19977: (RECORD ONLY) Merged PATCHES/V2.2.7 to V2.2
19778: (RECORD ONLY) Incremented version label
19976: Merged PATCHES/V2.2.7 to V2.2
19776: ALF-2011: Audit doesn't take into account CIFS authentication
- Now that we've backported the ticket granting auditing, converted the Alfresco CIFS authenticators to use ticket-based authentication, rather than directly manipulating ACEGI
- Needs thorough testing with password, NTLM, Passthru and Kerberos
19891: ALF-2011: Audit doesn't take into account CIFS authentication
Since each child of the CifsAuthenticator is not a Spring configured bean it has no Transaction interceptor. The Transaction wrapping functionality was added into the CifsAuthenticator.setCurrentUser() to fix a Transaction Synchronization issue after successful authentication of the user.
Several little corrections added into the InMemoryTicketComponentImpl to allow "Null user". "Missing ticket for null" exceptions will be thrown instead of the NullPointerException
19903: ALF-2011: Minor cleanup/formatting only
19975: (RECORD ONLY) Merged PATCHES/V2.2.7 to V2.2
19769: ALF-2011: Backported dependencies
ALF-2360: Merged V3.1 to PATCHES/V2.2.7
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
ALF-2361: Merged V3.2 to PATCHES/V2.2.7
17456: Fix for: ETHREEOH-1465: It's impossible to get the login history for a given user (Audit)
- all authentication routes (SSO and password) can now audit getting a new ticket for a session. SSO does not authenticate via the alfresco AuthenticationService API
- you can now use auditing to track new sessions for users.
19834: (RECORD ONLY) Increment version (from 2.2.7 to 2.2.8)
19833: (RECORD ONLY) Merged PATCHES/V2.2.7 to BRANCHES/V2.2:
19832: Merged BRANCHES/V3.1 to PATCHES/V2.2.7:
17255: Fixed ETHREEOH-3180: Error appears when trying to search resources on Manage Task page
19578: (RECORD ONLY) Merged V3.0 to V2.2
19574: Merged V3.1 to V3.0
19573: Merged V3.2 to V3.1
19539: Merged HEAD to V3.2
19538: Build fix - fix build speed
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20011 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Cleanup and improvements to RequestContext related classes.
- Removal of obsolete Alfresco util classes.
Fixed up imports back to Alfresco versions of unused SpringSurf util classes
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19322 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
18157: ETHREEOH-3787: Support portal URL rewriting within surf webscripts
- WebScriptServletResponse extended to use portlet helper to rewrite URLs when running in context of a portlet. (We can't use WebScriptPortletRequest / Response because we need the full servlet runtime for Surf.)
- CMIS test webscripts corrected to be portlet enabled
18272: Merged DEV/BELARUS/V3.2-2010_01_11 to V3.2
18257: ETHREEOH-4002: User/Group sync does not handle LDAP communication failures
- Merged with corrections
18276: ETHREEOH-4002: Correction to previous checkin - modification dates are only persisted after successful processing of users and groups, so need to delete them on comms failure
18326: ETHREEOH-3873: usr:authorityContainer type metadata must be left in place for upgraded repositories
- Otherwise you get errors when re-indexing the migrated group nodes
18340: ETHREEOH-4069: LDAP sync cannot resolve DNs containing a slash character
- Due to JNDI interpreting the slash character as a separator
18403: ETHREEOH-4008: LDAP sync should preserve case of group members
- Was incorrectly extracting attributes from lower-cased DN
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18433 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Auto-reformat added 20 minutes of work!
17456: Fix for: ETHREEOH-1465: It's impossible to get the login history for a given user (Audit)
17463: Fixed ETHREEOH-3363: CLONE -Regression: readOnly settings causing bootstrap to fail
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18144 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17429: Fixed ETHREEOH-2319 "Share - Sticky image or videos in web view"
17435: Fixed EETHREEOH-3325 "Add group button is disabled on Admin Console - New User page"
17445: Fixed ETHREEOH-3306 "Large number of root groups causes Groups admin tool to lockup the sever and Share"
- Search panel is now the default panel and the loading of root groups only occurs if you click the "Browse" button and change to the browse panel
17446: Fix for unreported issue where the InMemoryTicketComponent did not check for null value from ticketsCache.
