REPO-3263 Remove passthru (#270)

2025-07-31 17:39:05 +00:00 · 2018-11-07 15:37:15 +00:00
parent ea970794f5
commit ee2299c7bb
38 changed files with 89 additions and 4329 deletions
--- a/docs/file-protocols/ftp-protocol/resource/class/ftp-class-diagram.png
+++ b/docs/file-protocols/ftp-protocol/resource/class/ftp-class-diagram.png
--- a/docs/file-protocols/ftp-protocol/resource/class/ftp-class-diagram.puml
+++ b/docs/file-protocols/ftp-protocol/resource/class/ftp-class-diagram.puml
@@ -41,7 +41,6 @@ class org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase {
 #  getAuthenticationComponent()  :  AuthenticationComponent
 #  getAuthenticationService()  :  AuthenticationService
 #  getAuthorityService()  :  AuthorityService
 #  getNTLMAuthenticator()  :  NLTMAuthenticator
 #  getTransactionService()  :  TransactionService
 +  authenticateUser(c ClientInfo, c FTPSrvSession)  : boolean
 +  closeAuthenticator()  : void
@@ -56,29 +55,6 @@ class org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase {
 +  setConfig(i ServerConfigurationAccessor)  : void
 +  setTransactionService(i TransactionService)  : void
 }
 class org.alfresco.filesys.auth.ftp.PassthruFtpAuthenticator {
 +  DefaultSessionTmo : int
 +  MaxCheckInterval : int
 +  MaxSessionTmo : int
 +  MinCheckInterval : int
 +  MinSessionTmo : int
 +  PassthruKeepAliveInterval : long
 -  m_localPassThruServers : boolean
 -  m_passthruServers : c PassthruServers
 -  m_passwordEncryptor : c PasswordEncryptor
 --
 +   PassthruFtpAuthenticator() 
 #  doGuestLogon(c AlfrescoClientInfo, c SrvSession)  : void
 #  getSecurityConfig()  :  SecurityConfigSection
 #  mapClientAddressToDomain(c InetAddress)  :  String
 +  authenticateUser(c ClientInfo, c FTPSrvSession)  : boolean
 +  closeAuthenticator()  : void
 +  initialize()  : void
 +  initialize(c ServerConfiguration, i ConfigElement)  : void
 +  setPassthruServers(c PassthruServers)  : void
 -  doPassthruUserAuthentication(c ClientInfo, c SrvSession)  : boolean
 }
 class org.alfresco.filesys.auth.ftp.AlfrescoFtpAuthenticator {
 #  m_encryptor : c PasswordEncryptor
@@ -99,11 +75,8 @@ org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase "1"  o-left-  "1" org.apache.
 org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase "1"  o-left-  "1" org.alfresco.jlan.server.config.ServerConfigurationAccessor  : serverConfiguration: i ServerConfigurationAccessor
 org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase "1"  o-left-  "1" org.alfresco.repo.security.authentication.AuthenticationComponent  : authenticationComponent: i AuthenticationComponent
 org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase "1"  o-left-  "1" org.alfresco.service.cmr.security.AuthorityService  : authorityService: i AuthorityService
 org.alfresco.filesys.auth.ftp.PassthruFtpAuthenticator "1"  o-left-  "1" org.alfresco.jlan.server.auth.PasswordEncryptor  : m_passwordEncryptor: c PasswordEncryptor
 org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase "1"  o-left-  "1" org.alfresco.service.cmr.security.AuthenticationService  : authenticationService: i AuthenticationService
 org.alfresco.filesys.auth.ftp.PassthruFtpAuthenticator "1"  o-left-  "1" org.alfresco.jlan.server.auth.passthru.PassthruServers  : m_passthruServers: c PassthruServers
 org.alfresco.filesys.auth.ftp.AlfrescoFtpAuthenticator  -up|>  org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase
 org.alfresco.filesys.auth.ftp.PassthruFtpAuthenticator  -up|>  org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase
 org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase  ..up|>  org.alfresco.jlan.ftp.FTPAuthenticator
 org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase  ..up|>  org.alfresco.repo.management.subsystems.ActivateableBean
 org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase  ..up|>  org.springframework.beans.factory.DisposableBean
--- a/docs/file-protocols/webdav-protocol/resource/class/webdav-class-diagram.png
+++ b/docs/file-protocols/webdav-protocol/resource/class/webdav-class-diagram.png
--- a/docs/file-protocols/webdav-protocol/resource/class/webdav-class-diagram.puml
+++ b/docs/file-protocols/webdav-protocol/resource/class/webdav-class-diagram.puml
@@ -185,14 +185,6 @@ class javax.servlet.ServletInputStream {
 #   ServletInputStream() 
 +  readLine(class [B, int, int)  : int
 }
 class org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter {
 -  logger : i Log
 --
 +   NTLMAuthenticationFilter() 
 #  getLogger()  :  Log
 #  onValidateFailed(i ServletContext, i HttpServletRequest, i HttpServletResponse, i HttpSession, i WebCredentials)  : void
 }
 class org.alfresco.repo.webdav.DeleteMethod {
 -  activityPoster : i WebDAVActivityPoster
@@ -682,39 +674,6 @@ class org.alfresco.repo.webdav.WebDAVMethod$Condition {
 +  getLockTokensMatch()  :  LinkedList
 +  getLockTokensNotMatch()  :  LinkedList
 }
 class org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter {
 #  AUTHORIZATION : c String
 #  AUTH_NTLM : c String
 #  WWW_AUTHENTICATE : c String
 +  NTLM_AUTH_DETAILS : c String
 +  NTLM_AUTH_SESSION : c String
 -  NTLM_FLAGS_NTLM1 : int
 -  NTLM_FLAGS_NTLM2 : int
 -  m_allowGuest : boolean
 -  m_disableNTLMv2 : boolean
 -  m_encryptor : c PasswordEncryptor
 -  m_mapUnknownUserToGuest : boolean
 -  m_md4Encoder : i MD4PasswordEncoder
 -  m_ntlmFlags : int
 -  m_random : c Random
 -  nltmAuthenticator : i NLTMAuthenticator
 --
 +   BaseNTLMAuthenticationFilter() 
 #  checkNTLMv1(c String, class [B, c Type3NTLMMessage, boolean)  : boolean
 #  checkNTLMv2(c String, class [B, c Type3NTLMMessage)  : boolean
 #  checkNTLMv2SessionKey(c String, class [B, c Type3NTLMMessage)  : boolean
 #  disableNTLMv2()  : void
 #  getMD4Hash(c String)  :  String
 #  init()  : void
 #  processType1(c Type1NTLMMessage, i HttpServletRequest, i HttpServletResponse)  : void
 #  processType3(c Type3NTLMMessage, i ServletContext, i HttpServletRequest, i HttpServletResponse)  : boolean
 #  validateLocalHashedPassword(c Type3NTLMMessage, c NTLMLogonDetails, boolean, c String)  : boolean
 +  authenticateRequest(i ServletContext, i HttpServletRequest, i HttpServletResponse)  : boolean
 +  restartLoginChallenge(i ServletContext, i HttpServletRequest, i HttpServletResponse)  : void
 +  setMapUnknownUserToGuest(boolean)  : void
 -  clearSession(i HttpSession)  : void
 }
 interface org.alfresco.repo.webdav.WebDAVActivityPoster {
 --
@@ -1460,11 +1419,9 @@ org.alfresco.repo.webdav.ActivityPosterImpl "1"  o-left-  "1" org.apache.commons
 org.alfresco.repo.webdav.ExceptionHandler "1"  o-left-  "1" javax.servlet.http.HttpServletResponse  : response: i HttpServletResponse
 org.alfresco.repo.webdav.PropPatchMethod$PropertyAction "1"  o-left-  "1" org.alfresco.repo.webdav.WebDAVProperty  : property: c WebDAVProperty
 org.alfresco.repo.webdav.auth.HTTPRequestAuthenticationFilter "1"  o-left-  "1" java.util.regex.Pattern  : m_authPattern: c Pattern
 org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter "1"  o-left-  "1" org.alfresco.repo.security.authentication.MD4PasswordEncoder  : m_md4Encoder: i MD4PasswordEncoder
 org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter "1"  o-left-  "1" javax.security.auth.login.LoginContext  : m_loginContext: c LoginContext
 org.alfresco.repo.webdav.PropPatchMethod$PropertyAction "1"  o-left-  "1" org.alfresco.repo.webdav.PropPatchMethod  : this$0: c PropPatchMethod
 org.alfresco.repo.webdav.WebDAVLockServiceImpl "1"  o-left-  "1" org.alfresco.service.transaction.TransactionService  : transactionService: i TransactionService
 org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter "1"  o-left-  "1" org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator  : nltmAuthenticator: i NLTMAuthenticator
 org.alfresco.repo.webdav.PropPatchMethod "1"  o-left-  "*" org.alfresco.repo.webdav.PropPatchMethod$PropertyAction  : m_propertyActions:  ArrayList< PropPatchMethod$PropertyAction>
 org.alfresco.repo.webdav.LockMethod "1"  o-left-  "1" java.util.Timer  : timer: c Timer
 org.alfresco.repo.webdav.WebDavServiceImpl "1"  o-left-  "1" org.alfresco.service.cmr.repository.NodeService  : nodeService: i NodeService
@@ -1533,13 +1490,11 @@ org.alfresco.repo.webdav.WebDAVHelper "1"  o-left-  "1" org.alfresco.repo.tenant
 org.alfresco.repo.webdav.WebDAVServlet "1"  o-left-  "1" org.alfresco.service.transaction.TransactionService  : transactionService: i TransactionService
 org.alfresco.repo.webdav.auth.HTTPRequestAuthenticationFilterTestFilter$Handler "1"  o-left-  "1" javax.servlet.http.HttpServletRequest  : httpReq: i HttpServletRequest
 org.alfresco.repo.webdav.auth.SSOFallbackBasicAuthenticationDriver "1"  o-left-  "1" org.alfresco.service.cmr.repository.NodeService  : nodeService: i NodeService
 org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter "1"  o-left-  "1" org.apache.commons.logging.Log  : logger: i Log
 org.alfresco.repo.webdav.WebDAVLockServiceImpl "1"  o-left-  "1" org.apache.commons.logging.Log  : logger: i Log
 org.alfresco.repo.webdav.WebDAVHelper "1"  o-left-  "1" org.alfresco.service.ServiceRegistry  : m_serviceRegistry: i ServiceRegistry
 org.alfresco.repo.webdav.WebDAVMethod "1"  o-left-  "1" org.apache.commons.logging.Log  : logger: i Log
 org.alfresco.repo.webdav.MTNodesCache2 "1"  o-left-  "1" org.alfresco.service.cmr.repository.NodeService  : nodeService: i NodeService
 javax.servlet.http.HttpServlet "1"  o-left-  "1" java.util.ResourceBundle  : lStrings: c ResourceBundle
 org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter "1"  o-left-  "1" org.alfresco.jlan.server.auth.PasswordEncryptor  : m_encryptor: c PasswordEncryptor
 org.alfresco.repo.webdav.auth.BaseAuthenticationFilter "1"  o-left-  "1" org.alfresco.service.transaction.TransactionService  : transactionService: i TransactionService
 org.alfresco.repo.webdav.WebDAVMethod "1"  o-left-  "*" org.alfresco.service.cmr.repository.NodeRef  : m_childToParent:  Map< NodeRef, NodeRef>
 org.alfresco.repo.webdav.WebDAVServlet "1"  o-left-  "1" org.alfresco.service.cmr.repository.NodeRef  : defaultRootNode: c NodeRef
@@ -1548,7 +1503,6 @@ org.alfresco.repo.webdav.WebDavServiceImpl "1"  o-left-  "1" org.alfresco.servic
 org.alfresco.repo.webdav.WebDAVLockServiceImpl "1"  o-left-  "1" org.alfresco.service.cmr.coci.CheckOutCheckInService  : checkOutCheckInService: i CheckOutCheckInService
 org.springframework.extensions.surf.util.AbstractLifecycleBean "1"  o-left-  "1" org.springframework.context.ApplicationContext  : applicationContext: i ApplicationContext
 org.alfresco.repo.webdav.auth.HTTPRequestAuthenticationFilter "1"  o-left-  "1" org.alfresco.repo.security.authentication.AuthenticationComponent  : m_authComponent: i AuthenticationComponent
 org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter "1"  o-left-  "1" java.util.Random  : m_random: c Random
 org.alfresco.repo.webdav.ExceptionHandler "1"  o-left-  "1" org.apache.commons.logging.Log  : logger: i Log
 org.alfresco.repo.webdav.WebDAVServlet "1"  o-left-  "1" org.apache.commons.logging.Log  : logger: i Log
 org.alfresco.repo.webdav.WebDAVMethod "1"  o-left-  "1" javax.servlet.http.HttpServletRequest  : m_request: i HttpServletRequest
@@ -1583,12 +1537,10 @@ org.alfresco.repo.webdav.MoveMethod  -up|>  org.alfresco.repo.webdav.Hierarchica
 org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter  -up|>  org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter
 org.alfresco.repo.webdav.WebDavBootstrap  -up|>  org.springframework.extensions.surf.util.AbstractLifecycleBean
 org.alfresco.repo.webdav.PostMethod  -up|>  org.alfresco.repo.webdav.PutMethod
 org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter  -up|>  org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter
 org.alfresco.repo.webdav.DeleteMethod  -up|>  org.alfresco.repo.webdav.WebDAVMethod
 org.alfresco.repo.webdav.PropPatchMethod  -up|>  org.alfresco.repo.webdav.PropFindMethod
 org.alfresco.repo.webdav.CopyMethod  -up|>  org.alfresco.repo.webdav.MoveMethod
 org.alfresco.repo.webdav.auth.HTTPRequestAuthenticationFilter  -up|>  org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
 org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter  -up|>  org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
 org.alfresco.repo.webdav.LockMethod  -up|>  org.alfresco.repo.webdav.WebDAVMethod
 org.alfresco.repo.webdav.auth.AuthenticationFilter  -up|>  org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
 org.alfresco.repo.webdav.UnlockMethod  -up|>  org.alfresco.repo.webdav.WebDAVMethod
--- a/docs/identity-provider/authentication/README.md
+++ b/docs/identity-provider/authentication/README.md
@@ -16,7 +16,6 @@ Alfresco provides a default Authentication implementation that uses userid's and
 to integrate with a number of external Authentication providers including
 * Active Directory
 * Kerberos
 * NTLM
 * LDAP
 ***
@@ -40,8 +39,6 @@ to integrate with a number of external Authentication providers including
 * [JAAS](http://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html)
 * [Kerberos](https://msdn.microsoft.com/en-us/library/bb742516.aspx)
 * [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)
 * [NTLM](https://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx)
 ***
 ### Design
@@ -56,7 +53,7 @@ are stored in the Alfresco repository.
 #### Chaining
 Most production systems that use Alfresco will rely upon more secure approaches, so Alfresco also allows the
-customer to integrate a choice of existing authentication providers, including *Active Directory*, *Kerberos*, *LDAP* and *NTLM*.  
+customer to integrate a choice of existing authentication providers, including *Active Directory*, *Kerberos* and *LDAP*.  
 The implementation of each such Authorization provider is delivered as a separate Alfresco Subsystem.  
