inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into fix/MNT-17971_activiti_signalAndBoundaryEvent

Browse Source
This commit is contained in:
Andrei Forascu
2017-09-25 11:11:16 +03:00
parent 818fbcc084 a89dc6c904
commit d52cce14ef
7 changed files with 639 additions and 522 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitbugtraq Normal file
View File

@@ -0,0 +1,4 @@
# For SmartGit
[bugtraq "jira"]
url = https://issues.alfresco.com/jira/browse/%BUGID%
logRegex = ([A-Z]+-\\d+)

3
pom.xml
View File

@@ -43,6 +43,7 @@
<dependency.alfresco-data-model.version>6.18</dependency.alfresco-data-model.version>
<dependency.alfresco-jlan.version>6.3</dependency.alfresco-jlan.version>
<dependency.alfresco-pdf-renderer.version>1.0</dependency.alfresco-pdf-renderer.version>
<dependency.alfresco-hb-data-sender.version>1.0.1</dependency.alfresco-hb-data-sender.version>
<dependency.spring.version>3.2.17.RELEASE</dependency.spring.version>
@@ -99,7 +100,7 @@
<dependency>
<groupId>org.alfresco</groupId>
<artifactId>alfresco-heartbeat-data-sender</artifactId>
<version>1.0.0</version>
<version>${dependency.alfresco-hb-data-sender.version}</version>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>

61
src/main/java/org/alfresco/opencmis/CMISConnector.java
View File

@@ -3098,12 +3098,13 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
}
}
Boolean isOnWorkingCopy = checkOutCheckInService.isWorkingCopy(nodeRef);
Updatability updatability = propDef.getPropertyDefinition().getUpdatability();
if ((updatability == Updatability.READONLY)
|| (updatability == Updatability.WHENCHECKEDOUT && !checkOutCheckInService.isWorkingCopy(nodeRef)))
if (!isUpdatable(updatability, isOnWorkingCopy))
{
throw new CmisInvalidArgumentException("Property " + property.getId() + " is read-only!");
throw new CmisInvalidArgumentException("Property " + propertyId + " is read-only!");
}
TypeDefinitionWrapper propType = propDef.getOwningType();
Serializable value = getValue(property, propDef.getPropertyDefinition().getCardinality() == Cardinality.MULTI);
Pair<TypeDefinitionWrapper, Serializable> pair = new Pair<TypeDefinitionWrapper, Serializable>(propType, value);
@@ -3129,7 +3130,7 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
for (String propertyId : propsMap.keySet())
{
if(propertyId.equals(PropertyIds.SECONDARY_OBJECT_TYPE_IDS))
if (propertyId.equals(PropertyIds.SECONDARY_OBJECT_TYPE_IDS))
{
// already handled above
continue;
@@ -3213,39 +3214,12 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
for(QName aspectQName : aspectsToRemove)
{
nodeService.removeAspect(nodeRef, aspectQName);
// aspect is being removed so remove all of its properties from the propsToAdd map
TypeDefinitionWrapper w = getOpenCMISDictionaryService().findNodeType(aspectQName);
for(PropertyDefinitionWrapper wr : w.getProperties())
{
String propertyId = wr.getPropertyId();
propsToAdd.remove(propertyId);
}
}
// add aspects and properties
for(QName aspectQName : toAdd)
{
nodeService.addAspect(nodeRef, aspectQName, null);
// get aspect properties
AspectDefinition aspectDef = dictionaryService.getAspect(aspectQName);
Map<QName, org.alfresco.service.cmr.dictionary.PropertyDefinition> aspectPropDefs = aspectDef.getProperties();
TypeDefinitionWrapper w = getOpenCMISDictionaryService().findNodeType(aspectQName);
// for each aspect property...
for(QName propQName : aspectPropDefs.keySet())
{
// find CMIS property id
PropertyDefinitionWrapper property = w.getPropertyByQName(propQName);
String propertyId = property.getPropertyId();
if(!propsToAdd.containsKey(propertyId))
{
TypeDefinitionWrapper propType = property.getOwningType();
// CMIS 1.1 secondary types specification requires that all secondary type properties are set
// property not included in propsToAdd, add it with null value
Pair<TypeDefinitionWrapper, Serializable> pair = new Pair<TypeDefinitionWrapper, Serializable>(propType, null);
propsToAdd.put(propertyId, pair);
}
}
}
}
@@ -3580,9 +3554,9 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
throw new CmisInvalidArgumentException("Property " + propertyId + " is unknown!");
}
Boolean isOnWorkingCopy = checkOutCheckInService.isWorkingCopy(nodeRef);
Updatability updatability = propDef.getPropertyDefinition().getUpdatability();
if ((updatability == Updatability.READONLY)
|| (updatability == Updatability.WHENCHECKEDOUT && !checkOutCheckInService.isWorkingCopy(nodeRef)))
if (!isUpdatable(updatability, isOnWorkingCopy))
{
throw new CmisInvalidArgumentException("Property " + propertyId + " is read-only!");
}
@@ -3610,7 +3584,7 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
{
String newName = value.toString();
// If the node is checked out and the name property is set on the working copy, make sure the new name has the working copy format
if (checkOutCheckInService.isWorkingCopy(nodeRef))
if (isOnWorkingCopy)
{
String wcLabel = (String)this.nodeService.getProperty(nodeRef, ContentModel.PROP_WORKING_COPY_LABEL);
if (wcLabel == null)
@@ -4110,4 +4084,23 @@ public class CMISConnector implements ApplicationContextAware, ApplicationListen
}
return renditionMapping;
}
/**
* Verify if a property is updatable.
* @param updatability
* @param isOnWorkingCopy
* @return
*/
private boolean isUpdatable(Updatability updatability, Boolean isOnWorkingCopy)
{
if ((updatability == Updatability.READONLY)
|| (updatability == Updatability.WHENCHECKEDOUT && !isOnWorkingCopy))
{
return false;
}
else
{
return true;
}
}
}