Can occur on tomcat sesson expire and caused NPE to be logged.
17449: Merged V3.1 to V3.2
17257: *RECORD ONLY* Merged V3.2 to V3.1
13685: ACT 8490 - TinyMCE fails if told to load unsupported language (interim fix only) (ETHREEOH-1615)
17372: First part of fix for ETHREEOH-2519.
17448: Merged DEV-TEMPORARY to V3.1
17390: ETHREEOH-1619: Letters and special symbols can be typed in Date value of property while creation of Content Rule and it leads to error
17391: ETHREEOH-1058: It is possible to send invite email message with no subject from Web Project Wizard Step Seven - Email Users page
ETHREEOH-1060: It is possible to send empty invitation email from Web Project Wizard Step Seven - Email users page
17452: Fixed ETHREEOH-3306 "Large number of root groups causes Groups admin tool to lockup the sever and Share" part 2
- A "no result"-message was displayed to the user even though no search had been performed, now replaced by a usage message
17453: Fixed ETHREEOH-2329 " Search doesn't work correctly on Groups page"
17454: Fix for ETHREEOH-3084 - Error message appears in My Web Files part of My Alfresco Dashboard after configuring of the dashboard.
- added new JavaScript and Template APIs to retrieve child nodes of a specific type - using fast direct DB NodeService call.
17455: Fixed ETHREEOH-2329 " Search doesn't work correctly on Groups page" part 2
- Added the prefix "*" to admin console group search as well to make it consistent
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18122 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
18088: ETHREEOH-3787: Addition of liferay-display.xml to define category for demo portlet
18053: Build fix: Re-enable log ins to Alfresco web app when not running in a portlet container
- Removed direct dependencies between FacesHelper and portlet API
18037: Merged DEV/DAVEW/SURFPORTLET to V3.2
17669: Changes to enable surf rendering from a portlet
- New DispatcherPortlet forwards portlet requests to the DispatcherServlet as servlet requests.
- A new filter 'lazily' creates users' dashboard pages to avoid the need to have to redirect from site-index.jsp
- Build against JSR 286 portlet 2.0 API jar
- Exclude portlet API jar from war to avoid ClassCastExceptions
- Lazily init portlet authenticators to avoid ClassNotFoundExceptions when not running in a portlet container
- Fix web.xml schema validation problems
- UserFactory session keys given unique prefix to avoid class with Liferay shared session attributes
- Liferay deployment descriptor to enable user principal name resolution
- Fixed subsystem problem that prevented the override of a property with the empty string in alfresco-global.properties. Stopped 'unprotected' external auth from working.
18019: ETHREEOH-3770: LDAP sync now supports attribute range retrieval to get around limits imposed by Active Directory on multi-valued attributes
- Meant that groups with more than 1000 members were getting truncated in Active Directory
- Now switched on in ldap-ad and off in ldap subsystem
- Also switched off result set paging in ldap subsystem by default for wider compatibility with non-AD systems
17759: Merged DEV/BELARUS/V3.2-2009_11_24 to V3.2
17755: ETHREEOH-3739: build 283: Upgrades from 3.1.1 and 3.1.2 fail on JBoss 5.1
- The getFile method was created for ImapFoldersPatch to retrieve acp file for ACPImportPackageHandler.
- This method tries to load ACP file from file location and if it is unsuccessful then creates temporary file from resource input stream.
- In other words we apply aproach from ImporterBootstrap.
17600: ETHREEOH-1002: Avoid using HTTP 1.1 chunked transfer encoding to send heartbeat data because some proxy servers can't cope with it!
- Unit test can now parse chunked and un-chunked HTTP requests
17597: Further optimizations to authority caching
- Don't invalidate entire user authority lookup cache when user added to or removed from an authority
17588: Fix up authority caching
- Need to include tenant domain in cache key
- Also reinstated cache of user recursive group memberships for performance purposes
17559: ETHREEOH-3440: Authority search performance improvements
- AuthorityDAO now uses Lucene (again) to do wildcard style authority searches by name, type and zone
- Retrieval by exact name, type and zone still performed by DB methods
- DB methods now optimized to avoid having to load group child nodes to determine group membership
- Authority cache now stores authority node refs by name to reduce authority resolution queries
- ScriptGroup avoids hammering repository with multiple searches to determine group membership
17545: ETHREEOH-3371: Fixed group searches to search within the default zone and thus hide 'invisible' WCM and Share groups.
