- Added marker data extractor to record the presence of a key in the audit data
- AuditMethodInterceptor applies a marker key in the case of success (failure already has a key)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16519 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Two new repo properties to control auditing:
audit.enabled=false
audit.useNewConfig=false
- Auditing was enabled by default, but it is not enabled any more!
The property has to be set in alfresco-global.properties
- Unit tests for auditing successful and failed authentication attempts
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16496 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Ensure uniqueness across any three (incl. null) Serializable values
- Required to support RM rma:identifier contextual uniqueness
DB Update for MySQL:
drop table if exists alf_prop_unique_ctx;
CREATE TABLE alf_prop_unique_ctx
(
id BIGINT NOT NULL AUTO_INCREMENT,
version SMALLINT NOT NULL,
value1_prop_id BIGINT NOT NULL,
value2_prop_id BIGINT NOT NULL,
value3_prop_id BIGINT NOT NULL,
UNIQUE INDEX idx_alf_prop_unique_ctx (value1_prop_id, value2_prop_id, value3_prop_id),
CONSTRAINT fk_alf_prop_unique_ctx_1 FOREIGN KEY (value1_prop_id) REFERENCES alf_prop_value (id) ON DELETE CASCADE,
CONSTRAINT fk_alf_prop_unique_ctx_2 FOREIGN KEY (value2_prop_id) REFERENCES alf_prop_value (id) ON DELETE CASCADE,
CONSTRAINT fk_alf_prop_unique_ctx_3 FOREIGN KEY (value3_prop_id) REFERENCES alf_prop_value (id) ON DELETE CASCADE,
PRIMARY KEY (id)
);
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16417 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16187: Merged V3.1 to V3.2
16185: AbstractLuceneIndexerAndSearcherFactory.getTransactionId() must return null when there is no transaction
16171: Merged V3.1 to V3.2
16168: ETHREEOH-2797: Force patch.db-V2.2-Person to apply one more time to fix up corrupt users created by LDAP Import
- Problem due to ETHREEOH-2023, fixed in 3.1.1
- Also corrects ldap.synchronisation.defaultHomeFolderProvider to be userHomesHomeFolderProvider
- Also requires fix to ETHREEOH-2475 to fix up duplicate users
16167: ETHREEOH-2475: Fixed nested transaction handling in AbstractLuceneIndexerAndSearcherFactory to allow duplicate user processing in PersonServiceImpl to actually work
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16363 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16340: Oracle and iBatis mappings
16346: Minor formatting
Removed some dangling svn:mergeinfos
TODO: iBatis boolean parameterization in AVM select queries
TODO: Ensure ALL FK CONSTRAINTS ARE PRESENT as expected
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16347 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Tables are 'alf_prop_root' and 'alf_audit_app'
- Added property test to update past the SMALLINT rollover to test reversion to 0
- To modify your tables (not absolutely necessary)
alter table alf_audit_app modify version SMALLINT NOT NULL;
alter table alf_prop_root modify version SMALLINT NOT NULL;
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16320 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1. Appropriate changes have been made in parallelreview_group_processdefinition.xml and
parallelreview_processdefinition.xml files.
2. Redeploy flag is kept with false value by default in the workflow-context.xml.sample file.
3. A sorting of the list of workflow definitions by name has been already applied in all branches according to ETWOTWO-302 issue
fix.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16306 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- alf_prop_xxx tables
- Added alf_prop_root table
- alf_prop_value_xxx tables enforce uniqueness
- Better splitting up of Collections and Maps (attempt to use exact storage type)
- Moved some indexes around to reduce size but maintain index data lookups
- Allow updates and deletes of properties via alf_prop_root (entry-point table)
- Audit Application
- Unique by name
- Add 'disabled paths' to control audit behaviour (not wired into services)
- Added concurrency checks for updates to the Audit Application (model change, etc)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16217 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15128: Merge 3.1 to 3.2:
15114: Added support for impersonation level sharing mode check, to fix Office2007 file open issue. ETHREEOH-2320.
15130: Record-only
15340: Merge 3.1 to 3.2:
14359: Fixed native call being used when <disableNative/> was configured. ETHREEOH-2105. (Record-only)
14484: Merged HEAD to v3.1: (Record-only)
13943 Added FTP IPv6 configuration, via the <IPv6 state="enabled|disabled"/> tag. Added the ftp.ipv6 property. MOB-714.
14523: Add trailing 'A' to CIFS server name, removed by recent checkin. (Record-only)
14561: Change the file server config bean to use the 'org.alfresco.fileserver' logging level.
14916: Fixes for local domain lookup when WINS is configured. ETHREEOH-2263.
14922: Merge HEAD to V3.1
14626: Fixes for the client side Windows desktop action application. part of ETHREEOH-401
15155: Fixes to client side desktop action exe handling of paths that are not mapped to the root of the Alfresco share. ETHREEOH-1613
15341: Record-only
15549: Check for null ClientInfo in the setCurrentUser() method and clear the auth context. Part of ETHREEOH-2538.
15550: Fixed performance issue in the continue search code, add warn level output of folder search timing.
15564: Merge 3.1 to 3.2:
14964: Port fix for convert content I/O exceptions to file server exceptions during write and truncate (part 2). ETWOTWO-1241
15233: Ignore nodes that no longer exist during the second stage of a file server folder search.
