mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V3.4-BUG-FIX to HEAD
29870: ALF-9952: Compatibility fix to allow mounting of Alfresco WebDAV as a network drive on Windows XP (without WebDrive)
29872: Fixed ALF-7698 "Defects in tags picker in SHARE."
- now checks added items to avoid duplicates
29873: Made sure the onActionDetails doclib action generates SimpleDialog instance ids each time, to avoid multiple js class instances with the same id getting called for every dialog created.
29878: ALF-9378: Use caching plus a read write lock, in a similar manner to ALF-7064, to avoid contention in SubsystemProxyFactory under load
29881: Added helper text for the translators to the property file.
29910: ALF-7433: a file deleted using the web UI still appears in a NFS mount but with NULL stats
- timestamp propagation now enabled by default so NFS always works
- timestamp propagation less agressive - only has to propagate on adds / deletes and renames
29911: Values for recurrence strings updated now that I've read RFC-2445
29944: ALF-9988: Merged PATCHES/V3.3.4 to V3.4-BUG-FIX
28581: ALF-8944: Corrected sort parameter handling for datetime fields, based on analyzer and tokenization mode
29955: Fixed ALF-9965: Property names matching fails if the property contains non Alphanumeric characters
29956: Fixed ALF-9424: Webform(XSD): xf:switch switch group does not work based on "complexContent with Base" element.
29964: Fixed ALF-9089: TinyMCE convert_fonts_to_spans parameter is not being picked up in Web Forms
29977: L10N Updates from Gloria (based on rev29838).
29980: Ignore virtual tomcat directory
29981: Merged BRANCHES/DEV/BELARUS/V3.4-BUG-FIX-2011_08_19 to BRANCHES/DEV/V3.4-BUG-FIX
ALF-6808 : Incorrect Search Language Conversion for wild card characters (%, _) for MS SQL
29984: ALF-4753: Fix search query escaping in Alfresco Explorer
- AWC-1743 / CHK-2171 fix restored
29993: Merged DEV/TEMPORARY to V3.4-BUG-FIX
29989: ALF-9976: WebDAV Class 2 compliance issue with OPTIONS response.
Class 2 incompliance connected with absence of 'PROPPATCH' method in the 'Allow' response header has been fixed
30009: ALF-7239 : Documents from Records Manager cannot be viewed in Outlook
30012: Merged BRANCHES/DEV/BELARUS/V3.4-BUG-FIX-2011_08_19 to BRANCHES/DEV/V3.4-BUG-FIX:
29986: ALF-7105: pdfbox returns errors in the logs but one cannot understand what file is affected (PDFBox)
30014: ALF-6284: Fix for Share Kerberos SSO Websphere compatibility (by Pavel)
30016: Merged DEV to V3.4-BUG-FIX
29424: ALF-8715: NFS: Admin sometimes cannot edit content uploaded via JSF
Fix for "Can't open file for writing" during saving file in VI-like editors connected with FileExpiry daemon:
- 'getNodeOrNull()' method extracted to get and check on existence of the cached file object
and then update cache timeout or remove it from the cache;
- 'getNodeForPath()' was appropriately updated in accordance with logic extracted to 'getNodeOrNull()';
- 'fileExists()' method was corrected to take into account existence of the cached file object
30017: Reverses an accidental check in made with the last L10N bundle update (r29977)
30045: ALF-8664 - Custom 'mandatory' RM metadata causes editing issues
30053: ALF-9681: webScriptsRegistryCache size in ehcache-default.xml
webScriptsRegistryCache maxElementsInMemory size was incremented up to 1000
30079: ALF-10027: Fix template alfresco-global.properties for custom tomcat ports
- Obselete web.application.context.url removed
- alfresco.host, alfresco.port, share.host and share.port added
30080: Fixed parse error mentioned in ALF-9511 "RSS Feeds with HTTP Auth doesn't work with Feed dashlet"
- In java regexps the . (dot) does NOT include the \r or \n by default, to change that a (?s) instruction was added in the beginning of the regexp
30083: Fixed ALF-10048 "Multiple thumbnails in RSS feeds causes problem for RSS Feed dashlet"
30088: ALF-7433: Fix unit test fallout from new timestamp propagation behaviour
30089: ALF-7433: Further unit test fallout from new timestamp propagation behaviour
- testPermissionsAndPolicies needs to get folder modification date in a distinct transaction after populating it
30091: ALF-10050: CIFS: Coordinator is unable to delete content after IMAP has been enabled
- Transactional cache null entry issue
30096: ALF-9793: Allow auto-created NFS authenticated users to work
- Also removed admin from default mappings to avoid security hole
30102: ALF-8723 CIFS on Windows fails to start under certain conditions
- Found another place >= was required rather than just >
30104: ALF-9890 SiteService is not producing audit data.
