Merged HEAD-BUG-FIX (4.3/Cloud) to HEAD (4.3/Cloud)

58310: Merge Dev to HEAD-BUG-FIX
     MNT-8647 : inconsistent ftp authentication chain behaviour


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@61955 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

config/alfresco/authentication-services-context.xml

@@ -128,28 +128,6 @@
 		</property>
 	</bean>
 
-	<bean id="FtpAuthenticator"
-		class="org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory">
-		<property name="applicationContextManager">
-			<ref bean="Authentication" />
-		</property>
-		<property name="sourceBeanName">
-			<value>ftpAuthenticator</value>
-		</property>
-		<property name="interfaces">
-			<list>
-				<value>org.alfresco.jlan.ftp.FTPAuthenticator</value>
-				<value>org.alfresco.repo.management.subsystems.ActivateableBean</value>
-			</list>
-		</property>
-		<!-- A generic fallback implementation, in case the chain doesn't provide 
-			one -->
-		<property name="defaultTarget">
-			<bean class="org.alfresco.filesys.auth.ftp.AlfrescoFtpAuthenticator"
-				parent="ftpAuthenticatorBase" />
-		</property>
-	</bean>
-
 	<!-- Passwords are encoded using MD4 -->
 	<!-- This is not ideal and only done to be compatible with NTLM -->
 	<!-- authentication against the default authentication mechanism. -->
@@ -230,6 +208,17 @@
 		</property>
 	</bean>
 
+    <!-- The chaining authentication component -->
+    <bean id="ftpAuthenticator"
+          class="org.alfresco.repo.security.authentication.subsystems.SubsystemChainingFtpAuthenticator">
+        <property name="applicationContextManager">
+            <ref bean="Authentication" />
+        </property>
+        <property name="sourceBeanName">
+            <value>ftpAuthenticator</value>
+        </property>
+    </bean>
+
 	<!-- Import the user registry synchronizer from the synchronization subsystem -->
 	<bean id="userRegistrySynchronizer"
 		class="org.alfresco.repo.management.subsystems.SubsystemProxyFactory">

config/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication-context.xml

@@ -164,4 +164,11 @@
 
    <alias alias="saltSource" name="authenticationDao" />
 
+   <!-- FTP authentication -->
+   <bean id="ftpAuthenticator" class="org.alfresco.filesys.auth.ftp.AlfrescoFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${alfresco.authentication.authenticateFTP}</value>
+      </property>
+   </bean>
+
 </beans>

config/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication.properties

@@ -1,3 +1,4 @@
 alfresco.authentication.allowGuestLogin=true
 alfresco.authentication.authenticateCIFS=true
-alfresco.authentication.sessionCleanup=true
+alfresco.authentication.sessionCleanup=true
+alfresco.authentication.authenticateFTP=true

config/alfresco/subsystems/Authentication/common-ldap-context.xml

@@ -431,7 +431,13 @@
         <property name="namespaceService">
             <ref bean="namespaceService"/>
         </property>
-        
+    </bean>
+
+    <!-- FTP authentication -->
+    <bean id="ftpAuthenticator" class="org.alfresco.filesys.auth.ftp.AlfrescoFtpAuthenticator" parent="ftpAuthenticatorBase">
+        <property name="active">
+            <value>${ldap.authentication.authenticateFTP}</value>
+        </property>
     </bean>
 
 </beans>

config/alfresco/subsystems/Authentication/kerberos/kerberos-authentication-context.xml

@@ -84,4 +84,11 @@
       </property>
    </bean>
 
+   <!-- FTP authentication -->
+   <bean id="ftpAuthenticator" class="org.alfresco.filesys.auth.ftp.AlfrescoFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${kerberos.authentication.authenticateFTP}</value>
+      </property>
+   </bean>
+
 </beans>

config/alfresco/subsystems/Authentication/kerberos/kerberos-authentication.properties

