inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.3 to HEAD

Browse Source 
20794: Merged DEV/V3.3-BUG-FIX to V3.3
      20792: Fix for unit test failures introduced by check in 20771
      20791: ALF-3568: Include axiom jars in WAS shared library to solve Quickr connector issues
      20785: Merged DEV/BELARUS/V3.3-BUG-FIX-2010_06_14 to DEV/V3.3-BUG-FIX
         20644: Function for the browser window closing was implemented. For IE browser the trick with window opener was used. Fixes ALF-1004: After closing Details Space, user doesn't return to his previous location
      20784: Fix for ALF-3516: Enterprise 3.X / Impossible to Create a Blog with Special Characters in the Title (?/!)
      20783: Fix for ALF-1087: Documents checked-out from Share do not have "Upload new version" action in Alfresco Explorer
      20782: Added multiday timed event handling to week view
      20775: Merged V3.3 to DEV/V3.3-BUG-FIX
         20670: Fix for ALF-3260: XSS attack is made in Wiki tab if First/Last user name contain xss. Also fixed double encoding errors found during regression testing.
      20772: Update to node browser to show namespace of attributes.
      20771: ALF-3591 - transferring rules.
         - also extends the behaviour filter.
      20770: ALF-3186 - action parameter values are not fully transferred - need to handle d:any
      20768: AVM - ALF-3611 (OrphanReaper + PurgeTestP + additional NPE fixes)
      20765: (RECORD ONLY) Merged BRANCHES/V3.3 to BRANCHES/DEV/V3.3-BUG-FIX:
         20708: DB2 build - add create/drop db ant targets (use DB2 cmdline - since not possible via JDBC/SQL)
         20722: DB2 build - run db2cmd in same window (follow-on to r20708)
      20764: Fix unreported JSON encoding issue with links components
      20762: Fix ALF-2599: Share - Cannot search for user currently logged on
      20759: DB2: fix FullNodeServiceTest.testLongMLTextValues (ALF-497)
         - TODO: fix create script when merging to HEAD
      20756: DB2: fix JBPMEngine*Test.* (ALF-3640) - follow-on (upgrade patch)
      20746: DB2: fix WebProjectServiceImplTest.testCreateWebProject (ALF-2300)
      20744: DB2: fix JBPMEngine*Test.* (ALF-3640) - missed file
      20743: DB2: fix JBPMEngine*Test.* (ALF-3640)
      20729: AVM - fix purge store so that root nodes are actually orphaned (ALF-3627)
         - also prelim for ALF-3611
      20720: (RECORD ONLY) ALF-3594: Merged HEAD to V3.3-BUGFIX
         20616: ALF-2265: Share 'Uber Filter' part 2
            - WebScriptNTLMAuthenticationFilter detached from its superclass and renamed to WebScriptSSOAuthenticationFilter
            - Now the filter simply chains to the downstream authentication filter rather than call its superclass
            - This means the same filter can be used for Kerberos-protected webscripts as well as NTLM
            - Wired globalAuthenticationFilter behind webscriptAuthenticationFilter in the filter chain in web.xml
            - Configured webscriptAuthenticationFilter for Kerberos subsystem
      20719: Merged DEV/TEMPORARY to V3.3-BUGFIX
         20696: ALF-3180: when using NTLM SSO, a user needs to log in first into the web UI before being able to mount alfresco using CIFS
            The absence of the missing person creation logic in “the org.alfresco.filesys.auth.cifs.PassthruCifsAuthenticator.authenticateUser()” method was fixed. 
      20718: Merged DEV/TEMPORARY to V3.3-BUGFIX
         20659: ALF-3216: Incomplete settings for Lotus Quickr
            The protocol,host,port and context are removed from properties and a dependency on the org.alfresco.repo.admin.SysAdminParams interface is introduced.
      20711: Latest SpringSurf libs - fix for ALF-3557
      20710: Merged HEAD to BRANCHES/DEV/V3.3-BUG-FIX:
         20705: Fix ALF-3585: AtomPub summary can render first part of binary content resulting in invalid XML
      20691: Merged DEV/TEMPORARY to V3.3-BUGFIX
         19404: ALF-220: Editor can't rename files and folders via WebDav
            The Rename method of FileFolderService was used in case of file renaming instead of move method in WebDAV MOVE command.