- Internal siteService rather than public SiteService was being used, so there was no audit advice.
30119: ALF-9793: Fallout from previous fix. Prevent initialization error when there are no user mappings and NFS is not enabled.
30120: ALF-9526: Work around the fact that Websphere ignores the response encoding unless you call response.setCharacterEncoding()
- GlobalLocalizationFilter inserts a response wrapper that parses the charset parameter from the content type header, if it is present
30121: ALF-9535: Alfresco ignores Accept-Language sent from Share
- Ticket and webscript authentication (i.e. Share requests) will use the language set in request headers as the session language
30130: ALF-10049: Fix by Andrey to enable Flash upload on Weblogic!
30141: ALF-8732 Now if the adhoc workflow throws exceptions while sending a notification email then those exceptions are ignored.
30226: ALF-9415: JSF - Copy/Paste vs Cut/Paste add aspect rule.
30242: Added NodeService.getNodeRef(Long nodeId)
- First step to remove Lucene search from inbound email server
- Done while investigating ALF-9660
30243: Fixed ALF-9660: Inbound emails are always stored with encoding=UTF-8 regardless the encoding the email client uses.
- If the encoding is provided, then it is not guessed
- Includes tweak to remove Lucene search and rather use direct node ID-NodeRef translation provided by NodeService
30263: Incremented version revision
30264: ALF-10187: Merged V3.3 to V3.4-BUG-FIX
30003: ALF-9898: More defensive exception handling to avoid packet pool leaks and extra logging on packet pool exhaustion
30265: Merged V3.4 to V3.4-BUG-FIX
30259: ALF-6527 LangPack FR - [Search results' page] Incorrect label when search matches results
- Added "(s)" to "trouvé(s) dans l'entrepôt." (for a repository search - found in retest)
- The original change:
Added "(s)" to "trouvé(s) dans tous les sites." (for an All Sites search)
However this leaves the current site search. As a result I also:
Added "(s)" to "trouvé(s) dans le site {0}." (for a current Site search)
and checked with a French speaker that this would sound correct.
Note: all three labels are prefixed by a separate text label: "N résultat(s) "
30261: (RECORD ONLY) Merged V3.4-BUG-FIX to V3.4 (3.4.5)
30262: ALF-10186: Merged PATCHES/V3.4.1 to V3.4
30126: ALF-10075: Concurrency during CMIS document update causes content stream to close prematurely.
