16939: Merged V3.1 to V3.2
16938: ETHREEOH-622: AuthorityServiceImpl uses userNameMatcher to check for admin users according to case sensitivity settings
16934: ETHREEOH-2584: Coding error in BaseSSOAuthenticationFilter
16924: LDAP Performance
- Created NodeService addChild variants that can add associations to multiple parents (groups/zones) at the same time with a single path check.
- Created AuthorityService addAuthority variant that can add an authority to multiple groups at the same time, using the above
- Optimized group association creation strategy. Groups and Persons created in 'depth first' order (root groups first, parents last). Prevents the nodes having to be reindexed.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17070 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17002: Merged V3.2 to V3.2
14187: (record-only) Fix for ETHREEOH-2023: LDAP import must lower case the local name of the association to person.
14941: Merged V2.2 to V3.1
14830: Fix for ETWOTWO-389: Alfresco will not fix up all the permissions if the UID is changed
14849: Build Fix: Remove the constraint to avoid the creation of duplicate users (it stops permission assignment before user creation)
14867: Build Fix: Disable tests for concurrent creation of groups and people (it leaves an odd group around and is not currently used)
14880: More for ETWOTWO-389: restrict fix ups for uid/gid to case changes only. Other changes are rejected.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17013 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16780: Fix failing unit test
- HeartBeat now needs to be constructed inside a transaction.
16765: Merged DEV/BELARUS/V3.2-2009_10_05 to V3.2
16754: ETHREEOH-2534: SPP does not authenticate when authentication chain contains both alfrescoNtlm and passthru types.
- NTLM Authentication handler for Sharepoint module was implemented as singleton. But after it was integrated into Alfresco Authentication Subsystem, instance of this object is created for each type of NTLM authentication. As result static field with NTLM flags was rewrited for each instance. Bug was resolved by removing static indicator.
16751: LDAP sync improvements
- Correction to the way retried transactional errors are reported
- Addition of unit test for synchronization with a mock user registry generating a large volume of users, groups and associations
16749: Removed UserUsageBootstrapJob from scheduled jobs and moved UserUsageTrackingComponent to bootstrap
- files missed from CHK-9619
16748: User Usage Tracking Component bootstrapped synchronously to avoid its expensive queries across all users 'stepping on top of' other bootstrap activity such as LDAP synchronization
- Its startup messages are no longer masked out by log4j.properties
- Logged ETHREEOH-3009 regarding upgrade impact of new faster queries
16747: Lower impact of HeartBeat service on server performance
- More efficient AuthorityService APIs used to determine the total number of groups and users more efficiently
- Queries of all users and groups done synchronously at startup only
16746: Improvements for faster user and group lookup and association on a large repository (unfortunately intertwined)
- NodeService getChildAssocRefsByTypeQNames query rewritten to use a subquery to force a more logical evaluation order on MySQL
- NodeService getChildAssocs method made to use more efficient getChildAssocRefsByTypeQNames DAO call when a type qname but no assoc qname is specified
- NodeService getUsersWithoutUsage / getUsersWithUsage queries rewritten to avoid an expensive outer join on all users
- PersonService getPersonIgnoreCase query corrected to include the type QName ID of the child associations it is querying (thus avoiding unnecessarily triggering duplicate person removal)
- PersonService now supports an optional boolean argument to getPerson that indicates whether the auto-create + home folder creation behaviour should be triggered.
- AuthorityDAOImpl now uses false argument to getPerson call to avoid lazy home folder creation during creation of group associations
- AuthorityDAOImpl now specifies assoc type to getChildAssocs in getAllAuthoritiesInZone and findAuthorities calls so that the more efficient query variant is used
- Redundant personExists() call removed from authorityServiceImpl
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16914 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15154: Performance optimization for AuthorityDAO - based on 3.1E Share use case analysis.
- improves performance for create, find and general get of authorities via the DAO
- also potentially improves LDAP import etc. - anything that goes via Zones
- takes 3.2E performance ahead of 3.1E performance for Share use case (20,000 user and 2,000 site DB upgraded from 3.1.1E)
15447: Static asset web filter added to web.xml for Explorer client and Share webapp.
- Adds a 30 day public cache expiry header (configurable) to all static assets for performance and proxy usage
- Also prevents browsers such as IE causing conditional GET requests for images etc. on restart of the browser
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16846 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- migration patch uses non-public authority service
- root authority query ignores deleted nodes
- avoid exception for getContainingAuthorities("System")
- update unit test to cope with corrected EMAIL_CONTRIBUTORS group and slight difference in behaviour with root authorities
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Bug fix invitation service was approving too many invitations!
Implemented security rules for who is allowed to cancel a moderated invitation.