 The Subsystems are chained together as an ordered list of providers each of which, in turn, will be given
@@ -86,9 +83,6 @@ depicted in [Client Login](../../../share/share-app/resource/sequence/client-log
 ##### Kerberos Authentication Login Flow
 ![Note](https://img.shields.io/badge/Editor-TODO-yellow.svg?&style=flat-square?colorB=2196f3&style=flat-square)
 ##### NTLM Authentication Login Flow
 ![Note](https://img.shields.io/badge/Editor-TODO-yellow.svg?&style=flat-square?colorB=2196f3&style=flat-square)
 #### Class Diagram
 ![Authentication](../resource/class/org.alfresco.service.cmr.security.class.png)
--- a/l10n.properties
+++ b/l10n.properties
@@ -3,5 +3,5 @@
 MESSAGE_SEARCH_PATH="src/main/resources/alfresco/messages/action-config*.properties src/main/resources/alfresco/messages/action-service*.properties src/main/resources/alfresco/messages/activiti-engine-messages*.properties src/main/resources/alfresco/messages/activities-service*.properties src/main/resources/alfresco/messages/activity-list*.properties src/main/resources/alfresco/messages/application-model*.properties src/main/resources/alfresco/messages/authentication*.properties src/main/resources/alfresco/messages/bootstrap-content-template-examples*.properties src/main/resources/alfresco/messages/bootstrap-example-javascripts*.properties src/main/resources/alfresco/messages/bootstrap-example-smartfoldertemplates*.properties src/main/resources/alfresco/messages/bootstrap-imapScripts*.properties src/main/resources/alfresco/messages/bootstrap-javascripts*.properties src/main/resources/alfresco/messages/bootstrap-messages*.properties src/main/resources/alfresco/messages/bootstrap-readme-template*.properties src/main/resources/alfresco/messages/bootstrap-spaces*.properties src/main/resources/alfresco/messages/bootstrap-templates*.properties src/main/resources/alfresco/messages/bootstrap-tutorial*.properties src/main/resources/alfresco/messages/bootstrap-webScripts*.properties src/main/resources/alfresco/messages/bootstrap-webScriptsExtensions*.properties src/main/resources/alfresco/messages/bpm-messages*.properties src/main/resources/alfresco/messages/categories*.properties src/main/resources/alfresco/messages/coci-service*.properties src/main/resources/alfresco/messages/content-filter-languages*.properties src/main/resources/alfresco/messages/content-model*.properties src/main/resources/alfresco/messages/copy-service*.properties src/main/resources/alfresco/messages/custommodel-service*.properties src/main/resources/alfresco/messages/discussion-messages*.properties src/main/resources/alfresco/messages/distributionpolicies-model*.properties src/main/resources/alfresco/messages/doclink-service*.properties src/main/resources/alfresco/messages/download-model*.properties src/main/resources/alfresco/messages/email-server-model*.properties src/main/resources/alfresco/messages/email-service*.properties src/main/resources/alfresco/messages/file-folder-service*.properties src/main/resources/alfresco/messages/form-service*.properties src/main/resources/alfresco/messages/forum-model*.properties src/main/resources/alfresco/messages/imap-service*.properties src/main/resources/alfresco/messages/initiate-inplace*.properties src/main/resources/alfresco/messages/invitation-service*.properties src/main/resources/alfresco/messages/lock-service*.properties src/main/resources/alfresco/messages/notification-service*.properties src/main/resources/alfresco/messages/period-provider*.properties src/main/resources/alfresco/messages/permissions-service*.properties src/main/resources/alfresco/messages/quickshare-service*.properties src/main/resources/alfresco/messages/rendition-config*.properties src/main/resources/alfresco/messages/replication*.properties src/main/resources/alfresco/messages/repoadmin-service*.properties src/main/resources/alfresco/messages/reset-password-messages*.properties src/main/resources/alfresco/messages/rule-config*.properties src/main/resources/alfresco/messages/site-model*.properties src/main/resources/alfresco/messages/site-service*.properties src/main/resources/alfresco/messages/slingshot*.properties src/main/resources/alfresco/messages/smartfolder-model*.properties src/main/resources/alfresco/messages/subscription-service*.properties src/main/resources/alfresco/messages/system-messages*.properties src/main/resources/alfresco/messages/system-model*.properties src/main/resources/alfresco/messages/template-service*.properties src/main/resources/alfresco/messages/templates-messages*.properties src/main/resources/alfresco/messages/transfer-model*.properties src/main/resources/alfresco/messages/transfer-service*.properties src/main/resources/alfresco/messages/ui-inplace*.properties src/main/resources/alfresco/messages/webdav-messages*.properties src/main/resources/alfresco/messages/workflow-package-messages*.properties src/main/resources/alfresco/workflow/invitation-moderated-workflow-messages*.properties src/main/resources/alfresco/workflow/invitation-nominated-workflow-messages*.properties src/main/resources/alfresco/workflow/workflow-messages*.properties"
-EXCLUDED_FILES="src/main/resources/alfresco/messages/content-service.properties src/main/resources/alfresco/messages/module-messages.properties src/main/resources/alfresco/messages/patch-service.properties src/main/resources/alfresco/messages/repoadmin-interpreter-help.properties src/main/resources/alfresco/messages/schema-update.properties src/main/resources/alfresco/messages/tenant-interpreter-help.properties src/main/resources/alfresco/messages/version-service.properties src/main/resources/alfresco/messages/workflow-interpreter-help.properties src/main/resources/alfresco/alfresco-shared.properties src/main/resources/alfresco/caches.properties src/main/resources/alfresco/repository.properties src/main/resources/alfresco/client/config/repo-clients-apps.properties src/main/resources/alfresco/domain/cache-strategies.properties src/main/resources/alfresco/domain/hibernate-cfg.properties src/main/resources/alfresco/domain/quartz.properties src/main/resources/alfresco/domain/transaction.properties src/main/resources/alfresco/keystore/keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-truststore-passwords.properties src/main/resources/alfresco/metadata/DWGMetadataExtracter.properties src/main/resources/alfresco/metadata/HtmlMetadataExtracter.properties src/main/resources/alfresco/metadata/MailMetadataExtracter.properties src/main/resources/alfresco/metadata/MP3MetadataExtracter.properties src/main/resources/alfresco/metadata/OfficeMetadataExtracter.properties src/main/resources/alfresco/metadata/PdfBoxMetadataExtracter.properties src/main/resources/alfresco/metadata/PoiMetadataExtracter.properties src/main/resources/alfresco/metadata/RFC822MetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAudioMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAutoMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaSpringConfiguredMetadataExtracter.properties src/main/resources/alfresco/subsystems/ActivitiesFeed/default/activities-jobs.properties src/main/resources/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication.properties src/main/resources/alfresco/subsystems/Authentication/external/external-authentication.properties src/main/resources/alfresco/subsystems/Authentication/kerberos/kerberos-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties src/main/resources/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties src/main/resources/alfresco/subsystems/email/InboundSMTP/inboundSMTP.properties src/main/resources/alfresco/subsystems/email/OutboundSMTP/outboundSMTP.properties src/main/resources/alfresco/subsystems/fileServers/default/file-servers.properties src/main/resources/alfresco/subsystems/imap/default/imap-server.properties src/main/resources/alfresco/subsystems/Replication/default/replication.properties src/main/resources/alfresco/subsystems/Search/noindex/common-search.properties src/main/resources/alfresco/subsystems/Search/noindex/noindex-search.properties src/main/resources/alfresco/subsystems/Search/solr/common-search.properties src/main/resources/alfresco/subsystems/Search/solr/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr/facet/solr-facets-config.properties src/main/resources/alfresco/subsystems/Search/solr4/common-search.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr6/common-search.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-search.properties src/main/resources/alfresco/subsystems/Subscriptions/default/subscription-service.properties src/main/resources/alfresco/subsystems/Synchronization/default/default-synchronization.properties src/main/resources/alfresco/subsystems/sysAdmin/default/sysadmin-parameter.properties src/main/resources/alfresco/subsystems/thirdparty/default/alfresco-pdf-renderer-transform.properties src/main/resources/alfresco/subsystems/thirdparty/default/imagemagick-transform.properties src/main/resources/alfresco/subsystems/Transformers/default/transformers.properties src/main/resources/org/alfresco/encryption/keystore-parameters.properties src/main/resources/org/alfresco/repo/i18n/testMessages.properties src/main/resources/org/alfresco/repo/module/tool/default-file-mapping.properties src/main/resources/alfresco/metadata/JodConverterMetadataExtracter.properties src/main/resources/alfresco/subsystems/OOoJodconverter/default/jodconverter.properties"
+EXCLUDED_FILES="src/main/resources/alfresco/messages/content-service.properties src/main/resources/alfresco/messages/module-messages.properties src/main/resources/alfresco/messages/patch-service.properties src/main/resources/alfresco/messages/repoadmin-interpreter-help.properties src/main/resources/alfresco/messages/schema-update.properties src/main/resources/alfresco/messages/tenant-interpreter-help.properties src/main/resources/alfresco/messages/version-service.properties src/main/resources/alfresco/messages/workflow-interpreter-help.properties src/main/resources/alfresco/alfresco-shared.properties src/main/resources/alfresco/caches.properties src/main/resources/alfresco/repository.properties src/main/resources/alfresco/client/config/repo-clients-apps.properties src/main/resources/alfresco/domain/cache-strategies.properties src/main/resources/alfresco/domain/hibernate-cfg.properties src/main/resources/alfresco/domain/quartz.properties src/main/resources/alfresco/domain/transaction.properties src/main/resources/alfresco/keystore/keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-truststore-passwords.properties src/main/resources/alfresco/metadata/DWGMetadataExtracter.properties src/main/resources/alfresco/metadata/HtmlMetadataExtracter.properties src/main/resources/alfresco/metadata/MailMetadataExtracter.properties src/main/resources/alfresco/metadata/MP3MetadataExtracter.properties src/main/resources/alfresco/metadata/OfficeMetadataExtracter.properties src/main/resources/alfresco/metadata/PdfBoxMetadataExtracter.properties src/main/resources/alfresco/metadata/PoiMetadataExtracter.properties src/main/resources/alfresco/metadata/RFC822MetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAudioMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAutoMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaSpringConfiguredMetadataExtracter.properties src/main/resources/alfresco/subsystems/ActivitiesFeed/default/activities-jobs.properties src/main/resources/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication.properties src/main/resources/alfresco/subsystems/Authentication/external/external-authentication.properties src/main/resources/alfresco/subsystems/Authentication/kerberos/kerberos-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties src/main/resources/alfresco/subsystems/email/InboundSMTP/inboundSMTP.properties src/main/resources/alfresco/subsystems/email/OutboundSMTP/outboundSMTP.properties src/main/resources/alfresco/subsystems/fileServers/default/file-servers.properties src/main/resources/alfresco/subsystems/imap/default/imap-server.properties src/main/resources/alfresco/subsystems/Replication/default/replication.properties src/main/resources/alfresco/subsystems/Search/noindex/common-search.properties src/main/resources/alfresco/subsystems/Search/noindex/noindex-search.properties src/main/resources/alfresco/subsystems/Search/solr/common-search.properties src/main/resources/alfresco/subsystems/Search/solr/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr/facet/solr-facets-config.properties src/main/resources/alfresco/subsystems/Search/solr4/common-search.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr6/common-search.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-search.properties src/main/resources/alfresco/subsystems/Subscriptions/default/subscription-service.properties src/main/resources/alfresco/subsystems/Synchronization/default/default-synchronization.properties src/main/resources/alfresco/subsystems/sysAdmin/default/sysadmin-parameter.properties src/main/resources/alfresco/subsystems/thirdparty/default/alfresco-pdf-renderer-transform.properties src/main/resources/alfresco/subsystems/thirdparty/default/imagemagick-transform.properties src/main/resources/alfresco/subsystems/Transformers/default/transformers.properties src/main/resources/org/alfresco/encryption/keystore-parameters.properties src/main/resources/org/alfresco/repo/i18n/testMessages.properties src/main/resources/org/alfresco/repo/module/tool/default-file-mapping.properties src/main/resources/alfresco/metadata/JodConverterMetadataExtracter.properties src/main/resources/alfresco/subsystems/OOoJodconverter/default/jodconverter.properties"
--- a/src/main/java/org/alfresco/filesys/auth/PassthruServerFactory.java
+++ b/src/main/java/org/alfresco/filesys/auth/PassthruServerFactory.java
@@ -1,454 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.filesys.auth;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InterfaceAddress;
 import java.net.NetworkInterface;
 import java.net.SocketException;
 import java.net.UnknownHostException;
 import java.util.Enumeration;
 import java.util.StringTokenizer;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.jlan.netbios.NetBIOSSession;
 import org.alfresco.jlan.server.auth.passthru.AuthSessionFactory;
 import org.alfresco.jlan.server.auth.passthru.PassthruServers;
 import org.alfresco.jlan.server.config.InvalidConfigurationException;
 import org.alfresco.jlan.smb.Protocol;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.DisposableBean;
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 /**
 * A Factory for {@link PassthruServers} objects, allowing setting of the server list via local server, individual
 * servers or domain name.
 * 
 * @author dward
 */
 public class PassthruServerFactory implements FactoryBean, InitializingBean, DisposableBean
 {
    private static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol.auth");
    public final static int DefaultSessionTmo = 5000; // 5 seconds
    public final static int MinSessionTmo = 2000; // 2 seconds
    public final static int MaxSessionTmo = 30000; // 30 seconds
    public final static int MinCheckInterval = 10; // 10 seconds
    public final static int MaxCheckInterval = 15 * 60; // 15 minutes
    private Integer timeout;
    private boolean localServer;
    private String server;
    private String domain;
    private Integer offlineCheckInterval;
    private PassthruServers passthruServers;
    private boolean nullDomainUseAnyServer;
    /**
     * Sets the timeout for opening a session to an authentication server
     * 
     * @param timeout
     *            a time period in milliseconds
     */
    public void setTimeout(int timeout)
    {
        this.timeout = timeout;
    }
    /**
     * Indicates whether the local server should be used as the authentication server
     * 
     * @param localServer
     *            <code>true</code> if the local server should be used as the authentication server
     */
    public void setLocalServer(boolean localServer)
    {
        this.localServer = localServer;
    }
    /**
     * Sets the server(s) to authenticate against.
     * 
     * @param server
     *            comma-delimited list of server names
     */
    public void setServer(String server)
    {
        this.server = server;
    }
    /**
     * Sets the domain to authenticate against
     * 
     * @param domain
     *            a domain name
     */
    public void setDomain(String domain)
    {
        this.domain = domain;
    }
    /**
     * Sets the offline server check interval in seconds
     * 
     * @param offlineCheckInterval
     *            a time interval in seconds
     */
    public void setOfflineCheckInterval(Integer offlineCheckInterval)
    {
        this.offlineCheckInterval = offlineCheckInterval;
    }
    /**
     * Set the null domain to use any available server option
     * 
     * @param nullDomain boolean
     */
    public final void setNullDomainUseAnyServer( boolean nullDomain)
    {
        this.nullDomainUseAnyServer = nullDomain;
    }
    /**
     * Set the protocol order for passthru connections
     * 
     * @param protoOrder
     *            a comma-delimited list containing one or more of "NetBIOS" and "TCPIP" in any order
     */
    public void setProtocolOrder(String protoOrder)
    {
        // Parse the protocol order list
        StringTokenizer tokens = new StringTokenizer(protoOrder, ",");
        int primaryProto = Protocol.None;
        int secondaryProto = Protocol.None;
        // There should only be one or two tokens
        if (tokens.countTokens() > 2)
            throw new AlfrescoRuntimeException("Invalid protocol order list, " + protoOrder);
        // Get the primary protocol
        if (tokens.hasMoreTokens())
        {
            // Parse the primary protocol
            String primaryStr = tokens.nextToken();
            if (primaryStr.equalsIgnoreCase("TCPIP"))
                primaryProto = Protocol.NativeSMB;
            else if (primaryStr.equalsIgnoreCase("NetBIOS"))
                primaryProto = Protocol.TCPNetBIOS;
            else
                throw new AlfrescoRuntimeException("Invalid protocol type, " + primaryStr);
            // Check if there is a secondary protocol, and validate
            if (tokens.hasMoreTokens())
            {
                // Parse the secondary protocol
                String secondaryStr = tokens.nextToken();
                if (secondaryStr.equalsIgnoreCase("TCPIP") && primaryProto != Protocol.NativeSMB)
                    secondaryProto = Protocol.NativeSMB;
                else if (secondaryStr.equalsIgnoreCase("NetBIOS") && primaryProto != Protocol.TCPNetBIOS)
                    secondaryProto = Protocol.TCPNetBIOS;
                else
                    throw new AlfrescoRuntimeException("Invalid secondary protocol, " + secondaryStr);
            }
        }
        // Set the protocol order used for passthru authentication sessions
        AuthSessionFactory.setProtocolOrder(primaryProto, secondaryProto);
        // DEBUG
        if (logger.isDebugEnabled())
            logger.debug("Protocol order primary=" + Protocol.asString(primaryProto) + ", secondary="
                    + Protocol.asString(secondaryProto));
    }
    /**
     * Set the broadcast mask to use for NetBIOS name lookups
     * 
     * @param bcastMask String
     * @exception AlfrescoRuntimeException
     */
    public final void setBroadcastMask( String bcastMask)
    	throws IOException {
    	if ( bcastMask == null || bcastMask.length() == 0) {
    		// Clear the NetBIOS subnet mask
    		NetBIOSSession.setDefaultSubnetMask( null);
    		return;
    	}
    	// Find the network adapter with the matching broadcast mask
 		try {
 			Enumeration<NetworkInterface> netEnum = NetworkInterface.getNetworkInterfaces();
 			NetworkInterface bcastIface = null;
 			while ( netEnum.hasMoreElements() && bcastIface == null) {
 				NetworkInterface ni = netEnum.nextElement();
 				for ( InterfaceAddress iAddr : ni.getInterfaceAddresses()) {
 					InetAddress broadcast = iAddr.getBroadcast();
 					if ( broadcast != null && broadcast.getHostAddress().equals( bcastMask))
 						bcastIface = ni;
 				}
 			}
 			// DEBUG
 			if ( logger.isDebugEnabled()) {
 				if ( bcastIface != null)
 					logger.debug("Broadcast mask " + bcastMask + " found on network interface " + bcastIface.getDisplayName() + "/" + bcastIface.getName());
 				else
 					logger.debug("Failed to find network interface for broadcast mask " + bcastMask);
 			}
 			// Check if we found a valid network interface for the broadcast mask
 			if ( bcastIface == null)
 				throw new AlfrescoRuntimeException("Network interface for broadcast mask " + bcastMask + " not found");
 			// Set the NetBIOS broadcast mask
 			NetBIOSSession.setDefaultSubnetMask( bcastMask);
 		}
 		catch ( SocketException ex) {
 		}
    }
    public void afterPropertiesSet() throws InvalidConfigurationException
    {
        // Check if the offline check interval has been specified
        if (this.offlineCheckInterval != null)
        {
            // Range check the value
            if (this.offlineCheckInterval < MinCheckInterval || this.offlineCheckInterval > MaxCheckInterval)
                throw new InvalidConfigurationException("Invalid offline check interval, valid range is "
                        + MinCheckInterval + " to " + MaxCheckInterval);
            // Set the offline check interval for offline passthru servers
            passthruServers = new PassthruServers(this.offlineCheckInterval);
            // DEBUG
            if (logger.isDebugEnabled())
                logger.debug("Using offline check interval of " + this.offlineCheckInterval + " seconds");
        }
        else
        {
            // Create the passthru server list with the default offline check interval
            passthruServers = new PassthruServers();
        }
        // Propagate the debug setting
        if (logger.isDebugEnabled())
            passthruServers.setDebug(true);
        // Check if the session timeout has been specified
        if (this.timeout != null)
        {
            // Range check the timeout
            if (this.timeout < MinSessionTmo || this.timeout > MaxSessionTmo)
                throw new InvalidConfigurationException("Invalid session timeout, valid range is " + MinSessionTmo
                        + " to " + MaxSessionTmo);
            // Set the session timeout for connecting to an authentication server
            passthruServers.setConnectionTimeout(this.timeout);
        }
        passthruServers.setNullDomainUseAnyServer(this.nullDomainUseAnyServer);
        // Check if a server name has been specified
        String srvList = null;
        if (localServer)
        {
            try
            {
                // Get the list of local network addresses
                InetAddress[] localAddrs = InetAddress.getAllByName(InetAddress.getLocalHost().getHostName());
                // Build the list of local addresses
                if (localAddrs != null && localAddrs.length > 0)
                {
                    StringBuilder addrStr = new StringBuilder();
                    for (InetAddress curAddr : localAddrs)
                    {
                        if (curAddr.isLoopbackAddress() == false)
                        {
                            addrStr.append(curAddr.getHostAddress());
                            addrStr.append(",");
                        }
                    }
                    if (addrStr.length() > 0)
                        addrStr.setLength(addrStr.length() - 1);
                    // Set the server list using the local address list
                    srvList = addrStr.toString();
                }
                else
                    throw new AlfrescoRuntimeException("No local server address(es)");
            }
            catch (UnknownHostException ex)
            {
                throw new AlfrescoRuntimeException("Failed to get local address list");
            }
        }
        if (this.server != null && this.server.length() > 0)
        {
            // Check if the server name was already set
            if (srvList != null)
                throw new AlfrescoRuntimeException("Set passthru server via local server or specify name");
            // Get the passthru authenticator server name
            srvList = this.server;
        }
        // If the passthru server name has been set initialize the passthru connection
        if (srvList != null)
        {
            // Initialize using a list of server names/addresses
            passthruServers.setServerList(srvList);
        }
        else
        {
            // Get the domain/workgroup name
            String domainName = null;
            // Check if a domain name has been specified
            if (this.domain != null && this.domain.length() > 0)
            {
                // Check if the authentication server has already been set, ie. server name was also specified
                if (srvList != null)
                    throw new AlfrescoRuntimeException("Specify server or domain name for passthru authentication");
                domainName = this.domain;
            }
            // If the domain name has been set initialize the passthru connection
            if (domainName != null)
            {
                try
                {
                    // Initialize using the domain
                    passthruServers.setDomain(domainName);
                }
                catch (IOException ex)
                {
                    throw new AlfrescoRuntimeException("Error setting passthru domain, " + ex.getMessage());
                }
            }
        }
        // Check if we have an authentication server
        if (passthruServers.getTotalServerCount() == 0)
            throw new AlfrescoRuntimeException("No valid authentication servers found for passthru");
    }
    /*
     * (non-Javadoc)
     * @see org.springframework.beans.factory.InitializingBean#getObject()
     */
    public Object getObject()
    {
        return passthruServers;
    }
    /*
     * (non-Javadoc)
     * @see org.springframework.beans.factory.FactoryBean#getObjectType()
     */
    public Class<?> getObjectType()
    {
        return PassthruServers.class;
    }
    /*
     * (non-Javadoc)
     * @see org.springframework.beans.factory.FactoryBean#isSingleton()
     */
    public boolean isSingleton()
    {
        return true;
    }
    /*
     * (non-Javadoc)
     * @see org.springframework.beans.factory.DisposableBean#destroy()
     */
    public void destroy() throws Exception
    {
        passthruServers.shutdown();
    }
 }
--- a/src/main/java/org/alfresco/filesys/auth/ftp/AlfrescoFtpAuthenticator.java
+++ b/src/main/java/org/alfresco/filesys/auth/ftp/AlfrescoFtpAuthenticator.java
@@ -34,11 +34,8 @@ import org.alfresco.jlan.ftp.FTPSrvSession;
 import org.alfresco.jlan.server.SrvSession;
 import org.alfresco.jlan.server.auth.ClientInfo;
 import org.alfresco.jlan.server.auth.PasswordEncryptor;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.MD4PasswordEncoder;
 import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
 import org.alfresco.repo.security.authentication.NTLMMode;
 import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
 /**
 * Alfresco FTP Authenticator Class
@@ -170,16 +167,10 @@ public class AlfrescoFtpAuthenticator extends FTPAuthenticatorBase {
    if (logger.isDebugEnabled())
    {
-        AuthenticationComponent authenticationComponent = getAuthenticationComponent();
+        logger.debug("Authenticated user "
        logger
                .debug("Authenticated user "
                        + client.getUserName()
                        + " sts="
-                        + authSts
+                        + authSts);
                        + " via "
                        + (authenticationComponent instanceof NLTMAuthenticator
                                && ((NLTMAuthenticator) authenticationComponent).getNTLMMode() == NTLMMode.MD4_PROVIDER ? "MD4"
                                : "Passthru"));
    }
    // Return the authentication status
--- a/src/main/java/org/alfresco/filesys/auth/ftp/FTPAuthenticatorBase.java
+++ b/src/main/java/org/alfresco/filesys/auth/ftp/FTPAuthenticatorBase.java
@@ -38,7 +38,6 @@ import org.alfresco.jlan.server.config.ServerConfiguration;
 import org.alfresco.jlan.server.config.ServerConfigurationAccessor;
 import org.alfresco.repo.management.subsystems.ActivateableBean;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
 import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.transaction.TransactionService;
@@ -188,20 +187,6 @@ public abstract class FTPAuthenticatorBase implements FTPAuthenticator, Activate
 		return this.authenticationComponent;
 	}
    /**
     * Returns an SSO-enabled authentication component.