@@ -4,4 +4,5 @@ kerberos.authentication.defaultAdministratorUserNames=
 kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
 kerberos.authentication.cifs.password=secret
 kerberos.authentication.authenticateCIFS=true
-kerberos.authentication.stripUsernameSuffix=true
+kerberos.authentication.stripUsernameSuffix=true
+kerberos.authentication.authenticateFTP=true

config/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties

@@ -35,6 +35,9 @@ ldap.authentication.escapeCommasInUid=false
 # Comma separated list of user names who should be considered administrators by default
 ldap.authentication.defaultAdministratorUserNames=Administrator
 
+# Enable FTP authentication using LDAP
+ldap.authentication.authenticateFTP=true
+
 # This flag enables use of this LDAP subsystem for user and group
 # synchronization. It may be that this subsytem should only be used for 
 # authentication, in which case this flag should be set to false.

config/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties

@@ -41,6 +41,9 @@ ldap.authentication.escapeCommasInUid=false
 # Comma separated list of user names who should be considered administrators by default
 ldap.authentication.defaultAdministratorUserNames=
 
+# Enable FTP authentication using LDAP
+ldap.authentication.authenticateFTP=true
+
 # This flag enables use of this LDAP subsystem for user and group
 # synchronization. It may be that this subsytem should only be used for 
 # authentication, in which case this flag should be set to false.

config/alfresco/subsystems/fileServers/default/file-servers-context.xml

@@ -231,7 +231,7 @@
 
       <!-- FTP authentication -->
       <property name="authenticator">
-         <ref bean="FtpAuthenticator" />
+         <ref bean="ftpAuthenticator" />
       </property>
 
       <!-- FTP server debug settings -->

source/java/org/alfresco/repo/security/authentication/AbstractChainingFtpAuthenticator.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.alfresco.repo.security.authentication;
+
+import org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase;
+import org.alfresco.jlan.ftp.FTPSrvSession;
+import org.alfresco.jlan.server.auth.ClientInfo;
+
+import java.util.List;
+
+/**
+ * Base chaining FTP Authenticator class. Where appropriate, methods will 'chain' across multiple
+ * {@link #FTPAuthenticatorBase} instances, as returned by {@link #getUsableFtpAuthenticators()}.
+ *
+ * @author alex.mukha
+ * @since 4.2.1
+ */
+public abstract class AbstractChainingFtpAuthenticator extends FTPAuthenticatorBase
+{
+    @Override
+    public boolean authenticateUser(ClientInfo info, FTPSrvSession sess)
+    {
+        for (FTPAuthenticatorBase authenticator : getUsableFtpAuthenticators())
+        {
+            if (authenticator.authenticateUser(info, sess))
+                return true;
+        }
+        // authentication failed in all of the authenticators
+        return false;
+    }
+
+    /**
+     * Gets the FTP authenticators across which methods will chain.
+     *
+     * @return the usable FTP authenticators
+     */
+    protected abstract List<FTPAuthenticatorBase> getUsableFtpAuthenticators();
+}

