mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
Merged V3.2 to HEAD
17475: ETHREEOH-3295: Fix to AuthorityMigrationPatch
- Forces transaction retry if worker thread reaches child authority before a parent authority
- Tested on Kev's 3.1.1 repository with ~20,000 bulk loaded users and ~2,000 Share sites
- Now completes in 5 minutes as opposed to 45
17461: ETHREEOH-3268: Added MutableAuthenticationService.isAuthenticationCreationAllowed () to allow conditional display of external user invitation UI
17450: ETHREEOH-2762: Correction to previous fix. Do not generate new name when working copy copied back on check in.
17440: ETHREEOH-3295: Fixed logging in FixNameCrcValuesPatch
17439: ETHREEOH-2762: Improved behaviour when a working copy is copied
- Working copy aspect already removed the working copy aspect on copy
- Now derives a new name from the node checked out from and a UUID, preserving the extension
17438: ETHREEOH-2690: Fix sequencing of jgroups system property setting
- declared dependency between internalEHCacheManager and jgroupsPropertySetter
17436: ETHREEOH-3295: Further performance improvements to AuthorityMigrationPatch
- authority created at same time as all its parent associations to save lots of reindexing, as per LDAP sync
- multi-threaded BatchProcessor (as used by LDAP sync, FixNameCrcValuesPatch) used to process work in 2 threads in batches of 20, report progress every 100 entries and handle transaction retries
- BatchProcessor now promoted to its own package
17394: Fix for license issue in local enterprise builds.
- Replace Community with Enterprise in version.properties during enterprise war building
17365: ETHREEOH-3229: Visited and fixed all SearchService result set leaks
17362: ETHREEOH-3254: Eliminate needless ping to LDAP server in LDAPAuthenticationComponentImpl.implementationAllowsGuestLogin()
17348: ETHREEOH-3003: Fix NPE in Hyperic when LicenseDescriptor has null fields
17316: Merged V3.1 to V3.2
17315: ETHREEOH-3092: PersonService won't let you create duplicate persons anymore.
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
17312: ETHREEOH-3219: Enable resolution of JMX server password file path on JBoss 5
17299: Merged V3.2 to V3.1 (Record only)
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
- thanks Kev!
17292: ETHREEOH-1842: Ticket association with HttpSession IDs tracked so that we don't invalidate a ticket in use by multiple sessions prematurely
- AuthenticationService validate, getCurrentTicket, etc. methods now take optional sessionId arguments
17269: Fix failing unit test
- reinstate original behaviour of AbstractChainingAuthenticationService.getAuthenticationEnabled()
17268: Fix InvitationService
- Runs as system to do privileged AuthenticationService actions
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18105 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -196,7 +196,7 @@ public class TestWebScriptRepoServer extends TestWebScriptServer
|
||||
{
|
||||
public Object execute() throws Exception
|
||||
{
|
||||
authenticationService.validate(username);
|
||||
authenticationService.validate(username, null);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
|
||||
@@ -76,7 +76,7 @@ public class LoginTicket extends DeclarativeWebScript
|
||||
|
||||
try
|
||||
{
|
||||
String ticketUser = ticketComponent.validateTicket(ticket);
|
||||
String ticketUser = ticketComponent.validateTicket(ticket, null);
|
||||
|
||||
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
|
||||
|
||||
|
||||
@@ -86,7 +86,7 @@ public class LoginTicketDelete extends DeclarativeWebScript
|
||||
|
||||
try
|
||||
{
|
||||
String ticketUser = ticketComponent.validateTicket(ticket);
|
||||
String ticketUser = ticketComponent.validateTicket(ticket, null);
|
||||
|
||||
// do not go any further if tickets are different
|
||||
if (!AuthenticationUtil.getFullyAuthenticatedUser().equals(ticketUser))
|
||||
@@ -97,7 +97,7 @@ public class LoginTicketDelete extends DeclarativeWebScript
|
||||
else
|
||||
{
|
||||
// delete the ticket
|
||||
authenticationService.invalidateTicket(ticket);
|
||||
authenticationService.invalidateTicket(ticket, null);
|
||||
status.setMessage("Deleted Ticket " + ticket);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -140,7 +140,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
|
||||
logger.debug("Authenticating (URL argument) ticket " + ticket);
|
||||
|
||||
// assume a ticket has been passed
|
||||
authenticationService.validate(ticket);
|
||||
authenticationService.validate(ticket, null);
|
||||
authorized = true;
|
||||
}
|
||||
catch(AuthenticationException e)
|
||||
@@ -168,7 +168,7 @@ public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactor
|
||||
logger.debug("Authenticating (BASIC HTTP) ticket " + parts[0]);
|
||||
|
||||
// assume a ticket has been passed
|
||||
authenticationService.validate(parts[0]);
|
||||
authenticationService.validate(parts[0], null);
|
||||
authorized = true;
|
||||
}
|
||||
else
|
||||
|
||||
@@ -34,6 +34,7 @@ import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.alfresco.repo.SessionUser;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
@@ -115,8 +116,9 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De
|
||||
// Authenticate the user
|
||||
|
||||
authenticationService.authenticate(username, password.toCharArray());
