inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Acs 1865 impl configs for da us (#634)

Browse Source 
* ACS-1781 Config set up and validation

* ACS-1781 Unit tests for config validation

* ACS-1865 Code tidy up

* ACS-1865 Updates from PR review

* ACS-1865 Updates from review
This commit is contained in:
Sara
2021-08-03 14:16:24 +01:00
committed by GitHub
parent 9626f5ace6
commit e95100e429
13 changed files with 2723 additions and 1607 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
remote-api/src/main/java/org/alfresco/rest/api/impl/directurl/RestApiDirectUrlConfig.java Normal file
View File

@@ -0,0 +1,93 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.rest.api.impl.directurl;
import org.alfresco.repo.content.directurl.AbstractDirectUrlConfig;
import org.alfresco.repo.content.directurl.InvalidDirectAccessUrlConfigException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* REST API direct access URL configuration settings.
*
* @author Sara Aspery
*/
public class RestApiDirectUrlConfig extends AbstractDirectUrlConfig
{
private static final Log logger = LogFactory.getLog(RestApiDirectUrlConfig.class);
/**
* Configuration initialise
*/
public void init()
{
validate();
}
/**
* {@inheritDoc}
*/
@Override
public void validate()
{
// Disable direct access URLs for the REST API if any error found in the REST API direct access URL config
try
{
validateDirectAccessUrlConfig();
}
catch (InvalidDirectAccessUrlConfigException ex)
{
logger.error("Disabling REST API direct access URLs due to configuration error: " + ex.getMessage());
setEnabled(false);
}
}
/* Helper method to validate the REST API direct access url configuration settings */
private void validateDirectAccessUrlConfig() throws InvalidDirectAccessUrlConfigException
{
if (isEnabled())
{
if (getDefaultExpiryTimeInSec() == null)
{
logger.warn(String.format("Default expiry time property is missing: setting to system-wide default [%s].", getSysWideDefaultExpiryTimeInSec()));
setDefaultExpiryTimeInSec(getSysWideDefaultExpiryTimeInSec());
}
if (getDefaultExpiryTimeInSec() < 1)
{
String errorMsg = String.format("REST API direct access URL default expiry time [%s] is invalid.", getDefaultExpiryTimeInSec());
throw new InvalidDirectAccessUrlConfigException(errorMsg);
}
if (getDefaultExpiryTimeInSec() > getSysWideMaxExpiryTimeInSec())
{
String errorMsg = String.format("REST API direct access URL default expiry time [%s] exceeds system-wide maximum expiry time [%s].",
getDefaultExpiryTimeInSec(), getSysWideMaxExpiryTimeInSec());
throw new InvalidDirectAccessUrlConfigException(errorMsg);
}
}
}
}

3
remote-api/src/test/java/org/alfresco/AppContext04TestSuite.java
View File

@@ -2,7 +2,7 @@
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
@@ -76,6 +76,7 @@ import org.junit.runners.Suite;
org.alfresco.repo.web.scripts.site.SurfConfigTest.class,
org.alfresco.repo.web.scripts.node.NodeWebScripTest.class,
org.alfresco.rest.api.impl.CommentsImplUnitTest.class,
org.alfresco.rest.api.impl.RestApiDirectUrlConfigUnitTest.class
})
public class AppContext04TestSuite
{

132
remote-api/src/test/java/org/alfresco/rest/api/impl/RestApiDirectUrlConfigUnitTest.java Normal file
View File

