inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.0 to HEAD

Browse Source 
12178: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes.
  12180: Build fix for updating person properties - set all existing to keep quota properties.
  12187: MT - fix missing merge and fallout post authentication util changes
  12199: Usage Service - fix unit test fallout post authentication util changes
  12204: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes
  12206: Authenticate now required since authentication util changes
  12210: Module fixes - to use new authentication util api changes


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12515 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2008-12-19 13:22:28 +00:00
parent ecf18f2bb4
commit 90d1f80fce
7 changed files with 87 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/usage-services-context.xml
View File

@@ -38,7 +38,6 @@
<bean id="usageQuotaProtector" class="org.alfresco.repo.usage.UsageQuotaProtector" init-method="init">
<property name="authorityService" ref="authorityService"/>
<property name="authenticationService" ref="authenticationService"/>
<property name="policyComponent" ref="policyComponent"/>
<property name="contentUsageService" ref="contentUsageImpl"/>
</bean>

11
source/java/org/alfresco/repo/search/impl/lucene/ADMLuceneCategoryTest.java
View File

@@ -42,6 +42,7 @@ import org.alfresco.repo.dictionary.M2Aspect;
import org.alfresco.repo.dictionary.M2Model;
import org.alfresco.repo.dictionary.M2Property;
import org.alfresco.repo.search.impl.lucene.fts.FullTextSearchIndexer;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
@@ -144,6 +145,8 @@ public class ADMLuceneCategoryTest extends TestCase
serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
tenantService = (TenantService) ctx.getBean("tenantService");
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
createTestTypes();
TransactionService transactionService = serviceRegistry.getTransactionService();
@@ -246,6 +249,14 @@ public class ADMLuceneCategoryTest extends TestCase
tx.commit();
}
@Override
protected void tearDown() throws Exception
{
// TODO Auto-generated method stub
AuthenticationUtil.clearCurrentSecurityContext();
super.tearDown();
}
private HashMap<QName, Serializable> createMap(String name, NodeRef[] nodeRefs)
{
HashMap<QName, Serializable> map = new HashMap<QName, Serializable>();

65
source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java
View File

@@ -334,6 +334,15 @@ public abstract class AuthenticationUtil
public static boolean isRunAsUserTheSystemUser()
{
String runAsUser = getRunAsUser();
if ((runAsUser != null) && isMtEnabled())
{
// get base username
int idx = runAsUser.indexOf(TenantService.SEPARATOR);
if (idx != -1)
{
runAsUser = runAsUser.substring(0, idx);
}
}
return EqualsHelper.nullSafeEquals(runAsUser, AuthenticationUtil.SYSTEM_USER_NAME);
}
@@ -411,6 +420,18 @@ public abstract class AuthenticationUtil
}
else
{
if ((originalRunAsAuthentication != null) && (isMtEnabled()))
{
String originalRunAsUserName = getUserName(originalRunAsAuthentication);
int idx = originalRunAsUserName.indexOf(TenantService.SEPARATOR);
if ((idx != -1) && (idx < (originalRunAsUserName.length() - 1)))
{
if (uid.equals(AuthenticationUtil.getSystemUserName()))
{
uid = uid + TenantService.SEPARATOR + originalRunAsUserName.substring(idx + 1);
}
}
}
AuthenticationUtil.setRunAsUser(uid);
}
result = runAsWork.doWork();
@@ -440,50 +461,6 @@ public abstract class AuthenticationUtil
AuthenticationUtil.setRunAsAuthentication(originalRunAsAuthentication);
}
}
// String effectiveUser = AuthenticationUtil.getCurrentEffectiveUserName();
// String realUser = AuthenticationUtil.getCurrentRealUserName();
//
// R result = null;
// try
// {
// if(realUser == null)
// {
// AuthenticationUtil.setCurrentRealUser(uid);
// }
// AuthenticationUtil.setCurrentEffectiveUser(uid);
// result = runAsWork.doWork();
// return result;
// }
// catch (Throwable exception)
// {
//
// // Re-throw the exception
// if (exception instanceof RuntimeException)
// {
// throw (RuntimeException) exception;
// }
// else
// {
// throw new RuntimeException("Error during run as.", exception);
// }
// }
// finally
// {
// if(realUser == null)
// {
// AuthenticationUtil.clearCurrentSecurityContext();
// }
// else
// {
// if(!realUser.equals(AuthenticationUtil.getCurrentRealUserName()))
// {
// AuthenticationUtil.setCurrentRealUser(realUser);
// s_logger.warn("Resetting real user which has changed in RunAs block");
// }
// AuthenticationUtil.setCurrentEffectiveUser(effectiveUser);
//
// }
// }
}
private static ThreadLocal<Stack<Authentication>> threadLocalFullAuthenticationStack;

4
source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
View File

@@ -486,8 +486,10 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName);
}
Map<QName, Serializable> update = nodeService.getProperties(personNode);
update.putAll(properties);
nodeService.setProperties(personNode, properties);
nodeService.setProperties(personNode, update);
}
public boolean isMutable()

