inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge V1.4 to HEAD

Browse Source 
- Ignored Enterprise-specific changes
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3701 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3703 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3704 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3705 .
   svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3707 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V1.4@3876 .
   svn revert root\projects\web-client\source\web\jsp\admin\admin-console.jsp


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@3879 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2006-09-21 23:35:51 +00:00
parent 89f39cd176
commit d2bce74f0b
103 changed files with 3569 additions and 1172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
source/java/org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource.java
View File

@@ -91,6 +91,10 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
private AuthorityDAO authorityDAO;
private boolean errorOnMissingGID;
private boolean errorOnMissingUID;
public LDAPGroupExportSource()
{
super();
@@ -146,6 +150,16 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
this.errorOnMissingMembers = errorOnMissingMembers;
}
public void setErrorOnMissingGID(boolean errorOnMissingGID)
{
this.errorOnMissingGID = errorOnMissingGID;
}
public void setErrorOnMissingUID(boolean errorOnMissingUID)
{
this.errorOnMissingUID = errorOnMissingUID;
}
public void setAuthorityDAO(AuthorityDAO authorityDAO)
{
this.authorityDAO = authorityDAO;
@@ -279,7 +293,7 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
ContentModel.TYPE_AUTHORITY_CONTAINER.getLocalName(), ContentModel.TYPE_AUTHORITY_CONTAINER
.toPrefixString(namespaceService), attrs);
if ((authorityDAO != null ) && authorityDAO.authorityExists(group.gid))
if ((authorityDAO != null) && authorityDAO.authorityExists(group.gid))
{
NodeRef authNodeRef = authorityDAO.getAuthorityNodeRefOrNull(group.gid);
if (authNodeRef != null)
@@ -295,7 +309,7 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
.toPrefixString(namespaceService));
}
}
writer.startElement(ContentModel.PROP_AUTHORITY_NAME.getNamespaceURI(), ContentModel.PROP_AUTHORITY_NAME
.getLocalName(), ContentModel.PROP_AUTHORITY_NAME.toPrefixString(namespaceService),
new AttributesImpl());
@@ -368,8 +382,17 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
Attribute gidAttribute = attributes.get(groupIdAttributeName);
if (gidAttribute == null)
{
throw new ExportSourceImporterException(
"Group returned by group search does not have mandatory group id attribute " + attributes);
if (errorOnMissingGID)
{
throw new ExportSourceImporterException(
"Group returned by group search does not have mandatory group id attribute "
+ attributes);
}
else
{
s_logger.warn("Missing GID on " + attributes);
continue;
}
}
String gid = (String) gidAttribute.get(0);
@@ -453,7 +476,15 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
Attribute objectclass = attributes.get("objectclass");
if (objectclass == null)
{
throw new ExportSourceImporterException("Failed to find attribute objectclass for DN " + dn);
if (errorOnMissingMembers)
{
throw new ExportSourceImporterException("Failed to find attribute objectclass for DN "
+ dn);
}
else
{
continue;
}
}
for (int i = 0; i < objectclass.size(); i++)
{
@@ -479,8 +510,18 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
Attribute groupIdAttribute = attributes.get(groupIdAttributeName);
if (groupIdAttribute == null)
{
throw new ExportSourceImporterException("Group missing group id attribute DN ="
+ dn + " att = " + groupIdAttributeName);
if (errorOnMissingGID)
{
throw new ExportSourceImporterException(
"Group missing group id attribute DN ="
+ dn + " att = " + groupIdAttributeName);
}
else
{
s_logger.warn("Group missing group id attribute DN ="
+ dn + " att = " + groupIdAttributeName);
continue;
}
}
id = (String) groupIdAttribute.get(0);
}
@@ -504,8 +545,18 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
Attribute userIdAttribute = attributes.get(userIdAttributeName);
if (userIdAttribute == null)
{
throw new ExportSourceImporterException("User missing user id attribute DN ="
+ dn + " att = " + userIdAttributeName);
if (errorOnMissingUID)
{
throw new ExportSourceImporterException(
"User missing user id attribute DN ="
+ dn + " att = " + userIdAttributeName);
}
else
{
s_logger.warn("User missing user id attribute DN ="
+ dn + " att = " + userIdAttributeName);
continue;
}
}
id = (String) userIdAttribute.get(0);
}
@@ -527,7 +578,14 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
{
if (isGroup == null)
{
throw new ExportSourceImporterException("Type not recognised for DN" + dn);
if (errorOnMissingMembers)
{
throw new ExportSourceImporterException("Type not recognised for DN" + dn);
}
else
{
continue;
}
}
else if (isGroup)
{
@@ -538,7 +596,14 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
Group child = lookup.get("GROUP_" + id);
if (child == null)
{
if (errorOnMissingMembers)
{
throw new ExportSourceImporterException("Failed to find child group " + id);
}
else
{
continue;
}
}
if (rootGroups.contains(child))
{
@@ -688,7 +753,7 @@ public class LDAPGroupExportSource implements ExportSource, InitializingBean
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);

