From 9576bd46f5f6a45f48ac5587d5716a10521cd6b1 Mon Sep 17 00:00:00 2001 From: Kevin Roast Date: Mon, 18 Jan 2010 15:32:57 +0000 Subject: [PATCH] Merged V3.2E to HEAD 17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only - Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service - Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable() - Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable - Works with authentication chain containing mixture of internally and externally authenticated users 17247: Fix failing unit tests - rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!) 17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters 17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../web/app/servlet/AuthenticationHelper.java | 19 +++++++++++++++---- .../org/alfresco/web/bean/NavigationBean.java | 12 +++++++----- .../web/bean/users/CreateUserWizard.java | 9 ++++----- .../web/bean/users/UsersBeanProperties.java | 8 ++++---- .../alfresco/web/bean/users/UsersDialog.java | 10 ++++++++++ .../web/bean/wizard/NewUserWizard.java | 13 +++++-------- .../org/alfresco/web/forms/FormsTest.java | 4 ++-- source/web/jsp/users/users.jsp | 4 ++-- 8 files changed, 49 insertions(+), 30 deletions(-) diff --git a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java index e4f0cc1f01..b65814e716 100644 --- a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java +++ b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java @@ -25,6 +25,7 @@ package org.alfresco.web.app.servlet; import java.io.IOException; +import java.io.UnsupportedEncodingException; import java.util.Enumeration; import javax.faces.context.FacesContext; @@ -36,7 +37,6 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.alfresco.error.AlfrescoRuntimeException; -import org.springframework.extensions.surf.util.I18NUtil; import org.alfresco.model.ContentModel; import org.alfresco.repo.SessionUser; import org.alfresco.repo.management.subsystems.ActivateableBean; @@ -50,7 +50,6 @@ import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AuthenticationService; -import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.web.app.Application; import org.alfresco.web.bean.LoginBean; @@ -58,6 +57,8 @@ import org.alfresco.web.bean.repository.User; import org.alfresco.web.bean.users.UserPreferencesBean; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.springframework.extensions.surf.util.Base64; +import org.springframework.extensions.surf.util.I18NUtil; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.support.WebApplicationContextUtils; @@ -556,13 +557,23 @@ public final class AuthenticationHelper public static void setUsernameCookie(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String username) { Cookie authCookie = getAuthCookie(httpRequest); + // Let's Base 64 encode the username so it is a legal cookie value + String encodedUsername; + try + { + encodedUsername = Base64.encodeBytes(username.getBytes("UTF-8")); + } + catch (UnsupportedEncodingException e) + { + throw new RuntimeException(e); + } if (authCookie == null) { - authCookie = new Cookie(COOKIE_ALFUSER, username); + authCookie = new Cookie(COOKIE_ALFUSER, encodedUsername); } else { - authCookie.setValue(username); + authCookie.setValue(encodedUsername); } authCookie.setPath(httpRequest.getContextPath()); // TODO: make this configurable - currently 7 days (value in seconds) diff --git a/source/java/org/alfresco/web/bean/NavigationBean.java b/source/java/org/alfresco/web/bean/NavigationBean.java index 0ef30abcf7..6f5b3bcf64 100644 --- a/source/java/org/alfresco/web/bean/NavigationBean.java +++ b/source/java/org/alfresco/web/bean/NavigationBean.java @@ -56,7 +56,7 @@ import org.alfresco.service.cmr.repository.TemplateService; import org.alfresco.service.cmr.rule.RuleService; import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.security.AccessStatus; -import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.web.app.Application; @@ -208,12 +208,12 @@ public class NavigationBean implements Serializable /** * @param authService The AuthenticationService to set. */ - public void setAuthenticationService(AuthenticationService authService) + public void setAuthenticationService(MutableAuthenticationService authService) { this.authService = authService; } - protected AuthenticationService getAuthService() + protected MutableAuthenticationService getAuthService() { if (authService == null) this.authService = Repository.getServiceRegistry(FacesContext.getCurrentInstance()).getAuthenticationService(); @@ -1024,7 +1024,9 @@ public class NavigationBean implements Serializable */ public boolean isAllowUserConfig() { - return this.clientConfig.getAllowUserConfig(); + // For correct behaviour, we ask the authentication chain whether this particular user is mutable + return this.clientConfig.getAllowUserConfig() + && this.authService.isAuthenticationMutable(this.authService.getCurrentUserName()); } @@ -1157,7 +1159,7 @@ public class NavigationBean implements Serializable UserPreferencesBean preferences; /** The Authentication service bean reference */ - transient private AuthenticationService authService; + transient private MutableAuthenticationService authService; /** The PermissionService reference */ transient private PermissionService permissionService; diff --git a/source/java/org/alfresco/web/bean/users/CreateUserWizard.java b/source/java/org/alfresco/web/bean/users/CreateUserWizard.java index 1138d07b06..43123d27ed 100644 --- a/source/java/org/alfresco/web/bean/users/CreateUserWizard.java +++ b/source/java/org/alfresco/web/bean/users/CreateUserWizard.java @@ -43,14 +43,13 @@ import org.alfresco.model.ContentModel; import org.alfresco.repo.tenant.TenantService; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.OwnableService; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.usage.ContentUsageService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; -import org.alfresco.util.ApplicationContextHelper; import org.springframework.extensions.surf.util.Pair; import org.alfresco.web.app.Application; import org.alfresco.web.app.context.UIContextService; @@ -102,7 +101,7 @@ public class CreateUserWizard extends BaseWizardBean protected String sizeQuotaUnits = null; /** AuthenticationService bean reference */ - transient private AuthenticationService authenticationService; + transient private MutableAuthenticationService authenticationService; /** PersonService bean reference */ transient private PersonService personService; @@ -129,7 +128,7 @@ public class CreateUserWizard extends BaseWizardBean /** * @param authenticationService The AuthenticationService to set. */ - public void setAuthenticationService(AuthenticationService authenticationService) + public void setAuthenticationService(MutableAuthenticationService authenticationService) { this.authenticationService = authenticationService; } @@ -137,7 +136,7 @@ public class CreateUserWizard extends BaseWizardBean /** * @return authenticationService */ - private AuthenticationService getAuthenticationService() + private MutableAuthenticationService getAuthenticationService() { if (authenticationService == null) { diff --git a/source/java/org/alfresco/web/bean/users/UsersBeanProperties.java b/source/java/org/alfresco/web/bean/users/UsersBeanProperties.java index 382fc8e10d..e0d4f6e16d 100644 --- a/source/java/org/alfresco/web/bean/users/UsersBeanProperties.java +++ b/source/java/org/alfresco/web/bean/users/UsersBeanProperties.java @@ -36,7 +36,7 @@ import org.alfresco.service.cmr.repository.ContentService; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.search.SearchService; -import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.cmr.usage.ContentUsageService; import org.alfresco.web.app.servlet.DownloadContentServlet; @@ -57,7 +57,7 @@ public class UsersBeanProperties implements Serializable transient private SearchService searchService; /** AuthenticationService bean reference */ - transient private AuthenticationService authenticationService; + transient private MutableAuthenticationService authenticationService; /** PersonService bean reference */ transient private PersonService personService; @@ -111,7 +111,7 @@ public class UsersBeanProperties implements Serializable /** * @return the authenticationService */ - public AuthenticationService getAuthenticationService() + public MutableAuthenticationService getAuthenticationService() { //check for null for cluster environment if (authenticationService == null) @@ -167,7 +167,7 @@ public class UsersBeanProperties implements Serializable /** * @param authenticationService The AuthenticationService to set. */ - public void setAuthenticationService(AuthenticationService authenticationService) + public void setAuthenticationService(MutableAuthenticationService authenticationService) { this.authenticationService = authenticationService; } diff --git a/source/java/org/alfresco/web/bean/users/UsersDialog.java