17527: ETHREEOH-3375: Use static inner class for cache key to avoid non serializable exceptions
17523: ETHREEOH-3337: Fix NPEs in RepoServerMgmt operations
- Transactional cache can have entries with non-null keys and null values
17521: ETHREEOH-3158: Proper handling of user validation failures in Kerberos Authentication filters.
17490: Fix failing HeartBeatTest
- Prevent possibility of both test and non-test public keys being used at the same time
17481: Fix build for Jan
- Removed JDK 1.6 String.isEmpty() references
17472: Follow-on for ETHREEOH-2648 - tighten guest login, eg. if no guest configured (in auth chain)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18108 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17475: ETHREEOH-3295: Fix to AuthorityMigrationPatch
- Forces transaction retry if worker thread reaches child authority before a parent authority
- Tested on Kev's 3.1.1 repository with ~20,000 bulk loaded users and ~2,000 Share sites
- Now completes in 5 minutes as opposed to 45
17461: ETHREEOH-3268: Added MutableAuthenticationService.isAuthenticationCreationAllowed () to allow conditional display of external user invitation UI
17450: ETHREEOH-2762: Correction to previous fix. Do not generate new name when working copy copied back on check in.
17440: ETHREEOH-3295: Fixed logging in FixNameCrcValuesPatch
17439: ETHREEOH-2762: Improved behaviour when a working copy is copied
- Working copy aspect already removed the working copy aspect on copy
- Now derives a new name from the node checked out from and a UUID, preserving the extension
17438: ETHREEOH-2690: Fix sequencing of jgroups system property setting
- declared dependency between internalEHCacheManager and jgroupsPropertySetter
17436: ETHREEOH-3295: Further performance improvements to AuthorityMigrationPatch
- authority created at same time as all its parent associations to save lots of reindexing, as per LDAP sync
- multi-threaded BatchProcessor (as used by LDAP sync, FixNameCrcValuesPatch) used to process work in 2 threads in batches of 20, report progress every 100 entries and handle transaction retries
- BatchProcessor now promoted to its own package
17394: Fix for license issue in local enterprise builds.
- Replace Community with Enterprise in version.properties during enterprise war building
17365: ETHREEOH-3229: Visited and fixed all SearchService result set leaks
17362: ETHREEOH-3254: Eliminate needless ping to LDAP server in LDAPAuthenticationComponentImpl.implementationAllowsGuestLogin()
17348: ETHREEOH-3003: Fix NPE in Hyperic when LicenseDescriptor has null fields
17316: Merged V3.1 to V3.2
17315: ETHREEOH-3092: PersonService won't let you create duplicate persons anymore.
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
17312: ETHREEOH-3219: Enable resolution of JMX server password file path on JBoss 5
17299: Merged V3.2 to V3.1 (Record only)
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
- thanks Kev!
17292: ETHREEOH-1842: Ticket association with HttpSession IDs tracked so that we don't invalidate a ticket in use by multiple sessions prematurely
- AuthenticationService validate, getCurrentTicket, etc. methods now take optional sessionId arguments
17269: Fix failing unit test
- reinstate original behaviour of AbstractChainingAuthenticationService.getAuthenticationEnabled()
17268: Fix InvitationService
- Runs as system to do privileged AuthenticationService actions
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18105 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
- Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
- Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
- Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
- Works with authentication chain containing mixture of internally and externally authenticated users
17247: Fix failing unit tests
- rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17667: Branch for SpringSurf integration - from HEAD r17665
17668: Fix to ensure included scripts files are not loaded from a cached classpath loader.
17670: Part 1 of SpringSurf integration - changes relating to spring-surf-core-1.0.0.CI-SNAPSHOT.jar
17674: Part 2 of SpringSurf integration - changes relating to spring-surf-core-configservice-1.0.0.CI-SNAPSHOT.jar
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17002: Merged V3.2 to V3.2
14187: (record-only) Fix for ETHREEOH-2023: LDAP import must lower case the local name of the association to person.
