19977: (RECORD ONLY) Merged PATCHES/V2.2.7 to V2.2
19778: (RECORD ONLY) Incremented version label
19976: Merged PATCHES/V2.2.7 to V2.2
19776: ALF-2011: Audit doesn't take into account CIFS authentication
- Now that we've backported the ticket granting auditing, converted the Alfresco CIFS authenticators to use ticket-based authentication, rather than directly manipulating ACEGI
- Needs thorough testing with password, NTLM, Passthru and Kerberos
19891: ALF-2011: Audit doesn't take into account CIFS authentication
Since each child of the CifsAuthenticator is not a Spring configured bean it has no Transaction interceptor. The Transaction wrapping functionality was added into the CifsAuthenticator.setCurrentUser() to fix a Transaction Synchronization issue after successful authentication of the user.
Several little corrections added into the InMemoryTicketComponentImpl to allow "Null user". "Missing ticket for null" exceptions will be thrown instead of the NullPointerException
19903: ALF-2011: Minor cleanup/formatting only
19975: (RECORD ONLY) Merged PATCHES/V2.2.7 to V2.2
19769: ALF-2011: Backported dependencies
ALF-2360: Merged V3.1 to PATCHES/V2.2.7
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
ALF-2361: Merged V3.2 to PATCHES/V2.2.7
17456: Fix for: ETHREEOH-1465: It's impossible to get the login history for a given user (Audit)
- all authentication routes (SSO and password) can now audit getting a new ticket for a session. SSO does not authenticate via the alfresco AuthenticationService API
- you can now use auditing to track new sessions for users.
19834: (RECORD ONLY) Increment version (from 2.2.7 to 2.2.8)
19833: (RECORD ONLY) Merged PATCHES/V2.2.7 to BRANCHES/V2.2:
19832: Merged BRANCHES/V3.1 to PATCHES/V2.2.7:
17255: Fixed ETHREEOH-3180: Error appears when trying to search resources on Manage Task page
19578: (RECORD ONLY) Merged V3.0 to V2.2
19574: Merged V3.1 to V3.0
19573: Merged V3.2 to V3.1
19539: Merged HEAD to V3.2
19538: Build fix - fix build speed
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20011 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
19151: SAIL-298: Implemented subsystem changes.
- We didn't remove the cifs.serverName property because it is independent of host/port/context/protocol.
Applied following corrections
- Removed the email 'chain'. OutboundSMTP and InboundSMTP are separate subsystems and don't need to be chained
- Added the ability for multiple Spring-initialized subsystems to share the same category
- No need to expose mailService outside of the OutboundSMTP subsystem as far as I can tell
- GlobalDeskTopActionConfigBean doesn't need dependencies and no longer exposes the webpath property
- Fixed construction of contexts in ContentDiskDriver.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19266 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
18450: Port of FTP data port configuration values. ETHREEOH-4103.
18559: NFS fixes, NFS/FTP/CIFS config properties. ETHREEOH-4102, ETHREEOH-4101, ETHREEOH-4104 (partial)
18642: Do not allow null NFS authentication type, core NFS/mount server code now allows null requests with null authentication type.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18654 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- An authentication chain of size 1 configured by default
- DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain.
- SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication
- SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported).
- SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain
- CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only)
- Rationalization of subsystem configuration folder structure and JMX object naming
- Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances
- Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime.
- New AuthenticationChainTest unit test
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- All supporting classes moved out to thirdparty subsystem
- Open Office service automatically started if available
- All utility locations editable via JMX (and subsystem can be reinitialized with new values without rebooting tomcat)
- New ContentTransformerWorker interface introduced in order to allow separation between ContentTransformer registry and third party utilities
- Existing JMX query capabilities preserved
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13860 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- PassthruServerFactory created to allows PassthruServers singleton to be shared by CIFS, FTP and Alfresco passthru authenticators
- Also added NTLM + Alfresco (non-passthru) example. Doesn't seem to work yet!
- ExtendedServerConfigurationAccessor interface added BaseSSOAuthenticationFilter to get at local server name info from file server configuration
- toString() added to CIFSAuthenticator so that we can still properly log the authenticator type
- Fixed WebDAVServlet to go through ServerConfigurationAccessor interface to avoid ClassCastException
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13823 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Minor JLAN changes (backward compatible)
- CIFSAuthenticator implements an interface (to allow dynamic proxying to authentication subsystem)
- CIFSAuthenticator accesses ServerConfiguration via ServerConfigurationAccessor interface and doesn't retain references to config sections (again to allow dynamic proxying and hot swapping)
- ConfigSections have way of directly setting container initialised authenticators, sharemappers, etc.
- Authenticators, etc. still support initialisation from config service in backward compatible manner.
- Most of ServerConfigurationBean moved to AbstractServerConfigurationBean superclass.
- New org.alfresco.filesys.config package with ServerConfigurationBean implementation and supporting classes that can be initialised by a Spring container.
- File server authenticators moved into authentication subsystem. TODO: Kerberos and NTLM
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13795 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261