37
source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
View File

@@ -93,7 +93,8 @@ public class MultiTDemoTest extends TestCase
public static List<String> tenants;
static {
static
{
tenants = new ArrayList<String>(NUM_TENANTS);
for (int i = 1; i <= NUM_TENANTS; i++)
{
@@ -103,8 +104,8 @@ public class MultiTDemoTest extends TestCase
public static final String ROOT_DIR = "./tenantstores";
public static final String TEST_ADMIN_BASENAME = "admin";
public static final String TEST_ADMIN_PASSWORD = "admin";
public static final String DEFAULT_ADMIN_UN = "admin";
public static final String DEFAULT_ADMIN_PW = "admin";
public static final String TEST_USER1 = "alice";
public static final String TEST_USER2 = "bob";
@@ -137,8 +138,6 @@ public class MultiTDemoTest extends TestCase
ownableService = (OwnableService) ctx.getBean("OwnableService");
authorityService = (AuthorityService) ctx.getBean("AuthorityService");
categoryService = (CategoryService) ctx.getBean("CategoryService");
// AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); // force, to clear real user from previous test (runAs issue ?)
}
@Override
@@ -150,6 +149,8 @@ public class MultiTDemoTest extends TestCase
public void testCreateTenants() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(DEFAULT_ADMIN_UN); // authenticate as super-admin
logger.info("Create tenants");
Set<NodeRef> personRefs = personService.getAllPeople();
@@ -174,8 +175,8 @@ public class MultiTDemoTest extends TestCase
{
if (! tenantAdminService.existsTenant(tenantDomain))
{
//tenantAdminService.createTenant(tenantDomain, TEST_ADMIN_PASSWORD.toCharArray(), ROOT_DIR + "/" + tenantDomain);
tenantAdminService.createTenant(tenantDomain, TEST_ADMIN_PASSWORD.toCharArray(), null); // use default root dir
//tenantAdminService.createTenant(tenantDomain, DEFAULT_ADMIN_PW.toCharArray(), ROOT_DIR + "/" + tenantDomain);
tenantAdminService.createTenant(tenantDomain, DEFAULT_ADMIN_PW.toCharArray(), null); // use default root dir
logger.info("Created tenant " + tenantDomain);
}
@@ -242,6 +243,17 @@ public class MultiTDemoTest extends TestCase
{
Set<NodeRef> personRefs = personService.getAllPeople();
for (NodeRef personRef : personRefs)
{
String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
assertTrue(userName.endsWith(tenantDomain));
logger.info("Create users: get all people - found user: "+userName);
NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
assertNotNull(homeSpaceRef);
}
if (tenantDomain.equals(TEST_TENANT_DOMAIN2))
{
assertEquals(5, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant, eve@tenant
@@ -251,14 +263,7 @@ public class MultiTDemoTest extends TestCase
assertEquals(4, personRefs.size()); // admin@tenant, guest@tenant, alice@tenant, bob@tenant
}
for (NodeRef personRef : personRefs)
{
String userName = (String)nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
assertTrue(userName.endsWith(tenantDomain));
NodeRef homeSpaceRef = (NodeRef)nodeService.getProperty(personRef, ContentModel.PROP_HOMEFOLDER);
assertNotNull(homeSpaceRef);
}
return null;
}
@@ -470,9 +475,7 @@ public class MultiTDemoTest extends TestCase
assertTrue("Super admin: ", (nodeService.getStores().size() >= DEFAULT_DM_STORE_COUNT));
return null;
}
}, TenantService.ADMIN_BASENAME);
assertTrue("Super tenant: ", (nodeService.getStores().size() >= DEFAULT_DM_STORE_COUNT));
}, DEFAULT_ADMIN_UN);
for (final String tenantDomain : tenants)
{

4
source/java/org/alfresco/repo/tenant/MultiTNodeServiceInterceptor.java
View File

@@ -104,8 +104,8 @@ public class MultiTNodeServiceInterceptor extends DelegatingIntroductionIntercep
@SuppressWarnings("unchecked")
public Object invoke(MethodInvocation invocation) throws Throwable
{
// See if we can shortcut
if (AuthenticationUtil.isRunAsUserTheSystemUser() || !AuthenticationUtil.isMtEnabled())
// See if we can shortcut (for super 'System' only)
if (AuthenticationUtil.getSystemUserName().equals(AuthenticationUtil.getRunAsUser()) || !AuthenticationUtil.isMtEnabled())
{
return invocation.proceed();
}

12
source/java/org/alfresco/repo/usage/UsageQuotaProtector.java
View File

@@ -32,8 +32,8 @@ import org.alfresco.model.ContentModel;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.usage.ContentUsageService;
import org.alfresco.service.namespace.NamespaceService;
@@ -46,7 +46,6 @@ import org.alfresco.service.namespace.QName;
public class UsageQuotaProtector implements NodeServicePolicies.OnUpdatePropertiesPolicy
{
private AuthorityService authorityService;
private AuthenticationService authenticationService;
private PolicyComponent policyComponent;
private ContentUsageService contentUsageService;
@@ -55,11 +54,6 @@ public class UsageQuotaProtector implements NodeServicePolicies.OnUpdateProperti
this.authorityService = authorityService;
}
public void setAuthenticationService(AuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
public void setContentUsageService(ContentUsageService contentUsageService)
{
this.contentUsageService = contentUsageService;
@@ -105,14 +99,14 @@ public class UsageQuotaProtector implements NodeServicePolicies.OnUpdateProperti
// Check for change in sizeCurrent
if ((sizeCurrentBefore != sizeCurrentAfter) && (sizeCurrentBefore != null) &&
(! (authorityService.hasAdminAuthority() || authenticationService.isCurrentUserTheSystemUser())))
(! (authorityService.hasAdminAuthority() || AuthenticationUtil.isRunAsUserTheSystemUser())))
{
throw new AlfrescoRuntimeException("Update failed: protected property 'sizeCurrent'");
}
// Check for change in sizeQuota
if ((sizeQuotaBefore != sizeQuotaAfter) && (sizeQuotaBefore != null) &&
(! (authorityService.hasAdminAuthority() || authenticationService.isCurrentUserTheSystemUser())))
(! (authorityService.hasAdminAuthority() || AuthenticationUtil.isRunAsUserTheSystemUser())))
{
throw new AlfrescoRuntimeException("Update failed: protected property 'sizeQuota'");
}