inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.0 to HEAD

Browse Source 
12178: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes.
  12180: Build fix for updating person properties - set all existing to keep quota properties.
  12187: MT - fix missing merge and fallout post authentication util changes
  12199: Usage Service - fix unit test fallout post authentication util changes
  12204: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes
  12206: Authenticate now required since authentication util changes
  12210: Module fixes - to use new authentication util api changes


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12515 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2008-12-19 13:22:28 +00:00
parent ecf18f2bb4
commit 90d1f80fce
7 changed files with 87 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/usage-services-context.xml
View File

@@ -38,7 +38,6 @@
<bean id="usageQuotaProtector" class="org.alfresco.repo.usage.UsageQuotaProtector" init-method="init"> <bean id="usageQuotaProtector" class="org.alfresco.repo.usage.UsageQuotaProtector" init-method="init">
<property name="authorityService" ref="authorityService"/> <property name="authorityService" ref="authorityService"/>
<property name="authenticationService" ref="authenticationService"/>
<property name="policyComponent" ref="policyComponent"/> <property name="policyComponent" ref="policyComponent"/>
<property name="contentUsageService" ref="contentUsageImpl"/> <property name="contentUsageService" ref="contentUsageImpl"/>
</bean> </bean>

11
source/java/org/alfresco/repo/search/impl/lucene/ADMLuceneCategoryTest.java
View File

@@ -42,6 +42,7 @@ import org.alfresco.repo.dictionary.M2Aspect;
import org.alfresco.repo.dictionary.M2Model; import org.alfresco.repo.dictionary.M2Model;
import org.alfresco.repo.dictionary.M2Property; import org.alfresco.repo.dictionary.M2Property;
import org.alfresco.repo.search.impl.lucene.fts.FullTextSearchIndexer; import org.alfresco.repo.search.impl.lucene.fts.FullTextSearchIndexer;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantService; import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.ServiceRegistry; import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition; import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
@@ -143,6 +144,8 @@ public class ADMLuceneCategoryTest extends TestCase
categoryService = (CategoryService) ctx.getBean("categoryService"); categoryService = (CategoryService) ctx.getBean("categoryService");
serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY); serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
tenantService = (TenantService) ctx.getBean("tenantService"); tenantService = (TenantService) ctx.getBean("tenantService");
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
createTestTypes(); createTestTypes();
@@ -246,6 +249,14 @@ public class ADMLuceneCategoryTest extends TestCase
tx.commit(); tx.commit();
} }
@Override
protected void tearDown() throws Exception
{
// TODO Auto-generated method stub
AuthenticationUtil.clearCurrentSecurityContext();
super.tearDown();
}
private HashMap<QName, Serializable> createMap(String name, NodeRef[] nodeRefs) private HashMap<QName, Serializable> createMap(String name, NodeRef[] nodeRefs)
{ {
HashMap<QName, Serializable> map = new HashMap<QName, Serializable>(); HashMap<QName, Serializable> map = new HashMap<QName, Serializable>();

