diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java index c0f179dbb2..d15e16be4e 100644 --- a/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java +++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java @@ -416,6 +416,20 @@ public class AuthenticationUtil implements InitializingBean { throw new IllegalStateException("AuthenticationUtil not yet initialised; default admin username not available"); } + + if (isMtEnabled()) + { + String runAsUser = AuthenticationUtil.getRunAsUser(); + if (runAsUser != null) + { + String[] parts = splitUserTenant(runAsUser); + if (parts.length == 2) + { + return defaultAdminUserName + TenantService.SEPARATOR + parts[1]; + } + } + } + return defaultAdminUserName; } @@ -576,13 +590,13 @@ public class AuthenticationUtil implements InitializingBean public static void logNDC(String userName) { NDC.remove(); - + if (isMtEnabled()) { - int idx = userName.indexOf(TenantService.SEPARATOR); - if ((idx != -1) && (idx < (userName.length() - 1))) + String[] parts = splitUserTenant(userName); + if (parts.length == 2) { - NDC.push("Tenant:" + userName.substring(idx + 1) + " User:" + userName.substring(0, idx)); + NDC.push("Tenant:" + parts[1] + " User:" + parts[0]); } else { @@ -594,5 +608,9 @@ public class AuthenticationUtil implements InitializingBean NDC.push("User:" + userName); } } - + + private static String[] splitUserTenant(String userName) + { + return userName.split(TenantService.SEPARATOR); + } } diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java index dd8dc9c8f1..24ed24ff61 100644 --- a/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java +++ b/source/java/org/alfresco/repo/security/authority/AuthorityServiceImpl.java @@ -174,13 +174,30 @@ public class AuthorityServiceImpl implements AuthorityService, InitializingBean // Check named admin users Set adminUsers = this.authenticationService.getDefaultAdministratorUserNames(); - - // note: for multi-tenancy, this currently relies on a naming convention which assumes that all tenant admins will - // have the same base name as the default non-tenant specific admin. Typically "admin" is the default required admin user, - // although, if for example "bob" is also listed as an admin then all tenant-specific bob's will also have admin authority + String currentUserBaseName = tenantService.getBaseNameUser(currentUserName); - boolean isAdminUser = (adminUsers.contains(currentUserName) || adminUsers.contains(currentUserBaseName)); - + + boolean isAdminUser = false; + if (tenantService.isEnabled()) + { + // note: for multi-tenancy, this currently relies on a naming convention which assumes that all tenant admins will + // have the same base name as the default non-tenant specific admin. Typically "admin" is the default required admin user, + // although, if for example "bob" is also listed as an admin then all tenant-specific bob's will also have admin authority + + for (String adminUser : adminUsers) + { + if (adminUser.equals(currentUserName) || tenantService.getBaseNameUser(adminUser).equals(currentUserBaseName)) + { + isAdminUser = true; + break; + } + } + } + else + { + isAdminUser = adminUsers.contains(currentUserName); + } + // Check named admin groups if (!isAdminUser && !adminGroups.isEmpty()) { diff --git a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java index 66da23db9b..68de2e8a51 100755 --- a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java +++ b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java @@ -1242,7 +1242,7 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo { return baseAdminUsername; } - return AuthenticationUtil.getAdminUserName(); + return getBaseNameUser(AuthenticationUtil.getAdminUserName()); } private String getSystemUser(String tenantDomain)