17475: ETHREEOH-3295: Fix to AuthorityMigrationPatch
- Forces transaction retry if worker thread reaches child authority before a parent authority
- Tested on Kev's 3.1.1 repository with ~20,000 bulk loaded users and ~2,000 Share sites
- Now completes in 5 minutes as opposed to 45
17461: ETHREEOH-3268: Added MutableAuthenticationService.isAuthenticationCreationAllowed () to allow conditional display of external user invitation UI
17450: ETHREEOH-2762: Correction to previous fix. Do not generate new name when working copy copied back on check in.
17440: ETHREEOH-3295: Fixed logging in FixNameCrcValuesPatch
17439: ETHREEOH-2762: Improved behaviour when a working copy is copied
- Working copy aspect already removed the working copy aspect on copy
- Now derives a new name from the node checked out from and a UUID, preserving the extension
17438: ETHREEOH-2690: Fix sequencing of jgroups system property setting
- declared dependency between internalEHCacheManager and jgroupsPropertySetter
17436: ETHREEOH-3295: Further performance improvements to AuthorityMigrationPatch
- authority created at same time as all its parent associations to save lots of reindexing, as per LDAP sync
- multi-threaded BatchProcessor (as used by LDAP sync, FixNameCrcValuesPatch) used to process work in 2 threads in batches of 20, report progress every 100 entries and handle transaction retries
- BatchProcessor now promoted to its own package
17394: Fix for license issue in local enterprise builds.
- Replace Community with Enterprise in version.properties during enterprise war building
17365: ETHREEOH-3229: Visited and fixed all SearchService result set leaks
17362: ETHREEOH-3254: Eliminate needless ping to LDAP server in LDAPAuthenticationComponentImpl.implementationAllowsGuestLogin()
17348: ETHREEOH-3003: Fix NPE in Hyperic when LicenseDescriptor has null fields
17316: Merged V3.1 to V3.2
17315: ETHREEOH-3092: PersonService won't let you create duplicate persons anymore.
17314: ETHREEOH-3158: Fix RepoServerMgmt to work with external authentication methods
- AuthenticationService.getCurrentTicket / getNewTicket now call pre authentication check before issuing a new ticket, thus still allowing ticket enforcement when external authentication is in use.
17312: ETHREEOH-3219: Enable resolution of JMX server password file path on JBoss 5
17299: Merged V3.2 to V3.1 (Record only)
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17297: ETHREEOH-1593: Changed name of username cookie and fixed login.jsp to decode it properly
- thanks Kev!
17292: ETHREEOH-1842: Ticket association with HttpSession IDs tracked so that we don't invalidate a ticket in use by multiple sessions prematurely
- AuthenticationService validate, getCurrentTicket, etc. methods now take optional sessionId arguments
17269: Fix failing unit test
- reinstate original behaviour of AbstractChainingAuthenticationService.getAuthenticationEnabled()
17268: Fix InvitationService
- Runs as system to do privileged AuthenticationService actions
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18105 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17246: ETHREEOH-3208: User profiles for users authenticated by immutable subsystems are now read only
- Introduced MutableAuthenticationService interface, only implemented by Alfresco native authentication service
- Split out those methods from AuthenticationService that mutate the user store and added isAuthenticationMutable()
- Now both Alfresco Explorer and Share user profile / password edit link rendering is conditional on isAuthenticationMutable
- Works with authentication chain containing mixture of internally and externally authenticated users
17247: Fix failing unit tests
- rm-public-services-security-context.xml needed to be brought in line with public-services-security-context.xml (and will forever more!)
17248: ETHREEOH-1593: alfUser cookie value should be base 64 encoded to allow for non-ASCII characters
17253: *RECORD ONLY* ETHREEOH-2885: web.xml must conform to the schema to work on JBoss
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18098 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17667: Branch for SpringSurf integration - from HEAD r17665
17668: Fix to ensure included scripts files are not loaded from a cached classpath loader.
17670: Part 1 of SpringSurf integration - changes relating to spring-surf-core-1.0.0.CI-SNAPSHOT.jar
17674: Part 2 of SpringSurf integration - changes relating to spring-surf-core-configservice-1.0.0.CI-SNAPSHOT.jar
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
17462: ETHREEOH-3346: New meaning to synchronization.synchronizeChangesOnly property
- In the LDAP sync performance optimizations we always used the differential queries to determine the users and groups to be updated. Deletions were determined by a separate query.
- This meant that if you ever did want to force the update of all users it wasn't possible.
- So now when the flag is false it means don't use differential queries in the scheduled sync job.
- The scheduled job now processes deletions regardless.
- The default value for the property is now true.
