inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V2.0 to HEAD

Browse Source 
5523: Merged V1.4 to V2.0
      5494: db.schema.update=false disables ALL metadata queries
      5500: AR-1399 NTProtocolHander search handle leakage
      5522: AR-1412 IndexRemoteTransactionTracker startup
   5541: Merged V1.4 to V2.0
      5525: Pass-through authentication and domain mapping
         Resolved minor conflict on AlfrescoAuthenticator.java
      5526: Domain mapping support


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5546 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2007-04-25 02:44:53 +00:00
parent 08897ad76b
commit fb1dd4080b
24 changed files with 885 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
source/java/org/alfresco/repo/domain/hibernate/Transaction.hbm.xml
View File

@@ -78,6 +78,17 @@
join status.transaction as txn
</query>
<query name="txn.GetLastRemoteTxnId">
select
max(txn.id)
from
org.alfresco.repo.domain.hibernate.NodeStatusImpl as status
join status.transaction as txn
join txn.server as server
where
server.ipAddress != :serverIpAddress
</query>
<query name="txn.CountTransactions">
select
count(txn.id)

15
source/java/org/alfresco/repo/domain/schema/SchemaBootstrap.java
View File

@@ -82,6 +82,7 @@ public class SchemaBootstrap extends AbstractLifecycleBean
/** The placeholder for the configured <code>Dialect</code> class name: <b>${db.script.dialect}</b> */
private static final String PLACEHOLDER_SCRIPT_DIALECT = "\\$\\{db\\.script\\.dialect\\}";
private static final String MSG_BYPASSING_SCHEMA_UPDATE = "schema.update.msg.bypassing";
private static final String MSG_EXECUTING_SCRIPT = "schema.update.msg.executing_script";
private static final String MSG_OPTIONAL_STATEMENT_FAILED = "schema.update.msg.optional_statement_failed";
private static final String MSG_DUMPING_SCHEMA_CREATE = "schema.update.msg.dumping_schema_create";
@@ -650,12 +651,16 @@ public class SchemaBootstrap extends AbstractLifecycleBean
if (updateSchema)
{
updateSchema(cfg, session, connection);
// verify that all patches have been applied correctly
checkSchemaPatchScripts(cfg, session, connection, validateUpdateScriptPatches, false); // check scripts
checkSchemaPatchScripts(cfg, session, connection, preUpdateScriptPatches, false); // check scripts
checkSchemaPatchScripts(cfg, session, connection, postUpdateScriptPatches, false); // check scripts
}
else
{
logger.info(I18NUtil.getMessage(MSG_BYPASSING_SCHEMA_UPDATE));
}
// verify that all patches have been applied correctly
checkSchemaPatchScripts(cfg, session, connection, validateUpdateScriptPatches, false); // check scripts
checkSchemaPatchScripts(cfg, session, connection, preUpdateScriptPatches, false); // check scripts
checkSchemaPatchScripts(cfg, session, connection, postUpdateScriptPatches, false); // check scripts
// Reset the configuration
cfg.setProperty(Environment.CONNECTION_PROVIDER, defaultConnectionProviderFactoryClass);

1
source/java/org/alfresco/repo/node/db/NodeDaoService.java
View File

@@ -277,6 +277,7 @@ public interface NodeDaoService
public Transaction getTxnById(long txnId);
public Transaction getLastTxn();
public Transaction getLastRemoteTxn();
public Transaction getLastTxnForStore(final StoreRef storeRef);
public int getTxnUpdateCount(final long txnId);
public int getTxnDeleteCount(final long txnId);

25
source/java/org/alfresco/repo/node/db/hibernate/HibernateNodeDaoServiceImpl.java
View File