14941: Merged V2.2 to V3.1
14830: Fix for ETWOTWO-389: Alfresco will not fix up all the permissions if the UID is changed
14849: Build Fix: Remove the constraint to avoid the creation of duplicate users (it stops permission assignment before user creation)
14867: Build Fix: Disable tests for concurrent creation of groups and people (it leaves an odd group around and is not currently used)
14880: More for ETWOTWO-389: restrict fix ups for uid/gid to case changes only. Other changes are rejected.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17013 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16652: Fix ETHREEOH-1052 - usage is not displayed (for admin & guest - after initial bootstrap, before restart)
16778: Fix ETHREEOH-3009 - Patch required for UserUsageTrackingComponent so that new queries work on upgraded repository
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16922 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15888: ETHREEOH-2617: CIFS Authenticators should not try to initialize when disabled
- removed init-method declaration from cifsAuthenticatorBase
15731: ENH-524: Use JobLockService to ensure that it is only possible for LDAP sync to run on one node at a time in a cluster
- Ensures that if schedule is identical on all nodes, the LDAP sync will only be run on one
15694: Fix TransactionServiceImplTest broken by 15685
15685: ETHREEOH-983: Move RepoServerMgmt JMX editable capabilities into a sysAdmin subsystem for more consistent control and cluster support
- New SysAdminParams interface exported by sysAdmin subsystem through which AuthenticationService and TransactionService get at the configured parameters
- The repository read only flag does not apply to the system user so that we can still persist changes to that flag through JMX!
- Removed sysAdminCache and supporting configuration.
15684: Improvements to cluster support for subsystems
- When a subsystem is stopped on a node for editing it is completely destroyed and deregistered from JMX on other nodes
- Should the subsystem be reactivated on those other nodes (e.g. called into by code) it will be reinitialized from persisted properties and thus stay in sync with the node being edited!
15683: Fixed potential concurrency issues in HeartBeat and LicenseComponent
- Discovered during cluster testing
- Because these components schedule triggers in a retrying transaction, they need to unschedule the triggers beforehand, just in case a retry has happened
15617: MOB-646: JMX edits now synchronized across cluster via JGroups
- When you stop a component or subsystem, it is stopped across the entire cluster
- When you restart it after editing properties, the component is reinitialized from the persisted properties across the cluster
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16873 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15586: Merged V3.1 to V3.2
14863: Fixed ETHREEOH-2223: Oracle version-specific schema update failure in upgrading from 2.1A build to 3.1 build
15041: Further fix for ETHREEOH-2223: Oracle version-specific schema update failure in upgrading from 2.1A build to 3.1 build
15428: The ipAddress field of HibernateNodeDaoServiceImpl is 39 characters long (Transaction.hbm.xml modified)
15472: Incremented schema version number for SQL patch
15502: ETHREEOH-2292: Deployment failure in case of IPv6 on Win 2k8
*NOTE*: Removed Derby scripts as it's no longer supported
15588: (record only after Derby script removal) Fixed over-zelous move of Derby scripts
15589: Removed hard-coded GUEST reference
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V3.1:r14863,15041,15428,15472,15502
Merged /alfresco/BRANCHES/V3.2:r15586,15588-15589
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16863 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16062: ETHREEOH-2792: Support login via external SSO systems (such as CAS) in Alfresco Share
- In Alfresco, new "external" authentication subsystem maps user identity from HttpServletRequest.getRemoteUser() or configured header
- In Share, the UserFactory also recognizes HttpServletRequest.getRemoteUser() - no special filters required
- User ID propagated to Alfresco through X-Alfresco-Remote-User HTTP header
- This can be done securely via the use of an SSL client certificate that identifies the Share application to Alfresco as a special 'proxy' user
- New <keystore> section added to webscript-framework-config that allows specification of the keystore holding the client certificate and trusted CAs
- Support for SSL authentication and propagation of Cookies through redirects added to RemoteClient so that initial redirects through sign on pages are supported
- TODO: Wiki
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15388: ETHREEOH-1872: Better debug logging in authentication components
- Now each authentication component logs every step of the authentication process (including reason for failure) if you switch on debug logging for that component or the entire org.alfresco.repo.security.authentication package. E.g.
