15888: ETHREEOH-2617: CIFS Authenticators should not try to initialize when disabled
- removed init-method declaration from cifsAuthenticatorBase
15731: ENH-524: Use JobLockService to ensure that it is only possible for LDAP sync to run on one node at a time in a cluster
- Ensures that if schedule is identical on all nodes, the LDAP sync will only be run on one
15694: Fix TransactionServiceImplTest broken by 15685
15685: ETHREEOH-983: Move RepoServerMgmt JMX editable capabilities into a sysAdmin subsystem for more consistent control and cluster support
- New SysAdminParams interface exported by sysAdmin subsystem through which AuthenticationService and TransactionService get at the configured parameters
- The repository read only flag does not apply to the system user so that we can still persist changes to that flag through JMX!
- Removed sysAdminCache and supporting configuration.
15684: Improvements to cluster support for subsystems
- When a subsystem is stopped on a node for editing it is completely destroyed and deregistered from JMX on other nodes
- Should the subsystem be reactivated on those other nodes (e.g. called into by code) it will be reinitialized from persisted properties and thus stay in sync with the node being edited!
15683: Fixed potential concurrency issues in HeartBeat and LicenseComponent
- Discovered during cluster testing
- Because these components schedule triggers in a retrying transaction, they need to unschedule the triggers beforehand, just in case a retry has happened
15617: MOB-646: JMX edits now synchronized across cluster via JGroups
- When you stop a component or subsystem, it is stopped across the entire cluster
- When you restart it after editing properties, the component is reinitialized from the persisted properties across the cluster
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16873 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Fix handling of legacy dev-context.xml style property configuration
- LegacyConfigPostProcessor has to be given the maximum precendence so that it runs before PropertyPlaceHolderConfigurer
- Also has to fix up the live repository-properties bean that would already have been constructed before post-processing
- Include log4.properties in unit test classpath so we can tell what the heck is going on!
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15994 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15158: ETHREEOH-2478: Fix mechanism that allows extension classpath override of subsystem instance properties and Spring config
- Reported broken on the forums
- Now improved unit test coverage
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15160 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Set of overridable properties now centralized to new global-properties bean and referenced by repository-properties, hibernateConfigProperties and subsystems
- Installer defaults can now be specified in classpath:alfresco-global.properties
- A special BeanFactoryPostProcessor ensures backward compatibility with existing alfresco/extension/*-context.xml files overriding repository-properties or hibernateConfigProperties.
- Subsystems pick up initial property values from global-properties. Placeholders expanded.
- Messages now output when subsystems stopped and started
- Object names lists to allow better hierarchical organisation
- Composite properties now supported by child application contexts
- Materialized in context.xml as ListFactoryBeans - lists of beans
- Configured values injected before application context started
- Configurable via alfresco-global.properties or JMX
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14351 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- All code that resolves classpath resources goes through JBossEnabledResourceLoader with VFS support
- JBossEnabledResourcePatternResolver can handle recursion within VFS directory structures
- Reflection used to avoid runtime dependency on JBoss classes
- resource-ref declared in jboss-web.xml
- Work around incorrect treatment of env-entry-value tag in web.xml
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14106 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- An authentication chain of size 1 configured by default
- DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain.
- SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication
- SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported).
- SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain
- CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only)
- Rationalization of subsystem configuration folder structure and JMX object naming
- Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances
- Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime.
- New AuthenticationChainTest unit test
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- All supporting classes moved out to thirdparty subsystem
- Open Office service automatically started if available
- All utility locations editable via JMX (and subsystem can be reinitialized with new values without rebooting tomcat)
- New ContentTransformerWorker interface introduced in order to allow separation between ContentTransformer registry and third party utilities
- Existing JMX query capabilities preserved
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13860 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- FTPConfigSection / CIFSConfigSection now aware of whether they constructed the authenticator themselves
- AbstractTriggerBean doesn't try to unschedule a trigger if the scheduler is already shut down
- RuntimeExecBootstrapBean can cope with running in a subsystem and shutting down without the VM shutting down
- DefaultManagedApplicationContextFactory will start up the application context it is proxying to if it has not already been started
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13846 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Minor JLAN changes (backward compatible)
- CIFSAuthenticator implements an interface (to allow dynamic proxying to authentication subsystem)
- CIFSAuthenticator accesses ServerConfiguration via ServerConfigurationAccessor interface and doesn't retain references to config sections (again to allow dynamic proxying and hot swapping)
- ConfigSections have way of directly setting container initialised authenticators, sharemappers, etc.
- Authenticators, etc. still support initialisation from config service in backward compatible manner.
- Most of ServerConfigurationBean moved to AbstractServerConfigurationBean superclass.
- New org.alfresco.filesys.config package with ServerConfigurationBean implementation and supporting classes that can be initialised by a Spring container.
- File server authenticators moved into authentication subsystem. TODO: Kerberos and NTLM
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13795 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13659: Fix NTLMAuthenticationFilter to call super.afterPropertiesSet()
13658: MOB-424: Utility to Dump JMX Data
- new enterprise distributable jmx-dumper.jar
- command line invocation via "java -jar jmx-dumper.jar"
- admin web access via http://localhost:8080/alfresco/faces/jsp/admin/jmx-dumper.jsp
13575: Preconfigured authentication stacks for alfresco, LDAP, Kerberos and NTLM. TODO: file server config.
13493: Initial work to enable selection, configuration, testing and hot-swapping of different authentication subsystems via JMX or admin UI.
13309: Changes to allow datasource and property configuration via JNDI
- Move AVM catalina .jars into 3rd-party/lib/virtual-tomcat so that they don't get automatically included in the .war file and hence stop JNDI lookups from working
- Allow JNDI lookup of datasource – use standard app server mechanisms for managing it but still fall back to 'normal' one
- Allow properties to be overridden by JNDI env-entries as well as system properties. Including hibernate dialect ones. Web.xml can then declare required env-entries and these can be defined on deployment.
- Rewire iBatis so that no config file edits are necessary when dialect is changed
- Use proxy around datasource so that auto-commit is always activated for iBatis
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13668 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
