Merged V3.2E to HEAD

17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
         - Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
         - Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
         - Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
         - Works with authentication chain containing mixture of internally and externally authenticated users
   17247: Fix failing unit tests
         - rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
   17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
   17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/service/ServiceRegistry.java

@@ -59,8 +59,8 @@ import org.alfresco.service.cmr.repository.TemplateService;
 import org.alfresco.service.cmr.rule.RuleService;
 import org.alfresco.service.cmr.search.CategoryService;
 import org.alfresco.service.cmr.search.SearchService;
-import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.service.cmr.security.AuthorityService;
+import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.cmr.security.OwnableService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
@@ -214,7 +214,7 @@ public interface ServiceRegistry
      * @return the authentication service (or null, if one is not provided)
      */
     @NotAuditable
-    AuthenticationService getAuthenticationService();
+    MutableAuthenticationService getAuthenticationService();
 
     /**
      * @return the node service (or null, if one is not provided)

source/java/org/alfresco/service/cmr/security/AuthenticationService.java

@@ -40,56 +40,6 @@ import org.alfresco.service.PublicService;
 @PublicService
 public interface AuthenticationService
 {
-    /**
-     * Create an authentication for the given user.
-     * 
-     * @param userName
-     * @param password
-     * @throws AuthenticationException
-     */
-    @Auditable(parameters = {"userName", "password"}, recordable = {true, false})
-    public void createAuthentication(String userName, char[] password) throws AuthenticationException;
-    
-    /**
-     * Update the login information for the user (typically called by the user)
-     * 
-     * @param userName
-     * @param oldPassword
-     * @param newPassword
-     * @throws AuthenticationException
-     */
-    @Auditable(parameters = {"userName", "oldPassword", "newPassword"}, recordable = {true, false, false})
-    public void updateAuthentication(String userName, char[] oldPassword, char[] newPassword) throws AuthenticationException;
-    
-    /**
-     * Set the login information for a user (typically called by an admin user) 
-     * 
-     * @param userName
-     * @param newPassword
-     * @throws AuthenticationException
-     */
-    @Auditable(parameters = {"userName", "newPassword"}, recordable = {true, false})
-    public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException;
-    
-
-    /**
-     * Delete an authentication entry
-     * 
-     * @param userName
-     * @throws AuthenticationException
-     */
-    @Auditable(parameters = {"userName"})
-    public void deleteAuthentication(String userName) throws AuthenticationException;
-    
-    /**
-     * Enable or disable an authentication entry
-     * 
-     * @param userName
-     * @param enabled
-     */
-    @Auditable(parameters = {"userName", "enabled"})
-    public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException;
-    
     /**
      * Is an authentication enabled or disabled?
      * 

source/java/org/alfresco/service/cmr/security/MutableAuthenticationService.java

@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have received a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.service.cmr.security;
+
+import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.service.Auditable;
+
+/**
+ * An extended {@link AuthenticationService} that allows mutation of some or all of its user accounts.
+ * 
+ * @author dward
+ */
+public interface MutableAuthenticationService extends AuthenticationService
+{
+    /**
+     * Determines whether this user's authentication may be mutated via the other methods.
+     * 
+     * @param userName the user ID
+     * @return <code>true</code> if this user's authentication may be mutated via the other methods.
+     */
+    @Auditable(parameters = {"userName"}, recordable = {true})
+    public boolean isAuthenticationMutable(String userName);
+    
+    /**
+     * Create an authentication for the given user.
+     * 
+     * @param userName
+     * @param password
+     * @throws AuthenticationException
+     */
+    @Auditable(parameters = {"userName", "password"}, recordable = {true, false})
+    public void createAuthentication(String userName, char[] password) throws AuthenticationException;
+    
+    /**
+     * Update the login information for the user (typically called by the user)
+     * 
+     * @param userName
+     * @param oldPassword
+     * @param newPassword
+     * @throws AuthenticationException
+     */
+    @Auditable(parameters = {"userName", "oldPassword", "newPassword"}, recordable = {true, false, false})
+    public void updateAuthentication(String userName, char[] oldPassword, char[] newPassword) throws AuthenticationException;
+    
+    /**
+     * Set the login information for a user (typically called by an admin user) 
+     * 
+     * @param userName
+     * @param newPassword
+     * @throws AuthenticationException
+     */
+    @Auditable(parameters = {"userName", "newPassword"}, recordable = {true, false})
+    public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException;
+    
+
+    /**
+     * Delete an authentication entry
+     * 
+     * @param userName
+     * @throws AuthenticationException
+     */
+    @Auditable(parameters = {"userName"})
+    public void deleteAuthentication(String userName) throws AuthenticationException;
+    
+    /**
+     * Enable or disable an authentication entry
+     * 
+     * @param userName
+     * @param enabled
+     */
+    @Auditable(parameters = {"userName", "enabled"})
+    public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException;
+    
+    
+}