     * 
     * @return NLTMAuthenticator
     */
    protected final NLTMAuthenticator getNTLMAuthenticator()
    {
        if (!(this.authenticationComponent instanceof NLTMAuthenticator))
        {
            throw new IllegalStateException("Attempt to use non SSO-enabled authentication component for SSO");
        }
        return (NLTMAuthenticator)this.authenticationComponent;
    }
    /**
 	 * Return the authentication service
 	 * 
--- a/src/main/java/org/alfresco/filesys/auth/ftp/PassthruFtpAuthenticator.java
+++ b/src/main/java/org/alfresco/filesys/auth/ftp/PassthruFtpAuthenticator.java
@@ -1,497 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.filesys.auth.ftp;
 import java.net.InetAddress;
 import javax.transaction.Status;
 import javax.transaction.UserTransaction;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.filesys.ExtendedServerConfigurationAccessor;
 import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
 import org.alfresco.filesys.auth.PassthruServerFactory;
 import org.alfresco.jlan.ftp.FTPSrvSession;
 import org.alfresco.jlan.server.SrvSession;
 import org.alfresco.jlan.server.auth.ClientInfo;
 import org.alfresco.jlan.server.auth.PasswordEncryptor;
 import org.alfresco.jlan.server.auth.passthru.AuthenticateSession;
 import org.alfresco.jlan.server.auth.passthru.DomainMapping;
 import org.alfresco.jlan.server.auth.passthru.PassthruServers;
 import org.alfresco.jlan.server.config.InvalidConfigurationException;
 import org.alfresco.jlan.server.config.SecurityConfigSection;
 import org.alfresco.jlan.server.config.ServerConfiguration;
 import org.alfresco.jlan.util.IPAddress;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.NTLMMode;
 import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
 import org.springframework.extensions.config.ConfigElement;
 /**
 * Passthru FTP Authenticator Class
 * 
 * @author gkspencer
 */
 public class PassthruFtpAuthenticator extends FTPAuthenticatorBase {
    // Constants
    public final static int DefaultSessionTmo = 5000;   // 5 seconds
    public final static int MinSessionTmo = 2000;       // 2 seconds
    public final static int MaxSessionTmo = 30000;      // 30 seconds
    public final static int MinCheckInterval = 10;		// 10 seconds
    public final static int MaxCheckInterval = 15 * 60; // 15 minutes
    // Passthru keep alive interval
    public final static long PassthruKeepAliveInterval = 60000L; // 60 seconds
    // Passthru servers used to authenticate users
    private PassthruServers m_passthruServers;
    private boolean m_localPassThruServers;
    // Password encryption, for CIFS NTLM style encryption/hashing
    private PasswordEncryptor m_passwordEncryptor;
    protected SecurityConfigSection getSecurityConfig()
    {
        return (SecurityConfigSection) this.serverConfiguration.getConfigSection(SecurityConfigSection.SectionName);
    }
    public void setPassthruServers(PassthruServers passthruServers)
    {
        m_passthruServers = passthruServers;
    }
    /**
     * Initialize the authenticator
     * 
 	 * @param config ServerConfiguration
 	 * @param params ConfigElement
     * @exception InvalidConfigurationException
     */
    @Override
 	public void initialize(ServerConfiguration config, ConfigElement params)
 		throws InvalidConfigurationException {
        // Manually construct our own passthru server list
        PassthruServerFactory factory = new PassthruServerFactory();
        // Check if the offline check interval has been specified
        ConfigElement checkInterval = params.getChild("offlineCheckInterval");
        if ( checkInterval != null)
        {
            try
            {
                // Validate the check interval value
                factory.setOfflineCheckInterval(Integer.parseInt(checkInterval.getValue()));
            }
            catch (NumberFormatException ex)
            {
                throw new InvalidConfigurationException("Invalid offline check interval specified");
            }
        }
        // Check if the session timeout has been specified
        ConfigElement sessTmoElem = params.getChild("Timeout");
        if (sessTmoElem != null)
        {
            try
            {
                // Validate the session timeout value
                factory.setTimeout(Integer.parseInt(sessTmoElem.getValue()));
            }
            catch (NumberFormatException ex)
            {
                throw new InvalidConfigurationException("Invalid timeout value specified");
            }
        }
        // Get the extended server configuration
        ExtendedServerConfigurationAccessor configExtended = null;
        if ( config instanceof ExtendedServerConfigurationAccessor)
            configExtended = (ExtendedServerConfigurationAccessor) config;
        // Check if the local server should be used
 		if ( params.getChild("LocalServer") != null && configExtended != null) {
            // Get the local server name, trim the domain name
            String server = configExtended.getLocalServerName( true);
            if ( server == null)
                throw new AlfrescoRuntimeException("Passthru authenticator failed to get local server name");
            factory.setServer(server);            
        }
        // Check if a server name has been specified
        ConfigElement srvNamesElem = params.getChild("Server");
        if (srvNamesElem != null && srvNamesElem.getValue().length() > 0)
        {
            factory.setServer(srvNamesElem.getValue());
        }
        // Check if the local domain/workgroup should be used
        if ( params.getChild("LocalDomain") != null && configExtended != null) {
            // Get the local domain/workgroup name
            factory.setDomain(configExtended.getLocalDomainName());
        }
        // Check if a domain name has been specified
        ConfigElement domNameElem = params.getChild("Domain");
        if (domNameElem != null && domNameElem.getValue().length() > 0)
        {
            factory.setDomain(domNameElem.getValue());
        }
        // Check if a protocol order has been set
        ConfigElement protoOrderElem = params.getChild("ProtocolOrder");
        if (protoOrderElem != null && protoOrderElem.getValue().length() > 0)
        {
            factory.setProtocolOrder(protoOrderElem.getValue());
        }
        // Complete initialization
        factory.afterPropertiesSet();
        setPassthruServers((PassthruServers) factory.getObject());
        // Remember that we have to shut down the servers
        m_localPassThruServers = true;
        super.initialize(config, params);
    }
    /**
     * Initialize the authenticator (after properties have been set)
     * 
     * @exception InvalidConfigurationException
     */
    @Override
    public void initialize() throws InvalidConfigurationException
    {
        super.initialize();
        // Check if the appropriate authentication component type is configured
        AuthenticationComponent authenticationComponent = getAuthenticationComponent();
        if (authenticationComponent instanceof NLTMAuthenticator
                && ((NLTMAuthenticator) authenticationComponent).getNTLMMode() == NTLMMode.MD4_PROVIDER)
            throw new AlfrescoRuntimeException(
                    "Wrong authentication setup for passthru authenticator (cannot be used with Alfresco users)");
        // Create the password encryptor
        m_passwordEncryptor = new PasswordEncryptor();
    }
    /**
     * Authenticate the user
     * 
     * @param client ClientInfo
     * @param sess FTPSrvSession
     * @return boolean
     */
    public boolean authenticateUser(ClientInfo client, FTPSrvSession sess) {
        // Check that the client is an Alfresco client
        if ( client instanceof AlfrescoClientInfo == false)
            return false;
        // Check if this is a guest logon
        boolean authSts = false;
        UserTransaction tx = null;
        try {
            if ( client.isGuest()) {
                // Get a guest authentication token
                doGuestLogon((AlfrescoClientInfo) client, sess);
                // Indicate logged on as guest
                authSts = true;
                // DEBUG
                if ( logger.isDebugEnabled())
                    logger.debug("Authenticated guest user " + client.getUserName() + " sts=" + authSts);
                // Return the guest status
                return authSts;
            }
            // Start a transaction
            tx = getTransactionService().getUserTransaction(false);
            tx.begin();
            // Perform passthru authentication check
            authSts = doPassthruUserAuthentication(client, sess);
            // Check if the user is an administrator
            if ( authSts == true && client.getLogonType() == ClientInfo.LogonNormal)
                checkForAdminUserName( client);
        }
        catch (Exception ex) {
            if ( logger.isDebugEnabled())
                logger.debug(ex);
        }
        finally {
            // Commit the transaction
            if ( tx != null) {
                try {
                    // Commit or rollback the transaction
                    if ( tx.getStatus() == Status.STATUS_MARKED_ROLLBACK) {
                        // Transaction is marked for rollback
                        tx.rollback();
                    }
                    else {
                        // Commit the transaction
                        tx.commit();
                    }
                }
                catch (Exception ex) {
                }
            }
        }
        // DEBUG
        if ( logger.isDebugEnabled())
            logger.debug("Authenticated user " + client.getUserName() + " sts=" + authSts + " via Passthru");
        // Return the authentication status
        return authSts;
    }
    /**
     * Logon using the guest user account
     * 
     * @param client AlfrescoClientInfo
     * @param sess SrvSession
     */
    protected void doGuestLogon(AlfrescoClientInfo client, SrvSession sess) {
        // Get a guest authentication token
        getAuthenticationService().authenticateAsGuest();
        String ticket = getAuthenticationService().getCurrentTicket();
        client.setAuthenticationTicket(ticket);
        // Mark the client as being a guest logon
        client.setGuest(true);
    }
    /**
     * Perform passthru authentication
     * 
     * @param client Client information
     * @param sess Server session
     * @return boolean
     */
    private final boolean doPassthruUserAuthentication(ClientInfo client, SrvSession sess) {
        // Authenticate the FTP user by opening a session to a remote CIFS server
        boolean authSts = false;
        AuthenticateSession authSess = null;
        try
        {
            // Try and map the client address to a domain
            String domain = mapClientAddressToDomain( sess.getRemoteAddress());
            authSess = m_passthruServers.openSession( false, domain);
            if (authSess != null)
            {
                // Use the challenge key returned from the authentication server to generate the hashed password
                byte[] challenge = authSess.getEncryptionKey();
                byte[] ntlmHash = m_passwordEncryptor.generateEncryptedPassword( client.getPasswordAsString(), challenge, PasswordEncryptor.NTLM1, client.getUserName(), null);
                // Run the passthru authentication second stage
                authSess.doSessionSetup(client.getDomain(), client.getUserName(), null, null, ntlmHash, 0);
                // Check if the user has been logged on as a guest
                if (authSess.isGuest())
                {
                    //  Get a guest authentication token
                    doGuestLogon((AlfrescoClientInfo) client, sess);
                    // Allow the user access as a guest
                    authSts = true;
                    // Debug
                    if (logger.isDebugEnabled())
                        logger.debug("Passthru authenticate user=" + client.getUserName() + ", GUEST");
                }
                else
                {
                    // Set the current user to be authenticated, save the authentication token
                    AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
                    getAuthenticationComponent().setCurrentUser(client.getUserName());                   
                    alfClient.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
                    // Passwords match, grant access
                    authSts = true;
                    client.setLogonType( ClientInfo.LogonNormal);
                    // Logging
                    if ( logger.isInfoEnabled())
                        logger.info("Logged on user " + client.getUserName() + " ( address " + sess.getRemoteAddress() + ")");
                }
                // Close the passthru authentication session
                authSess.CloseSession();
                authSess = null;
            }
        }
        catch (Exception ex)
        {
            logger.debug("Passthru error", ex);
        }
        finally {
            // Make sure the authentication session has been closed
            if ( authSess != null) {
                try {
                    authSess.CloseSession();
                }
                catch( Exception ex) {
                }
            }
        }
        // Return the logon status
        return authSts;
    }
    /**
     * Map a client IP address to a domain
     * 
     * @param clientIP InetAddress
     * @return String
     */
    protected final String mapClientAddressToDomain(InetAddress clientIP) {
        // Check if there are any domain mappings
        if ( !getSecurityConfig().hasDomainMappings() )
            return null;
        // Convert the client IP address to an integer value
        int clientAddr = IPAddress.asInteger(clientIP);
        for (DomainMapping domainMap : getSecurityConfig().getDomainMappings()) {
            if ( domainMap.isMemberOfDomain(clientAddr)) {
                // DEBUG
                if ( logger.isDebugEnabled())
                    logger.debug("Mapped client IP " + clientIP + " to domain " + domainMap.getDomain());
                return domainMap.getDomain();
            }
        }
        // DEBUG
        if ( logger.isDebugEnabled())
            logger.debug("Failed to map client IP " + clientIP + " to a domain");
        // No domain mapping for the client address
        return null;
    }
    /**
     * Close the authenticator
     */
    public void closeAuthenticator()
    {
        super.closeAuthenticator();
        // Close the passthru authentication server list
        if ( m_localPassThruServers && m_passthruServers != null)
            m_passthruServers.shutdown();
    }
 }
--- a/src/main/java/org/alfresco/filesys/config/ServerConfigurationBean.java
+++ b/src/main/java/org/alfresco/filesys/config/ServerConfigurationBean.java
@@ -51,9 +51,6 @@ import org.alfresco.jlan.ftp.FTPConfigSection;
 import org.alfresco.jlan.ftp.FTPPath;
 import org.alfresco.jlan.ftp.InvalidPathException;
 import org.alfresco.jlan.server.auth.acl.AccessControlList;
 import org.alfresco.jlan.server.auth.passthru.DomainMapping;
 import org.alfresco.jlan.server.auth.passthru.RangeDomainMapping;
 import org.alfresco.jlan.server.auth.passthru.SubnetDomainMapping;
 import org.alfresco.jlan.server.config.CoreServerConfigSection;
 import org.alfresco.jlan.server.config.InvalidConfigurationException;
 import org.alfresco.jlan.server.config.SecurityConfigSection;
@@ -744,64 +741,6 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean imp
                // Associate the share mapper
                secConfig.setShareMapper(shareMapper);
            }
            // Check if any domain mappings have been specified
            List<DomainMappingConfigBean> mappings = securityConfigBean.getDomainMappings();
            if (mappings != null)
            {
                DomainMapping mapping = null;
                for (DomainMappingConfigBean domainMap : mappings)
                {
                    // Get the domain name
                    String name = domainMap.getName();
                    // Check if the domain is specified by subnet or range
                    String subnetStr = domainMap.getSubnet();
                    String rangeFromStr;
                    if (subnetStr != null && subnetStr.length() > 0)
                    {
                        String maskStr = domainMap.getMask();
                        // Parse the subnet and mask, to validate and convert to int values
                        int subnet = IPAddress.parseNumericAddress(subnetStr);
                        int mask = IPAddress.parseNumericAddress(maskStr);
                        if (subnet == 0 || mask == 0)
                            throw new AlfrescoRuntimeException("Invalid subnet/mask for domain mapping " + name);
                        // Create the subnet domain mapping
                        mapping = new SubnetDomainMapping(name, subnet, mask);
                    }
                    else if ((rangeFromStr = domainMap.getRangeFrom()) != null && rangeFromStr.length() > 0)
                    {
                        String rangeToStr = domainMap.getRangeTo();
                        // Parse the range from/to values and convert to int values
                        int rangeFrom = IPAddress.parseNumericAddress(rangeFromStr);
                        int rangeTo = IPAddress.parseNumericAddress(rangeToStr);
                        if (rangeFrom == 0 || rangeTo == 0)
                            throw new AlfrescoRuntimeException("Invalid address range domain mapping " + name);
                        // Create the subnet domain mapping
                        mapping = new RangeDomainMapping(name, rangeFrom, rangeTo);
                    }
                    else
                        throw new AlfrescoRuntimeException("Invalid domain mapping specified");
                    // Add the domain mapping
                    secConfig.addDomainMapping(mapping);
                }
            }
        }
        catch (InvalidConfigurationException ex)
        {
--- a/src/main/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java
@@ -38,7 +38,6 @@ import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
 import org.alfresco.repo.tenant.TenantContextHolder;
 import org.alfresco.repo.tenant.TenantDisabledException;
 import org.alfresco.repo.tenant.TenantUtil;
@@ -49,7 +48,7 @@ import org.alfresco.util.Pair;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-public class AuthenticationComponentImpl extends AbstractAuthenticationComponent implements NLTMAuthenticator
+public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
 {
    private static Log logger = LogFactory.getLog(AuthenticationComponentImpl.class);
@@ -223,14 +222,6 @@ public class AuthenticationComponentImpl extends AbstractAuthenticationComponent
        throw new AlfrescoRuntimeException("Authentication via token not supported");
    }
    /**
     * This implementation supported MD4 password hashes.
