17002: Merged V3.2 to V3.2
14187: (record-only) Fix for ETHREEOH-2023: LDAP import must lower case the local name of the association to person.
14941: Merged V2.2 to V3.1
14830: Fix for ETWOTWO-389: Alfresco will not fix up all the permissions if the UID is changed
14849: Build Fix: Remove the constraint to avoid the creation of duplicate users (it stops permission assignment before user creation)
14867: Build Fix: Disable tests for concurrent creation of groups and people (it leaves an odd group around and is not currently used)
14880: More for ETWOTWO-389: restrict fix ups for uid/gid to case changes only. Other changes are rejected.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17013 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15388: ETHREEOH-1872: Better debug logging in authentication components
- Now each authentication component logs every step of the authentication process (including reason for failure) if you switch on debug logging for that component or the entire org.alfresco.repo.security.authentication package. E.g.
log4j.logger.org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication.AuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication=debug
15196: Further LDAP sync performance improvements
- Bunch user and group creations into small transactions (except for differential sync on login)
- Run a differential sync on startup (so that bulk of users are not brought over on first login)
- Can be disabled by synchronization.syncOnStartup property
15135: Node creation / ACL performance improvements
- When an ACL was set on a leaf node such as a person, redundant 'shared' ACLs were created for child nodes with getInheritedAccessControlList(), even though no child nodes existed.
- Now setInheritanceForChildren() makes a 'lazy' call to getInheritedAccessControlList(), only when it realises there are child nodes
15133: Changes to datasource definition for improved performance
- Enable caching and reuse of prepared statements (by default 40 for each connection)
- Removed custom-connection-pool-context.xml.sample and instead introduced complete property set into repository.properties
- Updated v3.2 Wiki docs http://wiki.alfresco.com/wiki/Database_Configuration#Overriding_the_Database_Connection_Properties
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15439 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- synchronization.syncWhenMissingPeopleLogIn
- synchronization.autoCreatePeopleOnLogin
When both are false you can now cause users who your LDAP sync doesn't bring in to be rejected (seems to be a requirement)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14814 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- An authentication chain of size 1 configured by default
- DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain.
- SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication
- SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported).
- SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain
- CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only)
- Rationalization of subsystem configuration folder structure and JMX object naming
- Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances
- Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime.
- New AuthenticationChainTest unit test
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13659: Fix NTLMAuthenticationFilter to call super.afterPropertiesSet()
13658: MOB-424: Utility to Dump JMX Data
- new enterprise distributable jmx-dumper.jar
- command line invocation via "java -jar jmx-dumper.jar"
- admin web access via http://localhost:8080/alfresco/faces/jsp/admin/jmx-dumper.jsp
13575: Preconfigured authentication stacks for alfresco, LDAP, Kerberos and NTLM. TODO: file server config.
13493: Initial work to enable selection, configuration, testing and hot-swapping of different authentication subsystems via JMX or admin UI.
13309: Changes to allow datasource and property configuration via JNDI
- Move AVM catalina .jars into 3rd-party/lib/virtual-tomcat so that they don't get automatically included in the .war file and hence stop JNDI lookups from working
- Allow JNDI lookup of datasource – use standard app server mechanisms for managing it but still fall back to 'normal' one
- Allow properties to be overridden by JNDI env-entries as well as system properties. Including hibernate dialect ones. Web.xml can then declare required env-entries and these can be defined on deployment.
- Rewire iBatis so that no config file edits are necessary when dialect is changed
- Use proxy around datasource so that auto-commit is always activated for iBatis
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13668 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13424: ETHREEOH-1242: Sample LDAP authentication config breaks site invites in Share
13427: Fixes for ETHREEOH-1157: Propagate exceptions using ReportedException
13428: Fix ETHREEOH-1493: Upgrade from 2.1-A to 3.1 uses incorrect patch id and fixes_to_schema
13429: Specific fix for ETHREEOH-1157: duplicate/triplicate users not properly prohibited
13436: Merged V2.2 to V3.1
13435: Merged V2.1 to V2.2
12307: Merged DEV/V2.1SP7 to 2.1
11927: ETWOONE-396
12112: ETWOONE-396