@@ -0,0 +1,132 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.rest.api.impl;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import org.alfresco.repo.content.directurl.SystemWideDirectUrlConfig;
import org.alfresco.rest.api.impl.directurl.RestApiDirectUrlConfig;
import org.junit.Before;
import org.junit.Test;
/**
* Tests for REST API direct access URL configuration settings.
*
* @author Sara Aspery
*/
public class RestApiDirectUrlConfigUnitTest
{
private static final Boolean ENABLED = Boolean.TRUE;
private static final Boolean DISABLED = Boolean.FALSE;
private static final Long DEFAULT_EXPIRY_TIME_IN_SECS = 20L;
private RestApiDirectUrlConfig restApiDirectUrlConfig;
@Before
public void setup()
{
this.restApiDirectUrlConfig = new RestApiDirectUrlConfig();
SystemWideDirectUrlConfig sysConfig = new SystemWideDirectUrlConfig();
sysConfig.setEnabled(ENABLED);
sysConfig.setDefaultExpiryTimeInSec(30L);
sysConfig.setMaxExpiryTimeInSec(300L);
restApiDirectUrlConfig.setSystemWideDirectUrlConfig(sysConfig);
}
@Test
public void testValidConfig_RemainsEnabled()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS);
assertTrue("Expected REST API direct URLs to be enabled", restApiDirectUrlConfig.isEnabled());
restApiDirectUrlConfig.validate();
assertTrue("Expected REST API direct URLs to be enabled", restApiDirectUrlConfig.isEnabled());
}
@Test
public void testValidConfig_RemainsDisabled()
{
setupDirectAccessConfig(DISABLED, DEFAULT_EXPIRY_TIME_IN_SECS);
assertFalse("Expected REST API direct URLs to be disabled", restApiDirectUrlConfig.isEnabled());
restApiDirectUrlConfig.validate();
assertFalse("Expected REST API direct URLs to be disabled", restApiDirectUrlConfig.isEnabled());
}
@Test
public void testValidConfig_DefaultExpiryTimeMissing()
{
setupDirectAccessConfig(ENABLED, null);
assertNull("Expected REST API default expiry time to be null", restApiDirectUrlConfig.getDefaultExpiryTimeInSec());
restApiDirectUrlConfig.validate();
Long expectedDefaultExpiryTime = restApiDirectUrlConfig.getSysWideDefaultExpiryTimeInSec();
assertEquals("Expected REST API default expiry time to be set to the system-wide default", expectedDefaultExpiryTime, restApiDirectUrlConfig.getDefaultExpiryTimeInSec());
assertTrue("Expected REST API direct URLs to be enabled", restApiDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeZero()
{
setupDirectAccessConfig(ENABLED, 0L);
assertTrue("Expected REST API direct URLs to be enabled", restApiDirectUrlConfig.isEnabled());
restApiDirectUrlConfig.validate();
assertFalse("Expected REST API direct URLs to be disabled", restApiDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeNegative()
{
setupDirectAccessConfig(ENABLED, -1L);
assertTrue("Expected REST API direct URLs to be enabled", restApiDirectUrlConfig.isEnabled());
restApiDirectUrlConfig.validate();
assertFalse("Expected REST API direct URLs to be disabled", restApiDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeExceedsSystemMax()
{
Long systemMax = restApiDirectUrlConfig.getSysWideMaxExpiryTimeInSec();
setupDirectAccessConfig(ENABLED, systemMax + 1);
assertTrue("Expected REST API direct URLs to be enabled", restApiDirectUrlConfig.isEnabled());
restApiDirectUrlConfig.validate();
assertFalse("Expected REST API direct URLs to be disabled", restApiDirectUrlConfig.isEnabled());
}
/* Helper method to set system-wide direct access url configuration settings */
private void setupDirectAccessConfig(Boolean isEnabled, Long defaultExpiryTime)
{
restApiDirectUrlConfig.setEnabled(isEnabled);
restApiDirectUrlConfig.setDefaultExpiryTimeInSec(defaultExpiryTime);
}
}

81
repository/src/main/java/org/alfresco/repo/content/directurl/AbstractDirectUrlConfig.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.content.directurl;
/**
* Direct Access Url configuration settings.
*
* @author Sara Aspery
*/
public abstract class AbstractDirectUrlConfig implements DirectUrlConfig
{
/** System-wide direct access URL configuration */
private SystemWideDirectUrlConfig systemWideDirectUrlConfig;
/** Direct access URL configuration settings */
private Boolean enabled;
private Long defaultExpiryTimeInSec;
public void setSystemWideDirectUrlConfig(SystemWideDirectUrlConfig systemWideDirectUrlConfig)
{
this.systemWideDirectUrlConfig = systemWideDirectUrlConfig;
}
public void setEnabled(Boolean enabled)
{
this.enabled = enabled;
}
public void setDefaultExpiryTimeInSec(Long defaultExpiryTimeInSec)
{
this.defaultExpiryTimeInSec = defaultExpiryTimeInSec;
}
protected Boolean isSysWideEnabled()
{
return systemWideDirectUrlConfig.isEnabled();
}
public Long getSysWideDefaultExpiryTimeInSec()
{
return systemWideDirectUrlConfig.getDefaultExpiryTimeInSec();
}
public Long getSysWideMaxExpiryTimeInSec()
{
return systemWideDirectUrlConfig.getMaxExpiryTimeInSec();
}
public Boolean isEnabled()
{
return enabled;
}
public Long getDefaultExpiryTimeInSec()
{
return defaultExpiryTimeInSec;
}
}

