16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16062: ETHREEOH-2792: Support login via external SSO systems (such as CAS) in Alfresco Share
- In Alfresco, new "external" authentication subsystem maps user identity from HttpServletRequest.getRemoteUser() or configured header
- In Share, the UserFactory also recognizes HttpServletRequest.getRemoteUser() - no special filters required
- User ID propagated to Alfresco through X-Alfresco-Remote-User HTTP header
- This can be done securely via the use of an SSL client certificate that identifies the Share application to Alfresco as a special 'proxy' user
- New <keystore> section added to webscript-framework-config that allows specification of the keystore holding the client certificate and trusted CAs
- Support for SSL authentication and propagation of Cookies through redirects added to RemoteClient so that initial redirects through sign on pages are supported
- TODO: Wiki
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15495: ETHREEOH-2149: Fix up setting of the content language filter in all authentication filters
- Some new thread initialization was added to AuthenticationHelper concerning setting the locale for MLText properties
- Unfortunately this was not propagated to the more exotic authentication filters
- Now all web client authentication filters use shared code in AuthenticationHelper
- Retired the NovellIChainsHTTPRequestAuthenticationFilter because it was broken and can be replaced by the superior HTTPRequestAuthenticationFilter
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15735 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13409: Fix for ETHREEOH-1337 - to escape query characters in Site/People service filter methods.
13410: Fix for ETHREEOH-1272 - another missing pager control.
13425: Italian lang pack for TinyMCE editors. Fixes ETHREEOH-1491.
13430: Fix for ETHREEOH-1488.
Also IDs added to a couple of pagers - not causing a bug, but completes the pager fixes.
13464: Fix for ETHREEOH-1474 - now possible to use NTLM auth with Alfresco and SURF apps hosted in same app-server with same user browser session in different tabs.
Added additional NTLM filter debugging info for Session ID.
13483: Fix for ETHREEOH-1547 - System error happens when trying to create any Web Project.
Also fixes issue where webproject FormImpl objects did not deserialize correctly due to unsafe service call usage in constructor.
13501: Fix for ETHREEOH-965 - disallow guest login until explicit Guest support is added to Share.
13507: Fix for ETHREEOH-1586 - language selectable at login working again.
13512: Fix for ETHREEOH-1522 - wiki RSS feed template variable named incorrectly.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13598 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13084: Merged V2.1-A to V3.1
7984: *RECORD-ONLY* Final part of fix for ACT 819, by default the web-client now generates WebScript content download API based URLs to allow relative paths to be resolved in HTML content files
13086: Merged V2.1-A to V3.1
7986: *RECORD-ONLY* Additional for ACT 819, View In Browser details page links and cm:link objects to content now output Content API webscript urls
13090: Merged V2.1-A to V3.1
7986: Language locale auto-selection based on browser locale - see ACT 1053
NOTE: a web-client-config setting has been added to enable this - it is off by default.
13093: Merged V2.1-A to V3.1
8255: Filetypes and PanelGenerator enhancements
13094: Merged V2.1-A to V3.1
8547: Branding changes from Mike [just filetypes merged]
13095: Merged V2.1-A to V3.1
8555: Webdav path support for ExternalAccessServlet browse navigation
13103: Merged V2.1-A to V3.1
8592: Fix for login page issue with language locale auto-selection - see ACT 1053
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13559 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12140: Merged V2.2 to V3.0
11732: Fixed ETWOTWO-804: Node and Transaction Cleanup Job
11747: Missed config for Node and Txn purging
11826: WCM - fix ETWOTWO-817
11951: Fixed ETWOTWO-901: NodeService cleanup must be pluggable
11961: Merged V2.1 to V2.2
11561: ETWOONE-224: when renaming duplicates during copy association names where not renamed
11583: (ALREADY PRESENT) Updated NTLM config example in web.xml - adding missing servlet mappings
11584: Fix for ETWOONE-209 - JavaScript People.createGroup() API now correctly checks for actual group name when testing for existence
11585: Fix for ETWOONE-214 - View In CIFS link now works even when users des not have view permissions on the parent folder
11612: Fix for ETWOONE-91: the description textarea in the modify space properties web form eats one leading newline each time it is submitted
11613: Fix 2.1 build and adjust implementation of ETWOONE-224 fix
11621: Fix for ETWOONE-343
11669: Improved debug from index tracking when exceptions occur
12141: Avoid annoying Spring WARN messages for ClientAbortException
12143: File that should have been deleted in CHK-5460 (rev 12140)
12177: Fix failing FS Deployment Tests since introduction of transaction check advice.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12507 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
9241: Merged V2.2 to V2.9
9119: Merged V2.1 to V2.2
8671: Fix for AR-2221 - JavaScript scriptable Map objects recursively converted to Freemarker accessable maps
9256: Merged V2.2 to V2.9
9100: Merged V2.1 to V2.2
8728 <Not required>: Latest AMP changes for AR-2212
8731: Faster content store cleaner
8738: Fix for AWC 1930 - support simple bind when building DNs that contain a comma
8835: Fix regression issue as discussed in ACT 2019
8861: Fix WCM-1158
8866: Fixed AR-2272: Module Management Tool distribution is broken
8872: Fixed distribution of benchmark executable jar after EHCache upgrade
8933: Fix for ACT-2469
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9260 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
8146: Interim checkin for Oracle upgrade scripts.