115
source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
View File

@@ -334,6 +334,15 @@ public abstract class AuthenticationUtil
public static boolean isRunAsUserTheSystemUser() public static boolean isRunAsUserTheSystemUser()
{ {
String runAsUser = getRunAsUser(); String runAsUser = getRunAsUser();
if ((runAsUser != null) && isMtEnabled())
{
// get base username
int idx = runAsUser.indexOf(TenantService.SEPARATOR);
if (idx != -1)
{
runAsUser = runAsUser.substring(0, idx);
}
}
return EqualsHelper.nullSafeEquals(runAsUser, AuthenticationUtil.SYSTEM_USER_NAME); return EqualsHelper.nullSafeEquals(runAsUser, AuthenticationUtil.SYSTEM_USER_NAME);
} }
@@ -411,79 +420,47 @@ public abstract class AuthenticationUtil
} }
else else
{ {
if ((originalRunAsAuthentication != null) && (isMtEnabled()))
{
String originalRunAsUserName = getUserName(originalRunAsAuthentication);
int idx = originalRunAsUserName.indexOf(TenantService.SEPARATOR);
if ((idx != -1) && (idx < (originalRunAsUserName.length() - 1)))
{
if (uid.equals(AuthenticationUtil.getSystemUserName()))
{
uid = uid + TenantService.SEPARATOR + originalRunAsUserName.substring(idx + 1);
}
}
}
AuthenticationUtil.setRunAsUser(uid); AuthenticationUtil.setRunAsUser(uid);
} }
result = runAsWork.doWork(); result = runAsWork.doWork();
return result; return result;
} }
catch (Throwable exception) catch (Throwable exception)
{ {
// Re-throw the exception // Re-throw the exception
if (exception instanceof RuntimeException) if (exception instanceof RuntimeException)
{ {
throw (RuntimeException) exception; throw (RuntimeException) exception;
} }
else else
{ {
throw new RuntimeException("Error during run as.", exception); throw new RuntimeException("Error during run as.", exception);
} }
} }
finally finally
{ {
if (originalFullAuthentication == null) if (originalFullAuthentication == null)
{ {
AuthenticationUtil.clearCurrentSecurityContext(); AuthenticationUtil.clearCurrentSecurityContext();
} }
else else
{ {
AuthenticationUtil.setFullAuthentication(originalFullAuthentication); AuthenticationUtil.setFullAuthentication(originalFullAuthentication);
AuthenticationUtil.setRunAsAuthentication(originalRunAsAuthentication); AuthenticationUtil.setRunAsAuthentication(originalRunAsAuthentication);
} }
} }
// String effectiveUser = AuthenticationUtil.getCurrentEffectiveUserName();
// String realUser = AuthenticationUtil.getCurrentRealUserName();
//
// R result = null;
// try
// {
// if(realUser == null)
// {
// AuthenticationUtil.setCurrentRealUser(uid);
// }
// AuthenticationUtil.setCurrentEffectiveUser(uid);
// result = runAsWork.doWork();
// return result;
// }
// catch (Throwable exception)
// {
//
// // Re-throw the exception
// if (exception instanceof RuntimeException)
// {
// throw (RuntimeException) exception;
// }
// else
// {
// throw new RuntimeException("Error during run as.", exception);
// }
// }
// finally
// {
// if(realUser == null)
// {
// AuthenticationUtil.clearCurrentSecurityContext();
// }
// else
// {
// if(!realUser.equals(AuthenticationUtil.getCurrentRealUserName()))
// {
// AuthenticationUtil.setCurrentRealUser(realUser);
// s_logger.warn("Resetting real user which has changed in RunAs block");
// }
// AuthenticationUtil.setCurrentEffectiveUser(effectiveUser);
//
// }
// }
} }
private static ThreadLocal<Stack<Authentication>> threadLocalFullAuthenticationStack; private static ThreadLocal<Stack<Authentication>> threadLocalFullAuthenticationStack;

6
source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
View File

@@ -486,8 +486,10 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME)); String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName); properties.put(ContentModel.PROP_USERNAME, realUserName);
} }
Map<QName, Serializable> update = nodeService.getProperties(personNode);
nodeService.setProperties(personNode, properties); update.putAll(properties);
nodeService.setProperties(personNode, update);
} }
public boolean isMutable() public boolean isMutable()