- Created BufferedRequest request wrapper in RepositoryContainer
- If the content stream is accessed directly it is streamed to a temporary file so that requests can be retried
30137: ALF-10075: Fixed NPE
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@30271 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -18,14 +18,12 @@
|
||||
*/
|
||||
package org.alfresco.filesys.auth.nfs;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.transaction.Status;
|
||||
import javax.transaction.UserTransaction;
|
||||
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
import org.alfresco.filesys.AlfrescoConfigSection;
|
||||
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
|
||||
import org.alfresco.jlan.oncrpc.AuthType;
|
||||
@@ -39,13 +37,15 @@ import org.alfresco.jlan.server.auth.ClientInfo;
|
||||
import org.alfresco.jlan.server.config.InvalidConfigurationException;
|
||||
import org.alfresco.jlan.server.config.ServerConfiguration;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationComponent;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationException;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
import org.alfresco.service.cmr.security.AuthenticationService;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
||||
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
||||
import org.alfresco.service.transaction.TransactionService;
|
||||
import org.alfresco.util.GUID;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.extensions.config.ConfigElement;
|
||||
|
||||
/**
|
||||
* Alfresco RPC Authenticator Class
|
||||
@@ -66,13 +66,13 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
|
||||
// UID/GID to username conversions
|
||||
|
||||
private HashMap<Integer, String> m_idMap;
|
||||
private Map<Integer, String> m_idMap = Collections.emptyMap();
|
||||
|
||||
private List<UserMapping> userMappings;
|
||||
|
||||
private AuthenticationComponent authenticationComponent;
|
||||
|
||||
private AuthenticationService authenticationService;
|
||||
private MutableAuthenticationService authenticationService;
|
||||
|
||||
private TransactionService transactionService;
|
||||
|
||||
@@ -86,7 +86,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
this.authenticationComponent = authenticationComponent;
|
||||
}
|
||||
|
||||
public void setAuthenticationService (AuthenticationService authenticationService)
|
||||
public void setAuthenticationService (MutableAuthenticationService authenticationService)
|
||||
{
|
||||
this.authenticationService = authenticationService;
|
||||
}
|
||||
@@ -266,109 +266,91 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
* @param sess SrvSession
|
||||
* @param client ClientInfo
|
||||
*/
|
||||
public void setCurrentUser( SrvSession sess, ClientInfo client)
|
||||
public void setCurrentUser(SrvSession sess, final ClientInfo client)
|
||||
{
|
||||
// Start a transaction
|
||||
|
||||
UserTransaction tx = createTransaction();
|
||||
|
||||
try
|
||||
{
|
||||
// start the transaction
|
||||
|
||||
tx.begin();
|
||||
|
||||
// Check the account type and setup the authentication context
|
||||
|
||||
if ( client == null || client.isNullSession() || client instanceof AlfrescoClientInfo == false)
|
||||
try
|
||||
{
|
||||
// Clear the authentication, null user should not be allowed to do any service calls
|
||||
|
||||
getAuthenticationComponent().clearCurrentSecurityContext();
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Clear security context, client=" + client);
|
||||
}
|
||||
else if ( client.isGuest() == false)
|
||||
{
|
||||
// Access the Alfresco client
|
||||
// start the transaction
|
||||
|
||||
doInTransaction(new RetryingTransactionCallback<Void>()
|
||||
{
|
||||
@Override
|
||||
public Void execute() throws Throwable
|
||||
{
|
||||
// Check the account type and setup the authentication context
|
||||
|
||||
if ( client == null || client.isNullSession() || client instanceof AlfrescoClientInfo == false)
|
||||
{
|
||||
// Clear the authentication, null user should not be allowed to do any service calls
|
||||
|
||||
getAuthenticationComponent().clearCurrentSecurityContext();
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Clear security context, client=" + client);
|
||||
}
|
||||
else if ( client.isGuest() == false)
|
||||
{
|
||||
// Access the Alfresco client
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
|
||||
// Check if the authentication token has been set for the client
|
||||
|
||||
if ( !alfClient.hasAuthenticationTicket() )
|
||||
{
|
||||
// ALF-9793: It's possible that the user we're about to accept doesn't even exist, yet we
|
||||
// are using alfresco authentication. In such cases we must automatically create
|
||||
// authentication (using a randomized password) in order to successfully authenticate.
