15090: Records Management Read Permissions (parts of MOB-747, MOB-815) NOTE =>RM NOW HAS READ ACCESS ENFORCEMENT
- permission model
- DM and RM ignore each other for permissions - they are mutually exclusive
- Read access enforcement (no write enforcement other than read)
- Rolled caveat enforcement into acegi voter implementation and afterInvocation implementation
- updated model with mandatory filePlanComponent aspect
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15111 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Fixed parsing of timestamps
- Fixed resolution of group members
- Shared Spring configuration with ldap subsystem
- Authentication still only supported with DIGEST-MD5 binding enabled - chain with passthru authentication otherwise
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14934 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- synchronization.syncWhenMissingPeopleLogIn
- synchronization.autoCreatePeopleOnLogin
When both are false you can now cause users who your LDAP sync doesn't bring in to be rejected (seems to be a requirement)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14814 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- migration patch uses non-public authority service
- root authority query ignores deleted nodes
- avoid exception for getContainingAuthorities("System")
- update unit test to cope with corrected EMAIL_CONTRIBUTORS group and slight difference in behaviour with root authorities
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14609 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- An authentication chain of size 1 configured by default
- DefaultChildApplicationContextManager supports dynamic configuration of the authentication chain via Spring or JMX. Any number of instances of any type allowed in chain.
- SubsystemChainingAuthenticationComponent and SubsystemChainingAuthenticationService iterate across configured chain for Authentication
- SSO (NTLM / Kerberos) and CIFS authentication independently activatable for any component in chain (where supported).
- SubsystemChainingProxyFactory used to proxy directly to first active CIFS authenticator or SSO filter in the chain
- CIFS server knows not to bother starting if authentication chain doesn't have an active CIFS authenticator (e.g. LDAP only)
- Rationalization of subsystem configuration folder structure and JMX object naming
- Classpath based extension mechanism for community edition - alfresco/extension/subsystems/<category>/<typeName>/<id>/*.properties in classpath can be used to configure specific subsystem instances
- Simplification of JMX infrastructure. No longer Spring bean definition based, thus allowing dynamic creation/registration of new instances at runtime.
- New AuthenticationChainTest unit test
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- PassthruServerFactory created to allows PassthruServers singleton to be shared by CIFS, FTP and Alfresco passthru authenticators
- Also added NTLM + Alfresco (non-passthru) example. Doesn't seem to work yet!
- ExtendedServerConfigurationAccessor interface added BaseSSOAuthenticationFilter to get at local server name info from file server configuration
- toString() added to CIFSAuthenticator so that we can still properly log the authenticator type
- Fixed WebDAVServlet to go through ServerConfigurationAccessor interface to avoid ClassCastException
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13823 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Bug fix invitation service was approving too many invitations!
Implemented security rules for who is allowed to cancel a moderated invitation.
Continuing implementation of group authority scripts.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13815 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13659: Fix NTLMAuthenticationFilter to call super.afterPropertiesSet()
13658: MOB-424: Utility to Dump JMX Data
- new enterprise distributable jmx-dumper.jar
- command line invocation via "java -jar jmx-dumper.jar"
- admin web access via http://localhost:8080/alfresco/faces/jsp/admin/jmx-dumper.jsp
13575: Preconfigured authentication stacks for alfresco, LDAP, Kerberos and NTLM. TODO: file server config.
13493: Initial work to enable selection, configuration, testing and hot-swapping of different authentication subsystems via JMX or admin UI.
13309: Changes to allow datasource and property configuration via JNDI
- Move AVM catalina .jars into 3rd-party/lib/virtual-tomcat so that they don't get automatically included in the .war file and hence stop JNDI lookups from working
- Allow JNDI lookup of datasource – use standard app server mechanisms for managing it but still fall back to 'normal' one
- Allow properties to be overridden by JNDI env-entries as well as system properties. Including hibernate dialect ones. Web.xml can then declare required env-entries and these can be defined on deployment.
- Rewire iBatis so that no config file edits are necessary when dialect is changed
- Use proxy around datasource so that auto-commit is always activated for iBatis
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13668 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13424: ETHREEOH-1242: Sample LDAP authentication config breaks site invites in Share
13427: Fixes for ETHREEOH-1157: Propagate exceptions using ReportedException
13428: Fix ETHREEOH-1493: Upgrade from 2.1-A to 3.1 uses incorrect patch id and fixes_to_schema
13429: Specific fix for ETHREEOH-1157: duplicate/triplicate users not properly prohibited
13436: Merged V2.2 to V3.1
13435: Merged V2.1 to V2.2
12307: Merged DEV/V2.1SP7 to 2.1
11927: ETWOONE-396
12112: ETWOONE-396
13437: Fixed ETHREEOH-1498: Mismatched closing XML tag in ehcache-custom.xml.sample.cluster
13439: Fix for ETHREEOH-1157: JSF Dialogs Absorbing Exceptions
13456: Fixed ETHREEOH-1472: Changes to systemBootstrap cause bootstrapping ACP's not to work
13469: Upgrade patch to update internal version2Store counter (follow-on fix for ETHREEOH-1540)
13491: Chaining example for DOC-84
13492: Fixed paths in zip file
13494: Fixed GenericBootstrapPatch when overriding bootstrap views
13495: Added @version javadoc
13496: Minor logging updates
13497: Fixed ETHREEOH-1431: Authentication case sensitivity switch doesn't work
13500: Temporary fix for Sharepoint issue raised last week
13502: ETHREEOH-1575: It's impossible to create Change Request task
13511: Fix for ETHREEOH-1549: Impossible to create HTML web content
13529: Fix for ETHREEOH-1595
13531: Fix for ETHREEOH-1607: Error on chaining example xml - malformed comment
13537: Build fix ... exclude the system user from auto creation
13538: Build Fix - further contraints to aviod auto-creation of guest
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V2.1:r12307
Merged /alfresco/BRANCHES/V2.2:r13435
Merged /alfresco/BRANCHES/V3.1:r
13424,13427-13429,13436-13437,13439,13442-13450,13452,13454-13456,
13469-13473,13475-13476,13479-13480,13491-13500,13502,13511,13529-13538
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13619 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13218: Partial fix for ETHREEOH-1259 - the null pointer exceptions are gone to be replaced by sensible error messages.
13220: Merged V3.0 to V3.1
13219: Build Fix for error in hand merge of r13141 from V2.2 to V3.0
13226: Clearer debugging of exceptions during NodeService cleanup
13228: ETHREEOH-1250
13229: Fix for ETHREEOH-1184: Share webscript configuration does not support international chars as values
13235: Add support to exclude admin and guest from person permission fix ups. Tidy up for ETHREEOH-1239
13239: Build Fix
13243: ETHREEOH-1308: Update AMPs to indicate unsupported status
13247: Build fix - do not delete admin :-)
13248: Fix build
13254: Fix for ETHREEOH-1351: Schemas containing an enumeration with an empty string ...
___________________________________________________________________
Modified: svn:mergeinfo
Merged /alfresco/BRANCHES/V3.0:r13219
Merged /alfresco/BRANCHES/V3.1:r13218-13220,13224,13226-13229,13231-13232,13234-13237,13239,13241,13243-13248,13250,13252-13254
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13612 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