134
repository/src/main/java/org/alfresco/repo/content/directurl/ContentStoreDirectUrlConfig.java Normal file
View File

@@ -0,0 +1,134 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.content.directurl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Content store direct access URL configuration settings.
*
* @author Sara Aspery
*/
public class ContentStoreDirectUrlConfig extends AbstractDirectUrlConfig
{
private static final Log logger = LogFactory.getLog(ContentStoreDirectUrlConfig.class);
private Long maxExpiryTimeInSec;
public void setMaxExpiryTimeInSec(Long maxExpiryTimeInSec)
{
this.maxExpiryTimeInSec = maxExpiryTimeInSec;
}
public Long getMaxExpiryTimeInSec()
{
return maxExpiryTimeInSec;
}
/**
* Configuration initialise
*/
public void init()
{
validate();
}
/**
* {@inheritDoc}
*/
@Override
public void validate()
{
// Disable direct access URLs for the content store if any error found in the content store direct access URL config
try
{
validateDirectAccessUrlConfig();
}
catch (InvalidDirectAccessUrlConfigException ex)
{
logger.error("Disabling content store direct access URLs due to configuration error: " + ex.getMessage());
setEnabled(false);
}
}
/* Helper method to validate the content direct access url configuration settings */
private void validateDirectAccessUrlConfig() throws InvalidDirectAccessUrlConfigException
{
if (isEnabled())
{
if (getMaxExpiryTimeInSec() == null)
{
logger.warn(String.format("Maximum expiry time property is missing: setting to system-wide maximum [%s].", getSysWideMaxExpiryTimeInSec()));
setMaxExpiryTimeInSec(getSysWideMaxExpiryTimeInSec());
}
else if (getMaxExpiryTimeInSec() > getSysWideMaxExpiryTimeInSec())
{
String errorMsg = String.format("Content store direct access URL maximum expiry time [%s] exceeds system-wide maximum expiry time [%s].",
getMaxExpiryTimeInSec(), getSysWideMaxExpiryTimeInSec());
throw new InvalidDirectAccessUrlConfigException(errorMsg);
}
if (getDefaultExpiryTimeInSec() == null)
{
logger.warn(String.format("Default expiry time property is missing: setting to system-wide default [%s].", getSysWideDefaultExpiryTimeInSec()));
setDefaultExpiryTimeInSec(getSysWideDefaultExpiryTimeInSec());
}
else if (getDefaultExpiryTimeInSec() > getMaxExpiryTimeInSec())
{
logger.warn(String.format("Default expiry time property [%s] exceeds maximum expiry time for content store [%s]: setting to system-wide default [%s].",
getDefaultExpiryTimeInSec(), getMaxExpiryTimeInSec(), getSysWideDefaultExpiryTimeInSec()));
setDefaultExpiryTimeInSec(getSysWideDefaultExpiryTimeInSec());
}
else if (getDefaultExpiryTimeInSec() > getSysWideDefaultExpiryTimeInSec())
{
logger.warn(String.format("Default expiry time property [%s] exceeds system-wide default expiry time [%s]: setting to system-wide default.",
getDefaultExpiryTimeInSec(), getSysWideDefaultExpiryTimeInSec()));
setDefaultExpiryTimeInSec(getSysWideDefaultExpiryTimeInSec());
}
if (getDefaultExpiryTimeInSec() < 1)
{
String errorMsg = String.format("Content store direct access URL default expiry time [%s] is invalid.", getDefaultExpiryTimeInSec());
throw new InvalidDirectAccessUrlConfigException(errorMsg);
}
if (getDefaultExpiryTimeInSec() > getSysWideMaxExpiryTimeInSec())
{
String errorMsg = String.format("Content store direct access URL default expiry time [%s] exceeds system-wide maximum expiry time [%s].",
getDefaultExpiryTimeInSec(), getSysWideMaxExpiryTimeInSec());
throw new InvalidDirectAccessUrlConfigException(errorMsg);
}
if (getDefaultExpiryTimeInSec() > getMaxExpiryTimeInSec())
{
String errorMsg = String.format("Content store direct access URL default expiry time [%s] exceeds content store maximum expiry time [%s].",
getDefaultExpiryTimeInSec(), getMaxExpiryTimeInSec());
throw new InvalidDirectAccessUrlConfigException(errorMsg);
}
}
}
}