39
source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
View File

@@ -93,7 +93,8 @@ public class MultiTDemoTest extends TestCase
public static List<String> tenants; public static List<String> tenants;
static { static
{
tenants = new ArrayList<String>(NUM_TENANTS); tenants = new ArrayList<String>(NUM_TENANTS);
for (int i = 1; i <= NUM_TENANTS; i++) for (int i = 1; i <= NUM_TENANTS; i++)
{ {
@@ -103,8 +104,8 @@ public class MultiTDemoTest extends TestCase
public static final String ROOT_DIR = "./tenantstores"; public static final String ROOT_DIR = "./tenantstores";
public static final String TEST_ADMIN_BASENAME = "admin"; public static final String DEFAULT_ADMIN_UN = "admin";
public static final String TEST_ADMIN_PASSWORD = "admin"; public static final String DEFAULT_ADMIN_PW = "admin";
public static final String TEST_USER1 = "alice"; public static final String TEST_USER1 = "alice";
public static final String TEST_USER2 = "bob"; public static final String TEST_USER2 = "bob";
@@ -137,8 +138,6 @@ public class MultiTDemoTest extends TestCase
ownableService = (OwnableService) ctx.getBean("OwnableService"); ownableService = (OwnableService) ctx.getBean("OwnableService");
authorityService = (AuthorityService) ctx.getBean("AuthorityService"); authorityService = (AuthorityService) ctx.getBean("AuthorityService");
categoryService = (CategoryService) ctx.getBean("CategoryService"); categoryService = (CategoryService) ctx.getBean("CategoryService");
// AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); // force, to clear real user from previous test (runAs issue ?)
} }
@Override @Override
@@ -150,6 +149,8 @@ public class MultiTDemoTest extends TestCase
public void testCreateTenants() throws Throwable public void testCreateTenants() throws Throwable
{ {
AuthenticationUtil.setFullyAuthenticatedUser(DEFAULT_ADMIN_UN); // authenticate as super-admin
logger.info("Create tenants"); logger.info("Create tenants");
Set<NodeRef> personRefs = personService.getAllPeople(); Set<NodeRef> personRefs = personService.getAllPeople();
@@ -174,8 +175,8 @@ public class MultiTDemoTest extends TestCase
{ {
if (! tenantAdminService.existsTenant(tenantDomain)) if (! tenantAdminService.existsTenant(tenantDomain))
{ {
//tenantAdminService.createTenant(tenantDomain, TEST_ADMIN_PASSWORD.toCharArray(), ROOT_DIR + "/" + tenantDomain); //tenantAdminService.createTenant(tenantDomain, DEFAULT_ADMIN_PW.toCharArray(), ROOT_DIR + "/" + tenantDomain);
tenantAdminService.createTenant(tenantDomain, TEST_ADMIN_PASSWORD.toCharArray(), null); // use default root dir tenantAdminService.createTenant(tenantDomain, DEFAULT_ADMIN_PW.toCharArray(), null); // use default root dir
logger.info("Created tenant " + tenantDomain); logger.info("Created tenant " + tenantDomain);
} }
@@ -242,6 +243,17 @@ public class MultiTDemoTest extends TestCase
{ {
Set<NodeRef> personRefs = personService.getAllPeople(); Set<NodeRef> personRefs = personService.getAllPeople();
for (NodeRef personRef : personRefs)
{
String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
assertTrue(userName.endsWith(tenantDomain));
logger.info("Create users: get all people - found user: "+userName);
NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
assertNotNull(homeSpaceRef);
}
if (tenantDomain.equals(TEST_TENANT_DOMAIN2)) if (tenantDomain.equals(TEST_TENANT_DOMAIN2))
{ {
assertEquals(5, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant, eve@tenant assertEquals(5, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant, eve@tenant
@@ -251,15 +263,8 @@ public class MultiTDemoTest extends TestCase
assertEquals(4, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant assertEquals(4, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant
} }
for (NodeRef personRef : personRefs)
{
String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
assertTrue(userName.endsWith(tenantDomain));
NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
assertNotNull(homeSpaceRef);
}
return null; return null;
} }
}, tenantAdminName); }, tenantAdminName);
@@ -470,9 +475,7 @@ public class MultiTDemoTest extends TestCase
assertTrue("Super admin: ", (nodeService.getStores().size() >= DEFAULT_DM_STORE_COUNT)); assertTrue("Super admin: ", (nodeService.getStores().size() >= DEFAULT_DM_STORE_COUNT));
return null; return null;
} }
}, TenantService.ADMIN_BASENAME); }, DEFAULT_ADMIN_UN);
assertTrue("Super tenant: ", (nodeService.getStores().size() >= DEFAULT_DM_STORE_COUNT));
for (final String tenantDomain : tenants) for (final String tenantDomain : tenants)
{ {

