16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15828: ETHREEOH-2601: Users dialog won't delete users who have no authentication information
- Moved the AuthenticationService.deleteAuthentication() call inside PersonService.deletePerson() and protected with try - catch so that if there is no authentication information (for an upgraded/moved user) the person can still be deleted
- Removed a bunch of redundant deleteAuthentication() calls
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15829 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15473: ETHREEOH-2574: Fixed problem when LDAP sync attempts to delete a user who already exists but with username in a different case (e.g. guest -> Guest)
- ACLs were getting left behind due to case issues
- Now 'normalize' the name using getUserIdentifier()
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15474 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13424: ETHREEOH-1242: Sample LDAP authentication config breaks site invites in Share
13427: Fixes for ETHREEOH-1157: Propagate exceptions using ReportedException
13428: Fix ETHREEOH-1493: Upgrade from 2.1-A to 3.1 uses incorrect patch id and fixes_to_schema
13429: Specific fix for ETHREEOH-1157: duplicate/triplicate users not properly prohibited
13436: Merged V2.2 to V3.1
13435: Merged V2.1 to V2.2
12307: Merged DEV/V2.1SP7 to 2.1
11927: ETWOONE-396
12112: ETWOONE-396
13437: Fixed ETHREEOH-1498: Mismatched closing XML tag in ehcache-custom.xml.sample.cluster
13439: Fix for ETHREEOH-1157: JSF Dialogs Absorbing Exceptions
13456: Fixed ETHREEOH-1472: Changes to systemBootstrap cause bootstrapping ACP's not to work
13469: Upgrade patch to update internal version2Store counter (follow-on fix for ETHREEOH-1540)
13491: Chaining example for DOC-84
13492: Fixed paths in zip file
13494: Fixed GenericBootstrapPatch when overriding bootstrap views
13495: Added @version javadoc
13496: Minor logging updates
13497: Fixed ETHREEOH-1431: Authentication case sensitivity switch doesn't work
13500: Temporary fix for Sharepoint issue raised last week
13502: ETHREEOH-1575: It's impossible to create Change Request task
13511: Fix for ETHREEOH-1549: Impossible to create HTML web content
13529: Fix for ETHREEOH-1595
13531: Fix for ETHREEOH-1607: Error on chaining example xml - malformed comment
13537: Build fix ... exclude the system user from auto creation
13538: Build Fix - further contraints to aviod auto-creation of guest
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V2.1:r12307
Merged /alfresco/BRANCHES/V2.2:r13435
Merged /alfresco/BRANCHES/V3.1:r
13424,13427-13429,13436-13437,13439,13442-13450,13452,13454-13456,
13469-13473,13475-13476,13479-13480,13491-13500,13502,13511,13529-13538
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13619 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13171: Fix for ETHREEOH-1239: User needs to have owner on their person
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V3.1:r13171
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12943: Port of support for ADB-47 from V2.1-A to 3.1
12948: Port of tests from CHK-2235 for ADB-20 from V2.1-A to 3.1
12965: Activated index tracker Quartz job by default
12974: Port for lazy creation of home folders with configuration from V2.1-A to V3.1: original CHK-2619, CHK-2716
12976: Merged V2.1A to V3.1
8562: (record-only) Fix to lazily create home folders - DO NOT MERGE
8694: (record-only) Added configuration for lazy or eager creation of home folders
12978: Merged V3.0 to V3.1
12920: Merged V2.2 to V3.0
12456: Wire up AVM locking service by interface to allow for potential over-ride
12457: Make AVM ChildKey case insensitive
12470: Merged V2.2.1-NBC-FIXES to V2.2
12156: Optimizations to WCMWorkflowEvaluator and WCMWorkflowDeletedEvaluator
12605: Hide annoying "Virtualisation Server not started" warnings (by making them debug)
12707: AVM console - "snap" also allows tag and description to be specified
12979: Build/test fix
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/DEV/V2.2.1-NBC-FIXES:r12156
Merged /alfresco/BRANCHES/V2.1-A:r8562,8694
Merged /alfresco/BRANCHES/V3.0:r12920
Merged /alfresco/BRANCHES/V2.2:r12456-12457,12470,12605,12707
Merged /alfresco/BRANCHES/V3.1:r12943,12948,12965,12974,12976,12978-12979
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13544 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12178: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes.