source/java/org/alfresco/repo/security/authentication/subsystems/SubsystemChainingFtpAuthenticator.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.alfresco.repo.security.authentication.subsystems;
+
+import org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase;
+import org.alfresco.repo.management.subsystems.ActivateableBean;
+import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
+import org.alfresco.repo.security.authentication.AbstractChainingFtpAuthenticator;
+import org.springframework.context.ApplicationContext;
+
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * This class wires up all the active {@link #FTPAuthenticatorBase} beans in a chain.
+ *
+ * @author alex.mukha
+ * @since 4.2.1
+ */
+public class SubsystemChainingFtpAuthenticator extends AbstractChainingFtpAuthenticator
+{
+    private ChildApplicationContextManager applicationContextManager;
+    private String sourceBeanName;
+
+    /**
+     * IOC
+     * @param applicationContextManager the applicationContextManager to set
+     */
+    public void setApplicationContextManager(ChildApplicationContextManager applicationContextManager)
+    {
+        this.applicationContextManager = applicationContextManager;
+    }
+
+    /**
+     * Sets the name of the bean to look up in the child application contexts.
+     *
+     * @param sourceBeanName the bean name
+     */
+    public void setSourceBeanName(String sourceBeanName)
+    {
+        this.sourceBeanName = sourceBeanName;
+    }
+
+    @Override
+    protected List<FTPAuthenticatorBase> getUsableFtpAuthenticators()
+    {
+        List<FTPAuthenticatorBase> result = new LinkedList<>();
+        for (String instance : this.applicationContextManager.getInstanceIds())
+        {
+            try
+            {
+                ApplicationContext context = this.applicationContextManager.getApplicationContext(instance);
+                FTPAuthenticatorBase authenticator = (FTPAuthenticatorBase) context.getBean(sourceBeanName);
+                // Only add active authenticators. E.g. we might have an passthru FTP authenticator that is disabled.
+                if (!(authenticator instanceof ActivateableBean)
+                        || ((ActivateableBean) authenticator).isActive())
+                {
+                    result.add(authenticator);
+                }
+            }
+            catch (RuntimeException e)
+            {
+                // The bean doesn't exist or this subsystem won't start. The reason would have been logged. Ignore and continue.
+            }
+        }
+        return result;
+    }
+}

source/test-java/org/alfresco/filesys/auth/ftp/TestFtpAuthenticator.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.alfresco.filesys.auth.ftp;
+
+import org.alfresco.jlan.ftp.FTPSrvSession;
+import org.alfresco.jlan.server.auth.ClientInfo;
+
+/**
+ * Test FTP Authenticator class. Will be created as several beans in test auth context.
+ * Will authenticate the user as the flag {@link TestFtpAuthenticator#authenticateAs} is set, default is true.
+ *
+ * @author alex.mukha
+ * @since 4.2.1
+ */
+public class TestFtpAuthenticator extends FTPAuthenticatorBase
+{
+    public boolean authenticateAs = true;
+
+    public void setAuthenticateAs (boolean authenticateAs)
+    {
+        this.authenticateAs = authenticateAs;
+    }
+
+    @Override
+    public boolean authenticateUser (ClientInfo info, FTPSrvSession sess)
+    {
+        return authenticateAs;
+    }
+}

source/test-java/org/alfresco/repo/security/authentication/subsystems/SubsystemChainingFtpAuthenticatorTest.java