log4j.logger.org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication.AuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication=debug
15196: Further LDAP sync performance improvements
- Bunch user and group creations into small transactions (except for differential sync on login)
- Run a differential sync on startup (so that bulk of users are not brought over on first login)
- Can be disabled by synchronization.syncOnStartup property
15135: Node creation / ACL performance improvements
- When an ACL was set on a leaf node such as a person, redundant 'shared' ACLs were created for child nodes with getInheritedAccessControlList(), even though no child nodes existed.
- Now setInheritanceForChildren() makes a 'lazy' call to getInheritedAccessControlList(), only when it realises there are child nodes
15133: Changes to datasource definition for improved performance
- Enable caching and reuse of prepared statements (by default 40 for each connection)
- Removed custom-connection-pool-context.xml.sample and instead introduced complete property set into repository.properties
- Updated v3.2 Wiki docs http://wiki.alfresco.com/wiki/Database_Configuration#Overriding_the_Database_Connection_Properties
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15439 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- synchronization.syncWhenMissingPeopleLogIn
- synchronization.autoCreatePeopleOnLogin
When both are false you can now cause users who your LDAP sync doesn't bring in to be rejected (seems to be a requirement)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14814 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- An authentication chain of size 1 configured by default
- DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain.
- SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication
- SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported).
- SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain
- CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only)
- Rationalization of subsystem configuration folder structure and JMX object naming
- Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances
- Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime.
- New AuthenticationChainTest unit test
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- PassthruServerFactory created to allows PassthruServers singleton to be shared by CIFS, FTP and Alfresco passthru authenticators
- Also added NTLM + Alfresco (non-passthru) example. Doesn't seem to work yet!
- ExtendedServerConfigurationAccessor interface added BaseSSOAuthenticationFilter to get at local server name info from file server configuration
- toString() added to CIFSAuthenticator so that we can still properly log the authenticator type
- Fixed WebDAVServlet to go through ServerConfigurationAccessor interface to avoid ClassCastException
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13823 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13659: Fix NTLMAuthenticationFilter to call super.afterPropertiesSet()
13658: MOB-424: Utility to Dump JMX Data
- new enterprise distributable jmx-dumper.jar
- command line invocation via "java -jar jmx-dumper.jar"
- admin web access via http://localhost:8080/alfresco/faces/jsp/admin/jmx-dumper.jsp
13575: Preconfigured authentication stacks for alfresco, LDAP, Kerberos and NTLM. TODO: file server config.
13493: Initial work to enable selection, configuration, testing and hot-swapping of different authentication subsystems via JMX or admin UI.
13309: Changes to allow datasource and property configuration via JNDI
- Move AVM catalina .jars into 3rd-party/lib/virtual-tomcat so that they don't get automatically included in the .war file and hence stop JNDI lookups from working
- Allow JNDI lookup of datasource – use standard app server mechanisms for managing it but still fall back to 'normal' one
- Allow properties to be overridden by JNDI env-entries as well as system properties. Including hibernate dialect ones. Web.xml can then declare required env-entries and these can be defined on deployment.