     */
    public NTLMMode getNTLMMode()
    {
        return NTLMMode.MD4_PROVIDER;
    }
    @Override
    protected boolean implementationAllowsGuestLogin()
    {
--- a/src/main/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ChainingAuthenticationComponentImpl.java
@@ -1,321 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import net.sf.acegisecurity.Authentication;
 import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
 /**
 * A chaining authentication component is required for all the beans that wire up an authentication component and not an
 * authentication service. It supports chaining in much the same way and wires up components in the same way as the
 * chaining authentication service wires up services.
 * 
 * @author andyh
 */
 public class ChainingAuthenticationComponentImpl extends AbstractChainingAuthenticationComponent implements NLTMAuthenticator
 {
    /**
     * NLTM authentication mode - if unset - finds the first component that supports NTLM - if set - finds the first
     * component that supports the specified mode.
     */
    private NTLMMode ntlmMode = null;
    /**
     * The authentication components
     */
    private List<AuthenticationComponent> authenticationComponents;
    /**
     * An authentication service that supports change (as wired in to the authentication service). It is never used for
     * change it is to ensure it is at the top of the list (as required by the chaining authentication service)
     */
    private AuthenticationComponent mutableAuthenticationComponent;
    /**
     * Get the authentication components
     * 
     * @return - a list of authentication components
     */
    public List<AuthenticationComponent> getAuthenticationComponents()
    {
        return this.authenticationComponents;
    }
    /**
     * Set a list of authentication components
     * 
     */
    public void setAuthenticationComponents(List<AuthenticationComponent> authenticationComponents)
    {
        this.authenticationComponents = authenticationComponents;
    }
    /**
     * Get the authentication service thta must be at the top of the list (this may be null)
     * 
     * @return AuthenticationComponent
     */
    public AuthenticationComponent getMutableAuthenticationComponent()
    {
        return this.mutableAuthenticationComponent;
    }
    /**
     * Set the authentication component at the top of the list.
     * 
     * @param mutableAuthenticationComponent AuthenticationComponent
     */
    public void setMutableAuthenticationComponent(AuthenticationComponent mutableAuthenticationComponent)
    {
        this.mutableAuthenticationComponent = mutableAuthenticationComponent;
    }
    public void setNtlmMode(NTLMMode ntlmMode)
    {
        this.ntlmMode = ntlmMode;
    }
    /**
     * NTLM passthrough authentication - if a mode is defined - the first PASS_THROUGH provider is used - if not, the
     * first component that supports NTLM is used if it supports PASS_THROUGH
     */
    public Authentication authenticate(Authentication token) throws AuthenticationException
    {
        if (this.ntlmMode != null)
        {
            switch (this.ntlmMode)
            {
            case NONE:
                throw new AuthenticationException("NTLM is not supported");
            case MD4_PROVIDER:
                throw new AuthenticationException("NTLM passthrough is not supported then configured for MD4 hashing");
            case PASS_THROUGH:
                for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
                {
                    if (!(authComponent instanceof NLTMAuthenticator))
                    {
                        continue;
                    }
                    NLTMAuthenticator ssoAuthenticator = (NLTMAuthenticator)authComponent;
                    if (ssoAuthenticator.getNTLMMode() == NTLMMode.PASS_THROUGH)
                    {
                        return ssoAuthenticator.authenticate(token);
                    }
                }
                throw new AuthenticationException("No NTLM passthrough authentication to use");
            default:
                throw new AuthenticationException("No NTLM passthrough authentication to use");
            }
        }
        else
        {
            for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
            {
                if (!(authComponent instanceof NLTMAuthenticator))
                {
                    continue;
                }
                NLTMAuthenticator ssoAuthenticator = (NLTMAuthenticator)authComponent;
                if (ssoAuthenticator.getNTLMMode() != NTLMMode.NONE)
                {
                    if (ssoAuthenticator.getNTLMMode() == NTLMMode.PASS_THROUGH)
                    {
                        return ssoAuthenticator.authenticate(token);
                    }
                    else
                    {
                        throw new AuthenticationException(
                                "The first authentication component to support NTLM supports MD4 hashing");
                    }
                }
            }
            throw new AuthenticationException("No NTLM passthrough authentication to use");
        }
    }
    /**
     * Get the guest user name
     */
    public String getGuestUserName()
    {
        return AuthenticationUtil.getGuestUserName();
    }
    /**
     * Get the MD4 password hash
     */
    public String getMD4HashedPassword(String userName)
    {
        if (this.ntlmMode != null)
        {
            switch (this.ntlmMode)
            {
            case NONE:
                throw new AuthenticationException("NTLM is not supported");
            case PASS_THROUGH:
                throw new AuthenticationException("NTLM passthrough is not supported then configured for MD4 hashing");
            case MD4_PROVIDER:
                for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
                {
                    if (!(authComponent instanceof NLTMAuthenticator))
                    {
                        continue;
                    }
                    NLTMAuthenticator ssoAuthenticator = (NLTMAuthenticator)authComponent;
                    if (ssoAuthenticator.getNTLMMode() == NTLMMode.MD4_PROVIDER)
                    {
                        return ssoAuthenticator.getMD4HashedPassword(userName);
                    }
                }
                throw new AuthenticationException("No MD4 provider available");
            default:
                throw new AuthenticationException("No MD4 provider available");
            }
        }
        else
        {
            for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
            {
                if (!(authComponent instanceof NLTMAuthenticator))
                {
                    continue;
                }
                NLTMAuthenticator ssoAuthenticator = (NLTMAuthenticator)authComponent;
                if (ssoAuthenticator.getNTLMMode() != NTLMMode.NONE)
                {
                    if (ssoAuthenticator.getNTLMMode() == NTLMMode.PASS_THROUGH)
                    {
                        throw new AuthenticationException(
                                "The first authentication component to support NTLM supports passthrough");
                    }
                    else
                    {
                        return ssoAuthenticator.getMD4HashedPassword(userName);
                    }
                }
            }
            throw new AuthenticationException("No MD4 provider available");
        }
    }
    /**
     * Get the NTLM mode - this is only what is set if one of the implementations provides support for that mode.
     */
    public NTLMMode getNTLMMode()
    {
        if (this.ntlmMode != null)
        {
            switch (this.ntlmMode)
            {
            case NONE:
                return NTLMMode.NONE;
            case PASS_THROUGH:
                for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
                {
                    if (!(authComponent instanceof NLTMAuthenticator))
                    {
                        continue;
                    }
                    NLTMAuthenticator ssoAuthenticator = (NLTMAuthenticator)authComponent;
                    if (ssoAuthenticator.getNTLMMode() == NTLMMode.PASS_THROUGH)
                    {
                        return NTLMMode.PASS_THROUGH;
                    }
                }
                return NTLMMode.NONE;
            case MD4_PROVIDER:
                for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
                {
                    if (!(authComponent instanceof NLTMAuthenticator))
                    {
                        continue;
                    }
                    NLTMAuthenticator ssoAuthenticator = (NLTMAuthenticator)authComponent;
                    if (ssoAuthenticator.getNTLMMode() == NTLMMode.MD4_PROVIDER)
                    {
                        return NTLMMode.MD4_PROVIDER;
                    }
                }
                return NTLMMode.NONE;
            default:
                return NTLMMode.NONE;
            }
        }
        else
        {
            for (AuthenticationComponent authComponent : getUsableAuthenticationComponents())
            {
                if (!(authComponent instanceof NLTMAuthenticator))
                {
                    continue;
                }
                NLTMAuthenticator ssoAuthenticator = (NLTMAuthenticator)authComponent;
                if (ssoAuthenticator.getNTLMMode() != NTLMMode.NONE)
                {
                    return ssoAuthenticator.getNTLMMode();
                }
            }
            return NTLMMode.NONE;
        }
    }
    /**
     * Helper to get authentication components
     * 
     */
    protected Collection<AuthenticationComponent> getUsableAuthenticationComponents()
    {
        if (this.mutableAuthenticationComponent == null)
        {
            return this.authenticationComponents;
        }
        else
        {
            ArrayList<AuthenticationComponent> services = new ArrayList<AuthenticationComponent>(
                    this.authenticationComponents == null ? 1 : this.authenticationComponents.size() + 1);
            services.add(this.mutableAuthenticationComponent);
            if (this.authenticationComponents != null)
            {
                services.addAll(this.authenticationComponents);
            }
            return services;
        }
    }
    @Override
    protected AuthenticationComponent getAuthenticationComponent(String name)
    {
        // not implemented
        return null;
    }
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/NTLMMode.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/NTLMMode.java
@@ -1,31 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication;
 public enum NTLMMode
 {
    PASS_THROUGH, MD4_PROVIDER, NONE
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/SimpleAcceptOrRejectAllAuthenticationComponentImpl.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/SimpleAcceptOrRejectAllAuthenticationComponentImpl.java
@@ -27,7 +27,6 @@ package org.alfresco.repo.security.authentication;
 import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.UserDetails;
@@ -47,10 +46,9 @@ import net.sf.acegisecurity.providers.dao.AuthenticationDao;
 *  
 * @author Andy Hind
 */
-public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends AbstractAuthenticationComponent implements NLTMAuthenticator
+public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends AbstractAuthenticationComponent
 {
    private boolean accept = false;
    private boolean supportNtlm = false;
    private AuthenticationDao authenticationDao;
@@ -69,11 +67,6 @@ public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends Abstract
        this.accept = accept;
    }
    public void setSupportNtlm(boolean supportNtlm)
    {
        this.supportNtlm = supportNtlm;
    }
   public void authenticateImpl(String userName, char[] password) throws AuthenticationException
    {
        if(accept)
@@ -105,11 +98,6 @@ public class SimpleAcceptOrRejectAllAuthenticationComponentImpl extends Abstract
        }
    }
    public NTLMMode getNTLMMode()
    {
        return supportNtlm ? NTLMMode.MD4_PROVIDER : NTLMMode.NONE;
    }
    /**
     * The default is not to support Authentication token base authentication
     */
--- a/src/main/java/org/alfresco/repo/security/authentication/ntlm/NLTMAuthenticator.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ntlm/NLTMAuthenticator.java
@@ -1,69 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication.ntlm;
 import net.sf.acegisecurity.Authentication;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.NTLMMode;
 /**
 * An specialized {@link AuthenticationComponent} that is capable of handling NTLM authentication directly, either by
 * 'passing through' to a domain server or by validating an MD4 hashed password. Unlike other authentication methods,
 * these operations cannot be chained and must be handled by a specific authentication component.
 * 
 * @author dward
 */
 public interface NLTMAuthenticator extends AuthenticationComponent
 {
    /**
     * Authenticate using a token.
     * 
     * @param token
     *            Authentication
     * @return Authentication
     * @throws AuthenticationException
     *             the authentication exception
     */
    public Authentication authenticate(Authentication token) throws AuthenticationException;
    /**
     * Get the enum that describes NTLM integration.
     * 
     * @return the NTLM mode
     */
    public NTLMMode getNTLMMode();
    /**
     * Get the MD4 password hash, as required by NTLM based authentication methods.
     * 
     * @param userName
     *            the user name
     * @return the m d4 hashed password
     */
    public String getMD4HashedPassword(String userName);
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java
@@ -1,947 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication.ntlm;
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.security.Security;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.AuthenticationServiceException;
 import net.sf.acegisecurity.BadCredentialsException;
 import net.sf.acegisecurity.CredentialsExpiredException;
 import net.sf.acegisecurity.GrantedAuthority;
 import net.sf.acegisecurity.GrantedAuthorityImpl;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.filesys.auth.PassthruServerFactory;
 import org.alfresco.jlan.server.auth.PasswordEncryptor;
 import org.alfresco.jlan.server.auth.passthru.AuthSessionFactory;
 import org.alfresco.jlan.server.auth.passthru.AuthenticateSession;
 import org.alfresco.jlan.server.auth.passthru.PassthruServers;
 import org.alfresco.jlan.smb.Protocol;
 import org.alfresco.jlan.smb.SMBException;
 import org.alfresco.jlan.smb.SMBStatus;
 import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.NTLMMode;
 import org.alfresco.repo.transaction.RetryingTransactionHelper;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.service.cmr.security.NoSuchPersonException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 /**
 * NTLM Authentication Component Class
 * 
 * <p>Provides authentication using passthru to a Windows server(s)/domain controller(s) using the accounts
 * defined on the passthru server to validate users.
 * 
 * @author GKSpencer
 */
 public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationComponent implements NLTMAuthenticator, InitializingBean
 {
    // Logging
    private static final Log logger = LogFactory.getLog(NTLMAuthenticationComponentImpl.class);
    // Constants
    //
    // Standard authorities
    public static final String NTLMAuthorityGuest         = "Guest";
    public static final String NTLMAuthorityAdministrator = "Administrator";
    // Active session timeout
    private static final long DefaultSessionTimeout = 60000L;   // 1 minute
    private static final long MinimumSessionTimeout = 5000L;    // 5 seconds
    // Passthru authentication servers
    private PassthruServerFactory m_passthruServerFactory = new PassthruServerFactory();
    private PassthruServers m_passthruServers;
    // Password encryptor for generating password hash for local authentication
    private PasswordEncryptor m_encryptor;
    // Allow guest access
    private boolean m_allowGuest;
    // Allow authenticated users that do not have an Alfresco person to logon as guest
    private boolean m_allowAuthUserAsGuest;
    // Table of currently active passthru authentications and the associated authentication session
    //
    // If the two authentication stages are not completed within a reasonable time the authentication
    // session will be closed by the reaper thread.
    private Hashtable<NTLMPassthruToken,AuthenticateSession> m_passthruSessions;
    // Active authentication session timeout, in milliseconds
    private long m_passthruSessTmo = DefaultSessionTimeout;
    // Authentication session reaper thread
    private PassthruReaperThread m_reaperThread;
    // Null domain uses any available server option
    private boolean m_nullDomainUseAnyServer;
    /**
     * Passthru Session Reaper Thread
     */
    class PassthruReaperThread extends Thread
    {
        // Thread shutdown request flag
        private boolean m_ishutdown;
        // Reaper wakeup interval, in milliseconds
        private long m_wakeupInterval = m_passthruSessTmo / 2;
        /**
         * Default constructor
         */
        PassthruReaperThread()
        {
            setDaemon(true);
            setName("PassthruReaper");
            start();
        }
        /**
         * Set the wakeup interval
         * 
         * @param wakeup long
         */
        public final void setWakeup(long wakeup)
        {
            m_wakeupInterval = wakeup;
        }
        /**
         * Main thread code
         */
        public void run()
        {
            // Loop until shutdown
            m_ishutdown = false;
            while ( m_ishutdown == false)
            {
                // Sleep for a while
                try
                {
                    sleep( m_wakeupInterval);
                }
                catch ( InterruptedException ex)
                {
                }
                // Check if there are any active sessions to check
                if ( m_passthruSessions.size() > 0)
                {
                    // Enumerate the active sessions
                    Enumeration<NTLMPassthruToken> tokenEnum = m_passthruSessions.keys();
                    long timeNow = System.currentTimeMillis();
                    while (tokenEnum.hasMoreElements())
                    {
                        // Get the current NTLM token and check if it has expired
                        NTLMPassthruToken ntlmToken = tokenEnum.nextElement();
                        if ( ntlmToken != null && ntlmToken.getAuthenticationExpireTime() < timeNow)
                        {
                            // Authentication token has expired, close the associated authentication session
                            AuthenticateSession authSess = m_passthruSessions.get(ntlmToken);
                            if ( authSess != null)
                            {
                                try
                                {
                                    // Close the authentication session
                                    authSess.CloseSession();
                                }
                                catch ( Exception ex)
                                {
                                    // Debug
                                    if(logger.isDebugEnabled())
                                        logger.debug("Error closing expired authentication session", ex);
                                }
                            }
                            // Remove the expired token from the active list
                            m_passthruSessions.remove(ntlmToken);
                            // Debug
                            if(logger.isDebugEnabled())
                                logger.debug("Removed expired NTLM token " + ntlmToken);
                        }
                    }
                }
            }
            // Debug
            if(logger.isDebugEnabled())
                logger.debug("Passthru reaper thread shutdown");
        }
        /**
         * Shutdown the reaper thread
         */
        public final void shutdownRequest()
        {
            m_ishutdown = true;
            this.interrupt();
        }
    }
    /**
     * Class constructor
     */
    public NTLMAuthenticationComponentImpl() {
        // Create the password encryptor for local password hashing
        m_encryptor = new PasswordEncryptor();
        // Create the active session list and reaper thread
        m_passthruSessions = new Hashtable<NTLMPassthruToken,AuthenticateSession>();
        m_reaperThread = new PassthruReaperThread();
    }
    public void afterPropertiesSet() throws Exception
    {
        if (m_passthruServers == null)
        {
            // Create the passthru authentication server list
            m_passthruServerFactory.afterPropertiesSet();
            m_passthruServers = (PassthruServers) m_passthruServerFactory.getObject();
        }            
    }
    /**
     * Determine if guest logons are allowed
     * 
     * @return boolean
     */
    public final boolean allowsGuest()
    {
        return m_allowGuest;
    }
    /**
     * Directly sets the passthru server list.
