15586: Merged V3.1 to V3.2
14863: Fixed ETHREEOH-2223: Oracle version-specific schema update failure in upgrading from 2.1A build to 3.1 build
15041: Further fix for ETHREEOH-2223: Oracle version-specific schema update failure in upgrading from 2.1A build to 3.1 build
15428: The ipAddress field of HibernateNodeDaoServiceImpl is 39 characters long (Transaction.hbm.xml modified)
15472: Incremented schema version number for SQL patch
15502: ETHREEOH-2292: Deployment failure in case of IPv6 on Win 2k8
*NOTE*: Removed Derby scripts as it's no longer supported
15588: (record only after Derby script removal) Fixed over-zelous move of Derby scripts
15589: Removed hard-coded GUEST reference
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V3.1:r14863,15041,15428,15472,15502
Merged /alfresco/BRANCHES/V3.2:r15586,15588-15589
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16863 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15154: Performance optimization for AuthorityDAO - based on 3.1E Share use case analysis.
- improves performance for create, find and general get of authorities via the DAO
- also potentially improves LDAP import etc. - anything that goes via Zones
- takes 3.2E performance ahead of 3.1E performance for Share use case (20,000 user and 2,000 site DB upgraded from 3.1.1E)
15447: Static asset web filter added to web.xml for Explorer client and Share webapp.
- Adds a 30 day public cache expiry header (configurable) to all static assets for performance and proxy usage
- Also prevents browsers such as IE causing conditional GET requests for images etc. on restart of the browser
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16846 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16062: ETHREEOH-2792: Support login via external SSO systems (such as CAS) in Alfresco Share
- In Alfresco, new "external" authentication subsystem maps user identity from HttpServletRequest.getRemoteUser() or configured header
- In Share, the UserFactory also recognizes HttpServletRequest.getRemoteUser() - no special filters required
- User ID propagated to Alfresco through X-Alfresco-Remote-User HTTP header
- This can be done securely via the use of an SSL client certificate that identifies the Share application to Alfresco as a special 'proxy' user
- New <keystore> section added to webscript-framework-config that allows specification of the keystore holding the client certificate and trusted CAs
- Support for SSL authentication and propagation of Cookies through redirects added to RemoteClient so that initial redirects through sign on pages are supported
- TODO: Wiki
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15828: ETHREEOH-2601: Users dialog won't delete users who have no authentication information
- Moved the AuthenticationService.deleteAuthentication() call inside PersonService.deletePerson() and protected with try - catch so that if there is no authentication information (for an upgraded/moved user) the person can still be deleted
- Removed a bunch of redundant deleteAuthentication() calls
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15829 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15506: Fix for ALFCOM-3274 - removed double-encoding of webview dashlet title when set from Configure dialog.
15543: Fixes for ETHREEOH-2596 and ETHREEOH-2392. Any Admin user now forced to enter old password when editing themselves in the Share User Admin console.
15620:Merged V3.1 to V3.2
15595: Merged DEV-TEMPORARY to V3.1
15446: Appropriate JSP page was modified to align radio buttons.
15597: Fix for ETHREEOH-2575 - all PNG files now appear in IE6, note that PNG transparency is not supported in IE6.
15598: Merged DEV-TEMPORARY to V3.1
15593: ETHREEOH-2445: Localization Issues [Email Templates and RSS Templates ACPs I18N]
15599: Merged DEV-TEMPORARY to V3.1
15491: ETHREEOH-2460: Localization Issues - Email template
15601: *RECORD ONLY* Merged V3.2 to V3.1
15504: ETHREEOH-2447: My Content page localisation failing. [backport from V3.2]
15613: *RECORD ONLY* Removed reference to portlets message bundle - as per CHK-8518
15784: Minor performance improvements to data dictionary classes relating to Permission evaluations.
15791: Merged V3.1 to V3.2
15693: Merged DEV-TEMPORARY to V3.1
15648: ETHREEOH-2549: Templates in 3.1 will need localising
15743: ETHREEOH-2586: JP:Layout error, the word "....." (cancel) should be in the same line
15745: ETHREEOH-2493 - HTML and XML encoding fixes to Alfresco OpenSearch keyword and person search HTML/ATOM/RSS feed templates.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15793 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15636: ETHREEOH-2626: LDAP sync will no longer delete and recreate colliding users and groups in zones that aren't even in the authentication chain.
- Instead such users and groups will be 're-zoned' to the first zone where they were found
- Avoids losing site memberships, etc. on upgrade or change of authentication chain
- Will continue to recreate users and groups from lower priority zones in the authentication chain
- Updated unit tests appropriately
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15637 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15473: ETHREEOH-2574: Fixed problem when LDAP sync attempts to delete a user who already exists but with username in a different case (e.g. guest -> Guest)
- ACLs were getting left behind due to case issues
- Now 'normalize' the name using getUserIdentifier()
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15474 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15388: ETHREEOH-1872: Better debug logging in authentication components
- Now each authentication component logs every step of the authentication process (including reason for failure) if you switch on debug logging for that component or the entire org.alfresco.repo.security.authentication package. E.g.
log4j.logger.org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication.AuthenticationComponentImpl=debug
log4j.logger.org.alfresco.repo.security.authentication=debug
15196: Further LDAP sync performance improvements
- Bunch user and group creations into small transactions (except for differential sync on login)
- Run a differential sync on startup (so that bulk of users are not brought over on first login)
- Can be disabled by synchronization.syncOnStartup property
15135: Node creation / ACL performance improvements
- When an ACL was set on a leaf node such as a person, redundant 'shared' ACLs were created for child nodes with getInheritedAccessControlList(), even though no child nodes existed.
- Now setInheritanceForChildren() makes a 'lazy' call to getInheritedAccessControlList(), only when it realises there are child nodes
15133: Changes to datasource definition for improved performance
- Enable caching and reuse of prepared statements (by default 40 for each connection)
- Removed custom-connection-pool-context.xml.sample and instead introduced complete property set into repository.properties
- Updated v3.2 Wiki docs http://wiki.alfresco.com/wiki/Database_Configuration#Overriding_the_Database_Connection_Properties
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15439 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15090: Records Management Read Permissions (parts of MOB-747, MOB-815) NOTE =>RM NOW HAS READ ACCESS ENFORCEMENT
- permission model
- DM and RM ignore each other for permissions - they are mutually exclusive
- Read access enforcement (no write enforcement other than read)
- Rolled caveat enforcement into acegi voter implementation and afterInvocation implementation
- updated model with mandatory filePlanComponent aspect
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15111 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Fixed parsing of timestamps
- Fixed resolution of group members
- Shared Spring configuration with ldap subsystem
- Authentication still only supported with DIGEST-MD5 binding enabled - chain with passthru authentication otherwise
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14934 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- synchronization.syncWhenMissingPeopleLogIn
- synchronization.autoCreatePeopleOnLogin
When both are false you can now cause users who your LDAP sync doesn't bring in to be rejected (seems to be a requirement)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14814 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- migration patch uses non-public authority service
- root authority query ignores deleted nodes
- avoid exception for getContainingAuthorities("System")
- update unit test to cope with corrected EMAIL_CONTRIBUTORS group and slight difference in behaviour with root authorities
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