27
src/main/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
View File

@@ -33,6 +33,7 @@ import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationComponent.UserNameValidationMode;
import org.alfresco.repo.tenant.TenantContextHolder;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.util.GUID;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -43,6 +44,9 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
AuthenticationComponent authenticationComponent;
TicketComponent ticketComponent;
/** a serviceInstanceId identifying this unique instance */
private String serviceInstanceId;
private String domain;
private boolean allowsUserCreation = true;
private boolean allowsUserDeletion = true;
@@ -85,6 +89,8 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
public AuthenticationServiceImpl()
{
super();
this.serviceInstanceId = GUID.generate();
}
public void setTicketComponent(TicketComponent ticketComponent)
@@ -124,9 +130,10 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
TenantContextHolder.setTenantDomain(tenant);
if (protectionEnabled)
{
if (protectedUsersCache.get(userName) != null)
final String protectedUserKey = getProtectedUserKey(userName);
if (protectedUsersCache.get(protectedUserKey) != null)
{
protectedUsersCache.remove(userName);
protectedUsersCache.remove(protectedUserKey);
}
}
}
@@ -148,7 +155,8 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
boolean isProtected = false;
if (protectionEnabled)
{
ProtectedUser protectedUser = protectedUsersCache.get(userName);
final String protectedUserKey = getProtectedUserKey(userName);
ProtectedUser protectedUser = protectedUsersCache.get(protectedUserKey);
if (protectedUser != null)
{
long currentTimeStamp = System.currentTimeMillis();
@@ -168,7 +176,8 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
{
if (protectionEnabled)
{
ProtectedUser protectedUser = protectedUsersCache.get(userName);
final String protectedUserKey = getProtectedUserKey(userName);
ProtectedUser protectedUser = protectedUsersCache.get(protectedUserKey);
if (protectedUser == null)
{
protectedUser = new ProtectedUser(userName);
@@ -186,10 +195,18 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
}
}
}
protectedUsersCache.put(userName, protectedUser);
protectedUsersCache.put(protectedUserKey, protectedUser);
}
}
/**
* Creates a key by combining the service instance ID with the username. This are the type of keys maintained by protectedUsersCache map.
*/
public String getProtectedUserKey(String userName)
{
return serviceInstanceId + "@@" + userName;
}
public String getCurrentUserName() throws AuthenticationException
{
return authenticationComponent.getCurrentUserName();

2
src/main/resources/alfresco/caches.properties
View File

@@ -729,7 +729,7 @@ cache.authorizationCache.readBackupData=false
cache.protectedUsersCache.maxItems=1000
cache.protectedUsersCache.timeToLiveSeconds=0
cache.protectedUsersCache.maxIdleSeconds=0
cache.protectedUsersCache.cluster.type=fully-distributed
cache.protectedUsersCache.cluster.type=local
cache.protectedUsersCache.backup-count=1
cache.protectedUsersCache.eviction-policy=LRU
cache.protectedUsersCache.eviction-percentage=25