@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2005-2013 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.alfresco.repo.security.authentication.subsystems;
+
+import org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase;
+import org.alfresco.jlan.ftp.FTPSrvSession;
+import org.alfresco.jlan.server.auth.ClientInfo;
+import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
+import org.alfresco.util.ApplicationContextHelper;
+import org.alfresco.util.BaseSpringTest;
+import org.mockito.Mock;
+
+import java.util.List;
+
+/**
+ * Test class with test spring contexts for auth subsystems.
+ *
+ * @author alex.mukha
+ * @since 4.2.1
+ */
+public class SubsystemChainingFtpAuthenticatorTest extends BaseSpringTest
+{
+    private static String SOURCE_BEAN_NAME = "testFtpAuthenticator";
+
+    private SubsystemChainingFtpAuthenticator chainingAuthenticator;
+
+    private @Mock ClientInfo info;
+    private @Mock FTPSrvSession session;
+
+    @Override
+    protected String[] getConfigLocations()
+    {
+        return new String[]
+        {
+            ApplicationContextHelper.CONFIG_LOCATIONS[0], "classpath:test-ftp-auth-context.xml"
+        };
+    }
+
+    public void testNumberOfAuthenticatorsInChain()
+    {
+        // The contexts are configured for 3 subsystems:
+        // 1) authType1 - ftp auth disabled, the user is always NOT authenticated as that bean is switched off
+        // 2) authType2 - ftp auth enabled, the user is always NOT authenticated
+        // 3) authType3 - ftp auth enabled, the user is always authenticated
+
+        setContextForSubsystem("testFtpAuthentication");
+        
+        List<FTPAuthenticatorBase> authenticators = chainingAuthenticator.getUsableFtpAuthenticators();
+        assertTrue("The context configuration was created for 3 test FTP authenticators with 1 disabled.", authenticators.size() == 2);
+        
+        // The contexts are configured for 2 subsystems:
+        // 1) authType1 - ftp auth disabled, the user is always NOT authenticated as that bean is switched off
+        // 2) authType2 - ftp auth disabled, the user is always NOT authenticated as that bean is switched off
+
+        setContextForSubsystem("testFtpAuthenticationAllDisabled"); 
+        
+        authenticators = chainingAuthenticator.getUsableFtpAuthenticators();
+        assertTrue("The context configuration was created for 2 test FTP authenticators - all disabled.", authenticators.isEmpty());
+    }
+
+    /**
+     * As the context is configured to fail on first two subsystems, the third should be used
+     */
+    public void testAuthenticatorChain()
+    {
+        // The contexts are configured for 3 subsystems:
+        // 1) authType1 - ftp auth disabled, the user is always NOT authenticated as that bean is switched off
+        // 2) authType2 - ftp auth enabled, the user is always NOT authenticated
+        // 3) authType3 - ftp auth enabled, the user is always authenticated
+        setContextForSubsystem("testFtpAuthentication");
+
+        // The last in the chain should work
+        assertTrue("The user should be authenticated", chainingAuthenticator.authenticateUser(info, session));
+        
+        // The contexts are configured for 2 subsystems:
+        // 1) authType1 - ftp auth enabled, the user is always NOT authenticated
+        // 2) authType2 - ftp auth enabled, the user is always NOT authenticated
+
+        setContextForSubsystem("testFtpAuthenticationAllFailing"); 
+        
+        // All of them should fail
+        assertFalse("The user should be authenticated", chainingAuthenticator.authenticateUser(info, session));
+    }
+    
+    @SuppressWarnings("deprecation")
+    private void setContextForSubsystem(String beanName)
+    {
+        chainingAuthenticator = new SubsystemChainingFtpAuthenticator();
+        ChildApplicationContextManager applicationContextManager = (ChildApplicationContextManager) getApplicationContext().getBean(beanName); 
+        chainingAuthenticator.setApplicationContextManager(applicationContextManager);
+        chainingAuthenticator.setSourceBeanName(SOURCE_BEAN_NAME);
+    }
+}

source/test-resources/alfresco/subsystems/testFtpAuthentication/authType1/authType1-context.xml

@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+        <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+
+   <!-- Test FTP authentication -->
+   <bean id="testFtpAuthenticator" class="org.alfresco.filesys.auth.ftp.TestFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${authType1.testAuthentication.authenticateFTP}</value>
+      </property>
+      <property name="authenticateAs">
+         <value>false</value>
+      </property>
+   </bean>
+</beans>

source/test-resources/alfresco/subsystems/testFtpAuthentication/authType1/authType1.properties

@@ -0,0 +1 @@
+authType1.testAuthentication.authenticateFTP=false

source/test-resources/alfresco/subsystems/testFtpAuthentication/authType2/authType2-context.xml

@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+
+   <!-- Test FTP authentication -->
+   <bean id="testFtpAuthenticator" class="org.alfresco.filesys.auth.ftp.TestFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${authType2.testAuthentication.authenticateFTP}</value>
+      </property>
+      <property name="authenticateAs">
+         <value>false</value>
+      </property>
+   </bean>
+</beans>

source/test-resources/alfresco/subsystems/testFtpAuthentication/authType2/authType2.properties