b/source/java/org/alfresco/web/bean/users/UsersDialog.java index f9c1b36299..1021227031 100644 --- a/source/java/org/alfresco/web/bean/users/UsersDialog.java +++ b/source/java/org/alfresco/web/bean/users/UsersDialog.java @@ -387,6 +387,15 @@ public class UsersDialog extends BaseDialogBean implements IContextListener, Cha return (quota != null && quota != -1L) ? quota : null; } }; + + public NodePropertyResolver resolverUserMutable = new NodePropertyResolver() + { + public Object get(Node personNode) + { + return properties.getAuthenticationService().isAuthenticationMutable( + (String) personNode.getProperties().get("userName")); + } + }; /** * Action handler to show all the users currently in the system @@ -404,6 +413,7 @@ public class UsersDialog extends BaseDialogBean implements IContextListener, Cha { node.addPropertyResolver("sizeLatest", this.resolverUserSizeLatest); node.addPropertyResolver("quota", this.resolverUserQuota); + node.addPropertyResolver("isMutable", this.resolverUserMutable); } // return null to stay on the same page diff --git a/source/java/org/alfresco/web/bean/wizard/NewUserWizard.java b/source/java/org/alfresco/web/bean/wizard/NewUserWizard.java index 6247e7bf64..b11ae649b8 100644 --- a/source/java/org/alfresco/web/bean/wizard/NewUserWizard.java +++ b/source/java/org/alfresco/web/bean/wizard/NewUserWizard.java @@ -24,8 +24,6 @@ */ package org.alfresco.web.bean.wizard; -import java.io.IOException; -import java.io.ObjectInputStream; import java.io.Serializable; import java.text.MessageFormat; import java.util.HashMap; @@ -48,13 +46,12 @@ import org.alfresco.repo.tenant.TenantService; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.OwnableService; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; -import org.alfresco.util.ApplicationContextHelper; import org.alfresco.web.app.Application; import org.alfresco.web.app.context.UIContextService; import org.alfresco.web.bean.repository.Node; @@ -66,7 +63,7 @@ import org.alfresco.web.ui.common.Utils; import org.alfresco.web.ui.common.component.UIActionLink; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.commons.validator.EmailValidator; +import org.apache.commons.validator.EmailValidator; /** * @author Kevin Roast @@ -101,7 +98,7 @@ public class NewUserWizard extends AbstractWizardBean private NodeRef homeSpaceLocation = null; /** AuthenticationService bean reference */ - transient private AuthenticationService authenticationService; + transient private MutableAuthenticationService authenticationService; /** NamespaceService bean reference */ transient private NamespaceService namespaceService; @@ -131,12 +128,12 @@ public class NewUserWizard extends AbstractWizardBean /** * @param authenticationService The AuthenticationService to set. */ - public void setAuthenticationService(AuthenticationService authenticationService) + public void setAuthenticationService(MutableAuthenticationService authenticationService) { this.authenticationService = authenticationService; } - private AuthenticationService getAuthenticationService() + private MutableAuthenticationService getAuthenticationService() { if (authenticationService == null) { diff --git a/source/java/org/alfresco/web/forms/FormsTest.java b/source/java/org/alfresco/web/forms/FormsTest.java index b8b0b7eaf7..78895c9d32 100644 --- a/source/java/org/alfresco/web/forms/FormsTest.java +++ b/source/java/org/alfresco/web/forms/FormsTest.java @@ -36,7 +36,7 @@ import org.alfresco.service.cmr.model.FileInfo; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.StoreRef; -import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.namespace.QName; import org.alfresco.util.BaseSpringTest; import org.alfresco.util.TestWithUserUtils; @@ -105,7 +105,7 @@ public class FormsTest assertNotNull(fileFolderService); this.formsService = (FormsService)super.applicationContext.getBean("FormsService"); assertNotNull(this.formsService); - final AuthenticationService authenticationService = (AuthenticationService) + final MutableAuthenticationService authenticationService = (MutableAuthenticationService) applicationContext.getBean("authenticationService"); authenticationService.clearCurrentSecurityContext(); final MutableAuthenticationDao authenticationDAO = (MutableAuthenticationDao) diff --git a/source/web/jsp/users/users.jsp b/source/web/jsp/users/users.jsp index 99587e842d..42e17ca82f 100644 --- a/source/web/jsp/users/users.jsp +++ b/source/web/jsp/users/users.jsp @@ -138,10 +138,10 @@ - + - +