12180: Build fix for updating person properties - set all existing to keep quota properties.
12187: MT - fix missing merge and fallout post authentication util changes
12199: Usage Service - fix unit test fallout post authentication util changes
12204: Authenticate now required since introduction of public service usage in 3.0 test and authentication util changes
12206: Authenticate now required since authentication util changes
12210: Module fixes - to use new authentication util api changes
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12515 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
11008: FileFolderService no longer uses Lucene
11014: Fixed ETWOTWO-569: Regression after ContentStoreCleaner overhaul
11021: Fixed HibernateSessionHelperTest
11028: Fixed unit test's expected values
11035: Made cm:auditable optional and fixed 64K limit on property list sizes
11038: IncompleteNodeTagger handles aspects that are not in the dictionary
11039: Added tests to ensure that QName caching is case-insensitive
11040: Fixed use of mixed-case QNames for aspects
11044: Allow background AND in-transaction indexing to be disabled at the same time.
11046: Removed Lucene use from RegistryServiceImpl
11050: Removal of Lucene usage
- ML services finding root using XPath moved to path query
- RepoStore now uses simple path query
- Remove unused imports on PersonServiceImpl
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11215 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
10963: Merged DEV/LARGE_COLLECTION_PROPERTIES_2.2.1 to V2.2
- PersonService: Lucene removal
- Lucene optimizations (in progress)
- Multi-valued and locale-specific properties persisted in alf_node_properties
- Removal of unused AVM tables
10987: Oracle dialects and enhanced SQL patch support
- Only support Alfresco's 9i and 10g dialects (with auto-switching)
- SQL script patches can now apply selectively to ranges
11007: Test to check cached retrieval of QNames
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@11206 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
9845: Merged V2.2 to V2.9
9733: Merged V2.1 to V2.2
9281: Improvements to index AUTO recovery
9316: Fixed ETWOONE-193: Transactional caches not being cleaned up after rollback (2.1.4 regression)
9317: Fixed ETWOONE-194: Faster void handling during index tracking
9365: Improved performance for finding which snapshots have been indexed
9413: Support to retrieve read/write state of the transaction and ensure Lucene commits are handled last
9414: ACT-3245: Updating node properties and aspects don't bump the alf_node.version value
9415: Code cleanup: Removed unnecessary empty methods
9416: Fixed creation of multiple thread pools
9417: Full index recovery absorbs indexing exceptions by default
9418: Added AUTO index recovery option to sample in line with Wiki docs
9419: ETWOONE-194: Index tracking is too slow
9420: Fixed ETWOONE-201: Better logging and configurability for RetryingTransactionHelper
9421: Fixed ETWOONE-202: SPlit person cleanup doesn't break read-only transactions
9422: Follow up on CHK-3317: Removed use of JDK 1.6 NavigableMap interface
9423: Fixed unit test after CHK-3317
9424: More test fixes after CHK-3317
9425: Ensure that index tracking tests don't run too long.
9426: Made concurrent reindexing optional. It is on by default.
9509: ACT-3539: Mid-transaction locking on Lucene resources
9547: Multithreaded index tracking startup: Handle previously lagging single-threaded rebuilds
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10592 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@5141 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@51352 .
- FLOSS
- Some files will need a follow-up
-root/projects/repository/source/java/org/alfresco/repo/avm/wf/AVMRemoveWFStoreHandler.java (not yet on HEAD: 5094)
-root/projects/repository/source/java/org/alfresco/filesys/server/state/FileStateLockManager.java (not yet on HEAD: 5093)
-onContentUpdateRecord (not on HEAD)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5167 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Added big P person service
- web service clinet jar is now build by build process
- Added distribute-web-service-client target which will create web service lcient distribution zip file containing jar and dependant resources
- Added web service client property file so destination repository can be easily specified
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2233 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
