationService;
}

140
source/java/org/alfresco/repo/security/authentication/MutableAuthenticationServiceImpl.java Normal file
View File

@@ -0,0 +1,140 @@
/*
* Copyright (C) 2005-2009 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have received a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.authentication;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
/**
* The default implementation of {@link MutableAuthenticationService}.
*
* @author dward
*/
public class MutableAuthenticationServiceImpl extends AuthenticationServiceImpl implements MutableAuthenticationService
{
/** The authentication dao. */
MutableAuthenticationDao authenticationDao;
/**
* Sets the authentication dao.
*
* @param authenticationDao
* the authentication dao
*/
public void setAuthenticationDao(MutableAuthenticationDao authenticationDao)
{
this.authenticationDao = authenticationDao;
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.MutableAuthenticationService#createAuthentication(java.lang.String,
* char[])
*/
public void createAuthentication(String userName, char[] password) throws AuthenticationException
{
this.authenticationDao.createUser(userName, password);
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.MutableAuthenticationService#updateAuthentication(java.lang.String,
* char[], char[])
*/
public void updateAuthentication(String userName, char[] oldPassword, char[] newPassword)
throws AuthenticationException
{
// Need to preserve the run-as user
String currentUser = AuthenticationUtil.getRunAsUser();
try
{
authenticate(userName, oldPassword);
}
finally
{
AuthenticationUtil.setRunAsUser(currentUser);
}
this.authenticationDao.updateUser(userName, newPassword);
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.MutableAuthenticationService#setAuthentication(java.lang.String, char[])
*/
public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException
{
this.authenticationDao.updateUser(userName, newPassword);
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.MutableAuthenticationService#deleteAuthentication(java.lang.String)
*/
public void deleteAuthentication(String userName) throws AuthenticationException
{
this.authenticationDao.deleteUser(userName);
}
/*
* (non-Javadoc)
* @see
* org.alfresco.repo.security.authentication.AuthenticationServiceImpl#getAuthenticationEnabled(java.lang.String)
*/
@Override
public boolean getAuthenticationEnabled(String userName) throws AuthenticationException
{
return this.authenticationDao.getEnabled(userName);
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.MutableAuthenticationService#setAuthenticationEnabled(java.lang.String,
* boolean)
*/
public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException
{
this.authenticationDao.setEnabled(userName, enabled);
}
/*
* (non-Javadoc)
* @see org.alfresco.repo.security.authentication.AuthenticationServiceImpl#authenticationExists(java.lang.String)
*/
@Override
public boolean authenticationExists(String userName)
{
return this.authenticationDao.userExists(userName);
}
/*
* (non-Javadoc)
* @see org.alfresco.service.cmr.security.MutableAuthenticationService#isAuthenticationMutable(java.lang.String)
*/
public boolean isAuthenticationMutable(String userName)
{
return authenticationExists(userName);
}
}

9
source/java/org/alfresco/repo/security/authentication/TestAuthenticationServiceImpl.java
View File

@@ -41,11 +41,11 @@ import net.sf.acegisecurity.context.security.SecureContextImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.GUID;
public class TestAuthenticationServiceImpl implements AuthenticationService
public class TestAuthenticationServiceImpl implements MutableAuthenticationService
{
private Map<String, String> userNamesAndPasswords = new HashMap<String, String>();
@@ -246,6 +246,11 @@ public class TestAuthenticationServiceImpl implements AuthenticationService
{
return userNamesAndPasswords.containsKey(userName);
}
public boolean isAuthenticationMutable(String userName)
{
return authenticationExists(userName);
}
public String getCurrentUserName() throws AuthenticationException
{

10
source/java/org/alfresco/repo/security/authentication/subsystems/SubsystemChainingAuthenticationService.java
View File

@@ -31,6 +31,7 @@ import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
import org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
@@ -77,7 +78,7 @@ public class SubsystemChainingAuthenticationService extends AbstractChainingAuth
* org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService#getMutableAuthenticationService()
*/
@Override
public AuthenticationService getMutableAuthenticationService()
public MutableAuthenticationService getMutableAuthenticationService()
{
for (String instance : this.applicationContextManager.getInstanceIds())
{
@@ -87,11 +88,12 @@ public class SubsystemChainingAuthenticationService extends AbstractChainingAuth
AuthenticationService authenticationService = (AuthenticationService) context.getBean(sourceBeanName);
// Only add active authentication services. E.g. we might have an ldap context that is only used for
// synchronizing
if (!(authenticationService instanceof ActivateableBean)
|| ((ActivateableBean) authenticationService).isActive())
if (authenticationService instanceof MutableAuthenticationService
&& (!(authenticationService instanceof ActivateableBean) || ((ActivateableBean) authenticationService)
.isActive()))
{
return authenticationService;
return (MutableAuthenticationService) authenticationService;
}
}
catch (NoSuchBeanDefinitionException e)