@@ -1185,6 +1185,7 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
* Queries for transactions
*/
private static final String QUERY_GET_LAST_TXN_ID = "txn.GetLastTxnId";
private static final String QUERY_GET_LAST_REMOTE_TXN_ID = "txn.GetLastRemoteTxnId";
private static final String QUERY_GET_LAST_TXN_ID_FOR_STORE = "txn.GetLastTxnIdForStore";
private static final String QUERY_GET_TXN_UPDATE_COUNT_FOR_STORE = "txn.GetTxnUpdateCountForStore";
private static final String QUERY_GET_TXN_DELETE_COUNT_FOR_STORE = "txn.GetTxnDeleteCountForStore";
@@ -1222,6 +1223,30 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
return txn;
}
@SuppressWarnings("unchecked")
public Transaction getLastRemoteTxn()
{
HibernateCallback callback = new HibernateCallback()
{
public Object doInHibernate(Session session)
{
Query query = session.getNamedQuery(QUERY_GET_LAST_REMOTE_TXN_ID);
query.setString("serverIpAddress", ipAddress)
.setMaxResults(1)
.setReadOnly(true);
return query.uniqueResult();
}
};
Long txnId = (Long) getHibernateTemplate().execute(callback);
Transaction txn = null;
if (txnId != null)
{
txn = (Transaction) getSession().get(TransactionImpl.class, txnId);
}
// done
return txn;
}
@SuppressWarnings("unchecked")
public Transaction getLastTxnForStore(final StoreRef storeRef)
{

80
source/java/org/alfresco/repo/node/index/AbstractReindexComponent.java
View File

@@ -242,37 +242,19 @@ public abstract class AbstractReindexComponent implements IndexRecovery
}
}
}
/**
* Gets the last indexed transaction working back from the provided index.
* This method can be used to hunt for a starting point for indexing of
* transactions not yet in the index.
*/
protected long getLastIndexedTxn(long lastTxnId)
protected enum InIndex
{
// get the last transaction
long lastFoundTxnId = lastTxnId + 10L;
boolean found = false;
while (!found && lastFoundTxnId >= 0)
{
// reduce the transaction ID
lastFoundTxnId = lastFoundTxnId - 10L;
// break out as soon as we find a transaction that is in the index
found = isTxnIdPresentInIndex(lastFoundTxnId);
if (found)
{
break;
}
}
// done
if (logger.isDebugEnabled())
{
logger.debug("Found last index txn before " + lastTxnId + ": " + lastFoundTxnId);
}
return lastFoundTxnId;
YES, NO, INDETERMINATE;
}
protected boolean isTxnIdPresentInIndex(long txnId)
/**
* Determines if a given transaction is definitely in the index or not.
*
* @param txnId a specific transaction
* @return Returns <tt>true</tt> if the transaction is definitely in the index
*/
protected InIndex isTxnIdPresentInIndex(long txnId)
{
if (logger.isDebugEnabled())
{
@@ -282,7 +264,7 @@ public abstract class AbstractReindexComponent implements IndexRecovery
Transaction txn = nodeDaoService.getTxnById(txnId);
if (txn == null)
{
return true;
return InIndex.YES;
}
// count the changes in the transaction
@@ -290,28 +272,38 @@ public abstract class AbstractReindexComponent implements IndexRecovery
int deleteCount = nodeDaoService.getTxnDeleteCount(txnId);
if (logger.isDebugEnabled())
{
logger.debug("Transaction has " + updateCount + " updates and " + deleteCount + " deletes: " + txnId);
logger.debug("Transaction " + txnId + " has " + updateCount + " updates and " + deleteCount + " deletes.");
}
// get the stores
boolean found = false;
List<StoreRef> storeRefs = nodeService.getStores();
for (StoreRef storeRef : storeRefs)
InIndex result = InIndex.NO;
if (updateCount == 0 && deleteCount == 0)
{
boolean inStore = isTxnIdPresentInIndex(storeRef, txn, updateCount, deleteCount);
if (inStore)
// If there are no update or deletes, then it is impossible to know if the transaction was removed
// from the index or was never there in the first place.
result = InIndex.INDETERMINATE;
}
else
{
// get the stores
List<StoreRef> storeRefs = nodeService.getStores();
for (StoreRef storeRef : storeRefs)
{
// found in a particular store
found = true;
break;
boolean inStore = isTxnIdPresentInIndex(storeRef, txn, updateCount, deleteCount);
if (inStore)
{
// found in a particular store
result = InIndex.YES;
break;
}
}
}
// done
if (logger.isDebugEnabled())
{
logger.debug("Transaction " + txnId + " was " + (found ? "found" : "not found") + " in indexes.");
logger.debug("Transaction " + txnId + " present in indexes: " + result);
}
return found;
return result;
}
/**
@@ -340,7 +332,7 @@ public abstract class AbstractReindexComponent implements IndexRecovery
{
if (logger.isDebugEnabled())
{
logger.debug("Index has results for txn (OK): " + txnId);
logger.debug("Index has results for txn " + txnId + " for store " + storeRef);
}
return true; // there were updates/creates and results for the txn were found
}
@@ -348,7 +340,7 @@ public abstract class AbstractReindexComponent implements IndexRecovery
{
if (logger.isDebugEnabled())
{
logger.debug("Index has no results for txn (Index out of date): " + txnId);
logger.debug("Transaction " + txnId + " not in index for store " + storeRef + ". Possibly out of date.");
}
return false;
}
@@ -450,7 +442,7 @@ public abstract class AbstractReindexComponent implements IndexRecovery
null,
null,
nodeRef);
indexer.deleteNode(assocRef);
indexer.deleteNode(assocRef);
}
else // node created
{

