mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged BRANCHES/DEV/DAVEW/LDAP to HEAD
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
@@ -35,9 +35,9 @@ import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.providers.dao.User;
|
||||
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||
import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
|
||||
import org.alfresco.repo.tenant.TenantService;
|
||||
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
||||
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
||||
@@ -63,6 +63,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
|
||||
private Set<String> defaultAdministratorUserNames = Collections.emptySet();
|
||||
|
||||
private boolean syncWhenMissingPeopleLogIn = true;
|
||||
|
||||
private boolean autoCreatePeopleOnLogin = true;
|
||||
|
||||
private AuthenticationContext authenticationContext;
|
||||
@@ -72,6 +74,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
private NodeService nodeService;
|
||||
|
||||
private TransactionService transactionService;
|
||||
|
||||
private UserRegistrySynchronizer userRegistrySynchronizer;
|
||||
|
||||
public AbstractAuthenticationComponent()
|
||||
{
|
||||
@@ -107,6 +111,11 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
{
|
||||
this.transactionService = transactionService;
|
||||
}
|
||||
|
||||
public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)
|
||||
{
|
||||
this.userRegistrySynchronizer = userRegistrySynchronizer;
|
||||
}
|
||||
|
||||
public TransactionService getTransactionService()
|
||||
{
|
||||
@@ -138,6 +147,11 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
this.autoCreatePeopleOnLogin = autoCreatePeopleOnLogin;
|
||||
}
|
||||
|
||||
public void setSyncWhenMissingPeopleLogIn(boolean syncWhenMissingPeopleLogIn)
|
||||
{
|
||||
this.syncWhenMissingPeopleLogIn = syncWhenMissingPeopleLogIn;
|
||||
}
|
||||
|
||||
public void authenticate(String userName, char[] password) throws AuthenticationException
|
||||
{
|
||||
// Support guest login from the login screen
|
||||
@@ -434,7 +448,30 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
{
|
||||
public String doWork() throws Exception
|
||||
{
|
||||
if (personService.personExists(userName))
|
||||
boolean personExists = personService.personExists(userName);
|
||||
|
||||
// If the person is missing, synchronize or auto-create the missing person if we are allowed
|
||||
if (!personExists)
|
||||
{
|
||||
if ((userName != null) && !userName.equals(AuthenticationUtil.getSystemUserName()))
|
||||
{
|
||||
if (syncWhenMissingPeopleLogIn)
|
||||
{
|
||||
userRegistrySynchronizer.synchronize(false);
|
||||
personExists = personService.personExists(userName);
|
||||
}
|
||||
if (!personExists && autoCreatePeopleOnLogin && personService.createMissingPeople())
|
||||
{
|
||||
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
|
||||
if (authorityType == AuthorityType.USER)
|
||||
{
|
||||
personService.getPerson(userName);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (personExists)
|
||||
{
|
||||
NodeRef userNode = personService.getPerson(userName);
|
||||
if (userNode != null)
|
||||
@@ -443,28 +480,8 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
|
||||
// checks
|
||||
return (String) nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Get user name
|
||||
return userName;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (autoCreatePeopleOnLogin && (userName != null) && !userName.equals(AuthenticationUtil.getSystemUserName()))
|
||||
{
|
||||
if (personService.createMissingPeople())
|
||||
{
|
||||
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
|
||||
if (authorityType == AuthorityType.USER)
|
||||
{
|
||||
personService.getPerson(userName);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Get user name
|
||||
return userName;
|
||||
}
|
||||
return userName;
|
||||
}
|
||||
}, getSystemUserName(getUserDomain(userName)));
|
||||
|
||||
|
||||
Reference in New Issue
Block a user