inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

MT - initial checkin for MT-enabled Web Scripts

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8293 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2008-02-15 15:29:27 +00:00
parent a450598ecb
commit f3969beff1
6 changed files with 1070 additions and 709 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/alfresco/web-scripts-application-context.xml
View File

@@ -37,6 +37,7 @@
<property name="fileFolderService" ref="fileFolderService" />
<property name="searchService" ref="SearchService" />
<property name="permissionService" ref="PermissionService" />
<property name="tenantDeployerService" ref="tenantAdminService" />
</bean>
<bean name="webscripts.store.repo.extension" parent="webscripts.repostore">
@@ -83,6 +84,7 @@
<property name="personService" ref="personService" />
<property name="fileFolderService" ref="fileFolderService" />
<property name="searchService" ref="searchService" />
<property name="tenantDeployerService" ref="tenantAdminService" />
<property name="companyHomeStore"><value>${spaces.store}</value></property>
<property name="companyHomePath"><value>/${spaces.company_home.childname}</value></property>
</bean>
@@ -115,6 +117,7 @@
<property name="descriptorService" ref="DescriptorService" />
<property name="searchPath" ref="webscripts.searchpath" />
<property name="configService" ref="web.config" />
<property name="tenantDeployerService" ref="tenantAdminService" />
</bean>

1438
source/java/org/alfresco/repo/web/scripts/RepoStore.java
View File

File diff suppressed because it is too large Load Diff

102
source/java/org/alfresco/repo/web/scripts/Repository.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
* Copyright (C) 2005-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -25,12 +25,17 @@
package org.alfresco.repo.web.scripts;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.tenant.TenantDeployer;
import org.alfresco.repo.tenant.TenantDeployerService;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.model.FileFolderService;
@@ -56,7 +61,7 @@ import org.springframework.context.ApplicationListener;
*
* @author davidc
*/
public class Repository implements ApplicationContextAware, ApplicationListener
public class Repository implements ApplicationContextAware, ApplicationListener, TenantDeployer
{
private ProcessorLifecycle lifecycle = new ProcessorLifecycle();
@@ -67,11 +72,12 @@ public class Repository implements ApplicationContextAware, ApplicationListener
private NodeService nodeService;
private FileFolderService fileFolderService;
private PersonService personService;
private TenantDeployerService tenantDeployerService;
// company home
private StoreRef companyHomeStore;
private String companyHomePath;
private NodeRef companyHome;
private Map<String, NodeRef> companyHomeRefs;
/**
@@ -151,6 +157,16 @@ public class Repository implements ApplicationContextAware, ApplicationListener
{
this.personService = personService;
}
/**
* Sets the tenant deployer service
*
* @param tenantDeployerService
*/
public void setTenantDeployerService(TenantDeployerService tenantDeployerService)
{
this.tenantDeployerService = tenantDeployerService;
}
/* (non-Javadoc)
* @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
@@ -190,20 +206,14 @@ public class Repository implements ApplicationContextAware, ApplicationListener
*/
protected void initContext()
{
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@SuppressWarnings("synthetic-access")
public Object execute() throws Exception
{
List<NodeRef> refs = searchService.selectNodes(nodeService.getRootNode(companyHomeStore), companyHomePath, null, namespaceService, false);
if (refs.size() != 1)
{
throw new IllegalStateException("Invalid company home path: " + companyHomePath + " - found: " + refs.size());
}
companyHome = refs.get(0);
return null;
}
});
tenantDeployerService.register(this);
if (companyHomeRefs == null)
{
companyHomeRefs = new HashMap<String, NodeRef>(1);
}
getCompanyHome();
}
@@ -224,7 +234,32 @@ public class Repository implements ApplicationContextAware, ApplicationListener
*/
public NodeRef getCompanyHome()
{
return companyHome;
String tenantDomain = tenantDeployerService.getCurrentUserDomain();
NodeRef companyHomeRef = companyHomeRefs.get(tenantDomain);
if (companyHomeRef == null)
{
companyHomeRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
{
public NodeRef doWork() throws Exception
{
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
{
public NodeRef execute() throws Exception
{
List<NodeRef> refs = searchService.selectNodes(nodeService.getRootNode(companyHomeStore), companyHomePath, null, namespaceService, false);
if (refs.size() != 1)
{
throw new IllegalStateException("Invalid company home path: " + companyHomePath + " - found: " + refs.size());
}
return refs.get(0);
}
});
}
}, AuthenticationUtil.getSystemUserName());
companyHomeRefs.put(tenantDomain, companyHomeRef);
}
return companyHomeRef;
}
/**
@@ -329,4 +364,35 @@ public class Repository implements ApplicationContextAware, ApplicationListener
return nodeRef;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onEnableTenant()
*/
public void onEnableTenant()
{
init();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onDisableTenant()
*/
public void onDisableTenant()
{
destroy();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#init()
*/
public void init()
{
initContext();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#destroy()
*/
public void destroy()
{
companyHomeRefs.remove(tenantDeployerService.getCurrentUserDomain());
}
}