Continuing implementation of group authority scripts.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13815 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13659: Fix NTLMAuthenticationFilter to call super.afterPropertiesSet()
13658: MOB-424: Utility to Dump JMX Data
- new enterprise distributable jmx-dumper.jar
- command line invocation via "java -jar jmx-dumper.jar"
- admin web access via http://localhost:8080/alfresco/faces/jsp/admin/jmx-dumper.jsp
13575: Preconfigured authentication stacks for alfresco, LDAP, Kerberos and NTLM. TODO: file server config.
13493: Initial work to enable selection, configuration, testing and hot-swapping of different authentication subsystems via JMX or admin UI.
13309: Changes to allow datasource and property configuration via JNDI
- Move AVM catalina .jars into 3rd-party/lib/virtual-tomcat so that they don't get automatically included in the .war file and hence stop JNDI lookups from working
- Allow JNDI lookup of datasource – use standard app server mechanisms for managing it but still fall back to 'normal' one
- Allow properties to be overridden by JNDI env-entries as well as system properties. Including hibernate dialect ones. Web.xml can then declare required env-entries and these can be defined on deployment.
- Rewire iBatis so that no config file edits are necessary when dialect is changed
- Use proxy around datasource so that auto-commit is always activated for iBatis
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13668 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13249: Fix for ETHREEOH-1064 and ETHREEOH-1286 and fix for issue where New Page action not activated in Share Wiki page list.
13251: Final part of fix for ETHREEOH-1270 - Group pickers in JSF client now use new findAuthorities() API to find groups for user searches - over 10x quicker for installations with many groups.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13580 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13207: Rhino JAR update (System.out warning removal patch applied)
13240: Part of fix for ETHREEOH-1270
- Authority service has an API to search for groups by name patterns (not other authority types)
- it uses lucene so relies on the index
13242: Fix for ETHREEOH-1303 - Calendar events now only retrieved for the current site when rendering a site specific calendar component.
Some code tidy up and related fixes.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13573 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12145: Merged V2.2 to V3.0 (AuthenticationUtil)
12109: AuthenticationUtil and AuthenticationComponent refactor
12152: Removed Lucene usage from lookup of 'sites' root folder
12153: Fix InviteServiceTest by cleaning up leaking authentications
12159: Fix for broken usage pattern of the Threadlocal values in recent AuthenticationUtil refactor.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12508 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12123: Merged V2.2 to V3.0
11466: Fixed sql-query DELETE syntax
11614: Flush after putChild, fix for ETWOTWO-777
11641: Merged V2.1 to V2.2
11632: Improvements for AVM index FULL and AUTO rebuild.
11646: Upgrade scripts tweaks:
11650: Added unit test to confirm fix of ETWOTWO-740
11674: Added missing EHCache definitions for QName, Namespace and Locale caches
11825: Fixed Eclipse classpath addition of path for Oracle JDBC driver
12125: ETHREEOH-899: Image transformations do not follow Options
12127: Merged V2.2 to V3.0
11675: Node DAO optimizations
11680: Full Fix for ETWOTWO-777 + more protection for nested write transactions beneath read transactions.
11729: AVM creates and deletes no longer update the directory mod time - ETWOTWO-801
11738: Fix for ETWOTWO - fixed check for TX propagation mode
11748: Fixed ETWOTWO-578: RepositoryWebService fetchMore() does not fetch last node
11749: Incorporate feedback from ACT-5440: MySQL-specific tweaks to the upgrade scripts
11750: Moved t_qnames_dyn section to after t_qnames
11752: Fixed ETWOTWO-734: ImporterComponent uses Lucene queries
11785: Build Fix:Remove auto created person TX commit fro DB
11853: Fix for ETWOTWO-687 - missed a case when generating lists of actions for modified files list
11940: Stress test main method for ETWOTWO-744
11950: Fixed ETWOTWO-909 and ETWOTWO-911
11987: Dirty checking for attribute related DAOs
12008: Fixed test for transaction-requiring AttributeService
12128: Merged V2.2 to V3.0
11530: Merged V2.1 to V2.2
11499: Defensive clear of the security context to avoid any ticket sharing for a given user - ETWOTWO-326
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12501 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
11053: Reinstate transaction count for FULL index recover
11055: Build fix
11056: Fix bug/Build - finding deleted people
11057: Clean any people that should not be there at the start of the tests ..
11063: Throw detailed failure message when Authority list size is incorrect
11075: Build fix
11145: Fixed FK index name
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11222 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
7700: Added store level ACLs.
7705: Merged V2.1 to V2.2
7701: Fixes a number of problems with FS deployment. Should work on windows now.
7712: AWC-1473: Fixed rendering of sidebar in Safari
7718: Merged V2.1 to V2.2
7704: Fix for HSQL column name clash - NEXT is reserved, so now NEXT_ID
7719: Build fix after Qname changes
7730: Build fix for email group.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8446 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- explicit guest access is required, such as "guest@tenant1" (note: implicit/anonymous guest access can only login to the default domain)
- also fixes issue with "Show All" users, when logged in as a tenant admin
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@7748 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
