diff --git a/config/alfresco/usage-services-context.xml b/config/alfresco/usage-services-context.xml
index 5e9bb28a49..5cb14358b1 100644
--- a/config/alfresco/usage-services-context.xml
+++ b/config/alfresco/usage-services-context.xml
@@ -38,7 +38,6 @@
-
diff --git a/source/java/org/alfresco/repo/search/impl/lucene/ADMLuceneCategoryTest.java b/source/java/org/alfresco/repo/search/impl/lucene/ADMLuceneCategoryTest.java
index b714435db6..cc57123df2 100644
--- a/source/java/org/alfresco/repo/search/impl/lucene/ADMLuceneCategoryTest.java
+++ b/source/java/org/alfresco/repo/search/impl/lucene/ADMLuceneCategoryTest.java
@@ -42,6 +42,7 @@ import org.alfresco.repo.dictionary.M2Aspect;
import org.alfresco.repo.dictionary.M2Model;
import org.alfresco.repo.dictionary.M2Property;
import org.alfresco.repo.search.impl.lucene.fts.FullTextSearchIndexer;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
@@ -143,6 +144,8 @@ public class ADMLuceneCategoryTest extends TestCase
categoryService = (CategoryService) ctx.getBean("categoryService");
serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
tenantService = (TenantService) ctx.getBean("tenantService");
+
+ AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
createTestTypes();
@@ -246,6 +249,14 @@ public class ADMLuceneCategoryTest extends TestCase
tx.commit();
}
+ @Override
+ protected void tearDown() throws Exception
+ {
+ // TODO Auto-generated method stub
+ AuthenticationUtil.clearCurrentSecurityContext();
+ super.tearDown();
+ }
+
private HashMap createMap(String name, NodeRef[] nodeRefs)
{
HashMap map = new HashMap();
diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
index 407629c82b..dca09064dd 100644
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
@@ -334,6 +334,15 @@ public abstract class AuthenticationUtil
public static boolean isRunAsUserTheSystemUser()
{
String runAsUser = getRunAsUser();
+ if ((runAsUser != null) && isMtEnabled())
+ {
+ // get base username
+ int idx = runAsUser.indexOf(TenantService.SEPARATOR);
+ if (idx != -1)
+ {
+ runAsUser = runAsUser.substring(0, idx);
+ }
+ }
return EqualsHelper.nullSafeEquals(runAsUser, AuthenticationUtil.SYSTEM_USER_NAME);
}
@@ -411,79 +420,47 @@ public abstract class AuthenticationUtil
}
else
{
+ if ((originalRunAsAuthentication != null) && (isMtEnabled()))
+ {
+ String originalRunAsUserName = getUserName(originalRunAsAuthentication);
+ int idx = originalRunAsUserName.indexOf(TenantService.SEPARATOR);
+ if ((idx != -1) && (idx < (originalRunAsUserName.length() - 1)))
+ {
+ if (uid.equals(AuthenticationUtil.getSystemUserName()))
+ {
+ uid = uid + TenantService.SEPARATOR + originalRunAsUserName.substring(idx + 1);
+ }
+ }
+ }
AuthenticationUtil.setRunAsUser(uid);
}
result = runAsWork.doWork();
return result;
- }
- catch (Throwable exception)
- {
- // Re-throw the exception
- if (exception instanceof RuntimeException)
- {
- throw (RuntimeException) exception;
- }
- else
- {
- throw new RuntimeException("Error during run as.", exception);
- }
- }
- finally
- {
- if (originalFullAuthentication == null)
- {
- AuthenticationUtil.clearCurrentSecurityContext();
- }
- else
- {
- AuthenticationUtil.setFullAuthentication(originalFullAuthentication);
- AuthenticationUtil.setRunAsAuthentication(originalRunAsAuthentication);
- }
- }
-// String effectiveUser = AuthenticationUtil.getCurrentEffectiveUserName();
-// String realUser = AuthenticationUtil.getCurrentRealUserName();
-//
-// R result = null;
-// try
-// {
-// if(realUser == null)
-// {
-// AuthenticationUtil.setCurrentRealUser(uid);
-// }
-// AuthenticationUtil.setCurrentEffectiveUser(uid);
-// result = runAsWork.doWork();
-// return result;
-// }
-// catch (Throwable exception)
-// {
-//
-// // Re-throw the exception
-// if (exception instanceof RuntimeException)
-// {
-// throw (RuntimeException) exception;
-// }
-// else
-// {
-// throw new RuntimeException("Error during run as.", exception);