4
source/java/org/alfresco/repo/node/index/FullIndexRecoveryComponent.java
View File

@@ -132,8 +132,8 @@ public class FullIndexRecoveryComponent extends AbstractReindexComponent
return;
}
long txnId = txn.getId();
boolean txnInIndex = isTxnIdPresentInIndex(txnId);
if (!txnInIndex)
InIndex txnInIndex = isTxnIdPresentInIndex(txnId);
if (txnInIndex != InIndex.YES)
{
String msg = I18NUtil.getMessage(ERR_INDEX_OUT_OF_DATE);
logger.warn(msg);

97
source/java/org/alfresco/repo/node/index/IndexRemoteTransactionTracker.java
View File

@@ -40,6 +40,7 @@ public class IndexRemoteTransactionTracker extends AbstractReindexComponent
private static Log logger = LogFactory.getLog(IndexRemoteTransactionTracker.class);
private boolean remoteOnly;
private boolean started;
private long currentTxnId;
public IndexRemoteTransactionTracker()
@@ -67,17 +68,11 @@ public class IndexRemoteTransactionTracker extends AbstractReindexComponent
@Override
protected void reindexImpl()
{
if (currentTxnId < 0)
if (!started)
{
// initialize the starting point
Transaction lastTxn = nodeDaoService.getLastTxn();
if (lastTxn == null)
{
// there is nothing to do
return;
}
long lastTxnId = lastTxn.getId();
currentTxnId = getLastIndexedTxn(lastTxnId);
// Initialize the starting poing
currentTxnId = getLastIndexedTxn();
started = true;
}
if (logger.isDebugEnabled())
@@ -109,6 +104,88 @@ public class IndexRemoteTransactionTracker extends AbstractReindexComponent
}
}
private static final long DECREMENT_COUNT = 10L;
/**
* Finds the last indexed transaction. It works backwards from the
* last index in increments, respecting the {@link #setRemoteOnly(boolean) remoteOnly}
* flag.
*
* @return Returns the last index transaction or -1 if there is none
*/
protected long getLastIndexedTxn()
{
// get the last transaction
Transaction txn = null;
if (remoteOnly)
{
txn = nodeDaoService.getLastRemoteTxn();
}
else
{
txn = nodeDaoService.getLastTxn();
}
if (txn == null)
{
// There is no last transaction to use
return -1L;
}
long currentTxnId = txn.getId();
while (currentTxnId >= 0L)
{
// Check if the current txn is in the index
InIndex txnInIndex = isTxnIdPresentInIndex(currentTxnId);
if (txnInIndex == InIndex.YES)
{
// We found somewhere to start
break;
}
// Get back in time
long lastCheckTxnId = currentTxnId;
currentTxnId -= DECREMENT_COUNT;
if (currentTxnId < 0L)
{
currentTxnId = -1L;
}
// We don't know if this number we have is a local or remote txn, so get the very next one
Transaction nextTxn = null;
if (remoteOnly)
{
List<Transaction> nextTxns = nodeDaoService.getNextRemoteTxns(currentTxnId, 1);
if (nextTxns.size() > 0)
{
nextTxn = nextTxns.get(0);
}
}
else
{
List<Transaction> nextTxns = nodeDaoService.getNextTxns(currentTxnId, 1);
if (nextTxns.size() > 0)
{
nextTxn = nextTxns.get(0);
}
}
if (nextTxn == null)
{
// There was nothing relevant after this, so keep going back in time
continue;
}
else if (nextTxn.getId() >= lastCheckTxnId)
{
// Decrementing by DECREMENT_COUNT was not enough
continue;
}
// Adjust the last one we looked at to reflect the correct txn id
currentTxnId = nextTxn.getId();
}
// We are close enough to the beginning, so just go for the first transaction
if (currentTxnId < 0L)
{
currentTxnId = -1L;
}
return currentTxnId;
}
private static final int MAX_TXN_COUNT = 1000;
private List<Transaction> getNextTransactions(long currentTxnId)
{