4
source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java
View File

@@ -104,8 +104,8 @@ public class MultiTNodeServiceInterceptor extends DelegatingIntroductionIntercep
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public Object invoke(MethodInvocation invocation) throws Throwable public Object invoke(MethodInvocation invocation) throws Throwable
{ {
// See if we can shortcut // See if we can shortcut (for super 'System' only)
if (AuthenticationUtil.isRunAsUserTheSystemUser() || !AuthenticationUtil.isMtEnabled()) if (AuthenticationUtil.getSystemUserName().equals(AuthenticationUtil.getRunAsUser()) || !AuthenticationUtil.isMtEnabled())
{ {
return invocation.proceed(); return invocation.proceed();
} }

12
source/java/org/alfresco/repo/usage/UsageQuotaProtector.java
View File

@@ -32,8 +32,8 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.node.NodeServicePolicies; import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent; import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.usage.ContentUsageService; import org.alfresco.service.cmr.usage.ContentUsageService;
import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.NamespaceService;
@@ -46,7 +46,6 @@ import org.alfresco.service.namespace.QName;
public class UsageQuotaProtector implements NodeServicePolicies.OnUpdatePropertiesPolicy public class UsageQuotaProtector implements NodeServicePolicies.OnUpdatePropertiesPolicy
{ {
private AuthorityService authorityService; private AuthorityService authorityService;
private AuthenticationService authenticationService;
private PolicyComponent policyComponent; private PolicyComponent policyComponent;
private ContentUsageService contentUsageService; private ContentUsageService contentUsageService;
@@ -55,11 +54,6 @@ public class UsageQuotaProtector implements NodeServicePolicies.OnUpdateProperti
this.authorityService = authorityService; this.authorityService = authorityService;
} }
public void setAuthenticationService(AuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
public void setContentUsageService(ContentUsageService contentUsageService) public void setContentUsageService(ContentUsageService contentUsageService)
{ {
this.contentUsageService = contentUsageService; this.contentUsageService = contentUsageService;
@@ -105,14 +99,14 @@ public class UsageQuotaProtector implements NodeServicePolicies.OnUpdateProperti
// Check for change in sizeCurrent // Check for change in sizeCurrent
if ((sizeCurrentBefore != sizeCurrentAfter) && (sizeCurrentBefore != null) && if ((sizeCurrentBefore != sizeCurrentAfter) && (sizeCurrentBefore != null) &&
(! (authorityService.hasAdminAuthority() || authenticationService.isCurrentUserTheSystemUser()))) (! (authorityService.hasAdminAuthority() || AuthenticationUtil.isRunAsUserTheSystemUser())))
{ {
throw new AlfrescoRuntimeException("Update failed: protected property 'sizeCurrent'"); throw new AlfrescoRuntimeException("Update failed: protected property 'sizeCurrent'");
} }
// Check for change in sizeQuota // Check for change in sizeQuota
if ((sizeQuotaBefore != sizeQuotaAfter) && (sizeQuotaBefore != null) && if ((sizeQuotaBefore != sizeQuotaAfter) && (sizeQuotaBefore != null) &&
(! (authorityService.hasAdminAuthority() || authenticationService.isCurrentUserTheSystemUser()))) (! (authorityService.hasAdminAuthority() || AuthenticationUtil.isRunAsUserTheSystemUser())))
{ {
throw new AlfrescoRuntimeException("Update failed: protected property 'sizeQuota'"); throw new AlfrescoRuntimeException("Update failed: protected property 'sizeQuota'");
} }