41
repository/src/main/java/org/alfresco/repo/content/directurl/DirectUrlConfig.java Normal file
View File

@@ -0,0 +1,41 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.content.directurl;
import org.alfresco.api.AlfrescoPublicApi;
/**
* Direct Access Url configuration settings interface.
*
* @author Sara Aspery
*/
@AlfrescoPublicApi
public interface DirectUrlConfig
{
Boolean isEnabled();
Long getDefaultExpiryTimeInSec();
void validate();
}

44
repository/src/main/java/org/alfresco/repo/content/directurl/InvalidDirectAccessUrlConfigException.java Normal file
View File

@@ -0,0 +1,44 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.content.directurl;
import org.alfresco.error.AlfrescoRuntimeException;
/**
* Runtime exception thrown when the direct access URL configuration settings are invalid.
*
* @author Sara Aspery
*/
public class InvalidDirectAccessUrlConfigException extends AlfrescoRuntimeException
{
private static final long serialVersionUID = -6318313836484979887L;
public InvalidDirectAccessUrlConfigException(String msg)
{
super(msg);
}
}

124
repository/src/main/java/org/alfresco/repo/content/directurl/SystemWideDirectUrlConfig.java Normal file
View File

@@ -0,0 +1,124 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.content.directurl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* System-wide direct access URL configuration settings.
*
* @author Sara Aspery
*/
public class SystemWideDirectUrlConfig implements DirectUrlConfig
{
private static final Log logger = LogFactory.getLog(SystemWideDirectUrlConfig.class);
/** Direct access url configuration settings */
private Boolean enabled;
private Long defaultExpiryTimeInSec;
private Long maxExpiryTimeInSec;
public void setEnabled(Boolean enabled)
{
this.enabled = enabled;
}
public void setDefaultExpiryTimeInSec(Long defaultExpiryTimeInSec)
{
this.defaultExpiryTimeInSec = defaultExpiryTimeInSec;
}
public void setMaxExpiryTimeInSec(Long maxExpiryTimeInSec)
{
this.maxExpiryTimeInSec = maxExpiryTimeInSec;
}
public Boolean isEnabled()
{
return enabled;
}
public Long getDefaultExpiryTimeInSec()
{
return defaultExpiryTimeInSec;
}
public Long getMaxExpiryTimeInSec()
{
return maxExpiryTimeInSec;
}
/**
* Configuration initialise
*/
public void init()
{
validate();
}
/**
* {@inheritDoc}
*/
@Override
public void validate()
{
// Disable direct access URLs system-wide if any error found in the system-wide direct access URL config
try
{
validateSystemDirectAccessUrlConfig();
}
catch (InvalidDirectAccessUrlConfigException ex)
{
logger.error("Disabling system-wide direct access URLs due to configuration error: " + ex.getMessage());
setEnabled(false);
}
}
/* Helper method to validate the system-wide direct access url configuration settings */
private void validateSystemDirectAccessUrlConfig() throws InvalidDirectAccessUrlConfigException
{
if (isEnabled())
{
if (getDefaultExpiryTimeInSec() == null || getDefaultExpiryTimeInSec() < 1)
{
throw new InvalidDirectAccessUrlConfigException("System-wide direct access URL default expiry time is missing or invalid.");
}
if (getMaxExpiryTimeInSec() == null || getMaxExpiryTimeInSec() < 1)
{
throw new InvalidDirectAccessUrlConfigException("System-wide direct access URL maximum expiry time is missing or invalid.");
}
if (getDefaultExpiryTimeInSec() > getMaxExpiryTimeInSec())
{
String errorMsg = String.format("System-wide direct access URL default expiry time [%s] exceeds maximum expiry time [%s].",
getDefaultExpiryTimeInSec(), getMaxExpiryTimeInSec());
throw new InvalidDirectAccessUrlConfigException(errorMsg);
}
}
}
}