8150: AR-1905
8151: AR-1956
8152: Correct I18N when reporting patch description
8153: QName script for Oracle along with fixes for unique constraints on assoc tables
8155: Upgrade scripts for Oracle V2.2 - almost there
8164: AWC-1633: Unable to edit rule added via web service
8166: V2.2 upgrade scripts for MySQL and Oracle
8170: AWC-1515: E-mail doesn't reach user's mail box, if it was created with the help of templates
8174: Fix for AWC-798
8180: Fix for AWC-1843
8183: Fixes for different unique index names on alf_child_assoc
8189: AWC-1719: Need to alllow Rules to account for a space being deleted
8249: Fixed handling of empty namespaces on Oracle
8259: Fixes for null namespaces in QName
8360: Modified alf_audit_date columns and added patch
8404: Fix AR-2133: Fix handling of empty namespaces during upgrade
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8481 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
6466: Xml metadata. Support for pulling collections of values from XML
6470: Fix for AWC-1321 - Using zero as items per page gives error for Alfresco repos in OpenSearch
6471: Fix for AWC-1496 - OpenSearch dashlet can get in a state where search queries are not executed
6472: Fix for AWC-1495. Searching additional attributes now working correctly for folders.
6473: Fix for AR-1251 (Version error when saving new content via CIFS)
6474: Updated bundles and installers - added missing files back into Linux bundle
6475: LDAP and chainging authentication
Resolved conflicted state of 'root\projects\repository\source\java\org\alfresco\repo\security\authentication\AuthenticationUtil.java'
6477: XForms WCM-696.
6478: Fix for WCM-567 (IndexOutOfBoundsException when stepping through wizard rapidly)
6480: Fix to issue when removing locks on directories.
6481: Updated installer and config wizard to fix download option and config behaviour when called from installer.
6482: Fix for WCM-1229 (properties sheet does not refresh)
6483: Fix for AR-1511
6484: Fix for AR-1351
6485: Missed a unit test update
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6737 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@5141 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@51352 .
- FLOSS
- Some files will need a follow-up
-root/projects/repository/source/java/org/alfresco/repo/avm/wf/AVMRemoveWFStoreHandler.java (not yet on HEAD: 5094)
-root/projects/repository/source/java/org/alfresco/filesys/server/state/FileStateLockManager.java (not yet on HEAD: 5093)
-onContentUpdateRecord (not on HEAD)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5167 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Fixed parsing of locale string to use I18NUtil.parseLocale and not Locale constructor
- Fixed type conversion of properties returned from MLPropertyInterceptor's directNodeService
- Fixed handling of ALL_LANGUAGES filter selection
- Fixed MultilingualContentService NPE when checking for duplicate locales
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5007 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Web Client support for changing content filter language
- I18NUtil support for contentLocale
- MLPropertyInterceptor handling of properties inbound and outbound
TODO:
- Is new Locale("") valid?
- Some more tests to ensure property interceptor is working
- Move interceptor into .sample config file
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5003 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Deleting the Guest Home space no longer means an exception occurs when any user attempts a Guest login
- The "go direct to login page url" workaround is no longer required
- A redirection to the login page occurs automatically if the Guest Home space is deleted and a warning output to the console
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4907 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Storing of "inPortal" flag in a Threadlocal
- No longer invalidate portlet session on logout - clear session by hand instead
- Makes it easier to integrate with other JSR-168 vendors such as Liferay
. Added the current template NodeRef to the default templating model
- Accessable as an object in the root of the templating model called "template"
. Added the current script NodeRef to the default scripting model
- Accessable as a root scope object called "script"
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2934 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
. Fix to image resolver for TemplateContentServlet
. Minor improvement to CommandServlet interfaces as per wiki docs
. Minor fix to date field format in RSS2.0 template (thanks Mike!)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2685 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
. Fix of UserTransaction handling in AuthenticationHelper - very noticable when Guest access fails on older (pre 1.2) databases
. Refactoring of all servlet authentication patterns to be consistent and use a helper so all support Guest and Ticket arguments
. Fix to external URL generation on Document and Space Details pages
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2214 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
. Fixes to document/space details screen when expanding/collapsing the Links panel
. Fix to Saved Searches to handle AuthenticationException for Guest user access to saved searches folder
. Fix to New User and Edit Password dialogs to fire text changed events when paste is used to fill in form fields
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2164 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
