mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V4.0-BUG-FIX to HEAD
36311: BDE-69: filter long tests if minimal.testing property is defined
36314: Merged V4.0 to V4.0-BUG-FIX (RECORD ONLY)
36247: ALF-11027: temporarily remove import of maven.xml, since it makes ant calls fail from enterpriseprojects
36331: ALF-12447: Further changes required to fix lower case meta-inf folder name
36333: Revert ALF-12447.
36334: ALF-14115: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
36318: ALF-12447: Fix case on META-INF folder for SDK
36332: ALF-12447: Further changes required to fix lower case meta-inf folder name
36337: ALF-14115: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
36332: ALF-12447: Yet more meta-inf case changes needed.
36342: ALF-14120: fix only completed tasks returned
36343: ALF-13898: starting workflow from IMAP now using workflowDefs with engine name included, fallback to appending $jbpm when not present, to preserve backwards compatibility.
36345: Fix for ALF-12730 - Email Space Users fails if template is used
36346: Fix for ALF-9466 - We can search contents sorted by categories in Advanced search in Share, but saved search will not be shown in UI.
36364: Switch version to 4.0.3
36375: Merged BRANCHES/DEV/CLOUDSYNCLOCAL2 to BRANCHES/DEV/V4.0-BUG-FIX:
36366: Tweak to implementation to ensure that on-authentication-failed, the status is updated within a r/w transaction.
36374: Provide more specific exceptions from the Remote Connector Service for client and server errors
36376: Fix ALF-14121 - Alfresco fails to start if using "replicating-content-services-context.xml"
36393: Final part of ALF-13723 SOLR does not include the same query unit tests as lucene
- CMIS typed query and ordering tests
36432: ALF-14133: Merged V3.4-BUG-FIX (3.4.10) to V4.0-BUG-FIX (4.0.3)
<< 4.0.x specific change: Changed transformer.complex.OOXML.Image into transformer.complex.Any.Image >>
<< allowing any transformer to be selected for the conversion to JPEG >>
36427: ALF-14131 Complex transformers fail if a lower level transformer fails even though there is another transformer that could do the transformation
- Added a base spring bean for all complex transformers
36362: ALF-14131 Complex transformers fail if a lower level transformer fails even though there is another transformer that could do the transformation
36434: Test fix for ALF-13723 SOLR does not include the same query unit tests as lucene
- CMIS test data change broke AFTS ID ordering
36503: Removed thousands of compiler warnings (CMIS query test code)
36518: Fix for ALF-13778 - Links on Share Repository search page show incorrect link name; do not work when root-node is defined.
Fix now means that Share search correctly handles overridden Repository root node setting. Original work by Vasily Olhin.
36520: BDE-69: filter all repo tests if minimal.testing property is defined
36534: ALF-14116: Latest Surf libs (r1075) - ensure that i18n extensions can process browser sent short locales
36563: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
36336: ALF-12447: Yet more meta-inf case changes needed.
36347: Fix for ALF-13920 - Error occurred when try to edit/delete category
36352: Fix for ALF-13123 - Invalid JSON format from Get Node Tags Webscript - strings not double-quoted. Also fixed POST webscript with same issue.
36399: ALL LANG: translation updates based on EN r36392
36421: Fix for Mac Lion versioning issue. ALF-12792 (Part 1 of 2)
Enable the InfoPassthru and Level2Oplocks server capability flags, InfoPassthru is the flag that fixes the Mac Lion versioning error.
Added support for filesystems that do not implement the NTFS streams interface in the CIFS transact rename processing, for the Alfresco repo filesystem.
36422: Fix for Mac Lion versioning issue. ALF-12792 (Part 2 of 2)
Enable the InfoPassthru and Level2Oplocks server capability flags, InfoPassthru is the flag that fixes the Mac Lion versioning error.
36423: Add support for file size tracking in the file state. ALF-13616 (Part 1 of 2)
36424: Fix for Mac MS Word file save issue. ALF-13616 (Part 2 of 2)
Added live file size tracking to file writing/folder searches so the correct file size is returned before the file is closed.
36444: Merged DEV to V3.4-BUG-FIX
36419: ALF-12666 Search against simple-search-additional-attributes doesn't work properly
SearchContext.buildQuery(int) method was changed.
