Refactor subsystems for authentication chaining

- An authentication chain of size 1 configured by default - DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain. - SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication - SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported). - SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain - CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only) - Rationalization of subsystem configuration folder structure and JMX object naming - Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances - Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime. - New AuthenticationChainTest unit test git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-04-21 13:29:08 +00:00
parent bf949d306b
commit d2180c5eaa
77 changed files with 3556 additions and 1371 deletions
--- a/source/java/org/alfresco/filesys/config/ServerConfigurationBean.java
+++ b/source/java/org/alfresco/filesys/config/ServerConfigurationBean.java
@@ -80,6 +80,7 @@ import org.alfresco.jlan.util.MemorySize;
 import org.alfresco.jlan.util.Platform;
 import org.alfresco.jlan.util.StringList;
 import org.alfresco.jlan.util.X64;
+import org.alfresco.repo.management.subsystems.ActivateableBean;

 /**
 * Alfresco File Server Configuration Bean Class
@@ -172,6 +173,15 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean
            return;
        }

+        // Before we go any further, let's make sure there's a compatible authenticator in the authentication chain.
+        ICifsAuthenticator authenticator = cifsConfigBean.getAuthenticator();
+        if (authenticator == null || authenticator instanceof ActivateableBean && !((ActivateableBean)authenticator).isActive())
+        {
+            logger.warn("No enabled CIFS authenticator found in authentication chain. CIFS Server disabled");
+            removeConfigSection(CIFSConfigSection.SectionName);
+            return;
+        }
+            
        // Create the CIFS server configuration section

        CIFSConfigSection cifsConfig = new CIFSConfigSection(this);
@@ -343,7 +353,6 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean

            // Get the authenticator

-            ICifsAuthenticator authenticator = cifsConfigBean.getAuthenticator();
            if (authenticator != null)
            {
                cifsConfig.setAuthenticator(authenticator);