91
source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
* Copyright (C) 2005-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -31,6 +31,8 @@ import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.tenant.TenantDeployer;
import org.alfresco.repo.tenant.TenantDeployerService;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
@@ -43,6 +45,7 @@ import org.alfresco.service.descriptor.DescriptorService;
import org.alfresco.web.scripts.AbstractRuntimeContainer;
import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description;
import org.alfresco.web.scripts.Registry;
import org.alfresco.web.scripts.ServerModel;
import org.alfresco.web.scripts.WebScript;
import org.alfresco.web.scripts.WebScriptException;
@@ -59,7 +62,7 @@ import org.apache.commons.logging.LogFactory;
*
* @author davidc
*/
public class RepositoryContainer extends AbstractRuntimeContainer
public class RepositoryContainer extends AbstractRuntimeContainer implements TenantDeployer
{
// Logger
protected static final Log logger = LogFactory.getLog(RepositoryContainer.class);
@@ -71,6 +74,9 @@ public class RepositoryContainer extends AbstractRuntimeContainer
private AuthorityService authorityService;
private PermissionService permissionService;
private DescriptorService descriptorService;
private TenantDeployerService tenantDeployerService;
private Map<String, Registry> tenantRegistries = new HashMap<String, Registry>(0);
/**
* @param repository
@@ -120,6 +126,14 @@ public class RepositoryContainer extends AbstractRuntimeContainer
this.authorityService = authorityService;
}
/**
* @param tenantDeployerService
*/
public void setTenantDeployerService(TenantDeployerService tenantDeployerService)
{
this.tenantDeployerService = tenantDeployerService;
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.Container#getDescription()
*/
@@ -192,7 +206,12 @@ public class RepositoryContainer extends AbstractRuntimeContainer
if (required == RequiredAuthentication.none)
{
AuthenticationUtil.clearCurrentSecurityContext();
// MT-context will pre-authenticate (see MTWebScriptAuthenticationFilter)
if (! AuthenticationUtil.isMtEnabled())
{
// TODO revisit - cleared here, in-lieu of WebClient clear
AuthenticationUtil.clearCurrentSecurityContext();
}
transactionedExecute(script, scriptReq, scriptRes);
}
else if ((required == RequiredAuthentication.user || required == RequiredAuthentication.admin) && isGuest)
@@ -291,5 +310,71 @@ public class RepositoryContainer extends AbstractRuntimeContainer
}
}
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.AbstractRuntimeContainer#getRegistry()
*/
@Override
public Registry getRegistry()
{
if (tenantDeployerService.isEnabled())
{
String tenantDomain = tenantDeployerService.getCurrentUserDomain();
Registry registry = tenantRegistries.get(tenantDomain);
if (registry == null)
{
init();
registry = tenantRegistries.get(tenantDomain);
}
return registry;
}
else
{
return super.getRegistry();
}
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.AbstractRuntimeContainer#reset()
*/
@Override
public void reset()
{
tenantDeployerService.register(this);
super.reset();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onEnableTenant()
*/
public void onEnableTenant()
{
init();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#onDisableTenant()
*/
public void onDisableTenant()
{
destroy();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#init()
*/
public void init()
{
Registry registry = super.getRegistry().cloneEmpty();
tenantRegistries.put(tenantDeployerService.getCurrentUserDomain(), registry);
registry.reset();
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantDeployer#destroy()
*/
public void destroy()
{
tenantRegistries.remove(tenantDeployerService.getCurrentUserDomain());
}
}