14
repository/src/main/resources/alfresco/content-services-context.xml
View File

@@ -355,5 +355,19 @@
</property>
</bean>
<!-- System direct access URL configuration settings -->
<bean id="systemWideDirectUrlConfig" class="org.alfresco.repo.content.directurl.SystemWideDirectUrlConfig" init-method="init">
<property name="enabled" value="${system.directAccessUrl.enabled}" />
<property name="defaultExpiryTimeInSec" value="${system.directAccessUrl.defaultExpiryTimeInSec}" />
<property name="maxExpiryTimeInSec" value="${system.directAccessUrl.maxExpiryTimeInSec}" />
</bean>
<!-- Abstract Direct Access URL configuration -->
<bean id="abstractDirectUrlConfig" class="org.alfresco.repo.content.directurl.AbstractDirectUrlConfig" abstract="true">
<property name="systemWideDirectUrlConfig" >
<ref bean="systemWideDirectUrlConfig" />
</property>
</bean>
</beans>

69
repository/src/main/resources/alfresco/repository.properties
View File

@@ -1232,9 +1232,72 @@ system.delete_not_exists.read_only=false
system.delete_not_exists.timeout_seconds=-1
system.prop_table_cleaner.algorithm=V2
# Configure the expiration time of the direct access url. This is the length of time in seconds that the link is valid for.
# Note: It is up to the actual ContentStore implementation if it can fulfil this request or not.
alfresco.content.directAccessUrl.lifetimeInSec=300
# Configure the system-wide (ACS) settings for direct access urls.
#
# For Direct Access URLs to be usable on the service-layer, the feature must be enabled both system-wide and on the
# content-store(s). For the feature to be usable through REST (outside the JVM) the rest-api configuration must also be
# enabled.
#
# The system.directAccessUrl.enabled property is the main switch of the feature. If this is set to false ALL
# Direct Access URLs are disabled.
#
# The next configuration that controls specific Direct Access URLs is the content store one.
# The connector.s3.directAccessUrl.enabled property controls whether Direct Access URLs are enabled for that specific store.
#
# Whether or not a client can request a Direct Access URL by using a REST endpoint is controlled by the
# restApi.directAccessUrl.enabled property. If the REST endpoint is disabled, but the feature is enabled
# system-wide and on the content-store, then the direct access URLs will only be usable by Java clients (only
# service-level requests will be possible).
# Controls whether this feature is available, system wide.
# For direct access urls to work, the feature needs to be enabled both system-wide and on the individual content-store.
system.directAccessUrl.enabled=false
# Sets the default expiry time for the direct access url across all Content Stores.
# Its value cannot exceed the system-wide max expiry time, it can only be equal or lower (all DAUs disabled otherwise).
# This property is mandatory if direct access urls are enabled system-wide - (all DAUs disabled otherwise).
system.directAccessUrl.defaultExpiryTimeInSec=30
# Sets the upper limit for the direct access urls expiry time, meaning a Content Store will be able to override this
# value but not exceed it, and the same goes for the clients.
# A service (Java Interface) client will be able to request a direct access url for a custom expiry time but that time
# cant exceed this value.
# If the requested time exceeds the max value, the expiry time reverts to the default configured one.
# This property is mandatory if direct access urls are enabled system-wide - (all DAUs disabled otherwise).
system.directAccessUrl.maxExpiryTimeInSec=300
# Configure the common S3 storage connector content store settings for direct access urls.
#
# Note: When multiple S3 buckets are used for storage in Alfresco, each S3 Content Stores can be configured with either
# the default (common) S3 Connector-specific properties (i.e. connector.s3.directAccessUrl.enabled etc.) OR new separate
# properties could be defined for each and every store (e.g.
# connector.s3store1.directAccessUrl.enabled,
# connector.s3store2.directAccessUrl.enabled etc.).
# Controls whether DAUs are enabled on this specific content store.
# For direct access urls to work, the feature needs to be enabled both system-wide and on the individual content-store.
connector.s3.directAccessUrl.enabled=false
# Sets the expiry time for the direct access url in this store, by overriding the system-wide config.
# If this value exceeds the content store upper limit or the system-wide default it will fallback to the system-wide
# default configuration.
# Its value cannot exceed the system-wide max expiry time, it can only be equal or lower (DAUs for the specific content
# store disabled otherwise).
# If not set, the default system-wide setting will be used.
connector.s3.directAccessUrl.defaultExpiryTimeInSec=30
# The maximum expiry time interval that can be requested by clients - content-store specific setting.
# Its value cannot exceed the system-wide configuration, it can only be equal or lower (DAUs for the specific content
# store disabled otherwise).
# If not set, the default system-wide setting will be used.
connector.s3.directAccessUrl.maxExpiryTimeInSec=300
# Configure the REST API configuration settings for direct access urls.
#
# Controls whether direct access url requests via the REST API are enabled.
restApi.directAccessUrl.enabled=true
# Sets the expiry time for all the direct access urls requested via a REST call.
# Its value cannot exceed the system-wide max expiry time configuration, it can only be equal or lower (REST API DAUs
# disabled otherwise).
# If not set, the default system-wide setting will be used.
# Direct Access Url REST API calls cannot request an explicit expiry time.
restApi.directAccessUrl.defaultExpiryTimeInSec=30
# Creates additional indexes on alf_node and alf_transaction. Recommended for large repositories.
system.new-node-transaction-indexes.ignored=true