- Rewire iBatis so that no config file edits are necessary when dialect is changed
- Use proxy around datasource so that auto-commit is always activated for iBatis
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13668 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13424: ETHREEOH-1242: Sample LDAP authentication config breaks site invites in Share
13427: Fixes for ETHREEOH-1157: Propagate exceptions using ReportedException
13428: Fix ETHREEOH-1493: Upgrade from 2.1-A to 3.1 uses incorrect patch id and fixes_to_schema
13429: Specific fix for ETHREEOH-1157: duplicate/triplicate users not properly prohibited
13436: Merged V2.2 to V3.1
13435: Merged V2.1 to V2.2
12307: Merged DEV/V2.1SP7 to 2.1
11927: ETWOONE-396
12112: ETWOONE-396
13437: Fixed ETHREEOH-1498: Mismatched closing XML tag in ehcache-custom.xml.sample.cluster
13439: Fix for ETHREEOH-1157: JSF Dialogs Absorbing Exceptions
13456: Fixed ETHREEOH-1472: Changes to systemBootstrap cause bootstrapping ACP's not to work
13469: Upgrade patch to update internal version2Store counter (follow-on fix for ETHREEOH-1540)
13491: Chaining example for DOC-84
13492: Fixed paths in zip file
13494: Fixed GenericBootstrapPatch when overriding bootstrap views
13495: Added @version javadoc
13496: Minor logging updates
13497: Fixed ETHREEOH-1431: Authentication case sensitivity switch doesn't work
13500: Temporary fix for Sharepoint issue raised last week
13502: ETHREEOH-1575: It's impossible to create Change Request task
13511: Fix for ETHREEOH-1549: Impossible to create HTML web content
13529: Fix for ETHREEOH-1595
13531: Fix for ETHREEOH-1607: Error on chaining example xml - malformed comment
13537: Build fix ... exclude the system user from auto creation
13538: Build Fix - further contraints to aviod auto-creation of guest
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V2.1:r12307
Merged /alfresco/BRANCHES/V2.2:r13435
Merged /alfresco/BRANCHES/V3.1:r
13424,13427-13429,13436-13437,13439,13442-13450,13452,13454-13456,
13469-13473,13475-13476,13479-13480,13491-13500,13502,13511,13529-13538
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13619 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13171: Fix for ETHREEOH-1239: User needs to have owner on their person
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V3.1:r13171
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12943: Port of support for ADB-47 from V2.1-A to 3.1
12948: Port of tests from CHK-2235 for ADB-20 from V2.1-A to 3.1
12965: Activated index tracker Quartz job by default
12974: Port for lazy creation of home folders with configuration from V2.1-A to V3.1: original CHK-2619, CHK-2716
12976: Merged V2.1A to V3.1
8562: (record-only) Fix to lazily create home folders - DO NOT MERGE
8694: (record-only) Added configuration for lazy or eager creation of home folders
12978: Merged V3.0 to V3.1
12920: Merged V2.2 to V3.0
12456: Wire up AVM locking service by interface to allow for potential over-ride
12457: Make AVM ChildKey case insensitive
12470: Merged V2.2.1-NBC-FIXES to V2.2
12156: Optimizations to WCMWorkflowEvaluator and WCMWorkflowDeletedEvaluator
12605: Hide annoying "Virtualisation Server not started" warnings (by making them debug)
12707: AVM console - "snap" also allows tag and description to be specified
12979: Build/test fix
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/DEV/V2.2.1-NBC-FIXES:r12156
Merged /alfresco/BRANCHES/V2.1-A:r8562,8694
Merged /alfresco/BRANCHES/V3.0:r12920
Merged /alfresco/BRANCHES/V2.2:r12456-12457,12470,12605,12707
Merged /alfresco/BRANCHES/V3.1:r12943,12948,12965,12974,12976,12978-12979
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13544 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13484: ETHREEOH-1547: Do not set requiresNew flag and propagate exceptions in BaseDialogBean
13383: ETHREEOH-1220: Update LDAP-authentication-context to include allowGetEnabled entry to support Share
13381: ETHREEOH-1181: NTLM authentication periodically fails over CIFS - "Read-Write transaction started within read-only transaction"
13376: ETHREEOH-279: Friendly error message when cm:filename regular expression constraint is violated
13364: ETHREEOH-814: Correct character encoding issues in LDAP synchronization
13353: ETHREEOH-1444: Ability to run Alfresco from unexploded .war file with embedded license
13328: ETHREEOH-1400: Prevent TLD warnings on Weblogic startup
13183: Follow up to 13177: Fixes for Weblogic compatibility
13177: Fixes for Weblogic compatibility
13109: Build/test fix (to avoid unintentional import via application-context.xml)
13100: Checkpoint for new DM index check (enterprise-only)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13525 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13037: PostgreSQL upgrade scripts from 2.1.6, 2.2.0, and 2.2.1
12995: Fix build: account for change of path to log4j jar in 3rd party project
12981: Added support for monitoring of installed modules via JMX
12971: Correction to 12970 - better handle case when log4j not available.
