From e3cc4e0503cb46aa87781f1ab2cc8593c12700ad Mon Sep 17 00:00:00 2001 From: Dave Ward Date: Sun, 10 Jun 2012 18:14:54 +0000 Subject: [PATCH] Merged V4.0-BUG-FIX to HEAD 37586: ALF-14309: Cannot run project using Alfresco SDK - sdk-common target now depends on sdk-extras target 37604: Merged V3.4-BUG-FIX to V4.0-BUG-FIX 37573: Merged DEV to V3.4-BUG-FIX (with improvements) 37547: ALF-13621: Encoding issue in passwords for webscript and webdav authentication Validation of BASIC username, password using following encoding in a sequence, ignoring duplicate decodings 1. UTF-8 (skip if fails to decode) 2. System.getProperty("file.encoding") (platform default encoding) 3. ISO-8859-1 It succeeds if one of them succeeds. 37591: ALF-14457: Merged PATCHES/V3.4.8 to V3.4-BUG-FIX 37288: ALF-14315: Localname is too long when upgrading from 3.1 to 3.4.8 or 3.4.9 - Truncate migrated group names within QName.MAX_LENGTH whilst maintaining uniqueness 37392: ALF-14315: Localname is too long when upgrading from 3.1 to 3.4.8 or 3.4.9 - Prevent NPE when re-parenting exising users 37593: (RECORD ONLY) Incremented version revision for 3.4.11 37599: Make this class compile so I can import all projects into Eclipse! 37601: ALF-14462: Stop Kerberos authentication from barfing when it comes across a NegoEx SPNEGO request from Windows 7 / 2008 http://blogs.msdn.com/b/openspecification/archive/2011/07/01/a-quick-look-at-the-new-negotiation-mechanism-negoex-used-with-spnego-in-windows-7.aspx 37602: ALF-10785: Locale not forwarded in webscripts when using Kerberos SSO - Previous solution didn't work when failover manual login form was used (as Accept-Language header wasn't always sent by all Surf machinery) and would also mean Share wasn't responsive to browser locale changes, unlike when using the /s endpoint. - Now we use a more foolproof solution on the /wcs endpoint - Session initiation (as detected by an authentication filter) sets an attribute that decides whether a session 'sticky' locale should be used for the rest of the session - It's set to false if a webscript is the first to access it or the session was established by a ticket. This means the Accept-Language header will drive the rest of the session. - This also means Explorer can still control the locale of a session initiated by it - Glad to see the back of this long-running bug. The good news is I now have a Kerberos EC2 image! 37603: ALF-14462: Fixed same potential NegoEx problem in Share SSOAuthenticationFilter (although not observed) 37605: Merged V3.4-BUG-FIX to V4.0-BUG-FIX (RECORD ONLY) 37590: Merged V4.0-BUG-FIX to V3.4-BUG-FIX 37586: ALF-14309: Cannot run project using Alfresco SDK git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@37606 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../patch/impl/AuthorityMigrationPatch.java | 64 ++++++++++++++++++- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/source/java/org/alfresco/repo/admin/patch/impl/AuthorityMigrationPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/AuthorityMigrationPatch.java index ecc5d3a030..9877b268c8 100644 --- a/source/java/org/alfresco/repo/admin/patch/impl/AuthorityMigrationPatch.java +++ b/source/java/org/alfresco/repo/admin/patch/impl/AuthorityMigrationPatch.java @@ -212,6 +212,59 @@ public class AuthorityMigrationPatch extends AbstractPatch return assocCount; } + /** + * Truncates authority names so that they are within {@link QName#MAX_LENGTH} characters. + * + * @param authoritiesToCreate + * the original, untruncated authorities to create + * @param parentAssocs + * the original parent associations to create + * @param targetAuthoritiesToCreate + * the authorities to create with names shortened to QName.MAX_LENGTH + * @param targetParentAssocs + * the parent associations modified to match targetAuthoritiesToCreate + */ + private void truncateAuthorities(final Map authoritiesToCreate, + Map> parentAssocs, Map targetAuthoritiesToCreate, + Map> targetParentAssocs) + { + // Work through each authority, creating a unique truncated name where necessary and populating a map of old to + // new names + Map targetLookup = new TreeMap(); + for (Map.Entry entry : authoritiesToCreate.entrySet()) + { + String sourceName = entry.getKey(); + int sourceLength = sourceName.length(); + String targetName = sourceLength > QName.MAX_LENGTH ? sourceName.substring(0, QName.MAX_LENGTH) : sourceName; + int i=0; + while (targetAuthoritiesToCreate.containsKey(targetName)) + { + String suffix = String.valueOf(++i); + int prefixLength = QName.MAX_LENGTH - suffix.length(); + if (prefixLength < 0) + { + break; + } + targetName = (sourceLength > prefixLength ? sourceName.substring(0, prefixLength) : sourceName) + suffix; + } + targetLookup.put(sourceName, targetName); + targetAuthoritiesToCreate.put(targetName, entry.getValue()); + } + // Apply the name mapping to the parent associations + for (Map.Entry> entry: parentAssocs.entrySet()) + { + Set parents = new TreeSet(); + for (String parent : entry.getValue()) + { + String targetParent = targetLookup.get(parent); + parents.add(targetParent == null ? parent : targetParent); + } + String sourceChild = entry.getKey(); + String targetChild = targetLookup.get(sourceChild); + targetParentAssocs.put(targetChild == null ? sourceChild : targetChild, parents); + } + } + /** * Migrates the authorities and their associations. * @@ -358,19 +411,24 @@ public class AuthorityMigrationPatch extends AbstractPatch Map> parentAssocs = new TreeMap>(); assocs = retrieveAuthorities(null, authorityContainer, authoritiesToCreate, parentAssocs); + // Truncate names to an acceptable length + Map targetAuthoritiesToCreate = new TreeMap(); + Map> targetParentAssocs = new TreeMap>(); + truncateAuthorities(authoritiesToCreate, parentAssocs, targetAuthoritiesToCreate, targetParentAssocs); + // Sort the group associations in parent-first order (root groups first) Map> sortedParentAssocs = new LinkedHashMap>( parentAssocs.size() * 2); List authorityPath = new ArrayList(5); - for (String authority : parentAssocs.keySet()) + for (String authority : targetParentAssocs.keySet()) { authorityPath.add(authority); - visitGroupAssociations(authorityPath, parentAssocs, sortedParentAssocs); + visitGroupAssociations(authorityPath, targetParentAssocs, sortedParentAssocs); authorityPath.clear(); } // Recreate the authorities and their associations in parent-first order - migrateAuthorities(authoritiesToCreate, sortedParentAssocs); + migrateAuthorities(targetAuthoritiesToCreate, sortedParentAssocs); authorities = authoritiesToCreate.size(); } // build the result message