36446: Fix for ALF-13404 - Performance: 'Content I'm Editing' dashlet is slow to render when there is lots of data/sites
- Effectively removed all PATH based queries using the pattern /companyhome/sites/*/container//* as they are a non-optimized case
- Replaced the "all sites" doclist query using the above pattern with /companyhome/sites//* plus post query resultset processing based on documentLibrary container matching regex
- Optimized favorite document query to remove need for a PATH
- Optimized Content I'm Editing discussion PATH query to use /*/* instead of /*//*
- Fixed issue where Content I'm Editing discussion results would not always show the root topics that a user has edited
- Added some addition doclist.get.js query scriptlogger debugging output
36449: ALF-13404 - Fix for issue where favoriates for all sites would be shown in each site document library in the My Favorites filter.
36475: ALF-14131 Complex transformers fail if a lower level transformer fails even though there is another transformer that could do the transformation
- Change base spring bean on example config file
36480: 36453: ALF-3881 : ldap sync deletion behaviour not flexible enough
- synchronization.allowDeletions parameter introduced
- default value is true (existing behaviour)
- when false, no missing users or groups are deleted from the repository
- instead they are cleared of their zones and missing groups are cleared of all their members
- colliding users and groups from different zones are also 'moved' rather than recreated
- unit test added
36491: Added CIFS transact2 NT passthru levels for set end of file/set allocation size. ALF-13616.
Also updated FileInfoLevel with the latest list of NT passthru information levels.
36497: Fixed ALF-14163: JavaScript Behaviour broken: Node properties cannot be cast to java.io.Serializable
- Fallout from ALF-12855
- Made class Serializable (like HashMap would have been)
- Fixed line endings, too
36531: ALF-13769: Merged BELARUS/V3.4-BUG-FIX-2012_04_05 to V3.4-BUG-FIX (3.4.10)
35150: ALF-2645 : 3.2+ ldap sync debug information is too scarce
- Improved LDAP logging.
36532: ALF-13769: BRANCHES/DEV/BELARUS/V3.4-BUG-FIX-2012_01_26 to V3.4-BUG-FIX (3.4.10)
36461: ALF-237: WCM: File conflicts cause file order not to be consistent
- It is reasonable set values for checkboxes using the indexes from the list, which are not changed. So when we submit the window, the getSelectedNodes method is invoked and
it takes selected nodes by checkbox values from "paths" list.
36535: Merged DEV to V3.4-BUG-FIX
36479: ALF-8918 : Cannot "edit offline" a web quick start publication
A check in TaggableAspect.onUpdatePropertiesOnCommit() was extended to skip the update, if no tags were changed.
36555: Merged V3.4 to V3.4-BUG-FIX
36294: ALF-14039: Merged HEAD to V3.4
31732: ALF-10934: Prevent potential start/stop ping-pong of subsystems across a cluster
- When a cluster boots up or receives a reinit message it shouldn't be sending out any start messages
36566: Merged V3.4-BUG-FIX to V4.0-BUG-FIX (RECORD ONLY)
36172: Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/DEV/V3.4-BUG-FIX:
36169: ALF-8755: After renaming content / space by Contributor via WebDAV new items are created
36572: Merged V4.0 to V4.0-BUG-FIX
36388: ALF-14025: Updated Surf libs (1071). Fixes to checksum-disabled dependency handling
36392: ALF-14129 Failed to do upgrade from 3.4.8 to 4.0.2
<< Committed change for Frederik Heremans >>
- Moved actual activiti-tables creation to before the upgrade
36409: Fix for ALF-14124 Solr is not working - Errors occur during the startup
36466: Fix for ALF-12770 - Infinite loop popup alert in TinyMCE after XSS injection in Alfresco Explorer online edit.
36501: Merged DEV to V4.0
36496: ALF-14063 : CLONE - Internet Explorer hangs when using the object picker with a larger number of documents
YUI 2.9.0 library was modified to use chunked unloading of listeners via a series of setTimeout() functions in event.js for IE 6,7,8.
36502: ALF-14105: Share Advanced search issue with the form values
- Fix by David We
36538: ALF-13986: Updated web.xml and index.jsp redirect to ensure that SSO works with proper surf site-configuration customization
36539: Fix for ALF-14167 Filtering by Tags/Categories doen't findes any content in Repository/DocumentLibrary
- fix default namespace back to "" -> "" and fix the specific SOLR tests that require otherwise.