|
||||
|
||||
user = createUserEnvironment(httpReq.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), false);
|
||||
HttpSession session = httpReq.getSession();
|
||||
user = createUserEnvironment(session, authenticationService.getCurrentUserName(),
|
||||
authenticationService.getCurrentTicket(session.getId()), false);
|
||||
}
|
||||
catch ( AuthenticationException ex)
|
||||
{
|
||||
@@ -149,13 +151,14 @@ public class AuthenticationFilter extends BaseAuthenticationFilter implements De
|
||||
|
||||
// Validate the ticket
|
||||
|
||||
authenticationService.validate(ticket);
|
||||
HttpSession session = httpReq.getSession();
|
||||
authenticationService.validate(ticket, session.getId());
|
||||
|
||||
// Need to create the User instance if not already available
|
||||
|
||||
String currentUsername = authenticationService.getCurrentUserName();
|
||||
|
||||
user = createUserEnvironment(httpReq.getSession(), currentUsername, ticket, false);
|
||||
user = createUserEnvironment(session, currentUsername, ticket, false);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -160,7 +160,7 @@ public abstract class BaseAuthenticationFilter
|
||||
{
|
||||
try
|
||||
{
|
||||
authenticationService.validate(sessionUser.getTicket());
|
||||
authenticationService.validate(sessionUser.getTicket(), session.getId());
|
||||
setExternalAuth(session, externalAuth);
|
||||
}
|
||||
catch (AuthenticationException e)
|
||||
|
||||
@@ -601,7 +601,7 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
|
||||
catch (AuthenticationException ex)
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("Failed to validate user " + user.getUserName(), ex);
|
||||
logger.debug("Failed to validate user " + userName, ex);
|
||||
|
||||
onValidateFailed(req, res, session);
|
||||
return;
|
||||
|
||||
@@ -163,7 +163,7 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
|
||||
public SessionUser execute() throws Throwable
|
||||
{
|
||||
authenticationComponent.setCurrentUser(userName);
|
||||
return createUserEnvironment(session, userName, authenticationService.getCurrentTicket(), true);
|
||||
return createUserEnvironment(session, userName, authenticationService.getCurrentTicket(session.getId()), true);
|
||||
}
|
||||
});
|
||||
}
|
||||
@@ -288,8 +288,10 @@ public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilt
|
||||
// If we don't yet have a valid cached user, validate the ticket and create one
|
||||
if ( user == null )
|
||||
{
|
||||
authenticationService.validate(ticket);
|
||||
user = createUserEnvironment(req.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), true);
|
||||
HttpSession session = req.getSession();
|
||||
String sessionId = session.getId();
|
||||
authenticationService.validate(ticket, sessionId);
|
||||
user = createUserEnvironment(session, authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(sessionId), true);
|
||||
}
|
||||
|
||||
// Indicate the ticket parameter was specified, and valid
|
||||
|
||||
@@ -39,6 +39,7 @@ import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.alfresco.repo.SessionUser;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
@@ -219,8 +220,9 @@ public class HTTPRequestAuthenticationFilter extends BaseAuthenticationFilter im
|
||||
m_authComponent.clearCurrentSecurityContext();
|
||||
m_authComponent.setCurrentUser(userName);
|
||||
|
||||
return createUserEnvironment(httpReq.getSession(), userName, authenticationService
|
||||
.getCurrentTicket(), true);
|
||||
HttpSession session = httpReq.getSession();
|
||||
return createUserEnvironment(session, userName, authenticationService
|
||||
.getCurrentTicket(session.getId()), true);
|
||||
}
|
||||
catch (AuthenticationException ex)
|
||||
{
|
||||
@@ -251,12 +253,12 @@ public class HTTPRequestAuthenticationFilter extends BaseAuthenticationFilter im
|
||||
|
||||
try
|
||||
{
|
||||
HttpSession session = httpReq.getSession();
|
||||
// Validate the ticket
|
||||
authenticationService.validate(ticket);
|
||||
authenticationService.validate(ticket, session.getId());
|
||||
|
||||
// Need to create the User instance if not already available
|
||||
user = createUserEnvironment(httpReq.getSession(), authenticationService.getCurrentUserName(),
|
||||
ticket, true);
|
||||
user = createUserEnvironment(session, authenticationService.getCurrentUserName(), ticket, true);
|
||||
}
|
||||
catch (AuthenticationException authErr)
|
||||
{
|
||||
|
||||
@@ -116,7 +116,7 @@ public class AuthenticationWebService implements AuthenticationServiceSoapPort
|
||||
public Object execute() throws Throwable
|
||||
{
|
||||
AuthenticationWebService.this.authenticationComponent.setSystemUserAsCurrentUser();
|
||||
AuthenticationWebService.this.authenticationService.invalidateTicket(ticket);
|
||||
AuthenticationWebService.this.authenticationService.invalidateTicket(ticket, null);
|
||||
AuthenticationWebService.this.authenticationService.clearCurrentSecurityContext();
|
||||
|
||||
if (logger.isDebugEnabled())
|
||||
|
||||
@@ -80,7 +80,7 @@ public class TicketCallbackHandler implements CallbackHandler
|
||||
// ensure the ticket is valid
|
||||
try
|
||||
{
|
||||
this.authenticationService.validate(ticket);
|
||||
this.authenticationService.validate(ticket, null);
|
||||
}
|
||||
catch (AuthenticationException ae)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user