     * 
     * @param servers
     *            a passthru server list, usually created by {@link org.alfresco.filesys.auth.PassthruServerFactory}
     */
    public void setPassthruServers(PassthruServers servers)
    {
        m_passthruServers = servers;
    }
    /**
     * Set the domain to authenticate against
     * 
     * @param domain String
     */
    public void setDomain(String domain) {
        if (domain.length() > 0)
        {
            m_passthruServerFactory.setDomain(domain);
        }
    }
    /**
     * Set the server(s) to authenticate against
     * 
     * @param servers String
     */
    public void setServers(String servers) {        
        if (servers.length() > 0)
        {
            m_passthruServerFactory.setServer(servers);
        }
    }
    /**
     * Use the local server as the authentication server
     * 
     * @param useLocal String
     */
    public void setUseLocalServer(String useLocal)
    {
        m_passthruServerFactory.setLocalServer(Boolean.parseBoolean(useLocal));
    }
    /**
     * Allow guest access
     * 
     * @param guest String
     */
    public void setGuestAccess(String guest)
    {
        m_allowGuest = Boolean.parseBoolean(guest);
    }
    /**
     * Allow authenticated users with no alfresco person record to logon with guest access
     * 
     * @param auth String
     */
    public void setAllowAuthUserAsGuest(String auth)
    {
        m_allowAuthUserAsGuest = Boolean.parseBoolean(auth);
    }
    /**
     * Allow null domain passthru logons to use the first available passthru server
     * 
     * @param nullDomain String
     */
    public void setNullDomainUseAnyServer(String nullDomain)
    {
        m_nullDomainUseAnyServer = Boolean.parseBoolean(nullDomain);
        // Push the setting to the passthru server component
        m_passthruServers.setNullDomainUseAnyServer( m_nullDomainUseAnyServer);
    }
    /**
     * Set the JCE provider
     * 
     * @param providerClass String
     */
    public void setJCEProvider(String providerClass)
    {
        // Set the JCE provider, required to provide various encryption/hashing algorithms not available
        // in the standard Sun JDK/JRE
        try
        {
            // Load the JCE provider class and validate
            Object jceObj = Class.forName(providerClass).newInstance();
            if (jceObj instanceof java.security.Provider)
            {
                // Inform listeners, validate the configuration change
                Provider jceProvider = (Provider) jceObj;
                // Add the JCE provider
                Security.addProvider(jceProvider);
                // Debug
                if ( logger.isDebugEnabled())
                    logger.debug("Using JCE provider " + providerClass);
            }
            else
            {
                throw new AlfrescoRuntimeException("JCE provider class is not a valid Provider class:" + providerClass);
            }
        }
        catch (ClassNotFoundException ex)
        {
            throw new AlfrescoRuntimeException("JCE provider class " + providerClass + " not found");
        }
        catch (Exception ex)
        {
            throw new AlfrescoRuntimeException("JCE provider class error", ex);
        }
    }
    /**
     * Set the authentication session timeout, in seconds
     * 
     * @param sessTmo String
     */
    public void setSessionTimeout(String sessTmo)
    {
        // Convert to an integer value and range check the timeout value
        try
        {
            // Convert to an integer value
            long sessTmoMilli = Long.parseLong(sessTmo) * 1000L;
            if ( sessTmoMilli < MinimumSessionTimeout)
            {
                throw new AlfrescoRuntimeException("Authentication session timeout too low, " + sessTmo);
            }
            // Set the authentication session timeout value
            m_passthruSessTmo = sessTmoMilli;
            // Set the reaper thread wakeup interval
            m_reaperThread.setWakeup( sessTmoMilli / 2);
        }
        catch(NumberFormatException ex)
        {
            throw new AlfrescoRuntimeException("Invalid authenication session timeout value");
        }
    }
    /**
     * Return the authentication session timeout, in milliseconds
     * 
     * @return long
     */
    private final long getSessionTimeout()
    {
        return m_passthruSessTmo;
    }
    /**
     * Authenticate
     * 
     * @param userName String
     * @param password char[]
     * @throws AuthenticationException
     */     
    protected void authenticateImpl(String userName, char[] password) throws AuthenticationException
    {
        // Debug
        if ( logger.isDebugEnabled())
        {
            logger.debug("Authenticate user=" + userName + " via local credentials");
        }
        // Create a local authentication token
        NTLMLocalToken authToken = new NTLMLocalToken(userName, new String(password));
        // Authenticate using the token
        authenticate( authToken);
    }
    /**
     * Authenticate using a token
     * 
     * @param auth Authentication
     * @return Authentication
     * @throws AuthenticationException
     */
    public Authentication authenticate(Authentication auth) throws AuthenticationException
    {
        // DEBUG
        if ( logger.isDebugEnabled())
        {
            logger.debug("Authenticate " + auth + " via token");
        }
        // Check if the token is for passthru authentication
        if( auth instanceof NTLMPassthruToken)
        {
            // Access the NTLM passthru token
            NTLMPassthruToken ntlmToken = (NTLMPassthruToken) auth;
            // Authenticate using passthru
            authenticatePassthru(ntlmToken);
        }
        // Check for a local authentication token
        else if( auth instanceof NTLMLocalToken)
        {
            AuthenticateSession authSess = null;
            try
            {
                // Access the NTLM token
                NTLMLocalToken ntlmToken = (NTLMLocalToken) auth;
                // Open a session to an authentication server
                authSess = m_passthruServers.openSession();
                // Check fi the passthru session is valid
                if ( authSess == null)
                {
                    // DEBUG
                    if ( logger.isDebugEnabled())
                    {
                        logger.debug( "Failed to open passthru session, or no valid passthru server available for " + ntlmToken);
                    }
                    throw new AuthenticationException("authentication.err.connection.passthru.server");
                }
                // Authenticate using the credentials supplied
                authenticateLocal(ntlmToken, authSess);
            }
            finally
            {
                // Make sure the authentication session is closed
                if ( authSess != null)
                {
                    try
                    {
                        authSess.CloseSession();
                    }
                    catch ( Exception ex)
                    {
                    }
                }
            }
        }
        else
        {
            // Unsupported authentication token
            throw new AuthenticationException("authentication.err.passthru.token.unsupported");
        }
        // Return the updated authentication token
        return getCurrentAuthentication();
    }
    /**
     * Get the enum that describes NTLM integration
     * 
     * @return NTLMMode
     */
    public NTLMMode getNTLMMode()
    {
        return NTLMMode.PASS_THROUGH;
    }
    /**
     * Get the MD4 password hash, as required by NTLM based authentication methods.
     * 
     * @param userName String
     * @return String
     */
    public String getMD4HashedPassword(String userName)
    {
        // Do not support MD4 hashed password
        throw new AlfrescoRuntimeException("MD4 passwords not supported");
    }
    /**
     * Authenticate a user using local credentials
     * 
     * @param ntlmToken NTLMLocalToken
     * @param authSess AuthenticateSession
     * @throws org.alfresco.repo.security.authentication.AuthenticationException
     */
    private void authenticateLocal(NTLMLocalToken ntlmToken, AuthenticateSession authSess)
    {
        try
        {
            // Get the plaintext password and generate an NTLM1 password hash
            String username = (String) ntlmToken.getPrincipal();
            String plainPwd = (String) ntlmToken.getCredentials();
            byte[] ntlm1Pwd = m_encryptor.generateEncryptedPassword( plainPwd, authSess.getEncryptionKey(), PasswordEncryptor.NTLM1, null, null);
            // Send the logon request to the authentication server
            //
            // Note: Only use the stronger NTLM hash, we do not send the LM hash
            authSess.doSessionSetup(username, null, ntlm1Pwd);
            // Check if the session has logged on as a guest
            if ( authSess.isGuest() || username.equalsIgnoreCase("GUEST"))
            {
                // If guest access is enabled add a guest authority to the token
                if ( allowsGuest())
                {
                    // Set the guest authority
                    GrantedAuthority[] authorities = new GrantedAuthority[2];
                    authorities[0] = new GrantedAuthorityImpl(NTLMAuthorityGuest);
                    authorities[1] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
                    ntlmToken.setAuthorities(authorities);
                }
                else
                {
                    // Guest access not allowed
                    throw new AuthenticationException("authentication.err.passthru.guest.notenabled");
                }
            }
            else
            {
                // Set authorities
                GrantedAuthority[] authorities = new GrantedAuthority[1];
                authorities[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
                ntlmToken.setAuthorities(authorities);
            }
            // Indicate that the token is authenticated
            ntlmToken.setAuthenticated(true);
            // Map the passthru username to an Alfresco person
            clearCurrentSecurityContext();
            setCurrentUser( username);
            // Debug
            if ( logger.isDebugEnabled())
            {
                logger.debug("Authenticated token=" + ntlmToken);
            }
        }
        catch (NoSuchAlgorithmException ex)
        {
            // JCE provider does not have the required encryption/hashing algorithms
            throw new AuthenticationException("JCE provider error", ex);
        }
        catch (InvalidKeyException ex)
        {
            // Problem creating key during encryption
            throw new AuthenticationException("Invalid key error", ex);
        }
        catch (IOException ex)
        {
            // Error connecting to the authentication server
            throw new AuthenticationException("I/O error", ex);
        }
        catch (SMBException ex)
        {
            // Check the returned status code to determine why the logon failed and throw an appropriate exception
            if ( ex.getErrorClass() == SMBStatus.NTErr)
            {
                AuthenticationException authEx = null;
                switch( ex.getErrorCode())
                {
                case SMBStatus.NTLogonFailure:
                    authEx = new AuthenticationException("Logon failure");
                    break;
                case SMBStatus.NTAccountDisabled:
                    authEx = new AuthenticationException("authentication.err.passthru.user.disabled");
                    break;
                default:
                    authEx = new AuthenticationException("Logon failure");
                break;
                }
                throw authEx;
            }
            else
            {
                throw new AuthenticationException("Logon failure");
            }
        }
    }
    /**
     * Authenticate using passthru authentication with a client
     * 
     * @param ntlmToken NTLMPassthruToken
     * @throws org.alfresco.repo.security.authentication.AuthenticationException
     */
    private void authenticatePassthru(NTLMPassthruToken ntlmToken)
    {
        // Check if the token has an authentication session, if not then it is either a new token
        // or the session has been timed out
        AuthenticateSession authSess = m_passthruSessions.get(ntlmToken);
        if ( authSess == null)
        {
            // Check if the token has a challenge, if it does then the associated session has been
            // timed out
            if ( ntlmToken.getChallenge() != null)
            {
                throw new AuthenticationException("Authentication session expired");
            }
            // Open an authentication session for the new token and add to the active session list
            authSess = m_passthruServers.openSession( false, ntlmToken.getClientDomain());
            // Check if the session was opened to the passthru server
            if ( authSess == null)
            {
                throw new AuthenticationException("authentication.err.connection.passthru.server");
            }
            ntlmToken.setAuthenticationExpireTime(System.currentTimeMillis() + getSessionTimeout());
            // Get the challenge from the initial session negotiate stage
            ntlmToken.setChallenge(new NTLMChallenge(authSess.getEncryptionKey()));
            StringBuilder details = new StringBuilder();
            // Build a details string with the authentication session details
            details.append(authSess.getDomain());
            details.append("\\");
            details.append(authSess.getPCShare().getNodeName());
            details.append(",");
            details.append(authSess.getSession().getProtocolName());
            ntlmToken.setDetails(details.toString());
            // Put the token/session into the active session list
            m_passthruSessions.put(ntlmToken, authSess);
            // Debug
            if ( logger.isDebugEnabled())
                logger.debug("Passthru stage 1 token " + ntlmToken);
        }
        else
        {   
            try
            {
                // Stage two of the authentication, send the hashed password to the authentication server
                byte[] lmPwd = null;
                byte[] ntlmPwd = null;
                if ( ntlmToken.getPasswordType() == PasswordEncryptor.LANMAN)
                    lmPwd = ntlmToken.getHashedPassword();
                else if ( ntlmToken.getPasswordType() == PasswordEncryptor.NTLM1)
                    ntlmPwd = ntlmToken.getHashedPassword();
                String username = (String) ntlmToken.getPrincipal();
                authSess.doSessionSetup(username, lmPwd, ntlmPwd);
                // Check if the session has logged on as a guest
                if ( authSess.isGuest() || username.equalsIgnoreCase("GUEST"))
                {
                    // If guest access is enabled add a guest authority to the token
                    if ( allowsGuest())
                    {
                        // Set the guest authority
                        GrantedAuthority[] authorities = new GrantedAuthority[1];
                        authorities[0] = new GrantedAuthorityImpl(NTLMAuthorityGuest);
                        ntlmToken.setAuthorities(authorities);
                    }
                    else
                    {
                        // Guest access not allowed
                        throw new AuthenticationException("authentication.err.passthru.guest.notenabled");
                    }
                }
                // Indicate that the token is authenticated
                ntlmToken.setAuthenticated(true);
                // Wrap the service calls in a transaction
                RetryingTransactionHelper helper = getTransactionService().getRetryingTransactionHelper();
                final String currentUser = username;
                helper.doInTransaction(new RetryingTransactionCallback<Void>()
                {
                    public Void execute() throws AuthenticationException
                    {
                        clearCurrentSecurityContext();
                        setCurrentUser(currentUser);
                        return null;
                    }
                });               
            }
            catch (NoSuchPersonException ex)
            {
                // Check if authenticated users are allowed on as guest when there is no Alfresco person record
                if ( m_allowAuthUserAsGuest == true)
                {
                    // Set the guest authority
                    GrantedAuthority[] authorities = new GrantedAuthority[1];
                    authorities[0] = new GrantedAuthorityImpl(NTLMAuthorityGuest);
                    ntlmToken.setAuthorities(authorities);
                    // DEBUG
                    if ( logger.isDebugEnabled())
                    {
                        logger.debug("Allow passthru authenticated user to logon as guest, user=" + ntlmToken.getName());
                    }
                }
                else
                {
                    // Logon failure, no matching person record
                    throw new AuthenticationException("authentication.err.passthru.user.notfound", ex);
                }
            }
            catch (IOException ex)
            {
                // Error connecting to the authentication server
                throw new AuthenticationException("Unable to connect to the authentication server", ex);
            }
            catch (SMBException ex)
            {
                // Debug
                if ( logger.isDebugEnabled())
                {
                    logger.debug("Passthru exception, " + ex);
                }
                // Check the returned status code to determine why the logon failed and throw an appropriate exception
                if ( ex.getErrorClass() == SMBStatus.NTErr)
                {
                    AuthenticationException authEx = null;
                    switch( ex.getErrorCode())
                    {
                    case SMBStatus.NTLogonFailure:
                        authEx = new AuthenticationException("Logon failure");
                        break;
                    case SMBStatus.NTAccountDisabled:
                        authEx = new AuthenticationException("authentication.err.passthru.user.disabled");
                        break;
                    default:
                        authEx = new AuthenticationException("Logon failure");
                    break;
                    }
                    throw authEx;
                }
                else
                {
                    throw new AuthenticationException("Logon failure");
                }
            } 
            finally
            {
                // Make sure the authentication session is closed
                if ( authSess != null)
                {
                    try
                    {
                        // Remove the session from the active list
                        m_passthruSessions.remove(ntlmToken);
                        // Close the session to the authentication server
                        authSess.CloseSession();
                    }
                    catch (Exception ex)
                    {
                        logger.debug("unable to close session", ex);
                    }
                }              
            }
        }
    }
    /**
     * Check if the user exists
     * 
     * @param userName String
     * @return boolean
     */
    public boolean exists(String userName)
    {
       throw new UnsupportedOperationException();
    }
    @Override
    protected boolean implementationAllowsGuestLogin()
    {
       return allowsGuest();
    }
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationProvider.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationProvider.java
@@ -1,771 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication.ntlm;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.security.Security;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.jlan.server.auth.PasswordEncryptor;
 import org.alfresco.jlan.server.auth.passthru.AuthenticateSession;
 import org.alfresco.jlan.server.auth.passthru.PassthruServers;
 import org.alfresco.jlan.smb.SMBException;
 import org.alfresco.jlan.smb.SMBStatus;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import net.sf.acegisecurity.*;
 import net.sf.acegisecurity.providers.*;
 /**
 * NTLM Authentication Provider
 * 
 * @author GKSpencer
 */
 public class NTLMAuthenticationProvider implements AuthenticationProvider
 {
    private static final Log logger = LogFactory.getLog("org.alfresco.acegi");
    // Constants
    //
    // Standard authorities
    public static final String NTLMAuthorityGuest         = "Guest";
    public static final String NTLMAuthorityAdministrator = "Administrator";
    // Active session timeout
    private static final long DefaultSessionTimeout = 60000L;   // 1 minute
    private static final long MinimumSessionTimeout = 5000L;    // 5 seconds
    // Passthru authentication servers
    private PassthruServers m_passthruServers;
    // Password encryptor for generating password hash for local authentication
    private PasswordEncryptor m_encryptor;
    // Allow guest access
    private boolean m_allowGuest;
    // Table of currently active passthru authentications and the associated authentication session
    //
    // If the two authentication stages are not completed within a reasonable time the authentication
    // session will be closed by the reaper thread.