36541: ALF-14082: Input stream leaks in thumbnail rendering webscripts
36560: Correctly size content length header after HTML stripping process (ALF-9365)
36574: Merged V4.0 to V4.0-BUG-FIX (RECORD ONLY)
36316: Merged V4.0-BUG-FIX to V4.0 (4.0.2)
36391: Merged V4.0-BUG-FIX to V4.0
36376: Fix ALF-14121 - Alfresco fails to start if using "replicating-content-services-context.xml"
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@36576 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2011 Alfresco Software Limited.
|
||||
* Copyright (C) 2005-2012 Alfresco Software Limited.
|
||||
*
|
||||
* This file is part of Alfresco
|
||||
*
|
||||
@@ -18,7 +18,10 @@
|
||||
*/
|
||||
package org.alfresco.repo.security.sync;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.Serializable;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLDecoder;
|
||||
import java.text.DateFormat;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
@@ -38,6 +41,17 @@ import java.util.concurrent.ScheduledExecutorService;
|
||||
import java.util.concurrent.ScheduledThreadPoolExecutor;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import javax.management.AttributeNotFoundException;
|
||||
import javax.management.InstanceNotFoundException;
|
||||
import javax.management.IntrospectionException;
|
||||
import javax.management.MBeanAttributeInfo;
|
||||
import javax.management.MBeanException;
|
||||
import javax.management.MBeanInfo;
|
||||
import javax.management.MBeanServerConnection;
|
||||
import javax.management.MalformedObjectNameException;
|
||||
import javax.management.ObjectName;
|
||||
import javax.management.ReflectionException;
|
||||
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.batch.BatchProcessor;
|
||||
import org.alfresco.repo.batch.BatchProcessor.BatchProcessWorker;
|
||||
@@ -161,6 +175,11 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
|
||||
/** The number of worker threads. */
|
||||
private int workerThreads = 2;
|
||||
|
||||
private MBeanServerConnection mbeanServer;
|
||||
|
||||
/** Allow a full sync to perform deletions? */
|
||||
private boolean allowDeletions = true;
|
||||
|
||||
/**
|
||||
* Sets the application context manager.
|
||||
@@ -315,13 +334,51 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
{
|
||||
this.workerThreads = workerThreads;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Fullsync is run with deletions. By default is set to true.
|
||||
*
|
||||
* @param allowDeletions
|
||||
*/
|
||||
public void setAllowDeletions(boolean allowDeletions)
|
||||
{
|
||||
this.allowDeletions = allowDeletions;
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.alfresco.repo.security.sync.UserRegistrySynchronizer#synchronize(boolean, boolean, boolean)
|
||||
*/
|
||||
public void synchronize(boolean forceUpdate, boolean allowDeletions, final boolean splitTxns)
|
||||
public void synchronize(boolean forceUpdate, boolean isFullSync, final boolean splitTxns)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
|
||||
{
|
||||
|
||||
if (forceUpdate)
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.debug("Running a full sync.");
|
||||
}
|
||||
else
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.debug("Running a differential sync.");
|
||||
}
|
||||
if (allowDeletions)
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.debug("deletions are allowed");
|
||||
}
|
||||
else
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.debug("deletions are not allowed");
|
||||
}
|
||||
// Don't proceed with the sync if the repository is read only
|
||||
if (this.transactionService.isReadOnly())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Unable to proceed with user registry synchronization. Repository is read only.");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// Don't proceed with the sync if the repository is read only
|
||||
if (this.transactionService.isReadOnly())
|
||||
{
|
||||
@@ -414,17 +471,112 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
UserRegistry plugin = (UserRegistry) context.getBean(this.sourceBeanName);
|
||||
if (!(plugin instanceof ActivateableBean) || ((ActivateableBean) plugin).isActive())