24
src/test/java/org/alfresco/opencmis/CMISTest.java
View File

@@ -50,6 +50,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.alfresco.model.ContentModel;
import org.alfresco.opencmis.dictionary.CMISDictionaryService;
@@ -1755,9 +1756,13 @@ public class CMISTest
List secondaryTypeIds = currentProperties.getProperties().get(PropertyIds.SECONDARY_OBJECT_TYPE_IDS).getValues();
assertTrue(secondaryTypeIds.contains(aspectName));
secondaryTypeIds.remove(aspectName);
final PropertiesImpl newProperties = new PropertiesImpl();
newProperties.addProperty(new PropertyStringImpl(PropertyIds.SECONDARY_OBJECT_TYPE_IDS, secondaryTypeIds));
final String updatedName = "My_new_name_"+UUID.randomUUID().toString();
newProperties.replaceProperty(new PropertyStringImpl(PropertyIds.NAME, updatedName));
withCmisService(new CmisServiceCallback<Void>()
{
@@ -1765,6 +1770,8 @@ public class CMISTest
public Void execute(CmisService cmisService)
{
Holder<String> latestObjectIdHolder = getHolderOfObjectOfLatestVersion(cmisService, repositoryId, objectIdHolder);
// This will result in aspectName being removed
// but that shouldn't mean that, for example, a cmis:name prop update gets ignored (MNT-18340)
cmisService.updateProperties(repositoryId, latestObjectIdHolder, null, newProperties, null);
return null;
}
@@ -1775,12 +1782,15 @@ public class CMISTest
@Override
public Properties execute(CmisService cmisService)
{
Properties properties = cmisService.getProperties(repositoryId, objectIdHolder.getValue(), null, null);
Holder<String> latestObjectIdHolder = getHolderOfObjectOfLatestVersion(cmisService, repositoryId, objectIdHolder);
Properties properties = cmisService.getProperties(repositoryId, latestObjectIdHolder.getValue(), null, null);
return properties;
}
}, CmisVersion.CMIS_1_1);
secondaryTypeIds = currentProperties1.getProperties().get(PropertyIds.SECONDARY_OBJECT_TYPE_IDS).getValues();
assertFalse(secondaryTypeIds.contains(aspectName));
assertEquals(updatedName, currentProperties1.getProperties().get(PropertyIds.NAME).getFirstValue());
}
/**
@@ -3352,7 +3362,19 @@ public class CMISTest
cmisService.updateProperties(repositoryId, new Holder<String>(fileInfo.getNodeRef().toString()), null, properties, null);
}
//This extra check was added due to MNT-16641.
{
PropertiesImpl properties = new PropertiesImpl();
properties.addProperty(new PropertyStringImpl(PropertyIds.SECONDARY_OBJECT_TYPE_IDS, "P:cm:lockable"));
Set<QName> existingAspects = nodeService.getAspects(docs.get(0).getNodeRef());
cmisService.updateProperties(repositoryId,new Holder<String>(docs.get(0).getNodeRef().toString()), null, properties, null);
Set<QName> updatedAspects = nodeService.getAspects(docs.get(0).getNodeRef());
updatedAspects.removeAll(existingAspects);
assertEquals(ContentModel.ASPECT_LOCKABLE, updatedAspects.iterator().next());
}
return repositoryId;
}
}, CmisVersion.CMIS_1_1);

90
src/test/java/org/alfresco/repo/security/authentication/AuthenticationServiceImplTest.java
View File