    private Hashtable<NTLMPassthruToken,AuthenticateSession> m_passthruSessions;
    // Active authentication session timeout, in milliseconds
    private long m_passthruSessTmo = DefaultSessionTimeout;
    // Authentication session reaper thread
    private PassthruReaperThread m_reaperThread;
    /**
     * Passthru Session Repear Thread
     */
    class PassthruReaperThread extends Thread
    {
        // Thread shutdown request flag
        private boolean m_ishutdown;
        // Reaper wakeup interval, in milliseconds
        private long m_wakeupInterval = m_passthruSessTmo / 2;
        /**
         * Default constructor
         */
        PassthruReaperThread()
        {
            setDaemon(true);
            setName("PassthruReaper");
            start();
        }
        /**
         * Set the wakeup interval
         * 
         * @param wakeup long
         */
        public final void setWakeup(long wakeup)
        {
            m_wakeupInterval = wakeup;
        }
        /**
         * Main thread code
         */
        public void run()
        {
            // Loop until shutdown
            m_ishutdown = false;
            while ( m_ishutdown == false)
            {
                // Sleep for a while
                try
                {
                    sleep( m_wakeupInterval);
                }
                catch ( InterruptedException ex)
                {
                }
                // Check if there are any active sessions to check
                if ( m_passthruSessions.size() > 0)
                {
                    // Enumerate the active sessions
                    Enumeration<NTLMPassthruToken> tokenEnum = m_passthruSessions.keys();
                    long timeNow = System.currentTimeMillis();
                    while (tokenEnum.hasMoreElements())
                    {
                        // Get the current NTLM token and check if it has expired
                        NTLMPassthruToken ntlmToken = tokenEnum.nextElement();
                        if ( ntlmToken != null && ntlmToken.getAuthenticationExpireTime() < timeNow)
                        {
                            // Authentication token has expired, close the associated authentication session
                            AuthenticateSession authSess = m_passthruSessions.get(ntlmToken);
                            if ( authSess != null)
                            {
                                try
                                {
                                    // Close the authentication session
                                    authSess.CloseSession();
                                }
                                catch ( Exception ex)
                                {
                                    // Debug
                                    if(logger.isDebugEnabled())
                                        logger.debug("Error closing expired authentication session", ex);
                                }
                            }
                            // Remove the expired token from the active list
                            m_passthruSessions.remove(ntlmToken);
                            // Debug
                            if(logger.isDebugEnabled())
                                logger.debug("Removed expired NTLM token " + ntlmToken);
                        }
                    }
                }
            }
            // Debug
            if(logger.isDebugEnabled())
                logger.debug("Passthru reaper thread shutdown");
        }
        /**
         * Shutdown the reaper thread
         */
        public final void shutdownRequest()
        {
            m_ishutdown = true;
            this.interrupt();
        }
    }
    /**
     * Class constructor
     */
    public NTLMAuthenticationProvider() {
        // Create the passthru authentication server list
        m_passthruServers = new PassthruServers();
        // Create the password encryptor for local password hashing
        m_encryptor = new PasswordEncryptor();
        // Create the active session list and reaper thread
        m_passthruSessions = new Hashtable<NTLMPassthruToken,AuthenticateSession>();
        m_reaperThread = new PassthruReaperThread();
    }
    /**
     * Authenticate a user
     * 
     * @param auth Authentication
     * @return Authentication
     * @exception AuthenticationException
     */
    public Authentication authenticate(Authentication auth) throws AuthenticationException
    {
        // DEBUG
        if ( logger.isDebugEnabled())
            logger.debug("Authenticate " + auth);
        // Check if the token is for passthru authentication
        if( auth instanceof NTLMPassthruToken)
        {
            // Access the NTLM passthru token
            NTLMPassthruToken ntlmToken = (NTLMPassthruToken) auth;
            // Authenticate using passthru
            authenticatePassthru(ntlmToken);
        }
        // Check for a local authentication token
        else if( auth instanceof NTLMLocalToken)
        {
            AuthenticateSession authSess = null;
            try
            {
                // Access the NTLM token
                NTLMLocalToken ntlmToken = (NTLMLocalToken) auth;
                // Open a session to an authentication server
                authSess = m_passthruServers.openSession();
                // Authenticate using the credentials supplied
                authenticateLocal(ntlmToken, authSess);
            }
            finally
            {
                // Make sure the authentication session is closed
                if ( authSess != null)
                {
                    try
                    {
                        authSess.CloseSession();
                    }
                    catch ( Exception ex)
                    {
                    }
                }
            }
        }
        // Return the updated authentication token
        return auth;
    }
    /**
     * Determine if this provider supports the specified authentication token
     * 
     * @param authentication Class
     */
    public boolean supports(Class authentication)
    {
        // Check if the authentication is an NTLM authentication token
        if ( NTLMPassthruToken.class.isAssignableFrom(authentication))
            return true;
        return NTLMLocalToken.class.isAssignableFrom(authentication);
    }
    /**
     * Determine if guest logons are allowed
     * 
     * @return boolean
     */
    public final boolean allowsGuest()
    {
        return m_allowGuest;
    }
    /**
     * Set the domain to authenticate against
     * 
     * @param domain String
     */
    public final void setDomain(String domain) {
        // Check if the passthru server list is already configured
        if ( m_passthruServers.getTotalServerCount() > 0)
            throw new AlfrescoRuntimeException("Passthru server list already configured");
        // Configure the passthru authentication server list using the domain controllers
        try
        {
            m_passthruServers.setDomain(domain);
        }
        catch (IOException ex)
        {
            throw new AlfrescoRuntimeException("Failed to set passthru domain", ex);
        }
    }
    /**
     * Set the server(s) to authenticate against
     * 
     * @param servers String
     */
    public final void setServers(String servers) {
        // Check if the passthru server list is already configured
        if ( m_passthruServers.getTotalServerCount() > 0)
            throw new AlfrescoRuntimeException("Passthru server list already configured");
        // Configure the passthru authenticaiton list using a list of server names/addresses
        m_passthruServers.setServerList(servers);
    }
    /**
     * Use the local server as the authentication server
     * 
     * @param useLocal String
     */
    public final void setUseLocalServer(String useLocal)
    {
        // Check if the local server should be used for authentication
        if ( Boolean.parseBoolean(useLocal) == true)
        {
            // Check if the passthru server list is already configured
            if ( m_passthruServers.getTotalServerCount() > 0)
                throw new AlfrescoRuntimeException("Passthru server list already configured");
            try
            {
                // Get the list of local network addresses
                InetAddress[] localAddrs = InetAddress.getAllByName(InetAddress.getLocalHost().getHostName());
                // Build the list of local addresses
                if ( localAddrs != null && localAddrs.length > 0)
                {
                    StringBuilder addrStr = new StringBuilder();
                    for ( InetAddress curAddr  : localAddrs)
                    {
                        if ( curAddr.isLoopbackAddress() == false)
                        {
                            addrStr.append(curAddr.getHostAddress());
                            addrStr.append(",");
                        }
                    }
                    if ( addrStr.length() > 0)
                        addrStr.setLength(addrStr.length() - 1);
                    // Set the server list using the local address list
                    m_passthruServers.setServerList(addrStr.toString());
                }
                else
                    throw new AlfrescoRuntimeException("No local server address(es)");
            }
            catch ( UnknownHostException ex)
            {
                throw new AlfrescoRuntimeException("Failed to get local address list");
            }
        }
    }
    /**
     * Allow guest access
     * 
     * @param guest String
     */
    public final void setGuestAccess(String guest)
    {
        m_allowGuest = Boolean.parseBoolean(guest);
    }
    /**
     * Set the JCE provider
     * 
     * @param providerClass String
     */
    public final void setJCEProvider(String providerClass)
    {
        // Set the JCE provider, required to provide various encryption/hashing algorithms not available
        // in the standard Sun JDK/JRE
        try
        {
            // Load the JCE provider class and validate
            Object jceObj = Class.forName(providerClass).newInstance();
            if (jceObj instanceof java.security.Provider)
            {
                // Inform listeners, validate the configuration change
                Provider jceProvider = (Provider) jceObj;
                // Add the JCE provider
                Security.addProvider(jceProvider);
                // Debug
                if ( logger.isDebugEnabled())
                    logger.debug("Using JCE provider " + providerClass);
            }
            else
            {
                throw new AlfrescoRuntimeException("JCE provider class is not a valid Provider class");
            }
        }
        catch (ClassNotFoundException ex)
        {
            throw new AlfrescoRuntimeException("JCE provider class " + providerClass + " not found");
        }
        catch (Exception ex)
        {
            throw new AlfrescoRuntimeException("JCE provider class error", ex);
        }
    }
    /**
     * Set the authentication session timeout, in seconds
     * 
     * @param sessTmo String
     */
    public final void setSessionTimeout(String sessTmo)
    {
        // Convert to an integer value and range check the timeout value
        try
        {
            // Convert to an integer value
            long sessTmoMilli = Long.parseLong(sessTmo) * 1000L;
            if ( sessTmoMilli < MinimumSessionTimeout)
                throw new AlfrescoRuntimeException("Authentication session timeout too low, " + sessTmo);
            // Set the authentication session timeout value
            m_passthruSessTmo = sessTmoMilli;
            // Set the reaper thread wakeup interval
            m_reaperThread.setWakeup( sessTmoMilli / 2);
        }
        catch(NumberFormatException ex)
        {
            throw new AlfrescoRuntimeException("Invalid authenication session timeout value");
        }
    }
    /**
     * Return the authentication session timeout, in milliseconds
     * 
     * @return long
     */
    private final long getSessionTimeout()
    {
        return m_passthruSessTmo;
    }
    /**
     * Authenticate a user using local credentials
     * 
     * @param ntlmToken NTLMLocalToken
     * @param authSess AuthenticateSession
     */
    private void authenticateLocal(NTLMLocalToken ntlmToken, AuthenticateSession authSess)
    {
        try
        {
            // Get the plaintext password and generate an NTLM1 password hash
            String username = (String) ntlmToken.getPrincipal();
            String plainPwd = (String) ntlmToken.getCredentials();
            byte[] ntlm1Pwd = m_encryptor.generateEncryptedPassword( plainPwd, authSess.getEncryptionKey(), PasswordEncryptor.NTLM1, null, null);
            // Send the logon request to the authentication server
            //
            // Note: Only use the stronger NTLM hash, we do not send the LM hash
            authSess.doSessionSetup(username, null, ntlm1Pwd);
            // Check if the session has logged on as a guest
            if ( authSess.isGuest() || username.equalsIgnoreCase("GUEST"))
            {
                // If guest access is enabled add a guest authority to the token
                if ( allowsGuest())
                {
                    // Set the guest authority
                    GrantedAuthority[] authorities = new GrantedAuthority[1];
                    authorities[0] = new GrantedAuthorityImpl(NTLMAuthorityGuest);
                    ntlmToken.setAuthorities(authorities);
                }
                else
                {
                    // Guest access not allowed
                    throw new BadCredentialsException("Guest logons disabled");
                }
            }
            // Indicate that the token is authenticated
            ntlmToken.setAuthenticated(true);
        }
        catch (NoSuchAlgorithmException ex)
        {
            // JCE provider does not have the required encryption/hashing algorithms
            throw new AuthenticationServiceException("JCE provider error", ex);
        }
        catch (InvalidKeyException ex)
        {
            // Problem creating key during encryption
            throw new AuthenticationServiceException("Invalid key error", ex);
        }
        catch (IOException ex)
        {
            // Error connecting to the authentication server
            throw new AuthenticationServiceException("I/O error", ex);
        }
        catch (SMBException ex)
        {
            // Check the returned status code to determine why the logon failed and throw an appropriate exception
            if ( ex.getErrorClass() == SMBStatus.NTErr)
            {
                AuthenticationException authEx = null;
                switch( ex.getErrorCode())
                {
                case SMBStatus.NTLogonFailure:
                    authEx = new BadCredentialsException("Logon failure");
                    break;
                case SMBStatus.NTAccountDisabled:
                    authEx = new DisabledException("Account disabled");
                    break;
                default:
                    authEx = new BadCredentialsException("Logon failure");
                break;
                }
                throw authEx;
            }
            else
                throw new BadCredentialsException("Logon failure");
        }
    }
    /**
     * Authenticate using passthru authentication with a client
     * 
     * @param ntlmToken NTLMPassthruToken
     */
    private void authenticatePassthru(NTLMPassthruToken ntlmToken)
    {
        // Check if the token has an authentication session, if not then it is either a new token
        // or the session has been timed out
        AuthenticateSession authSess = m_passthruSessions.get(ntlmToken);
        if ( authSess == null)
        {
            // Check if the token has a challenge, if it does then the associated session has been
            // timed out
            if ( ntlmToken.getChallenge() != null)
                throw new CredentialsExpiredException("Authentication session expired");
            // Open an authentication session for the new token and add to the active session list
            authSess = m_passthruServers.openSession();
            ntlmToken.setAuthenticationExpireTime(System.currentTimeMillis() + getSessionTimeout());
            // Get the challenge from the initial session negotiate stage
            ntlmToken.setChallenge(new NTLMChallenge(authSess.getEncryptionKey()));
            StringBuilder details = new StringBuilder();
            // Build a details string with the authentication session details
            details.append(authSess.getDomain());
            details.append("\\");
            details.append(authSess.getPCShare().getNodeName());
            details.append(",");
            details.append(authSess.getSession().getProtocolName());
            ntlmToken.setDetails(details.toString());
            // Put the token/session into the active session list
            m_passthruSessions.put(ntlmToken, authSess);
            // Debug
            if ( logger.isDebugEnabled())
                logger.debug("Passthru stage 1 token " + ntlmToken);
        }
        else
        {
            try
            {
                // Stage two of the authentication, send the hashed password to the authentication server
                byte[] lmPwd = null;
                byte[] ntlmPwd = null;
                if ( ntlmToken.getPasswordType() == PasswordEncryptor.LANMAN)
                    lmPwd = ntlmToken.getHashedPassword();
                else if ( ntlmToken.getPasswordType() == PasswordEncryptor.NTLM1)
                    ntlmPwd = ntlmToken.getHashedPassword();
                String username = (String) ntlmToken.getPrincipal();
                authSess.doSessionSetup(username, lmPwd, ntlmPwd);
                // Check if the session has logged on as a guest
                if ( authSess.isGuest() || username.equalsIgnoreCase("GUEST"))
                {
                    // If guest access is enabled add a guest authority to the token
                    if ( allowsGuest())
                    {
                        // Set the guest authority
                        GrantedAuthority[] authorities = new GrantedAuthority[1];
                        authorities[0] = new GrantedAuthorityImpl(NTLMAuthorityGuest);
                        ntlmToken.setAuthorities(authorities);
                    }
                    else
                    {
                        // Guest access not allowed
                        throw new BadCredentialsException("Guest logons disabled");
                    }
                }
                // Indicate that the token is authenticated
                ntlmToken.setAuthenticated(true);
            }                
            catch (IOException ex)
            {
                // Error connecting to the authentication server
                throw new AuthenticationServiceException("I/O error", ex);
            }
            catch (SMBException ex)
            {
                // Check the returned status code to determine why the logon failed and throw an appropriate exception
                if ( ex.getErrorClass() == SMBStatus.NTErr)
                {
                    AuthenticationException authEx = null;
                    switch( ex.getErrorCode())
                    {
                    case SMBStatus.NTLogonFailure:
                        authEx = new BadCredentialsException("Logon failure");
                        break;
                    case SMBStatus.NTAccountDisabled:
                        authEx = new DisabledException("Account disabled");
                        break;
                    default:
                        authEx = new BadCredentialsException("Logon failure");
                    break;
                    }
                    throw authEx;
                }
                else
                    throw new BadCredentialsException("Logon failure");
            }
            finally
            {
                // Make sure the authentication session is closed
                if ( authSess != null)
                {
                    try
                    {
                        // Remove the session from the active list
                        m_passthruSessions.remove(ntlmToken);
                        // Close the session to the authentication server
                        authSess.CloseSession();
                    }
                    catch (Exception ex)
                    {
                    }
                }
            }
        }
    }
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMChallenge.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMChallenge.java
@@ -1,115 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication.ntlm;
 import org.alfresco.jlan.util.HexDump;
 /**
 * Contains the NTLM challenge bytes.
 * 
 * @author GKSpencer
 */
 public class NTLMChallenge
 {
    // Challenge bytes
    private byte[] m_challenge;
    /**
     * Class constructor
     * 
     * @param chbyts byte[]
     */
    protected NTLMChallenge(byte[] chbyts)
    {
        m_challenge = chbyts;
    }
    /**
     * Return the challenge bytes
     * 
     * @return byte[]
     */
    public final byte[] getBytes()
    {
        return m_challenge;
    }
    /**
     * Check for object equality
     * 
     * @param obj Object
     * @return boolean
     */
    public boolean equals(Object obj)
    {
        if ( obj instanceof NTLMChallenge)
        {
            NTLMChallenge ntlmCh = (NTLMChallenge) obj;
            // Check if both challenges are null
            if ( getBytes() == null && ntlmCh.getBytes() == null)
                return true;
            // Check if both challenges are the same length
            if ( getBytes() != null && ntlmCh.getBytes() != null &&
                    getBytes().length == ntlmCh.getBytes().length)
            {
                // Check if challenages are the same value
                byte[] ntlmBytes = ntlmCh.getBytes();
                for ( int i = 0; i < m_challenge.length; i++)
                    if ( m_challenge[i] != ntlmBytes[i])
                        return false;
            }
            else
                return false;
        }
        // Not the same type
        return false;
    }
    /**
     * Return the challenge as a string
     * 
     * @return String
     */
    public String toString()
    {
        StringBuilder str = new StringBuilder();
        str.append("[");
        str.append(HexDump.hexString(getBytes(), " "));
        str.append("]");
        return str.toString();
    }
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMLocalToken.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMLocalToken.java
@@ -1,180 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication.ntlm;
 import java.net.InetAddress;
 import net.sf.acegisecurity.GrantedAuthority;
 import net.sf.acegisecurity.providers.*;
 /**
 * <p>Used to provide authentication with a remote Windows server when the username and password are
 * provided locally.
 * 
 * @author GKSpencer
 */
 public class NTLMLocalToken extends UsernamePasswordAuthenticationToken
 {
    private static final long serialVersionUID = -7946514578455279387L;
    // Optional client domain and IP address, used to route the passthru authentication to the correct server(s)
    private String m_clientDomain;
    private String m_clientAddr;
    /**
     * Class constructor
     */
    protected NTLMLocalToken()
    {
        super(null, null);
    }
    /**
     * Class constructor
     * 
     * @param ipAddr InetAddress
     */
    protected NTLMLocalToken( InetAddress ipAddr)
    {
    	if ( ipAddr != null)
    		m_clientAddr = ipAddr.getHostAddress();
    }
    /**
     * Class constructor
     * 
     * @param username String
     * @param plainPwd String
     */
    public NTLMLocalToken(String username, String plainPwd) {
        super(username.toLowerCase(), plainPwd);
    }
    /**
     * Class constructor
     * 
     * @param username String
     * @param plainPwd String
     * @param domain String
     * @param ipAddr String
     */
    public NTLMLocalToken(String username, String plainPwd, String domain, String ipAddr) {
        super(username != null ? username.toLowerCase() : "", plainPwd);
        m_clientDomain = domain;
        m_clientAddr   = ipAddr;
    }
    /**
     * Check if the user logged on as a guest
     * 
     * @return boolean
     */
    public final boolean isGuestLogon()
    {
        return hasAuthority(NTLMAuthenticationProvider.NTLMAuthorityGuest);
    }
    /**
     * Check if the user is an administrator
     * 
     * @return boolean
     */
    public final boolean isAdministrator()
    {
        return hasAuthority(NTLMAuthenticationProvider.NTLMAuthorityAdministrator);
    }
    /**
     * Search for the specified authority
     * 
     * @param authority String
     * @return boolean
     */
    public final boolean hasAuthority(String authority)
    {
        boolean found = false;
        GrantedAuthority[] authorities = getAuthorities();
        if ( authorities != null && authorities.length > 0)
        {
            // Search for the specified authority
            int i = 0;
            while ( found == false && i < authorities.length)
            {
                if ( authorities[i++].getAuthority().equals(authority))
                    found = true;
            }
        }
        // Return the status
        return found;
    }
    /**
     * Check if the client domain name is set
     * 
     * @return boolean
     */
    public final boolean hasClientDomain()
    {
    	return m_clientDomain != null ? true : false;
    }
    /**
     * Return the client domain
     * 
     * @return String
     */
    public final String getClientDomain()
    {
    	return m_clientDomain;
    }
    /**
     * Check if the client IP address is set
     * 
     * @return boolean
     */
    public final boolean hasClientAddress()
    {
    	return m_clientAddr != null ? true : false;
    }
    /**
     * Return the client IP address
     * 
     * @return String
     */
    public final String getClientAddress()
    {
    	return m_clientAddr;
    }
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMPassthruToken.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ntlm/NTLMPassthruToken.java
@@ -1,184 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication.ntlm;
 import java.net.InetAddress;
 /**
 * <p>Used to provide passthru authentication to a remote Windows server using multiple stages that
 * allows authentication details to be passed between a client and the remote authenticating server without
 * the password being known by the authentication provider.