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
|
||||
{
|
||||
mbeanServer = (MBeanServerConnection) getApplicationContext().getBean("alfrescoMBeanServer");
|
||||
try
|
||||
{
|
||||
StringBuilder nameBuff = new StringBuilder(200).append("Alfresco:Type=Configuration,Category=Authentication,id1=managed,id2=").append(
|
||||
URLDecoder.decode(id, "UTF-8"));
|
||||
ObjectName name = new ObjectName(nameBuff.toString());
|
||||
if (mbeanServer != null && mbeanServer.isRegistered(name))
|
||||
{
|
||||
MBeanInfo info = mbeanServer.getMBeanInfo(name);
|
||||
MBeanAttributeInfo[] attributes = info.getAttributes();
|
||||
ChainingUserRegistrySynchronizer.logger.debug(id + " attributes:");
|
||||
for (MBeanAttributeInfo attribute : attributes)
|
||||
{
|
||||
Object value = mbeanServer.getAttribute(name, attribute.getName());
|
||||
ChainingUserRegistrySynchronizer.logger.debug(attribute.getName() + " = " + value);
|
||||
}
|
||||
}
|
||||
}
|
||||
catch(UnsupportedEncodingException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
catch (MalformedObjectNameException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
catch (InstanceNotFoundException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
catch (IntrospectionException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
catch (AttributeNotFoundException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
catch (ReflectionException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
catch (MBeanException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Exception during logging", e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
if (ChainingUserRegistrySynchronizer.logger.isInfoEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.info("Synchronizing users and groups with user registry '" + id + "'");
|
||||
}
|
||||
if (allowDeletions && ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
if (isFullSync && ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Full synchronization with user registry '"
|
||||
+ id
|
||||
+ "'; some users and groups previously created by synchronization with this user registry may be removed.");
|
||||
+ id + "'");
|
||||
if (allowDeletions)
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Some users and groups previously created by synchronization with this user registry may be removed.");
|
||||
}
|
||||
else
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger
|
||||
.warn("Deletions are disabled. Users and groups removed from this registry will be logged only and will remain in the repository. Users previously found in a different registry will be moved in the repository rather than recreated.");
|
||||
}
|
||||
}
|
||||
// Work out whether we should do the work in a separate transaction (it's most performant if we
|
||||
// bunch it into small transactions, but if we are doing a sync on login, it has to be the same
|
||||
@@ -432,13 +584,14 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
boolean requiresNew = splitTxns
|
||||
|| AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY;
|
||||
|
||||
syncWithPlugin(id, plugin, forceUpdate, allowDeletions, requiresNew, visitedZoneIds, allZoneIds);
|
||||
syncWithPlugin(id, plugin, forceUpdate, isFullSync, requiresNew, visitedZoneIds, allZoneIds);
|
||||
}
|
||||
}
|
||||
catch (NoSuchBeanDefinitionException e)
|
||||
{
|
||||
// Ignore and continue
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
catch (RuntimeException e)
|
||||
@@ -583,7 +736,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
* the user registry and updated locally. When <code>false</code> then each source is only queried for
|
||||
* those users and groups modified since the most recent modification date of all the objects last
|
||||
* queried from that same source.
|
||||
* @param allowDeletions
|
||||
* @param isFullSync
|
||||
* Should a complete set of user and group IDs be queried from the user registries in order to determine
|
||||
* deletions? This parameter is independent of <code>force</code> as a separate query is run to process
|
||||
* updates.
|
||||
@@ -602,7 +755,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
* or group needs to be 're-zoned'.
