Checkpoint of light weight ACLs.

This is a fairly brute force strategy that allows permissions evalutations with essentially no db access. It does a number of 'bad' things and I may rip it out completely. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-24 17:32:48 +00:00 · 2007-09-14 12:39:07 +00:00
parent d9590d3677
commit fb81fb4470
26 changed files with 1424 additions and 180 deletions
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java
@@ -61,6 +61,7 @@ import org.alfresco.service.namespace.DynamicNamespacePrefixResolver;
 import org.alfresco.service.namespace.NamespacePrefixResolver;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
+import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.util.ApplicationContextHelper;
 import org.springframework.context.ApplicationContext;
@@ -108,6 +109,8 @@ public class AuthenticationTest extends TestCase

    private AuthenticationComponent authenticationComponentImpl;

+    private AuthorityCapabilityRegistry authorityCapabilityRegistry;
+    
    public AuthenticationTest()
    {
        super();
@@ -131,6 +134,7 @@ public class AuthenticationTest extends TestCase
        pubAuthenticationService = (AuthenticationService) ctx.getBean("AuthenticationService");
        authenticationComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
        authenticationComponentImpl = (AuthenticationComponent) ctx.getBean("authenticationComponent");
+        authorityCapabilityRegistry = (AuthorityCapabilityRegistry) ctx.getBean("authorityCapabilityRegistry");
        // permissionServiceSPI = (PermissionServiceSPI)
        // ctx.getBean("permissionService");
        ticketsCache = (SimpleCache<String, Ticket>) ctx.getBean("ticketsCache");
@@ -291,7 +295,7 @@ public class AuthenticationTest extends TestCase
        dao.setDictionaryService(dictionaryService);
        dao.setNamespaceService(getNamespacePrefixReolsver(""));
        dao.setPasswordEncoder(passwordEncoder);
-
+        dao.setAuthorityCapabilityRegistry(authorityCapabilityRegistry);
        dao.createUser("Andy", "cabbage".toCharArray());
        assertNotNull(dao.getUserOrNull("Andy"));

--- a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
+++ b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
@@ -53,6 +53,7 @@ import org.alfresco.service.cmr.search.SearchService;
 import org.alfresco.service.namespace.NamespacePrefixResolver;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.namespace.RegexQNamePattern;
+import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
 import org.springframework.dao.DataAccessException;

 public class RepositoryAuthenticationDao implements MutableAuthenticationDao
@@ -70,6 +71,8 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
    private SearchService searchService;

    private PasswordEncoder passwordEncoder;
+    
+    private AuthorityCapabilityRegistry authorityCapabilityRegistry;

    private boolean userNamesAreCaseSensitive;

@@ -112,6 +115,11 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
    {
        this.searchService = searchService;
    }
+    
+    public void setAuthorityCapabilityRegistry(AuthorityCapabilityRegistry registry)
+    {
+        this.authorityCapabilityRegistry = registry;
+    }

    public UserDetails loadUserByUsername(String incomingUserName) throws UsernameNotFoundException,
            DataAccessException
@@ -244,7 +252,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
        properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false));
        nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_USER, ContentModel.TYPE_USER,
                properties);
-
+        authorityCapabilityRegistry.addAuthority(caseSensitiveUserName, null);
    }

    private NodeRef getUserFolderLocation(String caseSensitiveUserName)
@@ -304,6 +312,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao
            throw new AuthenticationException("User name does not exist: " + userName);
        }
        nodeService.deleteNode(userRef);
+        authorityCapabilityRegistry.removeAuthority(userName);
    }

    public Object getSalt(UserDetails userDetails)