17431: ETHREEOH-3274: Refix NTLM support for share
- Fixed NPE introduced by ETHREEOH-2767
- Made web.xml validate against schema for JBoss
- Reintroduced missing open comment in webscript-framework-config-custom.xml.sample
17426: ETHREEOH-2997: Fix ticket parameter passing into NTLM/Kerberos WebDAV authentication filters
- A NPE was stopping it from working
17425: ETHREEOH-3282: Fixed NPE preventing upload from working with NTLM SSO enabled
17368: ETHREEOH-3197: Use utf8_bin collation in MySQL out of the box to avoid problems with comparison of accented characters
17361: ETHREEOH-3276: Don't attempt to start an LDAP sync when the repository is read only
17347: ETHREEOH-3206: Fix LocalFeedTaskProcessor to work with JBoss 5
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@17464 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16062: ETHREEOH-2792: Support login via external SSO systems (such as CAS) in Alfresco Share
- In Alfresco, new "external" authentication subsystem maps user identity from HttpServletRequest.getRemoteUser() or configured header
- In Share, the UserFactory also recognizes HttpServletRequest.getRemoteUser() - no special filters required
- User ID propagated to Alfresco through X-Alfresco-Remote-User HTTP header
- This can be done securely via the use of an SSL client certificate that identifies the Share application to Alfresco as a special 'proxy' user
- New <keystore> section added to webscript-framework-config that allows specification of the keystore holding the client certificate and trusted CAs
- Support for SSL authentication and propagation of Cookies through redirects added to RemoteClient so that initial redirects through sign on pages are supported
- TODO: Wiki
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16065 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15495: ETHREEOH-2149: Fix up setting of the content language filter in all authentication filters
- Some new thread initialization was added to AuthenticationHelper concerning setting the locale for MLText properties
- Unfortunately this was not propagated to the more exotic authentication filters
- Now all web client authentication filters use shared code in AuthenticationHelper
- Retired the NovellIChainsHTTPRequestAuthenticationFilter because it was broken and can be replaced by the superior HTTPRequestAuthenticationFilter
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15735 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13409: Fix for ETHREEOH-1337 - to escape query characters in Site/People service filter methods.
13410: Fix for ETHREEOH-1272 - another missing pager control.
13425: Italian lang pack for TinyMCE editors. Fixes ETHREEOH-1491.
13430: Fix for ETHREEOH-1488.
Also IDs added to a couple of pagers - not causing a bug, but completes the pager fixes.
13464: Fix for ETHREEOH-1474 - now possible to use NTLM auth with Alfresco and SURF apps hosted in same app-server with same user browser session in different tabs.
Added additional NTLM filter debugging info for Session ID.
13483: Fix for ETHREEOH-1547 - System error happens when trying to create any Web Project.
Also fixes issue where webproject FormImpl objects did not deserialize correctly due to unsafe service call usage in constructor.
13501: Fix for ETHREEOH-965 - disallow guest login until explicit Guest support is added to Share.
13507: Fix for ETHREEOH-1586 - language selectable at login working again.
13512: Fix for ETHREEOH-1522 - wiki RSS feed template variable named incorrectly.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13598 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13084: Merged V2.1-A to V3.1
7984: *RECORD-ONLY* Final part of fix for ACT 819, by default the web-client now generates WebScript content download API based URLs to allow relative paths to be resolved in HTML content files
13086: Merged V2.1-A to V3.1
7986: *RECORD-ONLY* Additional for ACT 819, View In Browser details page links and cm:link objects to content now output Content API webscript urls
13090: Merged V2.1-A to V3.1
7986: Language locale auto-selection based on browser locale - see ACT 1053
NOTE: a web-client-config setting has been added to enable this - it is off by default.
13093: Merged V2.1-A to V3.1
8255: Filetypes and PanelGenerator enhancements
13094: Merged V2.1-A to V3.1
8547: Branding changes from Mike [just filetypes merged]
13095: Merged V2.1-A to V3.1
8555: Webdav path support for ExternalAccessServlet browse navigation
13103: Merged V2.1-A to V3.1
8592: Fix for login page issue with language locale auto-selection - see ACT 1053
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13559 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12140: Merged V2.2 to V3.0
11732: Fixed ETWOTWO-804: Node and Transaction Cleanup Job
11747: Missed config for Node and Txn purging
11826: WCM - fix ETWOTWO-817
11951: Fixed ETWOTWO-901: NodeService cleanup must be pluggable
11961: Merged V2.1 to V2.2
11561: ETWOONE-224: when renaming duplicates during copy association names where not renamed
11583: (ALREADY PRESENT) Updated NTLM config example in web.xml - adding missing servlet mappings
11584: Fix for ETWOONE-209 - JavaScript People.createGroup() API now correctly checks for actual group name when testing for existence
11585: Fix for ETWOONE-214 - View In CIFS link now works even when users des not have view permissions on the parent folder
11612: Fix for ETWOONE-91: the description textarea in the modify space properties web form eats one leading newline each time it is submitted
11613: Fix 2.1 build and adjust implementation of ETWOONE-224 fix
11621: Fix for ETWOONE-343
11669: Improved debug from index tracking when exceptions occur
12141: Avoid annoying Spring WARN messages for ClientAbortException
12143: File that should have been deleted in CHK-5460 (rev 12140)
12177: Fix failing FS Deployment Tests since introduction of transaction check advice.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12507 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
9241: Merged V2.2 to V2.9
9119: Merged V2.1 to V2.2
8671: Fix for AR-2221 - JavaScript scriptable Map objects recursively converted to Freemarker accessable maps
9256: Merged V2.2 to V2.9
9100: Merged V2.1 to V2.2
8728 <Not required>: Latest AMP changes for AR-2212
8731: Faster content store cleaner
8738: Fix for AWC 1930 - support simple bind when building DNs that contain a comma
8835: Fix regression issue as discussed in ACT 2019
8861: Fix WCM-1158
8866: Fixed AR-2272: Module Management Tool distribution is broken
8872: Fixed distribution of benchmark executable jar after EHCache upgrade
8933: Fix for ACT-2469
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9260 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
8146: Interim checkin for Oracle upgrade scripts.
