18088: ETHREEOH-3787: Addition of liferay-display.xml to define category for demo portlet
18053: Build fix: Re-enable log ins to Alfresco web app when not running in a portlet container
- Removed direct dependencies between FacesHelper and portlet API
18037: Merged DEV/DAVEW/SURFPORTLET to V3.2
17669: Changes to enable surf rendering from a portlet
- New DispatcherPortlet forwards portlet requests to the DispatcherServlet as servlet requests.
- A new filter 'lazily' creates users' dashboard pages to avoid the need to have to redirect from site-index.jsp
- Build against JSR 286 portlet 2.0 API jar
- Exclude portlet API jar from war to avoid ClassCastExceptions
- Lazily init portlet authenticators to avoid ClassNotFoundExceptions when not running in a portlet container
- Fix web.xml schema validation problems
- UserFactory session keys given unique prefix to avoid class with Liferay shared session attributes
- Liferay deployment descriptor to enable user principal name resolution
- Fixed subsystem problem that prevented the override of a property with the empty string in alfresco-global.properties. Stopped 'unprotected' external auth from working.
18019: ETHREEOH-3770: LDAP sync now supports attribute range retrieval to get around limits imposed by Active Directory on multi-valued attributes
- Meant that groups with more than 1000 members were getting truncated in Active Directory
- Now switched on in ldap-ad and off in ldap subsystem
- Also switched off result set paging in ldap subsystem by default for wider compatibility with non-AD systems
17759: Merged DEV/BELARUS/V3.2-2009_11_24 to V3.2
17755: ETHREEOH-3739: build 283: Upgrades from 3.1.1 and 3.1.2 fail on JBoss 5.1
- The getFile method was created for ImapFoldersPatch to retrieve acp file for ACPImportPackageHandler.
- This method tries to load ACP file from file location and if it is unsuccessful then creates temporary file from resource input stream.
- In other words we apply aproach from ImporterBootstrap.
17600: ETHREEOH-1002: Avoid using HTTP 1.1 chunked transfer encoding to send heartbeat data because some proxy servers can't cope with it!
- Unit test can now parse chunked and un-chunked HTTP requests
17597: Further optimizations to authority caching
- Don't invalidate entire user authority lookup cache when user added to or removed from an authority
17588: Fix up authority caching
- Need to include tenant domain in cache key
- Also reinstated cache of user recursive group memberships for performance purposes
17559: ETHREEOH-3440: Authority search performance improvements
- AuthorityDAO now uses Lucene (again) to do wildcard style authority searches by name, type and zone
- Retrieval by exact name, type and zone still performed by DB methods
- DB methods now optimized to avoid having to load group child nodes to determine group membership
- Authority cache now stores authority node refs by name to reduce authority resolution queries
- ScriptGroup avoids hammering repository with multiple searches to determine group membership
17545: ETHREEOH-3371: Fixed group searches to search within the default zone and thus hide 'invisible' WCM and Share groups.
17527: ETHREEOH-3375: Use static inner class for cache key to avoid non serializable exceptions
17523: ETHREEOH-3337: Fix NPEs in RepoServerMgmt operations
- Transactional cache can have entries with non-null keys and null values
17521: ETHREEOH-3158: Proper handling of user validation failures in Kerberos Authentication filters.
17490: Fix failing HeartBeatTest
- Prevent possibility of both test and non-test public keys being used at the same time
17481: Fix build for Jan
- Removed JDK 1.6 String.isEmpty() references
17472: Follow-on for ETHREEOH-2648 - tighten guest login, eg. if no guest configured (in auth chain)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18108 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17475: ETHREEOH-3295: Fix to AuthorityMigrationPatch
- Forces transaction retry if worker thread reaches child authority before a parent authority
- Tested on Kev's 3.1.1 repository with ~20,000 bulk loaded users and ~2,000 Share sites
- Now completes in 5 minutes as opposed to 45
17461: ETHREEOH-3268: Added MutableAuthenticationService.isAuthenticationCreationAllowed () to allow conditional display of external user invitation UI
17450: ETHREEOH-2762: Correction to previous fix. Do not generate new name when working copy copied back on check in.
17440: ETHREEOH-3295: Fixed logging in FixNameCrcValuesPatch
17439: ETHREEOH-2762: Improved behaviour when a working copy is copied
- Working copy aspect already removed the working copy aspect on copy
- Now derives a new name from the node checked out from and a UUID, preserving the extension
17438: ETHREEOH-2690: Fix sequencing of jgroups system property setting
- declared dependency between internalEHCacheManager and jgroupsPropertySetter
17436: ETHREEOH-3295: Further performance improvements to AuthorityMigrationPatch
- authority created at same time as all its parent associations to save lots of reindexing, as per LDAP sync
- multi-threaded BatchProcessor (as used by LDAP sync, FixNameCrcValuesPatch) used to process work in 2 threads in batches of 20, report progress every 100 entries and handle transaction retries
- BatchProcessor now promoted to its own package
17394: Fix for license issue in local enterprise builds.
- Replace Community with Enterprise in version.properties during enterprise war building
17365: ETHREEOH-3229: Visited and fixed all SearchService result set leaks
17362: ETHREEOH-3254: Eliminate needless ping to LDAP server in LDAPAuthenticationComponentImpl.implementationAllowsGuestLogin()
17348: ETHREEOH-3003: Fix NPE in Hyperic when LicenseDescriptor has null fields
17316: Merged V3.1 to V3.2
17315: ETHREEOH-3092: PersonService won't let you create duplicate persons anymore.
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
17312: ETHREEOH-3219: Enable resolution of JMX server password file path on JBoss 5
17299: Merged V3.2 to V3.1 (Record only)
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
- thanks Kev!
17292: ETHREEOH-1842: Ticket association with HttpSession IDs tracked so that we don't invalidate a ticket in use by multiple sessions prematurely
- AuthenticationService validate, getCurrentTicket, etc. methods now take optional sessionId arguments
17269: Fix failing unit test
- reinstate original behaviour of AbstractChainingAuthenticationService.getAuthenticationEnabled()
17268: Fix InvitationService
- Runs as system to do privileged AuthenticationService actions
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18105 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
- Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
- Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
- Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
- Works with authentication chain containing mixture of internally and externally authenticated users
17247: Fix failing unit tests
- rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- An authentication chain of size 1 configured by default
- DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain.
- SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication
- SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported).
- SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain
- CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only)
- Rationalization of subsystem configuration folder structure and JMX object naming
- Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances
- Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime.
- New AuthenticationChainTest unit test
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