12970: Work around log4j bug to allow editing of the "threshold" property of HierarchyDynamicBean through JMX
12926: Merged V3.0 to V3.1
Merged V2.2 to V3.0
12861: ETHREEOH-19, ETHREEOH-24, ETHREEOH-113, ETHREEOH-115, ETHREEOH-449, ETHREEOH-537, ETHREEOH-561, ETHREEOH-566, ETHREEOH-572, ETHREEOH-1072: Retry failed transactions from MS SQL Server in snapshot mode
12924: Avoid direct log4j dependencies
12918: Avoided Log4J imports by using introspection
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13516 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12923: New Enterprise Examples project containing hyperic plugin and README.txt
12908: A few fixes to improve consistency in JMX object naming
12889: Fix failing unit tests. Include linkvalidation in unit test classpath.
12885: Merged DEV/DAVEW_POST3D to V3.1
12881: Changes to allow monitoring of authentication configuration
12862: Merged DEV/3.1_ENTERPRISE_ONLY to DEV/DAVEW_POST3D
12797: Changes to allow persistence of changes made by JMX.
12852: Review comment from Derek: remove dependencies of descriptor service (serverDescriptorDAO, currentRepoDescriptorDAO and installedRepoDescriptorDAO) out of bootstrap-context.xml
12849: Correction to JAWS-221: dbscripts directory must be directly under config/alfresco in enterprise project.
12847: JAWS-221: Move proprietary DB create/upgrade scripts into Enterprise Only project
12845: Avoid NullPointerExceptions in status templates when no codeName or description exists for the status code
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13513 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12178: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes.
12180: Build fix for updating person properties - set all existing to keep quota properties.
12187: MT - fix missing merge and fallout post authentication util changes
12199: Usage Service - fix unit test fallout post authentication util changes
12204: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes
12206: Authenticate now required since authentication util changes
12210: Module fixes - to use new authentication util api changes
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12515 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12145: Merged V2.2 to V3.0 (AuthenticationUtil)
12109: AuthenticationUtil and AuthenticationComponent refactor
12152: Removed Lucene usage from lookup of 'sites' root folder
12153: Fix InviteServiceTest by cleaning up leaking authentications
12159: Fix for broken usage pattern of the Threadlocal values in recent AuthenticationUtil refactor.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12508 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12123: Merged V2.2 to V3.0
11466: Fixed sql-query DELETE syntax
11614: Flush after putChild, fix for ETWOTWO-777
11641: Merged V2.1 to V2.2
11632: Improvements for AVM index FULL and AUTO rebuild.
11646: Upgrade scripts tweaks:
11650: Added unit test to confirm fix of ETWOTWO-740
11674: Added missing EHCache definitions for QName, Namespace and Locale caches
11825: Fixed Eclipse classpath addition of path for Oracle JDBC driver
12125: ETHREEOH-899: Image transformations do not follow Options
12127: Merged V2.2 to V3.0
11675: Node DAO optimizations
11680: Full Fix for ETWOTWO-777 + more protection for nested write transactions beneath read transactions.
11729: AVM creates and deletes no longer update the directory mod time - ETWOTWO-801
11738: Fix for ETWOTWO - fixed check for TX propagation mode
11748: Fixed ETWOTWO-578: RepositoryWebService fetchMore() does not fetch last node
11749: Incorporate feedback from ACT-5440: MySQL-specific tweaks to the upgrade scripts
11750: Moved t_qnames_dyn section to after t_qnames
11752: Fixed ETWOTWO-734: ImporterComponent uses Lucene queries
11785: Build Fix:Remove auto created person TX commit fro DB
11853: Fix for ETWOTWO-687 - missed a case when generating lists of actions for modified files list
11940: Stress test main method for ETWOTWO-744
11950: Fixed ETWOTWO-909 and ETWOTWO-911
11987: Dirty checking for attribute related DAOs
12008: Fixed test for transaction-requiring AttributeService
12128: Merged V2.2 to V3.0
11530: Merged V2.1 to V2.2
11499: Defensive clear of the security context to avoid any ticket sharing for a given user - ETWOTWO-326
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12501 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
