17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
- Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
- Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
- Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
- Works with authentication chain containing mixture of internally and externally authenticated users
17247: Fix failing unit tests
- rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17804: Branch for SpringSurf integration 2 to RemoteAPI - from HEAD r17789
17808: Part 3 of SpringSurf integration - RemoteAPI, Web-Client, Mobile and DOD5015 java code refactored to use SpringSurf Webscripts libraries, removed dependancies on existing WebScriptFramework project.
17812: Removed web-framework and webscript-framework projects. Updated build scripts to use SpringSurf dependencies for remote API and client projects and also removal of wf and wsf projects from builds.
17818: Various Spring app context and config changes to integration SpringSurf at the RemoteAPI and Web-Client project level.
- Build scripts fixed up
- Temporary web.xml changes until spring mvc dispatcher is hooked into /service urls
- The server starts up! No nothing else works yet, you know how this goes...
17819: Fix to incremental-webclient-tomcat-exploded build target to work on first deploy to a clean tomcat (affects HEAD also, not SpringSurf related).
17872: Refactor Web-Client web.xml to use Spring WebScripts Dispatcher Servlet
- servlet is configured to use the existing Spring application context instance as loaded by the ContextLoaderListener
Share web.xml TODOs for JBoss app-server support (currently missing from SpringSurf extraction)
17892: Upgraded Repository Spring dependant libraries to 3.0.0 release.
Upgraded to latest SpringSurf release (also running against Spring 3.0.0)
Various related fixes.
17893: Additional Spring3.0.0 migration fixes and libraries.
17899: Integrated another SpringSurf bug fix - to correctly add ClassPathStore instances to SearchPath objects.
17901: Fixes to handling of merging of models returned from the new Script Processors.
Share now works against a Repository that is running SpringSurf WebScripts and Spring 3.0.0.
17904: Latest SpringSurf libraries after latest changes.
TODO:
- NTLM filter needs moving to Share (not present in SpringSurf)
- MessagesWebScript - community tracking image needs adding to Share specific version (not present in SpringSurf)
- feedController - for rss feed service urls - needs testing
- Clustering config overrides - no longer work in SpringSurf, needs a rethink
- Mobile project is not working
- PHP module project
- JBossEnabledWebApplicationContext required for Share - currently missing from SpringSurf
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17906 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17667: Branch for SpringSurf integration - from HEAD r17665
17668: Fix to ensure included scripts files are not loaded from a cached classpath loader.
17670: Part 1 of SpringSurf integration - changes relating to spring-surf-core-1.0.0.CI-SNAPSHOT.jar
17674: Part 2 of SpringSurf integration - changes relating to spring-surf-core-configservice-1.0.0.CI-SNAPSHOT.jar
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Fast NodeService.getChildAssocs(types) based API added to ScriptNode for non-xpath based retrieval of file folder child nodes
- Optionally retrieve files, folders or both
- Optionally ignore certain sub-types e.g. fm:forum
- Automatically remove cm:systemfolder sub-types - equivalent to FileFolderService.list() and related methods
- Modified Share treenode data webscript to use faster API for child folder node counts
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16980 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- KEYWORDS macro changed to keywords
- Added macros without cm: namespace for common cm attributes
- Added macros without recordSearch prefix for search roll-up attributes
- Made rma default search namespace so say "originator:someone" will work rather than "rma:originator:someone"
- Fix to minor UI issues when empty results shown
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16781 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16092: ETHREEOH-2800: org.alfresco.repo.jscript.People should use AuthenticationService rather than the MutableAuthenticationDAO or otherwise it won't work in an authentication chain.
16094: ETHREEOH-2800: The same for org.alfresco.repo.template.People
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16095 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15657: ETHREEOH-2638: Admin and guest users duplicated after upgrade to v3.2. Cannot delete duplicates due to missing authentication.
- Split out alfrescoAuthorityStoreDefaultMembers.xml, only loaded on initial bootstrap so that admin and guest users not duplicated
- Modified org.alfresco.repo.jscript.People and org.alfresco.web.bean.users.UsersDialog so that person deletion doesn't fail if internal authentication information doesn't exist
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15658 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15358: Merged V3.1 to V3.2
15356: Fix for ETHREEOH-2561
15417: Fix for ETHREEOH-2437 - use 'write' webscript transaction to create Calendar container on first refresh.