|
||||
*/
|
||||
private void syncWithPlugin(final String zone, UserRegistry userRegistry, boolean forceUpdate,
|
||||
boolean allowDeletions, boolean splitTxns, final Set<String> visitedZoneIds, final Set<String> allZoneIds)
|
||||
boolean isFullSync, boolean splitTxns, final Set<String> visitedZoneIds, final Set<String> allZoneIds)
|
||||
{
|
||||
// Create a prefixed zone ID for use with the authority service
|
||||
final String zoneId = AuthorityService.ZONE_AUTH_EXT_PREFIX + zone;
|
||||
@@ -685,10 +838,24 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
// Check whether the group is in any of the authentication chain zones
|
||||
Set<String> intersection = new TreeSet<String>(groupZones);
|
||||
intersection.retainAll(allZoneIds);
|
||||
if (intersection.isEmpty())
|
||||
// Check whether the group is in any of the higher priority authentication chain zones
|
||||
Set<String> visited = new TreeSet<String>(intersection);
|
||||
visited.retainAll(visitedZoneIds);
|
||||
|
||||
if (groupZones.contains(zoneId))
|
||||
{
|
||||
// The group exists, but not in a zone that's in the authentication chain. May be due to
|
||||
// upgrade or zone changes. Let's re-zone them
|
||||
// The group already existed in this zone: update the group
|
||||
updateGroup(group, true);
|
||||
}
|
||||
else if (!visited.isEmpty())
|
||||
{
|
||||
// A group that exists in a different zone with higher precedence
|
||||
return;
|
||||
}
|
||||
else if (!allowDeletions || intersection.isEmpty())
|
||||
{
|
||||
// Deletions are disallowed or the group exists, but not in a zone that's in the authentication
|
||||
// chain. May be due to upgrade or zone changes. Let's re-zone them
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.warn("Updating group '" + groupShortName
|
||||
@@ -698,21 +865,12 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
ChainingUserRegistrySynchronizer.this.authorityService.removeAuthorityFromZones(groupName,
|
||||
groupZones);
|
||||
ChainingUserRegistrySynchronizer.this.authorityService.addAuthorityToZones(groupName, zoneSet);
|
||||
}
|
||||
if (groupZones.contains(zoneId) || intersection.isEmpty())
|
||||
{
|
||||
// The group already existed in this zone or no valid zone: update the group
|
||||
|
||||
// The group now exists in this zone: update the group
|
||||
updateGroup(group, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Check whether the group is in any of the higher priority authentication chain zones
|
||||
intersection.retainAll(visitedZoneIds);
|
||||
if (!intersection.isEmpty())
|
||||
{
|
||||
// A group that exists in a different zone with higher precedence
|
||||
return;
|
||||
}
|
||||
// The group existed, but in a zone with lower precedence
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
@@ -824,8 +982,6 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
{
|
||||
if (!newChildPersons.remove(child))
|
||||
{
|
||||
// Make sure each person with association changes features as a key in the creation map
|
||||
recordParentAssociationCreation(child, null);
|
||||
recordParentAssociationDeletion(child, groupName);
|
||||
}
|
||||
}
|
||||
@@ -849,10 +1005,14 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
// Create new associations
|
||||
for (String child : newChildPersons)
|
||||
{
|
||||
// Make sure each person with association changes features as a key in the deletion map
|
||||
recordParentAssociationDeletion(child, null);
|
||||
recordParentAssociationCreation(child, groupName);
|
||||
}
|
||||
for (String child : newChildGroups)
|
||||
{
|
||||
// Make sure each group with association changes features as a key in the deletion map
|
||||
recordParentAssociationDeletion(child, null);
|
||||
recordParentAssociationCreation(child, groupName);
|
||||
}
|
||||
}
|
||||
@@ -1094,11 +1254,11 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
}
|
||||
}
|
||||
|
||||
public void processGroups(UserRegistry userRegistry, boolean allowDeletions, boolean splitTxns)
|
||||
public void processGroups(UserRegistry userRegistry, boolean isFullSync, boolean splitTxns)
|
||||
{
|
||||
// If we got back some groups, we have to cross reference them with the set of known authorities
|
||||
if (allowDeletions || !this.groupParentAssocsToCreate.isEmpty()
|
||||
|| !this.personParentAssocsToCreate.isEmpty())
|
||||
if (isFullSync || !this.groupParentAssocsToDelete.isEmpty()
|
||||
|| !this.groupParentAssocsToDelete.isEmpty())
|
||||
{
|
||||