15234: Fixed incorrect length check when buffering MSOffice document writes.
15565: Record-only
15568: Fix for cut/paste file between folders on CIFS. ETHREEOH-2323 + ENH-515.
15569: Record-only
15644: Changed filesystem debug setting so it works with old and new config styles.
15786: Record-only
15787: Port of repo filesystem MS Office document locking fix. ETHREEOH-2579
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16122 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Turned namespacing on
- Collapsed SqlMapConfig.xml files with the exception of that for activities, which uses a different datasource bean
- Tried to use it and discovered a "feature": If any ID has a '.' in it, then it is assumed to be namespaced already ...
- Fixed up all IDs for iBatis objects; replaced '.' with '_' except in our namespaces
- Don't panic! It's a find/replace job of ID strings. Errors will be hard and fast, if there are any. All DAO and activities tests run.
- The AVM refactor will get some conflicts in the ibatis-context.xml
- Either follow the same pattern and fix up the IDs, or
- Keep a separate bean until some later time.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16106 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16092: ETHREEOH-2800: org.alfresco.repo.jscript.People should use AuthenticationService rather than the MutableAuthenticationDAO or otherwise it won't work in an authentication chain.
16094: ETHREEOH-2800: The same for org.alfresco.repo.template.People
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16095 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Any combination of application (e.g. RM, repo, etc), user and time
- TODO: Extend queries to support finding audit entries by arbitrary audited values
- TODO: Full map retrieval in single query
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16086 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16062: ETHREEOH-2792: Support login via external SSO systems (such as CAS) in Alfresco Share
- In Alfresco, new "external" authentication subsystem maps user identity from HttpServletRequest.getRemoteUser() or configured header
- In Share, the UserFactory also recognizes HttpServletRequest.getRemoteUser() - no special filters required
- User ID propagated to Alfresco through X-Alfresco-Remote-User HTTP header
- This can be done securely via the use of an SSL client certificate that identifies the Share application to Alfresco as a special 'proxy' user
- New <keystore> section added to webscript-framework-config that allows specification of the keystore holding the client certificate and trusted CAs
- Support for SSL authentication and propagation of Cookies through redirects added to RemoteClient so that initial redirects through sign on pages are supported
- TODO: Wiki
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Removed notion of audit session
- Removed 'scope' attribute for DataGenerator elements
- Removed alf_audit_session table and replaced with alf_audit_app (see script)
- DataGenerators are working properly
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16053 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- The <archive> setting on model class definitions (controlling archival on node deletion) is now paid attention to for aspects as well as types
- Archive is on by default for aspects and off by default for types
- If a node's type or any of its aspects has archiving off then it will be purged rather than archived
- Only the cm:content and cm:folder types currently have archiving switched on
- RM subtypes of cm:content and cm:folder plus rm:record aspect switch off archiving
- A module can now include global property overrides in classpath*:alfresco/module/*/alfresco-global.properties
- The RM module currently sets two global properties:
system.content.eagerOrphanCleanup=true # Switches on synchronous content purging
rm.ghosting.enabled=true # Enables the new RM ghosting functionality
- When ghosting is switched on, for nodes with the rma:record aspect the DestroyAction synchronously removes all content properties and applies the rma:ghosted aspect
- TODO: Any properties required for rma:ghosted?
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15990 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Audit paths can now use mixed case (after alf_prop_string_value enhancements)
- Pluggable data conversion when pushing values into persistence
- Relaxed XSD to allow mixed-case key values
- Regex checking of paths and names when building strings
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15976 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15940: Merged V3.1 to V3.2 (record only)
15939: Merged V3.2 to V3.1
15936: ETHREEOH-2498: Fixed problems with auto-creation of users in CIFS Authenticators (including Kerberos)
15936: ETHREEOH-2498: Fixed problems with auto-creation of users in CIFS Authenticators (including Kerberos)
- Converted to using RetryingTransactionHelper and avoid problems with nested transactionService
- Will trigger LDAP sync if enabled
- Also switched on disableNTLM in kerberos-authentication-context.xml to force Kerberos CIFS authentication in Kerberos subsystem
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15941 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Uses recently-added NamedObjectRegistry
- Audit extractors and generators can now be Sprung using 'registeredName' instead of 'class'
- Simpler to bring in complex, repo-dependent generators and extractors
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15935 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15208: Merged V3.1 to V3.2
15207: ETHREEOH-2196: Disable shutdown backstop by default as it crashes application servers such as Weblogic and Websphere!
15206: Merged V3.2 to V3.1 (Record only)
15109: ETHREEOH-2451: Fix potential deadlock in Enterprise scheduler
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15923 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- alf_prop_string_value now includes a CRC column and handles Oracle empty string issues
- All property values are/must now be Serializable for auditing
- Pushing data into audit is working
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15915 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Pulled old AuditDAO methods into new AuditDAO interface
- Combined AuditDAO implementations
- First cut of high-level AuditSession creation
- TODO: AuditSession data generation according to path
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15864 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Sessions are created using an application name (shared prop) and a persisted model ID
- Added a bootstrap bean for audit that unmarshalls the models
- Added hook points for repo-loading models, but won't implement yet
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15863 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