2
repository/src/test/java/org/alfresco/AllUnitTestsSuite.java
View File

@@ -180,6 +180,8 @@ import org.junit.runners.Suite;
org.alfresco.repo.audit.AuditableAnnotationTest.class,
org.alfresco.repo.audit.PropertyAuditFilterTest.class,
org.alfresco.repo.audit.access.NodeChangeTest.class,
org.alfresco.repo.content.directurl.SystemWideDirectUrlConfigUnitTest.class,
org.alfresco.repo.content.directurl.ContentStoreDirectUrlConfigUnitTest.class,
org.alfresco.repo.content.LimitedStreamCopierTest.class,
org.alfresco.repo.content.filestore.FileIOTest.class,
org.alfresco.repo.content.filestore.SpoofedTextContentReaderTest.class,

234
repository/src/test/java/org/alfresco/repo/content/directurl/ContentStoreDirectUrlConfigUnitTest.java Normal file
View File

@@ -0,0 +1,234 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.content.directurl;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
/**
* Tests for content store direct access URL configuration settings.
*
* @author Sara Aspery
*/
public class ContentStoreDirectUrlConfigUnitTest
{
private static final Boolean ENABLED = Boolean.TRUE;
private static final Boolean DISABLED = Boolean.FALSE;
private static final Long DEFAULT_EXPIRY_TIME_IN_SECS = 10L;
private static final Long MAX_EXPIRY_TIME_IN_SECS = 20L;
private static final Long SYS_DEFAULT_EXPIRY_TIME_IN_SECS = 30L;
private static final Long SYS_MAX_EXPIRY_TIME_IN_SECS = 300L;
private ContentStoreDirectUrlConfig contentStoreDirectUrlConfig;
@Before
public void setup()
{
this.contentStoreDirectUrlConfig = new ContentStoreDirectUrlConfig();
setupSystemWideDirectAccessConfig();
}
@Test
public void testValidConfig_RemainsEnabled()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected content store direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertTrue("Expected REST API direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
}
@Test
public void testValidConfig_RemainsDisabled()
{
setupDirectAccessConfig(DISABLED, DEFAULT_EXPIRY_TIME_IN_SECS, MAX_EXPIRY_TIME_IN_SECS);
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeMissing_ValidReplacement()
{
Long maxExpiryTimeInSecs = SYS_DEFAULT_EXPIRY_TIME_IN_SECS + 1;
setupDirectAccessConfig(ENABLED, null, maxExpiryTimeInSecs);
verifyDirectAccessConfig(ENABLED, null, maxExpiryTimeInSecs);
contentStoreDirectUrlConfig.validate();
verifyDirectAccessConfig(ENABLED, SYS_DEFAULT_EXPIRY_TIME_IN_SECS, maxExpiryTimeInSecs);
}
@Test
public void testInvalidConfig_DefaultExpiryTimeMissing_ReplacementExceedsMax()
{
setupDirectAccessConfig(ENABLED, null, MAX_EXPIRY_TIME_IN_SECS);
verifyDirectAccessConfig(ENABLED, null, MAX_EXPIRY_TIME_IN_SECS);
contentStoreDirectUrlConfig.validate();
verifyDirectAccessConfig(DISABLED, SYS_DEFAULT_EXPIRY_TIME_IN_SECS, MAX_EXPIRY_TIME_IN_SECS);
}
@Test
public void testInvalidConfig_DefaultExpiryTimeZero()
{
setupDirectAccessConfig(ENABLED, 0L, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected content store direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeNegative()
{
setupDirectAccessConfig(ENABLED, -1L, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected content store direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeExceedsSystemMax()
{
Long defaultExpiryTimeInSecs = SYS_MAX_EXPIRY_TIME_IN_SECS + 1;
setupDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected content store direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeExceedsStoreMax_ValidReplacement()
{
Long maxExpiryTimeInSecs = SYS_DEFAULT_EXPIRY_TIME_IN_SECS + 1;
Long defaultExpiryTimeInSecs = maxExpiryTimeInSecs + 1;
setupDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, maxExpiryTimeInSecs);
verifyDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, maxExpiryTimeInSecs);
contentStoreDirectUrlConfig.validate();
