16062: ETHREEOH-2792: Support login via external SSO systems (such as CAS) in Alfresco Share
- In Alfresco, new "external" authentication subsystem maps user identity from HttpServletRequest.getRemoteUser() or configured header
- In Share, the UserFactory also recognizes HttpServletRequest.getRemoteUser() - no special filters required
- User ID propagated to Alfresco through X-Alfresco-Remote-User HTTP header
- This can be done securely via the use of an SSL client certificate that identifies the Share application to Alfresco as a special 'proxy' user
- New <keystore> section added to webscript-framework-config that allows specification of the keystore holding the client certificate and trusted CAs
- Support for SSL authentication and propagation of Cookies through redirects added to RemoteClient so that initial redirects through sign on pages are supported
- TODO: Wiki
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Removed notion of audit session
- Removed 'scope' attribute for DataGenerator elements
- Removed alf_audit_session table and replaced with alf_audit_app (see script)
- DataGenerators are working properly
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16053 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Also improved Boolean logic so that it's possible to switch on archiving via an aspect (as suggested by Derek)
- M2ClassDefinition.getArchive() now returns true, false or null
- false takes precedence and is the ultimate default
- fixed JIBX classpath
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16022 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Fix handling of legacy dev-context.xml style property configuration
- LegacyConfigPostProcessor has to be given the maximum precendence so that it runs before PropertyPlaceHolderConfigurer
- Also has to fix up the live repository-properties bean that would already have been constructed before post-processing
- Include log4.properties in unit test classpath so we can tell what the heck is going on!
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15994 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- The <archive> setting on model class definitions (controlling archival on node deletion) is now paid attention to for aspects as well as types
- Archive is on by default for aspects and off by default for types
- If a node's type or any of its aspects has archiving off then it will be purged rather than archived
- Only the cm:content and cm:folder types currently have archiving switched on
- RM subtypes of cm:content and cm:folder plus rm:record aspect switch off archiving
- A module can now include global property overrides in classpath*:alfresco/module/*/alfresco-global.properties
- The RM module currently sets two global properties:
system.content.eagerOrphanCleanup=true # Switches on synchronous content purging
rm.ghosting.enabled=true # Enables the new RM ghosting functionality
- When ghosting is switched on, for nodes with the rma:record aspect the DestroyAction synchronously removes all content properties and applies the rma:ghosted aspect
- TODO: Any properties required for rma:ghosted?
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15990 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Audit paths can now use mixed case (after alf_prop_string_value enhancements)
- Pluggable data conversion when pushing values into persistence
- Relaxed XSD to allow mixed-case key values
- Regex checking of paths and names when building strings
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15976 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15940: Merged V3.1 to V3.2 (record only)
15939: Merged V3.2 to V3.1
15936: ETHREEOH-2498: Fixed problems with auto-creation of users in CIFS Authenticators (including Kerberos)
15936: ETHREEOH-2498: Fixed problems with auto-creation of users in CIFS Authenticators (including Kerberos)
- Converted to using RetryingTransactionHelper and avoid problems with nested transactionService
- Will trigger LDAP sync if enabled
- Also switched on disableNTLM in kerberos-authentication-context.xml to force Kerberos CIFS authentication in Kerberos subsystem
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15941 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Uses recently-added NamedObjectRegistry
- Audit extractors and generators can now be Sprung using 'registeredName' instead of 'class'
- Simpler to bring in complex, repo-dependent generators and extractors
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15935 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- alf_prop_string_value now includes a CRC column and handles Oracle empty string issues
- All property values are/must now be Serializable for auditing
- Pushing data into audit is working
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15915 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Pulled old AuditDAO methods into new AuditDAO interface
- Combined AuditDAO implementations
- First cut of high-level AuditSession creation
- TODO: AuditSession data generation according to path
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15864 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Sessions are created using an application name (shared prop) and a persisted model ID
- Added a bootstrap bean for audit that unmarshalls the models
- Added hook points for repo-loading models, but won't implement yet
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15863 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Added helper classes for auto-generating code (core project)
- Audit configuration is loaded using a separate bean and unmarshalled using JAXB
- First cut of data extractors and generators that will be required
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15842 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15837: ETHREEOH-2701: Do not allow partial initialization of file server configuration bean
- Even when all of the file servers are disabled, this bean must be queryable by the rest of the system
- Therefore if it fails to initialize, the server should fail to start
- Fatal exceptions now propagated by AbstractServerConfigurationBean.init()
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15839 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Normal prefix-index has been shortened to 32 chars (from 64)
- Added a fully indexed 'string_end' column of 16 characters
- iBatis queries are optimized to pull short strings from the index
- Long paths and NodeRefs are well-indexed using this approach
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15833 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