 * 
 * @author GKSpencer
 */
 public class NTLMPassthruToken extends NTLMLocalToken
 {
    private static final long serialVersionUID = -4635444888514735368L;
    // Challenge for this session
    private NTLMChallenge m_challenge;
    // User name, hashed password and algorithm type
    private String m_username;
    private byte[] m_hashedPassword;
    private int m_hashType;
    // Time that the authentication session will expire
    private long m_authExpiresAt;
    /**
     * Class constructor
     */
    public NTLMPassthruToken()
    {
        // We do not know the username yet, and will not know the password
        super("", "");
    }
    /**
     * Class constructor
     * 
     * @param domain String
     */
    public NTLMPassthruToken( String domain)
    {
        // We do not know the username yet, and will not know the password
        super("", "", domain, null);
    }
    /**
     * Class constructor
     * 
     * @param ipAddr InetAddress
     */
    public NTLMPassthruToken( InetAddress ipAddr)
    {
        super( ipAddr);
    }
    /**
     * Return the challenge
     * 
     * @return NTLMChallenge
     */
    public final NTLMChallenge getChallenge()
    {
        return m_challenge;
    }
    /**
     * Return the user account
     * 
     * @return Object
     */
    public final Object getPrincipal()
    {
        return m_username;
    }
    /**
     * Return the hashed password
     * 
     * @return byte[]
     */
    public final byte[] getHashedPassword()
    {
        return m_hashedPassword;
    }
    /**
     * Return the hashed password type
     * 
     * @return int
     */
    public final int getPasswordType()
    {
        return m_hashType;
    }
    /**
     * Return the authentication expiry time, this will be zero if the authentication session has not yet
     * been opened to the server
     * 
     * @return long
     */
    public final long getAuthenticationExpireTime()
    {
        return m_authExpiresAt;
    }
    /**
     * Set the hashed password and type
     * 
     * @param hashedPassword byte[]
     * @param hashType int
     */
    public final void setUserAndPassword(String username, byte[] hashedPassword, int hashType)
    {
        m_username       = username.toLowerCase();
        m_hashedPassword = hashedPassword;
        m_hashType       = hashType;
    }
    /**
     * Set the challenge for this token
     * 
     * @param challenge NTLMChallenge
     */
    protected final void setChallenge(NTLMChallenge challenge)
    {
        m_challenge = challenge;
    }
    /**
     * Set the authentication expire time, this indicates that an authentication session is associated with this
     * token and the session will be closed if the authentication is not completed by this time.
     * 
     * @param expireTime long
     */
    protected final void setAuthenticationExpireTime(long expireTime)
    {
        m_authExpiresAt = expireTime;
    }
    /**
     * Check for object equality
     * 
     * @param obj Object
     * @return boolean
     */
    public boolean equals(Object obj)
    {
        // Only match on the same object
        return this == obj;
    }
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java
@@ -1,264 +0,0 @@
 /*
 * #%L
 * Alfresco Repository
 * %%
 * Copyright (C) 2005 - 2016 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software. 
 * If the software was purchased under a paid Alfresco license, the terms of 
 * the paid license agreement will prevail.  Otherwise, the software is 
 * provided under the following open source license terms:
 * 
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */
 package org.alfresco.repo.security.authentication.ntlm;
 import java.util.Date;
 import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.springframework.dao.DataAccessException;
 /**
 * Null Mutable Authentication Dao Class
 * 
 * <p>Mutable authentication implementation that does nothing.
 * 
 * @author GKSpencer
 */
 public class NullMutableAuthenticationDao implements MutableAuthenticationDao
 {
    /**
     * @param nodeService ignored
     */
    public void setNodeService(NodeService nodeService)
    {
        // do nothing
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void createUser(String userName, char[] rawPassword) throws AuthenticationException
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void createUser(String caseSensitiveUserName, String hashedpassword, char[] rawPassword) throws AuthenticationException
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void updateUser(String userName, char[] rawPassword) throws AuthenticationException
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void deleteUser(String userName) throws AuthenticationException
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * Check is a user exists.
     * 
     * @return              <tt>true</tt> always
     */
    @Override
    public boolean userExists(String userName)
    {
        return true;
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void setEnabled(String userName, boolean enabled)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public boolean getEnabled(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void setAccountExpires(String userName, boolean expires)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public boolean getAccountExpires(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public boolean getAccountHasExpired(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void setCredentialsExpire(String userName, boolean expires)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public boolean getCredentialsExpire(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public boolean getCredentialsHaveExpired(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void setLocked(String userName, boolean locked)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public boolean getLocked(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public boolean getAccountlocked(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void setAccountExpiryDate(String userName, Date exipryDate)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public Date getAccountExpiryDate(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public void setCredentialsExpiryDate(String userName, Date exipryDate)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public Date getCredentialsExpiryDate(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public String getMD4HashedPassword(String userName)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException, DataAccessException
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */
    @Override
    public Object getSalt(UserDetails user)
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
 }
--- a/src/main/java/org/alfresco/repo/security/authentication/subsystems/SubsystemChainingFtpAuthenticator.java
+++ b/src/main/java/org/alfresco/repo/security/authentication/subsystems/SubsystemChainingFtpAuthenticator.java
@@ -80,7 +80,7 @@ public class SubsystemChainingFtpAuthenticator extends AbstractChainingFtpAuthen
                {
                    continue;
                }
-                // Only add active authenticators. E.g. we might have an passthru FTP authenticator that is disabled.
+                // Only add active authenticators. E.g. we might have a FTP authenticator that is disabled.
                if (!(authenticator instanceof ActivateableBean)
                        || ((ActivateableBean) authenticator).isActive())
                {
--- a/src/main/resources/alfresco/messages/authentication.properties
+++ b/src/main/resources/alfresco/messages/authentication.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=LDAP User {0} not found
 authentication.err.connection.ldap.manager.notfound=LDAP Manager User {0} not found
 authentication.err.connection.ldap.search=Unable to search LDAP. Reason {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=Failed to open session to passthru server
 authentication.err.passthru.token.unsupported=Unsupported authentication token type
 authentication.err.passthru.guest.notenabled=Guest logons disabled
 authentication.err.passthru.user.disabled=Account disabled
 authentication.err.passthru.user.notfound=Passthru user {0} not found
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=Validation of request
 authentication.step.ldap.connecting=Connecting to LDAP Server {0}
--- a/src/main/resources/alfresco/messages/authentication_de.properties
+++ b/src/main/resources/alfresco/messages/authentication_de.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=LDAP-Benutzer {0} nicht gefunde
 authentication.err.connection.ldap.manager.notfound=LDAP Manager-Benutzer {0} nicht gefunden
 authentication.err.connection.ldap.search=LDAP kann nicht durchsucht werden. Grund: {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=Sitzung mit Passthru-Server konnte nicht ge\u00f6ffnet werden
 authentication.err.passthru.token.unsupported=Nicht unterst\u00fctzter Authentifizierungs-Token
 authentication.err.passthru.guest.notenabled=G\u00e4ste-Anmeldungen deaktiviert
 authentication.err.passthru.user.disabled=Konto deaktiviert
 authentication.err.passthru.user.notfound=Passthru-Benutzer {0} nicht gefunden
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=\u00dcberpr\u00fcfung der Anfrage
 authentication.step.ldap.connecting=Verbindungsaufbau zum LDAP-Server {0}
--- a/src/main/resources/alfresco/messages/authentication_es.properties
+++ b/src/main/resources/alfresco/messages/authentication_es.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=No se encontr\u00f3 el usuario
 authentication.err.connection.ldap.manager.notfound=No se encontr\u00f3 el usuario administrador LDAP {0}
 authentication.err.connection.ldap.search=No se pudo buscar LDAP. Raz\u00f3n {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=No se pudo abrir una sesi\u00f3n en el servidor passthru
 authentication.err.passthru.token.unsupported=Tipo de token de autenticaci\u00f3n no compatible
 authentication.err.passthru.guest.notenabled=Inicios de sesi\u00f3n como invitado deshabilitados
 authentication.err.passthru.user.disabled=Cuenta deshabilitada
 authentication.err.passthru.user.notfound=No se encontr\u00f3 el usuario passthru {0}
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=Validaci\u00f3n de solicitud
 authentication.step.ldap.connecting=Conectando al servidor LDAP {0}
--- a/src/main/resources/alfresco/messages/authentication_fr.properties
+++ b/src/main/resources/alfresco/messages/authentication_fr.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=Utilisateur LDAP {0} introuvabl
 authentication.err.connection.ldap.manager.notfound=Utilisateur gestionnaire LDAP {0} introuvable
 authentication.err.connection.ldap.search=Impossible de rechercher dans LDAP. Raison {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=Impossible d'ouvrir une session sur le serveur interm\u00e9diaire
 authentication.err.passthru.token.unsupported=Type de jeton d'authentification non pris en charge
 authentication.err.passthru.guest.notenabled=Connexions invit\u00e9s d\u00e9sactiv\u00e9es
 authentication.err.passthru.user.disabled=Compte d\u00e9sactiv\u00e9
 authentication.err.passthru.user.notfound=Utilisateur interm\u00e9diaire {0} introuvable
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=Validation de requ\u00eate
 authentication.step.ldap.connecting=Connexion au serveur LDAP {0}
--- a/src/main/resources/alfresco/messages/authentication_it.properties
+++ b/src/main/resources/alfresco/messages/authentication_it.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=Utente LDAP {0} non trovato
 authentication.err.connection.ldap.manager.notfound=Utente manager LDAP {0} non trovato
 authentication.err.connection.ldap.search=Impossibile cercare in LDAP. Motivo {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=Impossibile aprire una sessione con il server passthru
 authentication.err.passthru.token.unsupported=Tipo di token di autenticazione non supportato
 authentication.err.passthru.guest.notenabled=Login ospiti disabilitati
 authentication.err.passthru.user.disabled=Account disabilitato
 authentication.err.passthru.user.notfound=Utente Passthru {0} non trovato
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=Convalida della richiesta
 authentication.step.ldap.connecting=Connessione al server LDAP {0} in corso
--- a/src/main/resources/alfresco/messages/authentication_ja.properties
+++ b/src/main/resources/alfresco/messages/authentication_ja.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=LDAP \u30e6\u30fc\u30b6\u30fc {
 authentication.err.connection.ldap.manager.notfound=LDAP \u30de\u30cd\u30fc\u30b8\u30e3\u30e6\u30fc\u30b6\u30fc {0} \u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093
 authentication.err.connection.ldap.search=LDAP \u3092\u691c\u7d22\u3067\u304d\u307e\u305b\u3093\u3002 \u7406\u7531\uff1a {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=\u30d1\u30b9\u30b9\u30eb\u30fc\u30b5\u30fc\u30d0\u30fc\u3078\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u958b\u3051\u307e\u305b\u3093\u3067\u3057\u305f
 authentication.err.passthru.token.unsupported=\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u306a\u3044\u8a8d\u8a3c\u30c8\u30fc\u30af\u30f3\u30bf\u30a4\u30d7\u3067\u3059
 authentication.err.passthru.guest.notenabled=\u30b2\u30b9\u30c8\u30ed\u30b0\u30a4\u30f3\u304c\u7121\u52b9\u3067\u3059
 authentication.err.passthru.user.disabled=\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u7121\u52b9\u3067\u3059
 authentication.err.passthru.user.notfound=\u30d1\u30b9\u30b9\u30eb\u30fc\u30e6\u30fc\u30b6\u30fc {0} \u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u691c\u8a3c
 authentication.step.ldap.connecting=LDAP \u30b5\u30fc\u30d0\u30fc {0} \u306b\u63a5\u7d9a\u3057\u3066\u3044\u307e\u3059
--- a/src/main/resources/alfresco/messages/authentication_nb.properties
+++ b/src/main/resources/alfresco/messages/authentication_nb.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=Finner ikke LDAP-brukeren {0}
 authentication.err.connection.ldap.manager.notfound=Finner ikke LDAP-administratorbrukeren {0}
 authentication.err.connection.ldap.search=Kan ikke s\u00f8ke i LDAP. \u00c5rsak {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=Kan ikke \u00e5pne \u00f8kt til gjennomgangsserver
 authentication.err.passthru.token.unsupported=Tokentype for godkjenning st\u00f8ttes ikke
 authentication.err.passthru.guest.notenabled=Gjestep\u00e5logginger er deaktivert
 authentication.err.passthru.user.disabled=Konto er deaktivert
 authentication.err.passthru.user.notfound=Finner ikke gjennomgangsbrukeren {0}
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=Validering av foresp\u00f8rsel
 authentication.step.ldap.connecting=Koble til LDAP-server {0}
--- a/src/main/resources/alfresco/messages/authentication_nl.properties
+++ b/src/main/resources/alfresco/messages/authentication_nl.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=LDAP-gebruiker {0} niet gevonde
 authentication.err.connection.ldap.manager.notfound=LDAP-beheerdergebruiker {0} niet gevonden
 authentication.err.connection.ldap.search=Kan niet zoeken naar LDAP. Reden {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=Kan sessie met Passthru-server niet openen
 authentication.err.passthru.token.unsupported=Niet-ondersteund type verificatietoken
 authentication.err.passthru.guest.notenabled=Gastaanmeldingen uitgeschakeld
 authentication.err.passthru.user.disabled=Account uitgeschakeld
 authentication.err.passthru.user.notfound=Passthru-gebruiker {0} niet gevonden
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=Validatie van aanvraag
 authentication.step.ldap.connecting=Verbinding maken LDAP-server {0}
--- a/src/main/resources/alfresco/messages/authentication_pt_BR.properties
+++ b/src/main/resources/alfresco/messages/authentication_pt_BR.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=Usu\u00e1rio LDAP {0} n\u00e3o
 authentication.err.connection.ldap.manager.notfound=Usu\u00e1rio do gerenciador LDAP {0} n\u00e3o encontrado
 authentication.err.connection.ldap.search=N\u00e3o \u00e9 poss\u00edvel pesquisar o LDAP. Raz\u00e3o {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=Falha ao abrir a sess\u00e3o para o servidor de passagem
 authentication.err.passthru.token.unsupported=Tipo de token de autentica\u00e7\u00e3o n\u00e3o suportado
 authentication.err.passthru.guest.notenabled=Logons de convidado desativados
 authentication.err.passthru.user.disabled=Conta desativada
 authentication.err.passthru.user.notfound=Usu\u00e1rio de passagem {0} n\u00e3o encontrado
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=Valida\u00e7\u00e3o de solicita\u00e7\u00e3o
 authentication.step.ldap.connecting=Conectando-se ao servidor LDAP {0}
--- a/src/main/resources/alfresco/messages/authentication_ru.properties
+++ b/src/main/resources/alfresco/messages/authentication_ru.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=\u041f\u043e\u043b\u044c\u0437\
 authentication.err.connection.ldap.manager.notfound=\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 LDAP {0} \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d
 authentication.err.connection.ldap.search=\u041d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u0430\u0439\u0442\u0438 LDAP. \u041f\u0440\u0438\u0447\u0438\u043d\u0430: {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=\u041d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0441\u0435\u0430\u043d\u0441 \u0441\u0432\u044f\u0437\u0438 \u0441 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c
 authentication.err.passthru.token.unsupported=\u041d\u0435\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u0442\u0438\u043f \u043c\u0430\u0440\u043a\u0435\u0440\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438
 authentication.err.passthru.guest.notenabled=\u0412\u0445\u043e\u0434\u044b \u0433\u043e\u0441\u0442\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u044b
 authentication.err.passthru.user.disabled=\u0423\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430
 authentication.err.passthru.user.notfound=\u041f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c {0} \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430
 authentication.step.ldap.connecting=\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 LDAP {0}
--- a/src/main/resources/alfresco/messages/authentication_zh_CN.properties
+++ b/src/main/resources/alfresco/messages/authentication_zh_CN.properties
@@ -12,13 +12,6 @@ authentication.err.connection.ldap.user.notfound=\u672a\u627e\u5230 LDAP \u7528\
 authentication.err.connection.ldap.manager.notfound=\u672a\u627e\u5230 LDAP \u7ba1\u7406\u5668\u7528\u6237 {0}
 authentication.err.connection.ldap.search=\u65e0\u6cd5\u641c\u7d22 LDAP\u3002 \u539f\u56e0 {0}
 # PASSTHRU
 authentication.err.connection.passthru.server=\u6253\u5f00 passthru \u670d\u52a1\u5668\u4f1a\u8bdd\u5931\u8d25
 authentication.err.passthru.token.unsupported=\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u7c7b\u578b\u4e0d\u53d7\u652f\u6301
 authentication.err.passthru.guest.notenabled=\u5df2\u7981\u7528\u8bbf\u5ba2\u767b\u5f55
 authentication.err.passthru.user.disabled=\u5df2\u7981\u7528\u5e10\u6237
 authentication.err.passthru.user.notfound=\u672a\u627e\u5230 Passthru \u7528\u6237 {0}
 # Authentication Diagnostic Steps
 authentication.step.ldap.validation=\u8bf7\u6c42\u9a8c\u8bc1
 authentication.step.ldap.connecting=\u6b63\u5728\u8fde\u63a5\u5230 LDAP \u670d\u52a1\u5668 {0}
--- a/src/main/resources/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication-context.xml
+++ b/src/main/resources/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication-context.xml
@@ -63,7 +63,6 @@
      <property name="proxyInterfaces">
         <list>
            <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
            <value>org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator</value>
         </list>
      </property>
      <property name="transactionManager">
--- a/src/main/resources/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties
+++ b/src/main/resources/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties
@@ -1,13 +0,0 @@
 passthru.authentication.useLocalServer=false
 passthru.authentication.domain=DOMAIN
 passthru.authentication.servers=
 passthru.authentication.guestAccess=false
 passthru.authentication.defaultAdministratorUserNames=
 #Timeout value when opening a session to an authentication server, in milliseconds
 passthru.authentication.connectTimeout=5000
 #Offline server check interval in seconds
 passthru.authentication.offlineCheckInterval=300
 passthru.authentication.protocolOrder=TCPIP,NetBIOS
 passthru.authentication.authenticateFTP=true
 passthru.authentication.sessionCleanup=true
 passthru.authentication.broadcastMask=
--- a/src/main/resources/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.xml
+++ b/src/main/resources/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.xml
@@ -1,125 +0,0 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
 <beans>
   <!-- The passthru servers  -->
   <!-- Properties that specify the server(s) to use for passthru          -->
   <!-- authentication :-                                                  -->
   <!--   useLocalServer   use the local server for authentication         -->
   <!--   domain           use domain controllers from the specified domain-->
   <!--   servers          comma delimted list of server addresses or      -->
   <!--                    names                                           -->
   <bean id="passthruServers" class="org.alfresco.filesys.auth.PassthruServerFactory">
      <property name="localServer">
         <value>${passthru.authentication.useLocalServer}</value>
      </property>
      <property name="server">
         <value>${passthru.authentication.servers}</value>
      </property>
      <property name="domain">
         <value>${passthru.authentication.domain}</value>