verifyDirectAccessConfig(ENABLED, SYS_DEFAULT_EXPIRY_TIME_IN_SECS, maxExpiryTimeInSecs);
}
@Test
public void testInvalidConfig_DefaultExpiryTimeExceedsStoreMax_ReplacementExceedsStoreMax()
{
Long defaultExpiryTimeInSecs = MAX_EXPIRY_TIME_IN_SECS + 1;
setupDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, MAX_EXPIRY_TIME_IN_SECS);
verifyDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, MAX_EXPIRY_TIME_IN_SECS);
contentStoreDirectUrlConfig.validate();
verifyDirectAccessConfig(DISABLED, SYS_DEFAULT_EXPIRY_TIME_IN_SECS, MAX_EXPIRY_TIME_IN_SECS);
}
@Test
public void testInvalidConfig_DefaultExpiryTimeExceedsSystemDefault_ValidReplacement()
{
Long defaultExpiryTimeInSecs = SYS_DEFAULT_EXPIRY_TIME_IN_SECS + 1;
Long maxExpiryTimeInSecs = SYS_MAX_EXPIRY_TIME_IN_SECS;
setupDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, maxExpiryTimeInSecs);
verifyDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, maxExpiryTimeInSecs);
contentStoreDirectUrlConfig.validate();
verifyDirectAccessConfig(ENABLED, SYS_DEFAULT_EXPIRY_TIME_IN_SECS, maxExpiryTimeInSecs);
}
@Test
public void testInvalidConfig_DefaultExpiryTimeExceedsSystemDefault_ReplacementExceedsStoreMax()
{
Long defaultExpiryTimeInSecs = SYS_DEFAULT_EXPIRY_TIME_IN_SECS + 1;
setupDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, MAX_EXPIRY_TIME_IN_SECS);
verifyDirectAccessConfig(ENABLED, defaultExpiryTimeInSecs, MAX_EXPIRY_TIME_IN_SECS);
contentStoreDirectUrlConfig.validate();
verifyDirectAccessConfig(DISABLED, SYS_DEFAULT_EXPIRY_TIME_IN_SECS, MAX_EXPIRY_TIME_IN_SECS);
}
@Test
public void testInvalidConfig_MaxExpiryTimeZero()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, 0L);
assertTrue("Expected content store direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_MaxExpiryTimeNegative()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, -1L);
assertTrue("Expected content store direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_MaxExpiryTimeExceedsSystemMax()
{
Long maxExpiryTimeInSec = contentStoreDirectUrlConfig.getSysWideMaxExpiryTimeInSec() + 1;
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, maxExpiryTimeInSec);
assertTrue("Expected content store direct URLs to be enabled", contentStoreDirectUrlConfig.isEnabled());
contentStoreDirectUrlConfig.validate();
assertFalse("Expected content store direct URLs to be disabled", contentStoreDirectUrlConfig.isEnabled());
}
/* Helper method to set content store direct access url configuration settings */
private void setupDirectAccessConfig(Boolean isEnabled, Long defaultExpiryTime, Long maxExpiryTime)
{
contentStoreDirectUrlConfig.setEnabled(isEnabled);
contentStoreDirectUrlConfig.setDefaultExpiryTimeInSec(defaultExpiryTime);
contentStoreDirectUrlConfig.setMaxExpiryTimeInSec(maxExpiryTime);
}
/* Helper method to verify content store direct access url configuration settings */
private void verifyDirectAccessConfig(Boolean isEnabled, Long defaultExpiryTime, Long maxExpiryTime)
{
assertEquals("Expected content store direct URLs to be enabled = " + isEnabled, isEnabled, contentStoreDirectUrlConfig.isEnabled());
assertEquals("Expected default expiry time to match " + defaultExpiryTime, defaultExpiryTime, contentStoreDirectUrlConfig.getDefaultExpiryTimeInSec());
assertEquals("Expected maximum expiry time to match " + maxExpiryTime, maxExpiryTime, contentStoreDirectUrlConfig.getMaxExpiryTimeInSec());
}
/* Helper method to set system-wide direct access url configuration settings */
private void setupSystemWideDirectAccessConfig()
{
SystemWideDirectUrlConfig sysConfig = new SystemWideDirectUrlConfig();
sysConfig.setEnabled(ENABLED);
sysConfig.setDefaultExpiryTimeInSec(SYS_DEFAULT_EXPIRY_TIME_IN_SECS);
sysConfig.setMaxExpiryTimeInSec(SYS_MAX_EXPIRY_TIME_IN_SECS);
sysConfig.validate();
contentStoreDirectUrlConfig.setSystemWideDirectUrlConfig(sysConfig);
}
}