      20663: ALF-3208 RenderingEngine actions should no longer appear in the list of available actions that can be fired using rules.
      20656: ALF-2645: LDAP sync now logs 'dangling references' for debugging purposes
      20651: ALF-485: FTP passthru authenticator logs authentication failures at debug level to avoid noise in the logs
      20646: Merge V2.2 To V3.3
         14301 : RECORD ONLY - ETWOTWO-1227 - fix to serialize FSR deployments.
         14618 : RECORD ONLY - Merge HEAD to 2.2 13944 : After rename project deploy option disappears.
      20637: ALF-3123: Avoid NPE on Oracle when loading empty string values persisted through JMX and the attribute service
      20633: ALF-2057: LDAP synchronization lock now persists for a maximum of two minutes (instead of 24 hours!)
         - The exclusive lock gained for LDAP sync from the JobLockService is now refreshed at 1 minute intervals and never persists for more than 2 minutes
      20628: ALF-1905: Allow use of anonymous bind for LDAP synchronization (NOT authentication)
         - Previously synchronization AND authentication shared the same setting for java.naming.security.authentication, meaning that if you tried to use anonymous bind for the synchronization side, the authentication side would complain.
         - Now there are two independent environments declared for the 'default' synchronization connection and the authentication connection
         - A new property ldap.synchronization.java.naming.security.authentication declares the authentication type used by synchronization. Set to "none" for anonymous bind.
      20623: Fix for ALF-3188 : Access Denied when updating doc via CIFS
      20620: Merge DEV to V3.3-BUG-FIX
         20456 -  ALF-1824 : Setting alfresco.rmi.services.host on linux does not use specified host/IP
      20617: Merged DEV/BELARUS/V3.3-2010_06_08 to V3.3-BUG-FIX (with corrections)
         20606: ALF-651: Web Services client ContentUtils.convertToByteArray is broken
            - org.alfresco.webservice.util.ContentUtils.convertToByteArray() method has been updated to cover large Input Streams conversion.
            - org.alfresco.webservice.test.ContentUtilsTest is a test for the new functionality implemented in the ContentUtils class.
            - org.alfresco.webservice.test.resources.big-content.pdf is a large content for the ContentUtilsTest.testInputStreamToByteArrayConversion() test.
      20613: Fixed ALF-1746: Metadata extractors are unable to remove ALL aspect-related properties
         - putRawValue keeps hold of 'null' values
         - All policies keep hold of 'null' values
         - Only affects 'carryAspectProperties=false'
      20609: Merged HEAD to V3.3-BUG-FIX
         20578: ALF-3178 - Transfer Service - to transfer rule (ie. ruleFolder with it's children) the PathHelper should allow "-" (dash character)
         20608: ALF-3178 - fix r20578 (mis-applied patch)
      20594: WebDAV BitKinex compatibility fix - Let the XML Parser work out the body encoding if it is not declared in the Content-Type header
      20588: (RECORD ONLY) Merged V3.3 to V3.3-BUG-FIX
         - Merged across all differences from V3.3
   20778: Added revision to version label.
   20777: Fix for ALF-2451 - installer correctly configure Share port
   20722: DB2 build - run db2cmd in same window (follow-on to r20712)
   20721: DB2 build - fix create target and add "/c" to exit "db2cmd"
      - TODO: add wait/timeout target, ideally checking for created DB 


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20796 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
2010-06-24 15:47:38 +00:00
parent 0f1a1a4bc2
commit 9963da3d51
54 changed files with 871 additions and 835 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
source/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java
View File

@@ -34,6 +34,9 @@ import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.batch.BatchProcessor;
@@ -58,6 +61,7 @@ import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.PropertyMap;
import org.alfresco.util.TraceableThreadFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
@@ -103,8 +107,8 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
private static final QName LOCK_QNAME = QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI,
"ChainingUserRegistrySynchronizer");
/** The maximum time this lock will be held for (1 day). */
private static final long LOCK_TTL = 1000 * 60 * 60 * 24;
/** The time this lock will persist for in the database (now only 2 minutes but refreshed at regular intervals). */
private static final long LOCK_TTL = 1000 * 60 * 2;
/** The path in the attribute service below which we persist attributes. */
private static final String ROOT_ATTRIBUTE_PATH = ".ChainingUserRegistrySynchronizer";
@@ -315,7 +319,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
* (non-Javadoc)
* @see org.alfresco.repo.security.sync.UserRegistrySynchronizer#synchronize(boolean, boolean, boolean)
*/
public void synchronize(boolean forceUpdate, boolean allowDeletions, boolean splitTxns)
public void synchronize(boolean forceUpdate, boolean allowDeletions, final boolean splitTxns)
{
// Don't proceed with the sync if the repository is read only
if (this.transactionService.isReadOnly())
@@ -325,8 +329,15 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
return;
}
// Create a background executor that will refresh our lock. This means we can request a lock with a relatively
// small persistence time and not worry about it lasting after server restarts. Note we use an independent
// executor because this is a compound operation that spans accross multiple batch processors.