84
source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java
View File

@@ -34,6 +34,8 @@ import java.security.Security;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.transaction.UserTransaction;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationServiceException;
import net.sf.acegisecurity.BadCredentialsException;
@@ -53,7 +55,9 @@ import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.NTLMMode;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -95,6 +99,10 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
private boolean m_allowGuest;
// Allow authenticated users that do not have an Alfresco person to logon as guest
private boolean m_allowAuthUserAsGuest;
// Table of currently active passthru authentications and the associated authentication session
//
// If the two authentication stages are not completed within a reasonable time the authentication
@@ -114,6 +122,7 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
private PersonService m_personService;
private NodeService m_nodeService;
private TransactionService m_transactionService;
/**
* Passthru Session Reaper Thread
@@ -362,6 +371,16 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
m_allowGuest = Boolean.parseBoolean(guest);
}
/**
* Allow authenticated users with no alfresco person record to logon with guest access
*
* @param auth String
*/
public void setAllowAuthUserAsGuest(String auth)
{
m_allowAuthUserAsGuest = Boolean.parseBoolean(auth);
}
/**
* Set the JCE provider
*
@@ -461,6 +480,16 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
m_nodeService = nodeService;
}
/**
* Set the transaction service
*
* @param transService TransactionService
*/
public final void setTransactionService(TransactionService transService)
{
m_transactionService = transService;
}
/**
* Return the authentication session timeout, in milliseconds
*
@@ -756,7 +785,7 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
// Open an authentication session for the new token and add to the active session list
authSess = m_passthruServers.openSession();
authSess = m_passthruServers.openSession( false, ntlmToken.getClientDomain());
// Check if the session was opened to the passthru server
@@ -792,6 +821,8 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
}
else
{
UserTransaction tx = null;
try
{
// Stage two of the authentication, send the hashed password to the authentication server
@@ -835,6 +866,11 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
ntlmToken.setAuthenticated(true);
// Wrap the service calls in a transaction
tx = m_transactionService.getUserTransaction( true);
tx.begin();
// Map the passthru username to an Alfresco person
NodeRef userNode = m_personService.getPerson(username);
@@ -861,7 +897,32 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
if ( logger.isDebugEnabled())
logger.debug("Setting current user using username " + username);
}
}
}
catch (NoSuchPersonException ex)
{
// Check if authenticated users are allowed on as guest when there is no Alfresco person record
if ( m_allowAuthUserAsGuest == true)
{
// Set the guest authority
GrantedAuthority[] authorities = new GrantedAuthority[1];
authorities[0] = new GrantedAuthorityImpl(NTLMAuthorityGuest);
ntlmToken.setAuthorities(authorities);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Allow passthru authenticated user to logon as guest, user=" + ntlmToken.getName());
}
else
{
// Logon failure, no matching person record
throw new AuthenticationServiceException("Logon failure", ex);
}
}
catch (IOException ex)
{
// Error connecting to the authentication server
@@ -899,6 +960,12 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
else
throw new BadCredentialsException("Logon failure");
}
catch (Exception ex)
{
// General error
throw new AuthenticationServiceException("General error", ex);
}
finally
{
// Make sure the authentication session is closed
@@ -919,6 +986,19 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
{
}
}
// Commit or rollback the transaction, if active
if ( tx != null)
{
try
{
tx.commit();
}
catch ( Exception ex)
{
}
}
}
}
}