@@ -0,0 +1 @@
+authType2.testAuthentication.authenticateFTP=true

source/test-resources/alfresco/subsystems/testFtpAuthentication/authType3/authType3-context.xml

@@ -0,0 +1,13 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+   <!-- Test FTP authentication -->
+   <bean id="testFtpAuthenticator" class="org.alfresco.filesys.auth.ftp.TestFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${authType3.testAuthentication.authenticateFTP}</value>
+      </property>
+      <property name="authenticateAs">
+         <value>true</value>
+      </property>
+   </bean>
+</beans>

source/test-resources/alfresco/subsystems/testFtpAuthentication/authType3/authType3.properties

@@ -0,0 +1 @@
+authType3.testAuthentication.authenticateFTP=true

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllDisabled/authType1/authType1-context.xml

@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+
+   <!-- Test FTP authentication -->
+   <bean id="testFtpAuthenticator" class="org.alfresco.filesys.auth.ftp.TestFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${authType1.testAuthentication.authenticateFTP}</value>
+      </property>
+      <property name="authenticateAs">
+         <value>true</value>
+      </property>
+   </bean>
+</beans>

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllDisabled/authType1/authType1.properties

@@ -0,0 +1 @@
+authType1.testAuthentication.authenticateFTP=false

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllDisabled/authType2/authType2-context.xml

@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+
+   <!-- Test FTP authentication -->
+   <bean id="testFtpAuthenticator" class="org.alfresco.filesys.auth.ftp.TestFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${authType2.testAuthentication.authenticateFTP}</value>
+      </property>
+      <property name="authenticateAs">
+         <value>true</value>
+      </property>
+   </bean>
+</beans>

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllDisabled/authType2/authType2.properties

@@ -0,0 +1 @@
+authType2.testAuthentication.authenticateFTP=false

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllFailing/authType1/authType1-context.xml

@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+
+   <!-- Test FTP authentication -->
+   <bean id="testFtpAuthenticator" class="org.alfresco.filesys.auth.ftp.TestFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${authType1.testAuthentication.authenticateFTP}</value>
+      </property>
+      <property name="authenticateAs">
+         <value>false</value>
+      </property>
+   </bean>
+</beans>

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllFailing/authType1/authType1.properties

@@ -0,0 +1 @@
+authType1.testAuthentication.authenticateFTP=true

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllFailing/authType2/authType2-context.xml

@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+
+   <!-- Test FTP authentication -->
+   <bean id="testFtpAuthenticator" class="org.alfresco.filesys.auth.ftp.TestFtpAuthenticator" parent="ftpAuthenticatorBase">
+      <property name="active">
+         <value>${authType2.testAuthentication.authenticateFTP}</value>
+      </property>
+      <property name="authenticateAs">
+         <value>false</value>
+      </property>
+   </bean>
+</beans>

source/test-resources/alfresco/subsystems/testFtpAuthenticationAllFailing/authType2/authType2.properties

@@ -0,0 +1 @@
+authType2.testAuthentication.authenticateFTP=true

source/test-resources/test-ftp-auth-context.xml

@@ -0,0 +1,30 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<beans>
+
+    <!-- Authentication chains for FTP testing -->
+    
+    <bean id="testFtpAuthentication"
+          class="org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager"
+          parent="abstractPropertyBackedBean">
+        <property name="defaultChain">
+            <value>type1:authType1,type2:authType2,type3:authType3</value>
+        </property>
+    </bean>
+    
+    <bean id="testFtpAuthenticationAllDisabled"
+          class="org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager"
+          parent="abstractPropertyBackedBean">
+        <property name="defaultChain">
+            <value>type1:authType1,type2:authType2</value>
+        </property>
+    </bean>
+    
+    <bean id="testFtpAuthenticationAllFailing"
+          class="org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager"
+          parent="abstractPropertyBackedBean">
+        <property name="defaultChain">
+            <value>type1:authType1,type2:authType2</value>
+        </property>
+    </bean>
+</beans>