8150: AR-1905
8151: AR-1956
8152: Correct I18N when reporting patch description
8153: QName script for Oracle along with fixes for unique constraints on assoc tables
8155: Upgrade scripts for Oracle V2.2 - almost there
8164: AWC-1633: Unable to edit rule added via web service
8166: V2.2 upgrade scripts for MySQL and Oracle
8170: AWC-1515: E-mail doesn't reach user's mail box, if it was created with the help of templates
8174: Fix for AWC-798
8180: Fix for AWC-1843
8183: Fixes for different unique index names on alf_child_assoc
8189: AWC-1719: Need to alllow Rules to account for a space being deleted
8249: Fixed handling of empty namespaces on Oracle
8259: Fixes for null namespaces in QName
8360: Modified alf_audit_date columns and added patch
8404: Fix AR-2133: Fix handling of empty namespaces during upgrade
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8481 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
6466: Xml metadata. Support for pulling collections of values from XML
6470: Fix for AWC-1321 - Using zero as items per page gives error for Alfresco repos in OpenSearch
6471: Fix for AWC-1496 - OpenSearch dashlet can get in a state where search queries are not executed
6472: Fix for AWC-1495. Searching additional attributes now working correctly for folders.
6473: Fix for AR-1251 (Version error when saving new content via CIFS)
6474: Updated bundles and installers - added missing files back into Linux bundle
6475: LDAP and chainging authentication
Resolved conflicted state of 'root\projects\repository\source\java\org\alfresco\repo\security\authentication\AuthenticationUtil.java'
6477: XForms WCM-696.
6478: Fix for WCM-567 (IndexOutOfBoundsException when stepping through wizard rapidly)
6480: Fix to issue when removing locks on directories.
6481: Updated installer and config wizard to fix download option and config behaviour when called from installer.
6482: Fix for WCM-1229 (properties sheet does not refresh)
6483: Fix for AR-1511
6484: Fix for AR-1351
6485: Missed a unit test update
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6737 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@5141 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@51352 .
- FLOSS
- Some files will need a follow-up
-root/projects/repository/source/java/org/alfresco/repo/avm/wf/AVMRemoveWFStoreHandler.java (not yet on HEAD: 5094)
-root/projects/repository/source/java/org/alfresco/filesys/server/state/FileStateLockManager.java (not yet on HEAD: 5093)
-onContentUpdateRecord (not on HEAD)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5167 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Fixed parsing of locale string to use I18NUtil.parseLocale and not Locale constructor
- Fixed type conversion of properties returned from MLPropertyInterceptor's directNodeService
- Fixed handling of ALL_LANGUAGES filter selection
- Fixed MultilingualContentService NPE when checking for duplicate locales
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5007 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Web Client support for changing content filter language
- I18NUtil support for contentLocale
- MLPropertyInterceptor handling of properties inbound and outbound
TODO:
- Is new Locale("") valid?
- Some more tests to ensure property interceptor is working
- Move interceptor into .sample config file
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5003 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Deleting the Guest Home space no longer means an exception occurs when any user attempts a Guest login
- The "go direct to login page url" workaround is no longer required
- A redirection to the login page occurs automatically if the Guest Home space is deleted and a warning output to the console
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4907 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Storing of "inPortal" flag in a Threadlocal
- No longer invalidate portlet session on logout - clear session by hand instead
- Makes it easier to integrate with other JSR-168 vendors such as Liferay
. Added the current template NodeRef to the default templating model
- Accessable as an object in the root of the templating model called "template"
. Added the current script NodeRef to the default scripting model
- Accessable as a root scope object called "script"
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2934 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
. Fix to image resolver for TemplateContentServlet
. Minor improvement to CommandServlet interfaces as per wiki docs
. Minor fix to date field format in RSS2.0 template (thanks Mike!)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2685 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
. Fix of UserTransaction handling in AuthenticationHelper - very noticable when Guest access fails on older (pre 1.2) databases
. Refactoring of all servlet authentication patterns to be consistent and use a helper so all support Guest and Ticket arguments
. Fix to external URL generation on Document and Space Details pages
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2214 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
. Fixes to document/space details screen when expanding/collapsing the Links panel
. Fix to Saved Searches to handle AuthenticationException for Guest user access to saved searches folder
. Fix to New User and Edit Password dialogs to fire text changed events when paste is used to fill in form fields
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2164 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