15480: Merged V3.1 to V3.2
15479: Fix to unreported issue with JS search API.
15481: Fix to unreported XSS issue in Add As Favourite site functionality.
15482: Maxresults value now passed into underlying search API in search lib JS for improved performance executing large searches in Share.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15483 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15410: Fix for unreported issue where Sites menu "Add to favourites" wouldn't show site name
15411: ScriptProcessors use non-caching load method for classpath-based scripts when log4j debug flag set
15412: ALFCOM-3198 - file size misreported in Document Details
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15413 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15297: Merged V3.1 to V3.2
15093: Merged V2.1-A to V3.1
12428: Fix for ADB-150
13461: Fix for ADB-163 - Generic picker now resizes but has minimum width
13462: Fix for ADB-164 ACT 7788 - Search button label now configurable as component attribute.
13757: Fix for ADB-155
14113: Fix for ABD-143
14115: Fix for ADB-144
14493: Fixes for ADB-155 (correction) and ADB-161, ADB-184, ADB-185, ADB-186, ADB-188, ADB-189.
15162: Fix for ETHREEOH-2278 - missed during merge of ABD-143
15278: Fix for ETHREEOH-2474 - search regression
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15298 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- JavaScript search query now supports adding query templates to the query definition object:
search
{
query: string,
store: string,
language: string,
templates: [], optional, Array of query language template objects (see below)
sort: [],
page: object
}
template
{
field: string, mandatory, custom field name for the template
template: string mandatory, query template replacement for the template
}
see http://wiki.alfresco.com/wiki/Full_Text_Search_Query_Syntax#Templates
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15221 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Username and password field length checks based on config values (ALFCOM-2907, ETHREEOH-1199)
- Password checked against Validate Password field on Create and Update of a user (ALFCOM-2913, ALFCOM-2922)
- Fix to recently broken script People API - attempting to create a user with a username that already exists did not return null but instead throw an exception (ALFCOM-2921)
- Field validation correctly trims fields before validation (ALFCOM-2920)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14663 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Query, language (lucene, xpath, jcr-path and alfresco-fts etc), store (workspace or avm), multi-column sorting and paging all supported via search definition object
- A query definition object with a number of parameter objects can be as to use as:
var results = search.query({query: "TEXT:alfresco"});
- Or as richly defined as:
var sort1 =
{
column: "@{http://www.alfresco.org/model/content/1.0}modified",
ascending: false
};
var sort2 =
{
column: "@{http://www.alfresco.org/model/content/1.0}created",
ascending: false
};
var paging =
{
maxItems: 100,
skipCount: 0
};
var def =
{
query: "cm:name:test*",
store: "workspace://SpacesStore",
language: "fts-alfresco",
sort: [sort1, sort2],
page: paging
};
var results = search.query(def);
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14300 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- changePassword(string oldpw, string newpw) - changes password for the current user only, old password must be supplied
- setPassword(string userName, string password) - set the password for the given user - only executable by an admin user
Fix up and clean up of my-sites.get.js so that IMAP favorites are only retrieved if the IMAP server is enabled
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14280 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Can create new users - no form validation etc. yet.
- User password is set.
ChangePassword webscript improved to support admin user setting a user password without knowing the old one.
JavaScript People API fixes.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14097 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Additional root scope java objects can now be configured in for use by plain web-tier WebScripts, SURF components and SURF templates.
- Initial config files provided for SURF web-framework - script/template services context
- Also the first steps towards pluggable script/template processing engines for WebScripts
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14076 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Add CMIS Allowable Actions to Abdera CMIS extension
- Add testAllowableActions(), testQueryAllowableActions
- Pass all AppClientTest (AtomPub server test suite) tests
- Fix encoding issues while parsing Atom requests
- Fix ignoring of Atom slug
- Fix support of pure Atom entries (those without CMIS extensions)
- Add test suite for custom sub-types / props (CMISCustomTypeTest)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13921 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Repository JavaScript API now supports getting/setting user account enabled status (admin authority required).
Repository Template API now supports retrieving user account enabled status.
Fixed up line endings on template-services-context.xml.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13884 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- due to a problem with the Enter key handler - would sometimes "disappear"
People search REST API now allows search for all people again with empty filter arg
Removal of unused fields in People Finder results
Removal of 'title' field from People REST API results JSON template - never applied to cm:person!
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13753 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
