16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- An authentication chain of size 1 configured by default
- DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain.
- SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication
- SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported).
- SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain
- CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only)
- Rationalization of subsystem configuration folder structure and JMX object naming
- Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances
- Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime.
- New AuthenticationChainTest unit test
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13171: Fix for ETHREEOH-1239: User needs to have owner on their person
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V3.1:r13171
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12923: New Enterprise Examples project containing hyperic plugin and README.txt
12908: A few fixes to improve consistency in JMX object naming
12889: Fix failing unit tests. Include linkvalidation in unit test classpath.
12885: Merged DEV/DAVEW_POST3D to V3.1
12881: Changes to allow monitoring of authentication configuration
12862: Merged DEV/3.1_ENTERPRISE_ONLY to DEV/DAVEW_POST3D
12797: Changes to allow persistence of changes made by JMX.
12852: Review comment from Derek: remove dependencies of descriptor service (serverDescriptorDAO, currentRepoDescriptorDAO and installedRepoDescriptorDAO) out of bootstrap-context.xml
12849: Correction to JAWS-221: dbscripts directory must be directly under config/alfresco in enterprise project.
12847: JAWS-221: Move proprietary DB create/upgrade scripts into Enterprise Only project
12845: Avoid NullPointerExceptions in status templates when no codeName or description exists for the status code
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13513 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
10963: Merged DEV/LARGE_COLLECTION_PROPERTIES_2.2.1 to V2.2
- PersonService: Lucene removal
- Lucene optimizations (in progress)
- Multi-valued and locale-specific properties persisted in alf_node_properties
- Removal of unused AVM tables
10987: Oracle dialects and enhanced SQL patch support
- Only support Alfresco's 9i and 10g dialects (with auto-switching)
- SQL script patches can now apply selectively to ranges
11007: Test to check cached retrieval of QNames
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11206 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
9241: Merged V2.2 to V2.9
9119: Merged V2.1 to V2.2
8671: Fix for AR-2221 - JavaScript scriptable Map objects recursively converted to Freemarker accessable maps
9256: Merged V2.2 to V2.9
9100: Merged V2.1 to V2.2
8728 <Not required>: Latest AMP changes for AR-2212
8731: Faster content store cleaner
8738: Fix for AWC 1930 - support simple bind when building DNs that contain a comma
8835: Fix regression issue as discussed in ACT 2019
8861: Fix WCM-1158
8866: Fixed AR-2272: Module Management Tool distribution is broken
8872: Fixed distribution of benchmark executable jar after EHCache upgrade
8933: Fix for ACT-2469
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9260 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
8146: Interim checkin for Oracle upgrade scripts.
8150: AR-1905
8151: AR-1956
8152: Correct I18N when reporting patch description
8153: QName script for Oracle along with fixes for unique constraints on assoc tables
8155: Upgrade scripts for Oracle V2.2 - almost there
8164: AWC-1633: Unable to edit rule added via web service
8166: V2.2 upgrade scripts for MySQL and Oracle
8170: AWC-1515: E-mail doesn't reach user's mail box, if it was created with the help of templates
8174: Fix for AWC-798
8180: Fix for AWC-1843
8183: Fixes for different unique index names on alf_child_assoc
8189: AWC-1719: Need to alllow Rules to account for a space being deleted
8249: Fixed handling of empty namespaces on Oracle
8259: Fixes for null namespaces in QName
8360: Modified alf_audit_date columns and added patch
8404: Fix AR-2133: Fix handling of empty namespaces during upgrade
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8481 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
6386: Fix for AR-1649
6387: Fix for AR-1645
6388: Updated Polish messages
6389: Updated security providers
6392: Add support to log in as guest with any password (if guest is allowed)
6393: AR-1562 : Cannot directly exit/disable Alfresco JavaScript Debugger window
6394: Allow creation of PropertyValue persisted properties without knowing the type QName
6397: Log Serializable properties don't cause infinte waits
6398: Build fix and tidy up for authentication chaining
Resolved conflicted state of 'root\projects\repository\source\java\org\alfresco\repo\security\authentication\AuthenticationUtil.java'
6402: AR-1643 Web Script args object does not handle multi-value arguments
6407: Removed use of QName "{}silly" as a data type definition.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6728 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
5910: Web Services getUsers
5913: Web Services admin user password change
5956: LDAP anon simple bind test
6133: WCM-486
6158: Merged V1.4 to V2.0
5600: Split person bootstrap
5642: AR-439 NetBIOS adaptor status request
6160: VersionHistoryPerformance patch with no versionedNodeId
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6166 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@5141 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@51352 .
- FLOSS
- Some files will need a follow-up
-root/projects/repository/source/java/org/alfresco/repo/avm/wf/AVMRemoveWFStoreHandler.java (not yet on HEAD: 5094)
-root/projects/repository/source/java/org/alfresco/filesys/server/state/FileStateLockManager.java (not yet on HEAD: 5093)
-onContentUpdateRecord (not on HEAD)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5167 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