112
source/java/org/alfresco/web/app/servlet/MTWebScriptAuthenticationFilter.java Normal file
View File

@@ -0,0 +1,112 @@
/*
* Copyright (C) 2005-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.web.app.servlet;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description.RequiredAuthentication;
import org.alfresco.web.scripts.servlet.ServletAuthenticatorFactory;
import org.alfresco.web.scripts.servlet.WebScriptServletRequest;
import org.alfresco.web.scripts.servlet.WebScriptServletResponse;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
* In case of MT-context, this servlet filter will force authentication prior to WebScript binding, even for WebScripts
* that do not require authentication.
*
* In future releases, consider updating the HTTP API such that an optional tenant context could be specified as part of
* the URL, hence not requiring pre-authentication in that case.
*/
public class MTWebScriptAuthenticationFilter implements Filter
{
private FilterConfig config;
private ApplicationContext appContext;
/**
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig config) throws ServletException
{
this.config = config;
this.appContext = WebApplicationContextUtils.getRequiredWebApplicationContext(config.getServletContext());
}
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException
{
if (AuthenticationUtil.isMtEnabled())
{
String currentUser = AuthenticationUtil.getCurrentUserName();
if (currentUser == null)
{
// retrieve authenticator factory
String authenticatorId = config.getInitParameter("authenticator");
if (authenticatorId != null && authenticatorId.length() > 0)
{
Object bean = appContext.getBean(authenticatorId);
if (bean == null || !(bean instanceof ServletAuthenticatorFactory))
{
throw new ServletException("Initialisation parameter 'authenticator' does not refer to a servlet authenticator factory (" + authenticatorId + ")");
}
ServletAuthenticatorFactory authenticatorFactory = (ServletAuthenticatorFactory)bean;
if ((req instanceof HttpServletRequest) && (res instanceof HttpServletResponse))
{
Authenticator authenticator = authenticatorFactory.create(new WebScriptServletRequest(null, (HttpServletRequest)req, null, null), new WebScriptServletResponse(null, (HttpServletResponse)res));
authenticator.authenticate(RequiredAuthentication.user, false);
}
}
}
}
// continue filter chaining
chain.doFilter(req, res);
}
/**
* @see javax.servlet.Filter#destroy()
*/
public void destroy()
{
// nothing to do
}
}

33
source/web/WEB-INF/web.xml
View File

@@ -107,6 +107,24 @@
<filter-name>Admin Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
</filter>
<filter>
<filter-name>MT WebScript Basic Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.MTWebScriptAuthenticationFilter</filter-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.basic</param-value>
</init-param>
</filter>
<filter>
<filter-name>MT WebScript WC Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.MTWebScriptAuthenticationFilter</filter-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.webclient</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
@@ -165,6 +183,21 @@
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/admin/system-info.jsp</url-pattern>
</filter-mapping>
<!-- for MT-context, force auth prior to WebScript binding
for ST-context, pass through (or can explicitly comment out) -->
<filter-mapping>
<filter-name>MT WebScript Basic Authentication Filter</filter-name>
<servlet-name>apiServlet</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>MT WebScript WC Authentication Filter</filter-name>
<servlet-name>wcapiServlet</servlet-name>
</filter-mapping>
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>