-// }
-// }
-// finally
-// {
-// if(realUser == null)
-// {
-// AuthenticationUtil.clearCurrentSecurityContext();
-// }
-// else
-// {
-// if(!realUser.equals(AuthenticationUtil.getCurrentRealUserName()))
-// {
-// AuthenticationUtil.setCurrentRealUser(realUser);
-// s_logger.warn("Resetting real user which has changed in RunAs block");
-// }
-// AuthenticationUtil.setCurrentEffectiveUser(effectiveUser);
-//
-// }
-// }
+ }
+ catch (Throwable exception)
+ {
+ // Re-throw the exception
+ if (exception instanceof RuntimeException)
+ {
+ throw (RuntimeException) exception;
+ }
+ else
+ {
+ throw new RuntimeException("Error during run as.", exception);
+ }
+ }
+ finally
+ {
+ if (originalFullAuthentication == null)
+ {
+ AuthenticationUtil.clearCurrentSecurityContext();
+ }
+ else
+ {
+ AuthenticationUtil.setFullAuthentication(originalFullAuthentication);
+ AuthenticationUtil.setRunAsAuthentication(originalRunAsAuthentication);
+ }
+ }
}
private static ThreadLocal> threadLocalFullAuthenticationStack;
diff --git a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
index d0cbc60553..b5c862ed9a 100644
--- a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
@@ -486,8 +486,10 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName);
}
-
- nodeService.setProperties(personNode, properties);
+ Map update = nodeService.getProperties(personNode);
+ update.putAll(properties);
+
+ nodeService.setProperties(personNode, update);
}
public boolean isMutable()
diff --git a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
index 7a8d436d02..f29138dccd 100644
--- a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
@@ -93,7 +93,8 @@ public class MultiTDemoTest extends TestCase
public static List tenants;
- static {
+ static
+ {
tenants = new ArrayList(NUM_TENANTS);
for (int i = 1; i <= NUM_TENANTS; i++)
{
@@ -103,8 +104,8 @@ public class MultiTDemoTest extends TestCase
public static final String ROOT_DIR = "./tenantstores";
- public static final String TEST_ADMIN_BASENAME = "admin";
- public static final String TEST_ADMIN_PASSWORD = "admin";
+ public static final String DEFAULT_ADMIN_UN = "admin";
+ public static final String DEFAULT_ADMIN_PW = "admin";
public static final String TEST_USER1 = "alice";
public static final String TEST_USER2 = "bob";
@@ -137,8 +138,6 @@ public class MultiTDemoTest extends TestCase
ownableService = (OwnableService) ctx.getBean("OwnableService");
authorityService = (AuthorityService) ctx.getBean("AuthorityService");
categoryService = (CategoryService) ctx.getBean("CategoryService");
-
-// AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); // force, to clear real user from previous test (runAs issue ?)
}
@Override
@@ -150,6 +149,8 @@ public class MultiTDemoTest extends TestCase
public void testCreateTenants() throws Throwable
{
+ AuthenticationUtil.setFullyAuthenticatedUser(DEFAULT_ADMIN_UN); // authenticate as super-admin
+
logger.info("Create tenants");
Set personRefs = personService.getAllPeople();
@@ -174,8 +175,8 @@ public class MultiTDemoTest extends TestCase
{
if (! tenantAdminService.existsTenant(tenantDomain))
{
- //tenantAdminService.createTenant(tenantDomain, TEST_ADMIN_PASSWORD.toCharArray(), ROOT_DIR + "/" + tenantDomain);
- tenantAdminService.createTenant(tenantDomain, TEST_ADMIN_PASSWORD.toCharArray(), null); // use default root dir
+ //tenantAdminService.createTenant(tenantDomain, DEFAULT_ADMIN_PW.toCharArray(), ROOT_DIR + "/" + tenantDomain);
+ tenantAdminService.createTenant(tenantDomain, DEFAULT_ADMIN_PW.toCharArray(), null); // use default root dir
logger.info("Created tenant " + tenantDomain);
}
@@ -242,6 +243,17 @@ public class MultiTDemoTest extends TestCase
{
Set personRefs = personService.getAllPeople();
+ for (NodeRef personRef : personRefs)
+ {
+ String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
+ assertTrue(userName.endsWith(tenantDomain));
+
+ logger.info("Create users: get all people - found user: "+userName);