|
||||
|
||||
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
|
||||
if (!authenticationService.authenticationExists( client.getUserName()) && authenticationService.isAuthenticationCreationAllowed())
|
||||
{
|
||||
authenticationService.createAuthentication( client.getUserName(), GUID.generate().toCharArray());
|
||||
}
|
||||
// Set the current user and retrieve the authentication token
|
||||
|
||||
getAuthenticationComponent().setCurrentUser( client.getUserName());
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
|
||||
// Check if the authentication token has been set for the client
|
||||
|
||||
if ( !alfClient.hasAuthenticationTicket() )
|
||||
{
|
||||
// Set the current user and retrieve the authentication token
|
||||
|
||||
getAuthenticationComponent().setCurrentUser( client.getUserName());
|
||||
alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set user name=" + client.getUserName() + ", ticket=" + alfClient.getAuthenticationTicket());
|
||||
}
|
||||
else
|
||||
{
|
||||
// Set the authentication context for the request
|
||||
|
||||
getAuthenticationService().validate(alfClient.getAuthenticationTicket());
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set user using auth ticket, ticket=" + alfClient.getAuthenticationTicket());
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Enable guest access for the request
|
||||
|
||||
getAuthenticationComponent().setGuestUserAsCurrentUser();
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set guest user");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
});
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set user name=" + client.getUserName() + ", ticket=" + alfClient.getAuthenticationTicket());
|
||||
}
|
||||
else
|
||||
{
|
||||
// Set the authentication context for the request
|
||||
|
||||
getAuthenticationService().validate(alfClient.getAuthenticationTicket());
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set user using auth ticket, ticket=" + alfClient.getAuthenticationTicket());
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Enable guest access for the request
|
||||
|
||||
getAuthenticationComponent().setGuestUserAsCurrentUser();
|
||||
|
||||
// DEBUG
|
||||
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Set guest user");
|
||||
}
|
||||
}
|
||||
catch ( Exception ex)
|
||||
{
|
||||
if ( logger.isErrorEnabled())
|
||||
logger.error( "Error in RPC authenticator setting current user", ex);
|
||||
}
|
||||
finally
|
||||
{
|
||||
// Commit the transaction
|
||||
|
||||
if ( tx != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
// Commit or rollback the transaction
|
||||
|
||||
if ( tx.getStatus() == Status.STATUS_MARKED_ROLLBACK)
|
||||
{
|
||||
// Transaction is marked for rollback
|
||||
|
||||
tx.rollback();
|
||||
}
|
||||
else
|
||||
{
|
||||
// Commit the transaction
|
||||
|
||||
tx.commit();
|
||||
}
|
||||
}
|
||||
catch ( Exception ex)
|
||||
{
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -386,7 +368,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
|
||||
// Copy over relevant bean properties for backward compatibility
|
||||
setAuthenticationComponent(alfrescoConfig.getAuthenticationComponent());
|
||||
setAuthenticationService(alfrescoConfig.getAuthenticationService());
|
||||
setAuthenticationService((MutableAuthenticationService) alfrescoConfig.getAuthenticationService());
|
||||
setTransactionService(alfrescoConfig.getTransactionService());
|
||||
|
||||
// Check for the user mappings
|
||||
@@ -503,19 +485,16 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Make sure there are some user mappings
|
||||
|
||||
if ( m_idMap == null || m_idMap.size() == 0)
|
||||
throw new InvalidConfigurationException("No user mappings for RPC authenticator");
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a transaction, this will be a writable transaction unless the system is in read-only mode.
|
||||
* Does work in a transaction. This will be a writeable transaction unless the system is in read-only mode.
|
||||
*
|
||||
* return UserTransaction
|
||||
* @param callback
|
||||
* a callback that does the work
|
||||
* @return the result, or <code>null</code> if not applicable
|
||||
*/
|
||||
protected final UserTransaction createTransaction()
|
||||
protected <T> T doInTransaction(RetryingTransactionHelper.RetryingTransactionCallback<T> callback)
|
||||
{
|
||||
// Get the transaction service
|
||||
|
||||
@@ -526,9 +505,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
if ( logger.isDebugEnabled())
|
||||
logger.debug("Using " + (txService.isReadOnly() ? "ReadOnly" : "Write") + " transaction");
|
||||
|
||||
// Create the transaction
|
||||
|
||||
return txService.getUserTransaction( txService.isReadOnly() ? true : false);
|
||||
return txService.getRetryingTransactionHelper().doInTransaction(callback, txService.isReadOnly());
|
||||
}
|
||||
|
||||
protected AuthenticationComponent getAuthenticationComponent()
|
||||
@@ -536,7 +513,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
|
||||
return this.authenticationComponent;
|
||||
}
|
||||
|
||||
protected AuthenticationService getAuthenticationService()
|
||||
protected MutableAuthenticationService getAuthenticationService()
|
||||
{
|
||||
return this.authenticationService;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user