diff --git a/data-model/src/main/java/org/alfresco/service/cmr/security/PermissionService.java b/data-model/src/main/java/org/alfresco/service/cmr/security/PermissionService.java index af619d7e48..40592d7d23 100644 --- a/data-model/src/main/java/org/alfresco/service/cmr/security/PermissionService.java +++ b/data-model/src/main/java/org/alfresco/service/cmr/security/PermissionService.java @@ -81,25 +81,24 @@ public interface PermissionService /** * The dynamic authority for the Admin service account. */ - String ADMIN_SERVICE_ACCOUNT_AUTHORITY = "ROLE_ADMIN_SERVICE_ACCOUNT"; + String ADMIN_SVC_AUTHORITY = "ROLE_ADMIN_SERVICE_ACCOUNT"; /** * The dynamic authority for the Collaborator service account. */ - String COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY = "ROLE_COLLABORATOR_SERVICE_ACCOUNT"; + String COLLABORATOR_SVC_AUTHORITY = "ROLE_COLLABORATOR_SERVICE_ACCOUNT"; /** * The dynamic authority for the Editor service account. */ - String EDITOR_SERVICE_ACCOUNT_AUTHORITY = "ROLE_EDITOR_SERVICE_ACCOUNT"; + String EDITOR_SVC_AUTHORITY = "ROLE_EDITOR_SERVICE_ACCOUNT"; /** * A convenient set of service account authorities to simplify checks * for whether a given authority is a service account authority or not. */ - Set SERVICE_ACCOUNT_AUTHORITIES_SET = Set.of(ADMIN_SERVICE_ACCOUNT_AUTHORITY, - COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY, - EDITOR_SERVICE_ACCOUNT_AUTHORITY); + Set SVC_AUTHORITIES_SET = Set.of(ADMIN_SVC_AUTHORITY, COLLABORATOR_SVC_AUTHORITY, + EDITOR_SVC_AUTHORITY); /** * The permission for all - not defined in the model. Repsected in the code. diff --git a/repository/src/main/java/org/alfresco/repo/sa/ServiceAccountRegistryImpl.java b/repository/src/main/java/org/alfresco/repo/sa/ServiceAccountRegistryImpl.java index 45b3db2d0a..bac4edb742 100644 --- a/repository/src/main/java/org/alfresco/repo/sa/ServiceAccountRegistryImpl.java +++ b/repository/src/main/java/org/alfresco/repo/sa/ServiceAccountRegistryImpl.java @@ -25,6 +25,7 @@ */ package org.alfresco.repo.sa; +import java.util.Locale; import java.util.Optional; import java.util.Properties; import java.util.Set; @@ -114,9 +115,9 @@ public class ServiceAccountRegistryImpl implements ServiceAccountRegistry, Initi return; } // Ensure the role is in uppercase and has the prefix - role = role.toUpperCase(); + role = role.toUpperCase(Locale.ENGLISH); role = getRoleWithPrefix(role); - if (!PermissionService.SERVICE_ACCOUNT_AUTHORITIES_SET.contains(role)) + if (!PermissionService.SVC_AUTHORITIES_SET.contains(role)) { LOGGER.warn("Invalid service account role '{}'. The role is not recognized.", role); return; diff --git a/repository/src/main/resources/alfresco/public-services-security-context.xml b/repository/src/main/resources/alfresco/public-services-security-context.xml index 5c29d25ee5..8f8769493e 100644 --- a/repository/src/main/resources/alfresco/public-services-security-context.xml +++ b/repository/src/main/resources/alfresco/public-services-security-context.xml @@ -156,15 +156,15 @@ - + - + - + diff --git a/repository/src/test/java/org/alfresco/repo/sa/ServiceAccountRegistryImplTest.java b/repository/src/test/java/org/alfresco/repo/sa/ServiceAccountRegistryImplTest.java index 154720c9ee..05048ad647 100644 --- a/repository/src/test/java/org/alfresco/repo/sa/ServiceAccountRegistryImplTest.java +++ b/repository/src/test/java/org/alfresco/repo/sa/ServiceAccountRegistryImplTest.java @@ -25,9 +25,9 @@ */ package org.alfresco.repo.sa; -import static org.alfresco.service.cmr.security.PermissionService.ADMIN_SERVICE_ACCOUNT_AUTHORITY; -import static org.alfresco.service.cmr.security.PermissionService.COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY; -import static org.alfresco.service.cmr.security.PermissionService.EDITOR_SERVICE_ACCOUNT_AUTHORITY; +import static org.alfresco.service.cmr.security.PermissionService.ADMIN_SVC_AUTHORITY; +import static org.alfresco.service.cmr.security.PermissionService.COLLABORATOR_SVC_AUTHORITY; +import static org.alfresco.service.cmr.security.PermissionService.EDITOR_SVC_AUTHORITY; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -71,7 +71,7 @@ public class ServiceAccountRegistryImplTest @Test public void testInvalidServiceAccountName() { - globalProperties.put("serviceaccount.role. ", ADMIN_SERVICE_ACCOUNT_AUTHORITY); + globalProperties.put("serviceaccount.role. ", ADMIN_SVC_AUTHORITY); assertTrue("Invalid service account name.", serviceAccountService.getServiceAccountNames().isEmpty()); } @@ -100,43 +100,43 @@ public class ServiceAccountRegistryImplTest @Test public void testValidServiceAccount() throws Exception { - globalProperties.put("serviceaccount.role.testServiceAccount", ADMIN_SERVICE_ACCOUNT_AUTHORITY); + globalProperties.put("serviceaccount.role.testServiceAccount", ADMIN_SVC_AUTHORITY); serviceAccountService.afterPropertiesSet(); Optional testServiceAccount = serviceAccountService.getServiceAccountRole("testServiceAccount"); assertFalse("The service account role is not empty.", testServiceAccount.isEmpty()); - assertEquals(ADMIN_SERVICE_ACCOUNT_AUTHORITY, testServiceAccount.get()); + assertEquals(ADMIN_SVC_AUTHORITY, testServiceAccount.get()); assertEquals(1, serviceAccountService.getServiceAccountNames().size()); } @Test public void testManyServiceAccounts() throws Exception { - globalProperties.put("serviceaccount.role.testEditorSA", EDITOR_SERVICE_ACCOUNT_AUTHORITY); - globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY); - globalProperties.put("serviceaccount.role.testAdminSA", ADMIN_SERVICE_ACCOUNT_AUTHORITY); + globalProperties.put("serviceaccount.role.testEditorSA", EDITOR_SVC_AUTHORITY); + globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SVC_AUTHORITY); + globalProperties.put("serviceaccount.role.testAdminSA", ADMIN_SVC_AUTHORITY); serviceAccountService.afterPropertiesSet(); assertEquals(3, serviceAccountService.getServiceAccountNames().size()); Optional editorSA = serviceAccountService.getServiceAccountRole("testEditorSA"); assertFalse("The service account role is not empty.", editorSA.isEmpty()); - assertEquals(EDITOR_SERVICE_ACCOUNT_AUTHORITY, editorSA.get()); + assertEquals(EDITOR_SVC_AUTHORITY, editorSA.get()); Optional collaboratorSA = serviceAccountService.getServiceAccountRole("testCollaboratorSA"); assertFalse("The service account role is not empty.", collaboratorSA.isEmpty()); - assertEquals(COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY, collaboratorSA.get()); + assertEquals(COLLABORATOR_SVC_AUTHORITY, collaboratorSA.get()); Optional adminSA = serviceAccountService.getServiceAccountRole("testAdminSA"); assertFalse("The service account role is not empty.", adminSA.isEmpty()); - assertEquals(ADMIN_SERVICE_ACCOUNT_AUTHORITY, adminSA.get()); + assertEquals(ADMIN_SVC_AUTHORITY, adminSA.get()); } @Test