124
source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java
View File

@@ -30,17 +30,22 @@ import javax.naming.directory.InitialDirContext;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFactory
public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFactory, InitializingBean
{
private static final Log logger = LogFactory.getLog(LDAPInitialDirContextFactoryImpl.class);
private Map<String, String> initialDirContextEnvironment = Collections.<String, String> emptyMap();
static
{
System.setProperty("javax.security.auth.useSubjectCredentialsOnly", "false");
}
public LDAPInitialDirContextFactoryImpl()
{
super();
@@ -87,11 +92,22 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
{
throw new AuthenticationException("Null user name provided.");
}
if (principal.length() == 0)
{
throw new AuthenticationException("Empty user name provided.");
}
if (credentials == null)
{
throw new AuthenticationException("No credentials provided.");
}
if (credentials.length() == 0)
{
throw new AuthenticationException("Empty credentials provided.");
}
Hashtable<String, String> env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, principal);
@@ -187,4 +203,108 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
}
public void afterPropertiesSet() throws Exception
{
// Check Anonymous bind
Hashtable<String, String> env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.remove(Context.SECURITY_PRINCIPAL);
env.remove(Context.SECURITY_CREDENTIALS);
try
{
new InitialDirContext(env);
logger.warn("LDAP server supports anonymous bind " + env.get(Context.PROVIDER_URL));
}
catch (javax.naming.AuthenticationException ax)
{
}
catch (NamingException nx)
{
throw new AuthenticationException("Unable to connect to LDAP Server; check LDAP configuration", nx);
}
// Simple DN and password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "daftAsABrush");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for a string uid and password at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
logger.info("LDAP server does not support simple string user ids and invalid credentials at "+ env.get(Context.PROVIDER_URL));
}
// DN and password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "cn=daftAsABrush,dc=woof");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for a simple dn and password at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
logger.info("LDAP server does not support simple DN and invalid password at "+ env.get(Context.PROVIDER_URL));
}
// Check more if we have a real principal we expect to work
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
if(env.get(Context.SECURITY_PRINCIPAL) != null)
{
// Correct principal invalid password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_CREDENTIALS, "sdasdasdasdasd123123123");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind for a known principal if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
// already donw
}
}
}
}

15
source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
View File

@@ -67,6 +67,8 @@ public class LDAPPersonExportSource implements ExportSource
private NamespaceService namespaceService;
private String defaultHomeFolder;
private boolean errorOnMissingUID;
public LDAPPersonExportSource()
{
@@ -113,6 +115,11 @@ public class LDAPPersonExportSource implements ExportSource
this.attributeMapping = attributeMapping;
}
public void setErrorOnMissingUID(boolean errorOnMissingUID)
{
this.errorOnMissingUID = errorOnMissingUID;
}
public void generateExport(XMLWriter writer)
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
@@ -161,8 +168,16 @@ public class LDAPPersonExportSource implements ExportSource
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
if(errorOnMissingUID)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
else
{
s_logger.warn("User returned by user search does not have mandatory user id attribute " + attributes);
continue;
}
}
String uid = (String) uidAttribute.get(0);