final Set<String> allZonePersons = newPersonSet();
|
||||
final Set<String> allZoneGroups = new TreeSet<String>();
|
||||
@@ -1117,17 +1277,19 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
}
|
||||
}, true, splitTxns);
|
||||
|
||||
final Set<String> personDeletionCandidates = newPersonSet();
|
||||
personDeletionCandidates.addAll(allZonePersons);
|
||||
|
||||
final Set<String> groupDeletionCandidates = new TreeSet<String>();
|
||||
groupDeletionCandidates.addAll(allZoneGroups);
|
||||
|
||||
allZoneGroups.addAll(this.groupsToCreate.keySet());
|
||||
|
||||
// Prune our set of authorities according to deletions
|
||||
if (allowDeletions)
|
||||
if (isFullSync)
|
||||
{
|
||||
final Set<String> personDeletionCandidates = newPersonSet();
|
||||
personDeletionCandidates.addAll(allZonePersons);
|
||||
|
||||
final Set<String> groupDeletionCandidates = new TreeSet<String>();
|
||||
groupDeletionCandidates.addAll(allZoneGroups);
|
||||
|
||||
this.deletionCandidates = new TreeSet<String>();
|
||||
|
||||
for (String person : userRegistry.getPersonNames())
|
||||
{
|
||||
personDeletionCandidates.remove(person);
|
||||
@@ -1141,14 +1303,80 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
this.deletionCandidates = new TreeSet<String>();
|
||||
this.deletionCandidates.addAll(personDeletionCandidates);
|
||||
this.deletionCandidates.addAll(groupDeletionCandidates);
|
||||
if (allowDeletions)
|
||||
{
|
||||
allZonePersons.removeAll(personDeletionCandidates);
|
||||
allZoneGroups.removeAll(groupDeletionCandidates);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!personDeletionCandidates.isEmpty())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.warn("The following missing users are not being deleted as allowDeletions == false");
|
||||
for (String person : personDeletionCandidates)
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.warn(" " + person);
|
||||
}
|
||||
}
|
||||
if (!groupDeletionCandidates.isEmpty())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.warn("The following missing groups are not being deleted as allowDeletions == false");
|
||||
for (String group : groupDeletionCandidates)
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.warn(" " + group);
|
||||
}
|
||||
}
|
||||
|
||||
// Complete association deletion information by scanning deleted groups
|
||||
BatchProcessor<String> groupScanner = new BatchProcessor<String>(zone
|
||||
+ " Missing Authority Scanning",
|
||||
ChainingUserRegistrySynchronizer.this.transactionService
|
||||
.getRetryingTransactionHelper(), this.deletionCandidates,
|
||||
ChainingUserRegistrySynchronizer.this.workerThreads, 20,
|
||||
ChainingUserRegistrySynchronizer.this.applicationEventPublisher,
|
||||
ChainingUserRegistrySynchronizer.logger,
|
||||
ChainingUserRegistrySynchronizer.this.loggingInterval);
|
||||
groupScanner.process(new BaseBatchProcessWorker<String>()
|
||||
{
|
||||
|
||||
allZonePersons.removeAll(personDeletionCandidates);
|
||||
allZoneGroups.removeAll(groupDeletionCandidates);
|
||||
@Override
|
||||
public String getIdentifier(String entry)
|
||||
{
|
||||
return entry;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void process(String authority) throws Throwable
|
||||
{
|
||||
// Disassociate it from this zone, allowing it to be reclaimed by something further down the chain
|
||||
ChainingUserRegistrySynchronizer.this.authorityService.removeAuthorityFromZones(authority,
|
||||
Collections.singleton(zoneId));
|
||||
|
||||
// For groups, remove all members
|
||||
if (AuthorityType.getAuthorityType(authority) != AuthorityType.USER)
|
||||
{
|
||||
String groupShortName = ChainingUserRegistrySynchronizer.this.authorityService
|
||||
.getShortName(authority);
|
||||
String groupDisplayName = ChainingUserRegistrySynchronizer.this.authorityService
|
||||
.getAuthorityDisplayName(authority);
|
||||
NodeDescription dummy = new NodeDescription(groupShortName + " (Deleted)");
|
||||
PropertyMap dummyProperties = dummy.getProperties();
|
||||
dummyProperties.put(ContentModel.PROP_AUTHORITY_NAME, authority);
|
||||
if (groupDisplayName != null)
|
||||
{
|
||||
dummyProperties.put(ContentModel.PROP_AUTHORITY_DISPLAY_NAME, groupDisplayName);
|
||||
}
|
||||
updateGroup(dummy, true);
|
||||
}
|
||||
}
|
||||
}, splitTxns);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// Prune the group associations now that we have complete information
|
||||
this.groupParentAssocsToCreate.keySet().retainAll(allZoneGroups);