public void testValidServiceAccountRoleValues() throws Exception { globalProperties.put("serviceaccount.role.testEditorSA", "EDITOR_SERVICE_ACCOUNT"); - globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY); + globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SVC_AUTHORITY); globalProperties.put("serviceaccount.role.testAdminSA", "ADMIN_SERVICE_ACCOUNT"); serviceAccountService.afterPropertiesSet(); @@ -144,14 +144,14 @@ public class ServiceAccountRegistryImplTest Optional editorSA = serviceAccountService.getServiceAccountRole("testEditorSA"); assertFalse("The service account role is not empty.", editorSA.isEmpty()); - assertEquals(EDITOR_SERVICE_ACCOUNT_AUTHORITY, editorSA.get()); + assertEquals(EDITOR_SVC_AUTHORITY, editorSA.get()); Optional collaboratorSA = serviceAccountService.getServiceAccountRole("testCollaboratorSA"); assertFalse("The service account role is not empty.", collaboratorSA.isEmpty()); - assertEquals(COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY, collaboratorSA.get()); + assertEquals(COLLABORATOR_SVC_AUTHORITY, collaboratorSA.get()); Optional adminSA = serviceAccountService.getServiceAccountRole("testAdminSA"); assertFalse("The service account role is not empty.", adminSA.isEmpty()); - assertEquals(ADMIN_SERVICE_ACCOUNT_AUTHORITY, adminSA.get()); + assertEquals(ADMIN_SVC_AUTHORITY, adminSA.get()); } } diff --git a/repository/src/test/java/org/alfresco/repo/security/permissions/dynamic/ServiceAccountRoleTest.java b/repository/src/test/java/org/alfresco/repo/security/permissions/dynamic/ServiceAccountRoleTest.java index 7ac12a8bd8..7ad2a0f630 100644 --- a/repository/src/test/java/org/alfresco/repo/security/permissions/dynamic/ServiceAccountRoleTest.java +++ b/repository/src/test/java/org/alfresco/repo/security/permissions/dynamic/ServiceAccountRoleTest.java @@ -66,9 +66,9 @@ import org.springframework.context.ApplicationContext; * * The service account roles that currently supported are: *
    - *
  • {@link PermissionService#EDITOR_SERVICE_ACCOUNT_AUTHORITY}
    • - *
  • {@link PermissionService#COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY}
    • - *
  • {@link PermissionService#ADMIN_SERVICE_ACCOUNT_AUTHORITY}
    • + *
  • {@link PermissionService#EDITOR_SVC_AUTHORITY}
    • + *
  • {@link PermissionService#COLLABORATOR_SVC_AUTHORITY}
    • + *
  • {@link PermissionService#ADMIN_SVC_AUTHORITY}
    • *
* The test class relies on the following service accounts defined in the alfresco-global.properties file: *
    @@ -173,9 +173,9 @@ public class ServiceAccountRoleTest private static void serviceAccountsShouldExistInGlobalProperties() { - assertServiceAccountIsDefined(PermissionService.EDITOR_SERVICE_ACCOUNT_AUTHORITY, EDITOR_SA.getUsername()); - assertServiceAccountIsDefined(PermissionService.COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY, COLLABORATOR_SA.getUsername()); - assertServiceAccountIsDefined(PermissionService.ADMIN_SERVICE_ACCOUNT_AUTHORITY, ADMIN_SA.getUsername()); + assertServiceAccountIsDefined(PermissionService.EDITOR_SVC_AUTHORITY, EDITOR_SA.getUsername()); + assertServiceAccountIsDefined(PermissionService.COLLABORATOR_SVC_AUTHORITY, COLLABORATOR_SA.getUsername()); + assertServiceAccountIsDefined(PermissionService.ADMIN_SVC_AUTHORITY, ADMIN_SA.getUsername()); } private static void assertServiceAccountIsDefined(String expectedRole, String username)