153
repository/src/test/java/org/alfresco/repo/content/directurl/SystemWideDirectUrlConfigUnitTest.java Normal file
View File

@@ -0,0 +1,153 @@
/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2021 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.content.directurl;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Before;
import org.junit.Test;
/**
* Tests for system-wide direct access URL configuration settings.
*
* @author Sara Aspery
*/
public class SystemWideDirectUrlConfigUnitTest
{
private static final Boolean ENABLED = Boolean.TRUE;
private static final Boolean DISABLED = Boolean.FALSE;
private static final Long DEFAULT_EXPIRY_TIME_IN_SECS = 30L;
private static final Long MAX_EXPIRY_TIME_IN_SECS = 300L;
private SystemWideDirectUrlConfig systemWideDirectUrlConfig;
@Before
public void setup()
{
this.systemWideDirectUrlConfig = new SystemWideDirectUrlConfig();
}
@Test
public void testValidConfig_RemainsEnabled()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testValidConfig_RemainsDisabled()
{
setupDirectAccessConfig(DISABLED, DEFAULT_EXPIRY_TIME_IN_SECS, MAX_EXPIRY_TIME_IN_SECS);
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeMissing()
{
setupDirectAccessConfig(ENABLED, null, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeZero()
{
setupDirectAccessConfig(ENABLED, 0L, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeNegative()
{
setupDirectAccessConfig(ENABLED, -1L, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_MaxExpiryTimeMissing()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, null);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_MaxExpiryTimeZero()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, 0L);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_MaxExpiryTimeNegative()
{
setupDirectAccessConfig(ENABLED, DEFAULT_EXPIRY_TIME_IN_SECS, -1L);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
@Test
public void testInvalidConfig_DefaultExpiryTimeExceedsMax()
{
setupDirectAccessConfig(ENABLED, MAX_EXPIRY_TIME_IN_SECS + 1, MAX_EXPIRY_TIME_IN_SECS);
assertTrue("Expected system-wide direct URLs to be enabled", systemWideDirectUrlConfig.isEnabled());
systemWideDirectUrlConfig.validate();
assertFalse("Expected system-wide direct URLs to be disabled", systemWideDirectUrlConfig.isEnabled());
}
/* Helper method to set system-wide direct access url configuration settings */
private void setupDirectAccessConfig(Boolean isEnabled, Long defaultExpiryTime, Long maxExpiryTime)
{
systemWideDirectUrlConfig.setEnabled(isEnabled);
systemWideDirectUrlConfig.setDefaultExpiryTimeInSec(defaultExpiryTime);
systemWideDirectUrlConfig.setMaxExpiryTimeInSec(maxExpiryTime);
}
}