13437: Fixed ETHREEOH-1498: Mismatched closing XML tag in ehcache-custom.xml.sample.cluster
13439: Fix for ETHREEOH-1157: JSF Dialogs Absorbing Exceptions
13456: Fixed ETHREEOH-1472: Changes to systemBootstrap cause bootstrapping ACP's not to work
13469: Upgrade patch to update internal version2Store counter (follow-on fix for ETHREEOH-1540)
13491: Chaining example for DOC-84
13492: Fixed paths in zip file
13494: Fixed GenericBootstrapPatch when overriding bootstrap views
13495: Added @version javadoc
13496: Minor logging updates
13497: Fixed ETHREEOH-1431: Authentication case sensitivity switch doesn't work
13500: Temporary fix for Sharepoint issue raised last week
13502: ETHREEOH-1575: It's impossible to create Change Request task
13511: Fix for ETHREEOH-1549: Impossible to create HTML web content
13529: Fix for ETHREEOH-1595
13531: Fix for ETHREEOH-1607: Error on chaining example xml - malformed comment
13537: Build fix ... exclude the system user from auto creation
13538: Build Fix - further contraints to aviod auto-creation of guest
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V2.1:r12307
Merged /alfresco/BRANCHES/V2.2:r13435
Merged /alfresco/BRANCHES/V3.1:r
13424,13427-13429,13436-13437,13439,13442-13450,13452,13454-13456,
13469-13473,13475-13476,13479-13480,13491-13500,13502,13511,13529-13538
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13619 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13484: ETHREEOH-1547: Do not set requiresNew flag and propagate exceptions in BaseDialogBean
13383: ETHREEOH-1220: Update LDAP-authentication-context to include allowGetEnabled entry to support Share
13381: ETHREEOH-1181: NTLM authentication periodically fails over CIFS - "Read-Write transaction started within read-only transaction"
13376: ETHREEOH-279: Friendly error message when cm:filename regular expression constraint is violated
13364: ETHREEOH-814: Correct character encoding issues in LDAP synchronization
13353: ETHREEOH-1444: Ability to run Alfresco from unexploded .war file with embedded license
13328: ETHREEOH-1400: Prevent TLD warnings on Weblogic startup
13183: Follow up to 13177: Fixes for Weblogic compatibility
13177: Fixes for Weblogic compatibility
13109: Build/test fix (to avoid unintentional import via application-context.xml)
13100: Checkpoint for new DM index check (enterprise-only)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13525 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12145: Merged V2.2 to V3.0 (AuthenticationUtil)
12109: AuthenticationUtil and AuthenticationComponent refactor
12152: Removed Lucene usage from lookup of 'sites' root folder
12153: Fix InviteServiceTest by cleaning up leaking authentications
12159: Fix for broken usage pattern of the Threadlocal values in recent AuthenticationUtil refactor.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12508 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
9018: MT: system-wide jobs should run across all stores/indexes
9204: Merged V2.2 to V2.9
8633: Merged V2.1 to V2.2
8629: Merged V2.1-A to V2.1
8493: Fixed ADB-51: ImporterBootstrap doesn't use transaction retrying
8494: EHCache and JGroup patches and upgrades
8546: ACT-1650: performance optimization
8550: Fixes to transactional cache handling
8553: Fixed tests: MLText is a Map, but will always have at least one entry, even that entry is null.
8583: ACT-954: IndexInfo files now reopen when they close (for whatever reason)
8640: Merged V2.1 to V2.2
8638: Used correct exception type for IO channel reopen logic
9102: Unit test to check that transactional cache size overrun is handled
9106: Merged V2.1 to V2.2
9043: Fixed AR-2291: SchemaBootstrap lock is only required before first SQL execution
9045: Fix AR-2291: SchemaBootstrap lock is only required before first SQL execution
9047: Fixed AR-2305: Index tracking in AUTO mode doesn't report anything on bootstrap
9048: Fixed AR-2300: Random-based GUID instead of time-based GUIDs
9049: Fix patches to only run once
9050 <Defered>: Changed getString() method to use the available buffer length rather than a hard coded value.
9060: Fixed ETWOONE-109 and ETWOONE-128: RetryingTransactionHelper fixes and improvements
9061: Fixed NodeRefPropertyMethodInterceptorTest
9075 <Defered>: Added delete permission check when marking a file for delete on close. ETWOONE-141/ACT-2416.
9080: Fixed EHCache source zip
9081: Fixed ETWOONE-118: Tomcat failed bootstrap doesn't clean up EHCache cluster structures
9085: Fixed ETWOONE-154: Added JSR107 Jar to WAR
9115: Fixed test: TransactionalCache uses LRU so repeatedly checking if a entry is there keeps it in the cache.
9206: Merged V2.2 to V2.9
8857: Improvements to ACL performance for large ACLs
8951: Always check permission entry changes are made at position 0
9219 <No change>: Made NTLMLogonDetails class Serializable, port of r8973.
9220: Added delete permission check when marking a file for delete on close. Port of r9075.
9222: Merged V2.1 to V2.9
8683: Early warning for nodes indexed in the wrong store (ACT-964)
8684: Enhanced tests
8685: Enhanced tests
8686: Additional tests
9223: Merged V2.2 to V2.9
9120: Merged V2.1 to V2.2
8740: Fix for AR-2173 - do no recheck case of the user name when validating tickets (it has been done)
9122: Additional unit test from support case.
