21132: ALF-3855: Refactored repository authentication filters so that same code is re-used for Web Client, Web Script, Web DAV and Sharepoint authentication
- 'Uber Filter' part 3
- Means we now support Kerberos Authentication for Sharepoint
- Threw away a lot of duplicated code
- New common AuthenticationDriver interface created and now implemented by core authentication code
- Sharepoint and BaseSSOAuthenticationFilter now both use AuthenticationDrivers
- Needs regression testing
21137: ALF-3841: Alfresco Explorer SSO Authentication Filters now accept ticket parameters too
- Can be turned back off with ntlm.authentication.browser.ticketLogons=false or kerberos.authentication.browser.ticketLogons=false
- Wiki updated
21141: ALF-3855: Fixed wiring
21146: ALF-2879: 'xamconnector' module behaviour for xam:archived
- Application of xam:archived recurses and locks both files and folders
- cm:content nodes also have the store selector applied for the XAMContentStore
- TODO: Archive properties
21165: Fixed ALF-3867: SQL format error when re-instating orphaned content URL
- Parameter was not bounded with #
- Added unit test to ensure SQL generated is correct
21169: Merged V3.3 to V3.3-BUG-FIX
21168: (RECORD ONLY Merged PATCHES/V3.2.1 to V3.3
21166: Merged V3.3-BUG-FIX to PATCHES/V3.2.1
21165: Fixed ALF-3867: SQL format error when re-instating orphaned content URL
- Parameter was not bounded with #
- Added unit test to ensure SQL generated is correct
21118: Latest SpringSurf libs:
- Fix for missing read of "keystore" in Remote config
- Session Fixation attack mitigation improvements:
- A Surf application no longer generates a Session (and therefore no JSESSIONID) until a user is authenticated - simply visiting a login page or similar will no longer generate a Session
- Existing Sessions are always invalidated and destroyed if found when a user is authenticated via the LoginController (i.e. due to a JSESSIONID captured via an XSS attack)
Merged HEAD to V3.3
21111: Fix to encode form parameter on Share login template - prevents its potential use as an reflected XSS attack vector
21117: Session Fixation mitigation:
- Removed Session creation from Share index.jsp
Merged V3.3-BUG-FIX-2010_06_24 to V3.3
21096: Fix for ALF-3718 - JSF client login page input validator is too aggressive ("Login" button is disabled if username contains forward slash)
21088: Latest SpringSurf libs
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@21170 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