String lockToken = null;
TraceableThreadFactory threadFactory = new TraceableThreadFactory();
threadFactory.setNamePrefix("ChainingUserRegistrySynchronizer lock refresh");
threadFactory.setThreadDaemon(true);
ScheduledExecutorService lockRefresher = new ScheduledThreadPoolExecutor(1, threadFactory);
// Let's ensure all exceptions get logged
try
{
@@ -351,7 +362,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
else
{
// If this is a login-triggered sync, give it a few retries before giving up
this.jobLockService.getTransactionalLock(ChainingUserRegistrySynchronizer.LOCK_QNAME,
lockToken = this.jobLockService.getLock(ChainingUserRegistrySynchronizer.LOCK_QNAME,
ChainingUserRegistrySynchronizer.LOCK_TTL, 3000, 10);
}
}
@@ -363,6 +374,27 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
return;
}
// Schedule the lock refresh to run at regular intervals
final String token = lockToken;
lockRefresher.scheduleAtFixedRate(new Runnable()
{
public void run()
{
ChainingUserRegistrySynchronizer.this.transactionService.getRetryingTransactionHelper()
.doInTransaction(new RetryingTransactionCallback<Object>()
{
public Object execute() throws Throwable
{
ChainingUserRegistrySynchronizer.this.jobLockService.refreshLock(token,
ChainingUserRegistrySynchronizer.LOCK_QNAME,
ChainingUserRegistrySynchronizer.LOCK_TTL);
return null;
}
}, false, splitTxns);
}
}, ChainingUserRegistrySynchronizer.LOCK_TTL / 2, ChainingUserRegistrySynchronizer.LOCK_TTL / 2,
TimeUnit.MILLISECONDS);
Set<String> visitedZoneIds = new TreeSet<String>();
Collection<String> instanceIds = this.applicationContextManager.getInstanceIds();
@@ -418,6 +450,16 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
{
if (lockToken != null)
{
// Cancel the lock refresher
lockRefresher.shutdown();
try
{
lockRefresher.awaitTermination(Long.MAX_VALUE, TimeUnit.SECONDS);
}
catch (InterruptedException e)
{
}
final String token = lockToken;
this.transactionService.getRetryingTransactionHelper().doInTransaction(
new RetryingTransactionCallback<Object>()
@@ -888,8 +930,43 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
// Remove all the associations we have already dealt with
this.groupAssocsToCreate.keySet().removeAll(this.authoritiesMaintained);
// Filter out associations to authorities that simply can't exist
this.groupAssocsToCreate.keySet().retainAll(this.allZoneAuthorities);
// Filter out associations to authorities that simply can't exist (and log if debugging is enabled)
Iterator<Map.Entry<String, Set<String>>> i = this.groupAssocsToCreate.entrySet().iterator();
StringBuilder groupList = null;
while (i.hasNext())
{
Map.Entry<String, Set<String>> entry = i.next();
String child = entry.getKey();
if (!this.allZoneAuthorities.contains(child))
{
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{
if (groupList == null)
{
groupList = new StringBuilder(1024);
}
else
{
groupList.setLength(0);
}
for (String parent : entry.getValue())
{
if (groupList.length() > 0)
{
groupList.append(", ");
}
groupList.append('\'').append(
ChainingUserRegistrySynchronizer.this.authorityService.getShortName(parent))
.append('\'');
}
ChainingUserRegistrySynchronizer.logger.debug("Ignoring non-existent member '"
+ ChainingUserRegistrySynchronizer.this.authorityService.getShortName(child)
+ "' in groups {" + groupList.toString() + "}");
}
i.remove();
}
}
if (!this.groupAssocsToCreate.isEmpty())
{