9224: Merged V2.2 to V2.9
9076: Fixed ETWOTWO-426: Upgrading alfresco from 2.1.1 to 2.2 throws errors with Mysql 5.0.51
9104: Merged V2.1 to V2.2
9025: Fixed AR-2314, AR-2299: Optimizations after profiling
9105: Merged V2.1 to V2.2
8745: Fix AR-2233 (regression introduced by fix for AR-2221)
9121: Merged V2.1 to V2.2
9017: Fix index back up failing due to background index merge/deletions (inlcudes back port of CHK-2588)
9137: Incorporated additions from Will into AVM console (ETWOTWO-439)
9225: Merged V2.1 to V2.9
8641: Merged V2.1-A to V2.1
7729: Fix to Repository Web Service (queryAssociated) to allow reverse association lookup (ie. given target, get the source)
8673: Fix for AR-2098 - shorter URL form now has NTLM filter mapping example in web.xml
8682: Fix for AR-2005
8695: AR-2054.
8696: Improved sort test to include prefix form of field name
9226: Fix ALFCOM-994 (see also earlier change in r9223)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9233 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
8405: Added causal exception to the runtime generated
8408: AR-2136, AR-2137, AR-2138
8410: WCM-1110, WCM-1111
8417: Stopped chiba:match() function from being inserted into bindings for xforms model elements of type xs:integer.
8419: Fixes for correct use of .empty in name spaces of QNames
8420: Finally fixes WCM-1108 and WCM-1109
8489: Merged V2.1 to V2.2
8482: Fix For AR-2163
8507: Merged V2.1 to V2.2
8504: Fix for AR-2165 - respect repo read only setting during authentication
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8508 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
8083: Merged V2.1 to V2.2
8066: RM-31 and related issues (ACT-729)
8068: Fix for AR-1997
8084: Fixed script error on notify page of invite website user wizard
8086: Merged V2.1 to V2.2
8075: Clear()ing a hibernate session, is not always enough to guarantee that transactions not use unbounded amounts of memory
8076: Turn off test that needs to be fixed real soon now.
8092: Implementation for: http://issues.alfresco.com/browse/AR-1744
8093: Fixed upgrade scripts for V2.1.2 to V2.2 upgrades
8096: Fix for AWC-1578 and AWC-1814
8097: Added new indexes missing from scripts and made index names consistent.
8098: Fix for AWC-1548
8100: Removed use of QName from alf_permission table
8102: Fix for AWC-1690
8103: test was == on id that used to be long but is now a Long
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8476 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- explicit guest access is required, such as "guest@tenant1" (note: implicit/anonymous guest access can only login to the default domain)
- also fixes issue with "Show All" users, when logged in as a tenant admin
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@7748 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
6466: Xml metadata. Support for pulling collections of values from XML
6470: Fix for AWC-1321 - Using zero as items per page gives error for Alfresco repos in OpenSearch
6471: Fix for AWC-1496 - OpenSearch dashlet can get in a state where search queries are not executed
6472: Fix for AWC-1495. Searching additional attributes now working correctly for folders.
6473: Fix for AR-1251 (Version error when saving new content via CIFS)
6474: Updated bundles and installers - added missing files back into Linux bundle
6475: LDAP and chainging authentication
Resolved conflicted state of 'root\projects\repository\source\java\org\alfresco\repo\security\authentication\AuthenticationUtil.java'
6477: XForms WCM-696.
6478: Fix for WCM-567 (IndexOutOfBoundsException when stepping through wizard rapidly)
6480: Fix to issue when removing locks on directories.
6481: Updated installer and config wizard to fix download option and config behaviour when called from installer.
6482: Fix for WCM-1229 (properties sheet does not refresh)
6483: Fix for AR-1511
6484: Fix for AR-1351
6485: Missed a unit test update
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6737 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
6386: Fix for AR-1649
6387: Fix for AR-1645
6388: Updated Polish messages
6389: Updated security providers
6392: Add support to log in as guest with any password (if guest is allowed)
6393: AR-1562 : Cannot directly exit/disable Alfresco JavaScript Debugger window
6394: Allow creation of PropertyValue persisted properties without knowing the type QName
6397: Log Serializable properties don't cause infinte waits
6398: Build fix and tidy up for authentication chaining
Resolved conflicted state of 'root\projects\repository\source\java\org\alfresco\repo\security\authentication\AuthenticationUtil.java'
6402: AR-1643 Web Script args object does not handle multi-value arguments
6407: Removed use of QName "{}silly" as a data type definition.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6728 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@5141 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@51352 .
- FLOSS
- Some files will need a follow-up
-root/projects/repository/source/java/org/alfresco/repo/avm/wf/AVMRemoveWFStoreHandler.java (not yet on HEAD: 5094)
-root/projects/repository/source/java/org/alfresco/filesys/server/state/FileStateLockManager.java (not yet on HEAD: 5093)
-onContentUpdateRecord (not on HEAD)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5167 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/DEV/EXTENSIONS@4843 svn://svn.alfresco.com:3691/alfresco/BRANCHES/DEV/EXTENSIONS@4848 .
Allow null in setAuthentication
Patch for system registry area
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4953 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