73
source/java/org/alfresco/repo/security/authentication/ntlm/NTLMLocalToken.java
View File

@@ -24,6 +24,8 @@
*/
package org.alfresco.repo.security.authentication.ntlm;
import java.net.InetAddress;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.providers.*;
@@ -37,6 +39,11 @@ public class NTLMLocalToken extends UsernamePasswordAuthenticationToken
{
private static final long serialVersionUID = -7946514578455279387L;
// Optional client domain and IP address, used to route the passthru authentication to the correct server(s)
private String m_clientDomain;
private String m_clientAddr;
/**
* Class constructor
*/
@@ -44,6 +51,17 @@ public class NTLMLocalToken extends UsernamePasswordAuthenticationToken
{
super(null, null);
}
/**
* Class constructor
*
* @param ipAddr InetAddress
*/
protected NTLMLocalToken( InetAddress ipAddr)
{
if ( ipAddr != null)
m_clientAddr = ipAddr.getHostAddress();
}
/**
* Class constructor
@@ -55,6 +73,21 @@ public class NTLMLocalToken extends UsernamePasswordAuthenticationToken
super(username.toLowerCase(), plainPwd);
}
/**
* Class constructor
*
* @param username String
* @param plainPwd String
* @param domain String
* @param ipAddr String
*/
public NTLMLocalToken(String username, String plainPwd, String domain, String ipAddr) {
super(username != null ? username.toLowerCase() : "", plainPwd);
m_clientDomain = domain;
m_clientAddr = ipAddr;
}
/**
* Check if the user logged on as a guest
*
@@ -103,4 +136,44 @@ public class NTLMLocalToken extends UsernamePasswordAuthenticationToken
return found;
}
/**
* Check if the client domain name is set
*
* @return boolean
*/
public final boolean hasClientDomain()
{
return m_clientDomain != null ? true : false;
}
/**
* Return the client domain
*
* @return String
*/
public final String getClientDomain()
{
return m_clientDomain;
}
/**
* Check if the client IP address is set
*
* @return boolean
*/
public final boolean hasClientAddress()
{
return m_clientAddr != null ? true : false;
}
/**
* Return the client IP address
*
* @return String
*/
public final String getClientAddress()
{
return m_clientAddr;
}
}

24
source/java/org/alfresco/repo/security/authentication/ntlm/NTLMPassthruToken.java
View File

@@ -24,6 +24,8 @@
*/
package org.alfresco.repo.security.authentication.ntlm;
import java.net.InetAddress;
/**
* <p>Used to provide passthru authentication to a remote Windows server using multiple stages that
* allows authentication details to be passed between a client and the remote authenticating server without
@@ -59,6 +61,28 @@ public class NTLMPassthruToken extends NTLMLocalToken
super("", "");
}
/**
* Class constructor
*
* @params domain String
*/
public NTLMPassthruToken( String domain)
{
// We do not know the username yet, and will not know the password
super("", "", domain, null);
}
/**
* Class constructor
*
* @param ipAddr InetAddress
*/
public NTLMPassthruToken( InetAddress ipAddr)
{
super( ipAddr);
}
/**
* Return the challenge
*