|
||||
logRetainParentAssociations(this.groupParentAssocsToDelete, allZoneGroups);
|
||||
logRetainParentAssociations(this.groupParentAssocsToCreate, allZoneGroups);
|
||||
this.finalGroupChildAssocs.keySet().retainAll(allZoneGroups);
|
||||
|
||||
// Pruning person associations will have to wait until we have passed over all persons and built up
|
||||
@@ -1234,17 +1462,17 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
}
|
||||
|
||||
// Remove all the associations we have already dealt with
|
||||
this.personParentAssocsToCreate.keySet().removeAll(this.personsProcessed);
|
||||
this.personParentAssocsToDelete.keySet().removeAll(this.personsProcessed);
|
||||
|
||||
// Filter out associations to authorities that simply can't exist (and log if debugging is enabled)
|
||||
logRetainParentAssociations(this.personParentAssocsToCreate, this.allZonePersons);
|
||||
|
||||
// Update associations to persons not updated themselves
|
||||
if (!this.personParentAssocsToCreate.isEmpty())
|
||||
if (!this.personParentAssocsToDelete.isEmpty())
|
||||
{
|
||||
BatchProcessor<Map.Entry<String, Set<String>>> groupCreator = new BatchProcessor<Map.Entry<String, Set<String>>>(
|
||||
zone + " Person Association", ChainingUserRegistrySynchronizer.this.transactionService
|
||||
.getRetryingTransactionHelper(), this.personParentAssocsToCreate.entrySet(),
|
||||
.getRetryingTransactionHelper(), this.personParentAssocsToDelete.entrySet(),
|
||||
ChainingUserRegistrySynchronizer.this.workerThreads, 20,
|
||||
ChainingUserRegistrySynchronizer.this.applicationEventPublisher,
|
||||
ChainingUserRegistrySynchronizer.logger,
|
||||
@@ -1340,7 +1568,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
final Analyzer groupAnalyzer = new Analyzer(lastModifiedMillis);
|
||||
int groupProcessedCount = groupProcessor.process(groupAnalyzer, splitTxns);
|
||||
|
||||
groupAnalyzer.processGroups(userRegistry, allowDeletions, splitTxns);
|
||||
groupAnalyzer.processGroups(userRegistry, isFullSync, splitTxns);
|
||||
|
||||
// Process persons and their parent associations
|
||||
|
||||
@@ -1413,10 +1641,19 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
// Check whether the user is in any of the authentication chain zones
|
||||
Set<String> intersection = new TreeSet<String>(zones);
|
||||
intersection.retainAll(allZoneIds);
|
||||
if (intersection.size() == 0)
|
||||
// Check whether the user is in any of the higher priority authentication chain zones
|
||||
Set<String> visited = new TreeSet<String>(intersection);
|
||||
visited.retainAll(visitedZoneIds);
|
||||
if (visited.size() > 0)
|
||||
{
|
||||
// The person exists, but not in a zone that's in the authentication chain. May be due
|
||||
// to upgrade or zone changes. Let's re-zone them
|
||||
// A person that exists in a different zone with higher precedence - ignore
|
||||
return;
|
||||
}
|
||||
|
||||
else if (!allowDeletions || intersection.isEmpty())
|
||||
{
|
||||
// The person exists, but in a different zone. Either deletions are disallowed or the zone is
|
||||
// not in the authentication chain. May be due to upgrade or zone changes. Let's re-zone them
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
ChainingUserRegistrySynchronizer.logger.warn("Updating user '" + personName
|
||||
@@ -1431,14 +1668,6 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
}
|
||||
else
|
||||
{
|
||||
// Check whether the user is in any of the higher priority authentication chain zones
|
||||
intersection.retainAll(visitedZoneIds);
|
||||
if (intersection.size() > 0)
|
||||
{
|
||||
// A person that exists in a different zone with higher precedence - ignore
|
||||
return;
|
||||
}
|
||||
|
||||
// The person existed, but in a zone with lower precedence
|
||||
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
|
||||
{
|
||||
@@ -1491,7 +1720,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean impl
|
||||
|
||||
// Delete authorities if we have complete information for the zone
|
||||
Set<String> deletionCandidates = groupAnalyzer.getDeletionCandidates();
|
||||
if (allowDeletions && !deletionCandidates.isEmpty())
|
||||
if (isFullSync && allowDeletions && !deletionCandidates.isEmpty())
|
||||
{
|
||||
BatchProcessor<String> authorityDeletionProcessor = new BatchProcessor<String>(
|
||||
zone + " Authority Deletion", this.transactionService.getRetryingTransactionHelper(),
|
||||
|
||||
Reference in New Issue
Block a user