@@ -34,6 +34,7 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import static junit.framework.TestCase.assertNotNull;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
@@ -57,6 +58,7 @@ public class AuthenticationServiceImplTest
private SimpleCache<String, ProtectedUser> cache;
private TicketComponent ticketComponent = mock(TicketComponent.class);
private AuthenticationServiceImpl authService;
private AuthenticationServiceImpl authService2;
private static final String USERNAME = "username";
private static final char[] PASSWORD = "password".toCharArray();
@@ -69,6 +71,11 @@ public class AuthenticationServiceImplTest
authService.setTicketComponent(ticketComponent);
cache = new MockCache<>();
authService.setProtectedUsersCache(cache);
authService2 = new AuthenticationServiceImpl();
authService2.setAuthenticationComponent(authenticationComponent);
authService2.setTicketComponent(ticketComponent);
authService2.setProtectedUsersCache(cache);
}
@Test
@@ -104,7 +111,9 @@ public class AuthenticationServiceImplTest
}
verify(authenticationComponent, times(limit)).authenticate(USERNAME, PASSWORD);
assertTrue("The user should be protected.", authService.isUserProtected(USERNAME));
assertEquals("The number of recorded logins did not match.", attempts, cache.get(USERNAME).getNumLogins());
final String protectedUserKey = authService.getProtectedUserKey(USERNAME);
assertEquals("The number of recorded logins did not match.", attempts, cache.get(protectedUserKey).getNumLogins());
// test that the protection is still in place even if the password is correct
doNothing().when(authenticationComponent).authenticate(USERNAME, PASSWORD);
@@ -118,7 +127,7 @@ public class AuthenticationServiceImplTest
// normal
}
verify(authenticationComponent, times(limit)).authenticate(USERNAME, PASSWORD);
assertEquals("The number of recorded logins did not match.", attempts + 1, cache.get(USERNAME).getNumLogins());
assertEquals("The number of recorded logins did not match.", attempts + 1, cache.get(protectedUserKey).getNumLogins());
}
@Test
@@ -145,11 +154,13 @@ public class AuthenticationServiceImplTest
}
}
assertTrue("The user should be protected.", authService.isUserProtected(USERNAME));
assertEquals("The number of recorded logins did not match.", attempts, cache.get(USERNAME).getNumLogins());
final String protectedUserKey = authService.getProtectedUserKey(USERNAME);
assertEquals("The number of recorded logins did not match.", attempts, cache.get(protectedUserKey).getNumLogins());
Thread.sleep(timeLimit*1000 + 1);
assertFalse("The user should not be protected any more.", authService.isUserProtected(USERNAME));
assertEquals("The number of recorded logins should stay the same after protection period ends.",
attempts, cache.get(USERNAME).getNumLogins());
attempts, cache.get(protectedUserKey).getNumLogins());
doNothing().when(authenticationComponent).authenticate(USERNAME, PASSWORD);
try
@@ -161,9 +172,78 @@ public class AuthenticationServiceImplTest
fail("An " + AuthenticationException.class.getName() + " should not be thrown.");
}
assertNull("The user should be removed from the cache after successful login.",
cache.get(USERNAME));
cache.get(protectedUserKey));
}
@Test
public void testAuthChainWorksIfFirstAuthFails() throws Exception
{
int timeLimit = 1;
int attempts = 2;
authService.setProtectionPeriodSeconds(timeLimit);
authService.setProtectionLimit(attempts);
authService.setProtectionEnabled(true);
authService2.setProtectionPeriodSeconds(timeLimit);
authService2.setProtectionLimit(attempts);
authService2.setProtectionEnabled(true);
AuthenticationServiceImpl[] authenticationChain = {authService, authService2};
doThrow(new AuthenticationException("Bad password"))
.when(authenticationComponent).authenticate(USERNAME, PASSWORD);
// Authentication fails on first run.
for (int i = 0; i < attempts; i++) {
for (AuthenticationServiceImpl authentication : authenticationChain) {
try {
authentication.authenticate(USERNAME, PASSWORD);
fail("An " + AuthenticationException.class.getName() + " should be thrown.");
} catch (AuthenticationException ae) {
// normal
}
}
}
for (AuthenticationServiceImpl authentication : authenticationChain)
{
assertTrue("The user should be protected.", authentication.isUserProtected(USERNAME));
}
Thread.sleep(timeLimit*1000 + 1);
for (AuthenticationServiceImpl authentication : authenticationChain)
{
assertFalse("The user should not be protected any more.", authentication.isUserProtected(USERNAME));
}
// Authentication always fails on first authentication service in the chain.
try
{
authenticationChain[0].authenticate(USERNAME, PASSWORD);
fail("An " + AuthenticationException.class.getName() + " should be thrown.");
} catch (AuthenticationException ae) {
// normal
}
// Authentication should succeed on second authentication service in the chain.
doNothing().when(authenticationComponent).authenticate(USERNAME, PASSWORD);
try
{
authenticationChain[1].authenticate(USERNAME, PASSWORD);
}
catch (AuthenticationException ae)
{
fail("An " + AuthenticationException.class.getName() + " should not be thrown.");
}
assertNotNull("The user should not be removed from the cache for the corresponding authorization service after a failed login.",
cache.get(authenticationChain[0].getProtectedUserKey(USERNAME)));
assertNull("The user should be removed from the cache for the corresponding authorization service after successful login.",
cache.get(authenticationChain[1].getProtectedUserKey(USERNAME)));
}
@Test
public void testProtectionDisabledBadPassword()
{