      </property>
      <!-- Timeout value when opening a session to an authentication server, in milliseconds -->
      <property name="timeout">
         <value>${passthru.authentication.connectTimeout}</value>
      </property>
      <!-- Offline server check interval in seconds -->
      <property name="offlineCheckInterval">
         <value>${passthru.authentication.offlineCheckInterval}</value>
      </property>
      <property name="protocolOrder">
         <value>${passthru.authentication.protocolOrder}</value>
      </property>
      <property name="nullDomainUseAnyServer">
         <value>true</value>
      </property>
 	  <property name="broadcastMask">
 		 <value>${passthru.authentication.broadcastMask}</value>
 	  </property>
   </bean>
   <!-- The authentication component.                                      -->
   <!-- Use the passthru authentication component to authenticate using    -->
   <!-- user accounts on one or more Windows servers.                      -->
   <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
      parent="authenticationComponentBase">
      <property name="passthruServers">
         <ref bean="passthruServers" />
      </property>
      <property name="personService">
         <ref bean="personService" />
      </property>
      <property name="nodeService">
         <ref bean="nodeService" />
      </property>
      <property name="transactionService">
         <ref bean="transactionComponent" />
      </property>
      <property name="guestAccess">
         <value>${passthru.authentication.guestAccess}</value>
      </property>
      <property name="defaultAdministratorUserNameList">
         <value>${passthru.authentication.defaultAdministratorUserNames}</value>
      </property>
   </bean>
   <!-- Wrapped version to be used within subsystem -->
   <bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
      <property name="proxyInterfaces">
         <list>
            <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
            <value>org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator</value>
         </list>
      </property>
      <property name="transactionManager">
         <ref bean="transactionManager" />
      </property>
      <property name="target">
         <ref bean="authenticationComponent" />
      </property>
      <property name="transactionAttributes">
         <props>
            <prop key="*">${server.transaction.mode.default}</prop>
         </props>
      </property>
   </bean>
   <!-- Authenticaton service for chaining -->
   <bean id="localAuthenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="ticketComponent">
         <ref bean="ticketComponent" />
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponent" />
      </property>
      <property name="sysAdminParams">
         <ref bean="sysAdminParams" />
      </property>
      <property name="protectedUsersCache">
         <ref bean="protectedUsersCache" />
      </property>
      <property name="protectionEnabled">
         <value>${authentication.protection.enabled}</value>
      </property>
      <property name="protectionLimit">
         <value>${authentication.protection.limit}</value>
      </property>
      <property name="protectionPeriodSeconds">
         <value>${authentication.protection.periodSeconds}</value>
      </property>
   </bean>
   <!-- FTP authentication -->
   <bean id="ftpAuthenticator" class="org.alfresco.filesys.auth.ftp.PassthruFtpAuthenticator" parent="ftpAuthenticatorBase">
      <property name="active">
         <value>${passthru.authentication.authenticateFTP}</value>
      </property>
      <property name="passthruServers">
         <ref bean="passthruServers" />
      </property>
   </bean>
 </beans>
--- a/src/test/resources/log4j.properties
+++ b/src/test/resources/log4j.properties
@@ -123,10 +123,6 @@ log4j.logger.org.alfresco.ftp.protocol=error
 #log4j.logger.org.alfresco.webdav.protocol=debug
 log4j.logger.org.alfresco.webdav.protocol=info
 # NTLM servlet filters
 #log4j.logger.org.alfresco.web.app.servlet.NTLMAuthenticationFilter=debug
 #log4j.logger.org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter=debug
 # Kerberos servlet filters
 #log4j.logger.org.alfresco.web.app.servlet.KerberosAuthenticationFilter=debug
 #log4j.logger.org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter=debug
`@@ -3,5 +3,5 @@`
	MESSAGE_SEARCH_PATH="src/main/resources/alfresco/messages/action-config.properties src/main/resources/alfresco/messages/action-service.properties src/main/resources/alfresco/messages/activiti-engine-messages.properties src/main/resources/alfresco/messages/activities-service.properties src/main/resources/alfresco/messages/activity-list.properties src/main/resources/alfresco/messages/application-model.properties src/main/resources/alfresco/messages/authentication.properties src/main/resources/alfresco/messages/bootstrap-content-template-examples.properties src/main/resources/alfresco/messages/bootstrap-example-javascripts.properties src/main/resources/alfresco/messages/bootstrap-example-smartfoldertemplates.properties src/main/resources/alfresco/messages/bootstrap-imapScripts.properties src/main/resources/alfresco/messages/bootstrap-javascripts.properties src/main/resources/alfresco/messages/bootstrap-messages.properties src/main/resources/alfresco/messages/bootstrap-readme-template.properties src/main/resources/alfresco/messages/bootstrap-spaces.properties src/main/resources/alfresco/messages/bootstrap-templates.properties src/main/resources/alfresco/messages/bootstrap-tutorial.properties src/main/resources/alfresco/messages/bootstrap-webScripts.properties src/main/resources/alfresco/messages/bootstrap-webScriptsExtensions.properties src/main/resources/alfresco/messages/bpm-messages.properties src/main/resources/alfresco/messages/categories.properties src/main/resources/alfresco/messages/coci-service.properties src/main/resources/alfresco/messages/content-filter-languages.properties src/main/resources/alfresco/messages/content-model.properties src/main/resources/alfresco/messages/copy-service.properties src/main/resources/alfresco/messages/custommodel-service.properties src/main/resources/alfresco/messages/discussion-messages.properties src/main/resources/alfresco/messages/distributionpolicies-model.properties src/main/resources/alfresco/messages/doclink-service.properties src/main/resources/alfresco/messages/download-model.properties src/main/resources/alfresco/messages/email-server-model.properties src/main/resources/alfresco/messages/email-service.properties src/main/resources/alfresco/messages/file-folder-service.properties src/main/resources/alfresco/messages/form-service.properties src/main/resources/alfresco/messages/forum-model.properties src/main/resources/alfresco/messages/imap-service.properties src/main/resources/alfresco/messages/initiate-inplace.properties src/main/resources/alfresco/messages/invitation-service.properties src/main/resources/alfresco/messages/lock-service.properties src/main/resources/alfresco/messages/notification-service.properties src/main/resources/alfresco/messages/period-provider.properties src/main/resources/alfresco/messages/permissions-service.properties src/main/resources/alfresco/messages/quickshare-service.properties src/main/resources/alfresco/messages/rendition-config.properties src/main/resources/alfresco/messages/replication.properties src/main/resources/alfresco/messages/repoadmin-service.properties src/main/resources/alfresco/messages/reset-password-messages.properties src/main/resources/alfresco/messages/rule-config.properties src/main/resources/alfresco/messages/site-model.properties src/main/resources/alfresco/messages/site-service.properties src/main/resources/alfresco/messages/slingshot.properties src/main/resources/alfresco/messages/smartfolder-model.properties src/main/resources/alfresco/messages/subscription-service.properties src/main/resources/alfresco/messages/system-messages.properties src/main/resources/alfresco/messages/system-model.properties src/main/resources/alfresco/messages/template-service.properties src/main/resources/alfresco/messages/templates-messages.properties src/main/resources/alfresco/messages/transfer-model.properties src/main/resources/alfresco/messages/transfer-service.properties src/main/resources/alfresco/messages/ui-inplace.properties src/main/resources/alfresco/messages/webdav-messages.properties src/main/resources/alfresco/messages/workflow-package-messages.properties src/main/resources/alfresco/workflow/invitation-moderated-workflow-messages.properties src/main/resources/alfresco/workflow/invitation-nominated-workflow-messages.properties src/main/resources/alfresco/workflow/workflow-messages*.properties"	MESSAGE_SEARCH_PATH="src/main/resources/alfresco/messages/action-config.properties src/main/resources/alfresco/messages/action-service.properties src/main/resources/alfresco/messages/activiti-engine-messages.properties src/main/resources/alfresco/messages/activities-service.properties src/main/resources/alfresco/messages/activity-list.properties src/main/resources/alfresco/messages/application-model.properties src/main/resources/alfresco/messages/authentication.properties src/main/resources/alfresco/messages/bootstrap-content-template-examples.properties src/main/resources/alfresco/messages/bootstrap-example-javascripts.properties src/main/resources/alfresco/messages/bootstrap-example-smartfoldertemplates.properties src/main/resources/alfresco/messages/bootstrap-imapScripts.properties src/main/resources/alfresco/messages/bootstrap-javascripts.properties src/main/resources/alfresco/messages/bootstrap-messages.properties src/main/resources/alfresco/messages/bootstrap-readme-template.properties src/main/resources/alfresco/messages/bootstrap-spaces.properties src/main/resources/alfresco/messages/bootstrap-templates.properties src/main/resources/alfresco/messages/bootstrap-tutorial.properties src/main/resources/alfresco/messages/bootstrap-webScripts.properties src/main/resources/alfresco/messages/bootstrap-webScriptsExtensions.properties src/main/resources/alfresco/messages/bpm-messages.properties src/main/resources/alfresco/messages/categories.properties src/main/resources/alfresco/messages/coci-service.properties src/main/resources/alfresco/messages/content-filter-languages.properties src/main/resources/alfresco/messages/content-model.properties src/main/resources/alfresco/messages/copy-service.properties src/main/resources/alfresco/messages/custommodel-service.properties src/main/resources/alfresco/messages/discussion-messages.properties src/main/resources/alfresco/messages/distributionpolicies-model.properties src/main/resources/alfresco/messages/doclink-service.properties src/main/resources/alfresco/messages/download-model.properties src/main/resources/alfresco/messages/email-server-model.properties src/main/resources/alfresco/messages/email-service.properties src/main/resources/alfresco/messages/file-folder-service.properties src/main/resources/alfresco/messages/form-service.properties src/main/resources/alfresco/messages/forum-model.properties src/main/resources/alfresco/messages/imap-service.properties src/main/resources/alfresco/messages/initiate-inplace.properties src/main/resources/alfresco/messages/invitation-service.properties src/main/resources/alfresco/messages/lock-service.properties src/main/resources/alfresco/messages/notification-service.properties src/main/resources/alfresco/messages/period-provider.properties src/main/resources/alfresco/messages/permissions-service.properties src/main/resources/alfresco/messages/quickshare-service.properties src/main/resources/alfresco/messages/rendition-config.properties src/main/resources/alfresco/messages/replication.properties src/main/resources/alfresco/messages/repoadmin-service.properties src/main/resources/alfresco/messages/reset-password-messages.properties src/main/resources/alfresco/messages/rule-config.properties src/main/resources/alfresco/messages/site-model.properties src/main/resources/alfresco/messages/site-service.properties src/main/resources/alfresco/messages/slingshot.properties src/main/resources/alfresco/messages/smartfolder-model.properties src/main/resources/alfresco/messages/subscription-service.properties src/main/resources/alfresco/messages/system-messages.properties src/main/resources/alfresco/messages/system-model.properties src/main/resources/alfresco/messages/template-service.properties src/main/resources/alfresco/messages/templates-messages.properties src/main/resources/alfresco/messages/transfer-model.properties src/main/resources/alfresco/messages/transfer-service.properties src/main/resources/alfresco/messages/ui-inplace.properties src/main/resources/alfresco/messages/webdav-messages.properties src/main/resources/alfresco/messages/workflow-package-messages.properties src/main/resources/alfresco/workflow/invitation-moderated-workflow-messages.properties src/main/resources/alfresco/workflow/invitation-nominated-workflow-messages.properties src/main/resources/alfresco/workflow/workflow-messages*.properties"


	EXCLUDED_FILES="src/main/resources/alfresco/messages/content-service.properties src/main/resources/alfresco/messages/module-messages.properties src/main/resources/alfresco/messages/patch-service.properties src/main/resources/alfresco/messages/repoadmin-interpreter-help.properties src/main/resources/alfresco/messages/schema-update.properties src/main/resources/alfresco/messages/tenant-interpreter-help.properties src/main/resources/alfresco/messages/version-service.properties src/main/resources/alfresco/messages/workflow-interpreter-help.properties src/main/resources/alfresco/alfresco-shared.properties src/main/resources/alfresco/caches.properties src/main/resources/alfresco/repository.properties src/main/resources/alfresco/client/config/repo-clients-apps.properties src/main/resources/alfresco/domain/cache-strategies.properties src/main/resources/alfresco/domain/hibernate-cfg.properties src/main/resources/alfresco/domain/quartz.properties src/main/resources/alfresco/domain/transaction.properties src/main/resources/alfresco/keystore/keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-truststore-passwords.properties src/main/resources/alfresco/metadata/DWGMetadataExtracter.properties src/main/resources/alfresco/metadata/HtmlMetadataExtracter.properties src/main/resources/alfresco/metadata/MailMetadataExtracter.properties src/main/resources/alfresco/metadata/MP3MetadataExtracter.properties src/main/resources/alfresco/metadata/OfficeMetadataExtracter.properties src/main/resources/alfresco/metadata/PdfBoxMetadataExtracter.properties src/main/resources/alfresco/metadata/PoiMetadataExtracter.properties src/main/resources/alfresco/metadata/RFC822MetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAudioMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAutoMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaSpringConfiguredMetadataExtracter.properties src/main/resources/alfresco/subsystems/ActivitiesFeed/default/activities-jobs.properties src/main/resources/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication.properties src/main/resources/alfresco/subsystems/Authentication/external/external-authentication.properties src/main/resources/alfresco/subsystems/Authentication/kerberos/kerberos-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties src/main/resources/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties src/main/resources/alfresco/subsystems/email/InboundSMTP/inboundSMTP.properties src/main/resources/alfresco/subsystems/email/OutboundSMTP/outboundSMTP.properties src/main/resources/alfresco/subsystems/fileServers/default/file-servers.properties src/main/resources/alfresco/subsystems/imap/default/imap-server.properties src/main/resources/alfresco/subsystems/Replication/default/replication.properties src/main/resources/alfresco/subsystems/Search/noindex/common-search.properties src/main/resources/alfresco/subsystems/Search/noindex/noindex-search.properties src/main/resources/alfresco/subsystems/Search/solr/common-search.properties src/main/resources/alfresco/subsystems/Search/solr/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr/facet/solr-facets-config.properties src/main/resources/alfresco/subsystems/Search/solr4/common-search.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr6/common-search.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-search.properties src/main/resources/alfresco/subsystems/Subscriptions/default/subscription-service.properties src/main/resources/alfresco/subsystems/Synchronization/default/default-synchronization.properties src/main/resources/alfresco/subsystems/sysAdmin/default/sysadmin-parameter.properties src/main/resources/alfresco/subsystems/thirdparty/default/alfresco-pdf-renderer-transform.properties src/main/resources/alfresco/subsystems/thirdparty/default/imagemagick-transform.properties src/main/resources/alfresco/subsystems/Transformers/default/transformers.properties src/main/resources/org/alfresco/encryption/keystore-parameters.properties src/main/resources/org/alfresco/repo/i18n/testMessages.properties src/main/resources/org/alfresco/repo/module/tool/default-file-mapping.properties src/main/resources/alfresco/metadata/JodConverterMetadataExtracter.properties src/main/resources/alfresco/subsystems/OOoJodconverter/default/jodconverter.properties"	EXCLUDED_FILES="src/main/resources/alfresco/messages/content-service.properties src/main/resources/alfresco/messages/module-messages.properties src/main/resources/alfresco/messages/patch-service.properties src/main/resources/alfresco/messages/repoadmin-interpreter-help.properties src/main/resources/alfresco/messages/schema-update.properties src/main/resources/alfresco/messages/tenant-interpreter-help.properties src/main/resources/alfresco/messages/version-service.properties src/main/resources/alfresco/messages/workflow-interpreter-help.properties src/main/resources/alfresco/alfresco-shared.properties src/main/resources/alfresco/caches.properties src/main/resources/alfresco/repository.properties src/main/resources/alfresco/client/config/repo-clients-apps.properties src/main/resources/alfresco/domain/cache-strategies.properties src/main/resources/alfresco/domain/hibernate-cfg.properties src/main/resources/alfresco/domain/quartz.properties src/main/resources/alfresco/domain/transaction.properties src/main/resources/alfresco/keystore/keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-keystore-passwords.properties src/main/resources/alfresco/keystore/ssl-truststore-passwords.properties src/main/resources/alfresco/metadata/DWGMetadataExtracter.properties src/main/resources/alfresco/metadata/HtmlMetadataExtracter.properties src/main/resources/alfresco/metadata/MailMetadataExtracter.properties src/main/resources/alfresco/metadata/MP3MetadataExtracter.properties src/main/resources/alfresco/metadata/OfficeMetadataExtracter.properties src/main/resources/alfresco/metadata/PdfBoxMetadataExtracter.properties src/main/resources/alfresco/metadata/PoiMetadataExtracter.properties src/main/resources/alfresco/metadata/RFC822MetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAudioMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaAutoMetadataExtracter.properties src/main/resources/alfresco/metadata/TikaSpringConfiguredMetadataExtracter.properties src/main/resources/alfresco/subsystems/ActivitiesFeed/default/activities-jobs.properties src/main/resources/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication.properties src/main/resources/alfresco/subsystems/Authentication/external/external-authentication.properties src/main/resources/alfresco/subsystems/Authentication/kerberos/kerberos-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties src/main/resources/alfresco/subsystems/Authentication/ldap-ad/ldap-ad-authentication.properties src/main/resources/alfresco/subsystems/email/InboundSMTP/inboundSMTP.properties src/main/resources/alfresco/subsystems/email/OutboundSMTP/outboundSMTP.properties src/main/resources/alfresco/subsystems/fileServers/default/file-servers.properties src/main/resources/alfresco/subsystems/imap/default/imap-server.properties src/main/resources/alfresco/subsystems/Replication/default/replication.properties src/main/resources/alfresco/subsystems/Search/noindex/common-search.properties src/main/resources/alfresco/subsystems/Search/noindex/noindex-search.properties src/main/resources/alfresco/subsystems/Search/solr/common-search.properties src/main/resources/alfresco/subsystems/Search/solr/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr/facet/solr-facets-config.properties src/main/resources/alfresco/subsystems/Search/solr4/common-search.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr4/solr-search.properties src/main/resources/alfresco/subsystems/Search/solr6/common-search.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-backup.properties src/main/resources/alfresco/subsystems/Search/solr6/solr-search.properties src/main/resources/alfresco/subsystems/Subscriptions/default/subscription-service.properties src/main/resources/alfresco/subsystems/Synchronization/default/default-synchronization.properties src/main/resources/alfresco/subsystems/sysAdmin/default/sysadmin-parameter.properties src/main/resources/alfresco/subsystems/thirdparty/default/alfresco-pdf-renderer-transform.properties src/main/resources/alfresco/subsystems/thirdparty/default/imagemagick-transform.properties src/main/resources/alfresco/subsystems/Transformers/default/transformers.properties src/main/resources/org/alfresco/encryption/keystore-parameters.properties src/main/resources/org/alfresco/repo/i18n/testMessages.properties src/main/resources/org/alfresco/repo/module/tool/default-file-mapping.properties src/main/resources/alfresco/metadata/JodConverterMetadataExtracter.properties src/main/resources/alfresco/subsystems/OOoJodconverter/default/jodconverter.properties"