+
+ NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
+ assertNotNull(homeSpaceRef);
+ }
+
if (tenantDomain.equals(TEST_TENANT_DOMAIN2))
{
assertEquals(5, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant, eve@tenant
@@ -251,15 +263,8 @@ public class MultiTDemoTest extends TestCase
assertEquals(4, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant
}
- for (NodeRef personRef : personRefs)
- {
- String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
- assertTrue(userName.endsWith(tenantDomain));
-
- NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
- assertNotNull(homeSpaceRef);
- }
+
return null;
}
}, tenantAdminName);
@@ -470,9 +475,7 @@ public class MultiTDemoTest extends TestCase
assertTrue("Super admin: ", (nodeService.getStores().size() >= DEFAULT_DM_STORE_COUNT));
return null;
}
- }, TenantService.ADMIN_BASENAME);
-
- assertTrue("Super tenant: ", (nodeService.getStores().size() >= DEFAULT_DM_STORE_COUNT));
+ }, DEFAULT_ADMIN_UN);
for (final String tenantDomain : tenants)
{
diff --git a/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java b/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java
index c77e82cfbd..cdaa4c7dd8 100644
--- a/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java
@@ -104,8 +104,8 @@ public class MultiTNodeServiceInterceptor extends DelegatingIntroductionIntercep
@SuppressWarnings("unchecked")
public Object invoke(MethodInvocation invocation) throws Throwable
{
- // See if we can shortcut
- if (AuthenticationUtil.isRunAsUserTheSystemUser() || !AuthenticationUtil.isMtEnabled())
+ // See if we can shortcut (for super 'System' only)
+ if (AuthenticationUtil.getSystemUserName().equals(AuthenticationUtil.getRunAsUser()) || !AuthenticationUtil.isMtEnabled())
{
return invocation.proceed();
}
diff --git a/source/java/org/alfresco/repo/usage/UsageQuotaProtector.java b/source/java/org/alfresco/repo/usage/UsageQuotaProtector.java
index 55717f34a1..4f379c95a4 100644
--- a/source/java/org/alfresco/repo/usage/UsageQuotaProtector.java
+++ b/source/java/org/alfresco/repo/usage/UsageQuotaProtector.java
@@ -32,8 +32,8 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.usage.ContentUsageService;
import org.alfresco.service.namespace.NamespaceService;
@@ -46,7 +46,6 @@ import org.alfresco.service.namespace.QName;
public class UsageQuotaProtector implements NodeServicePolicies.OnUpdatePropertiesPolicy
{
private AuthorityService authorityService;
- private AuthenticationService authenticationService;
private PolicyComponent policyComponent;
private ContentUsageService contentUsageService;
@@ -55,11 +54,6 @@ public class UsageQuotaProtector implements NodeServicePolicies.OnUpdateProperti
this.authorityService = authorityService;
}
- public void setAuthenticationService(AuthenticationService authenticationService)
- {
- this.authenticationService = authenticationService;
- }
-
public void setContentUsageService(ContentUsageService contentUsageService)
{
this.contentUsageService = contentUsageService;
@@ -105,14 +99,14 @@ public class UsageQuotaProtector implements NodeServicePolicies.OnUpdateProperti
// Check for change in sizeCurrent
if ((sizeCurrentBefore != sizeCurrentAfter) && (sizeCurrentBefore != null) &&
- (! (authorityService.hasAdminAuthority() || authenticationService.isCurrentUserTheSystemUser())))
+ (! (authorityService.hasAdminAuthority() || AuthenticationUtil.isRunAsUserTheSystemUser())))
{
throw new AlfrescoRuntimeException("Update failed: protected property 'sizeCurrent'");
}
// Check for change in sizeQuota
if ((sizeQuotaBefore != sizeQuotaAfter) && (sizeQuotaBefore != null) &&
- (! (authorityService.hasAdminAuthority() || authenticationService.isCurrentUserTheSystemUser())))
+ (! (authorityService.hasAdminAuthority() || AuthenticationUtil.isRunAsUserTheSystemUser())))
{
throw new AlfrescoRuntimeException("Update failed: protected property 'sizeQuota'");
}