16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
16092: ETHREEOH-2800: org.alfresco.repo.jscript.People should use AuthenticationService rather than the MutableAuthenticationDAO or otherwise it won't work in an authentication chain.
16094: ETHREEOH-2800: The same for org.alfresco.repo.template.People
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16095 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
15657: ETHREEOH-2638: Admin and guest users duplicated after upgrade to v3.2. Cannot delete duplicates due to missing authentication.
- Split out alfrescoAuthorityStoreDefaultMembers.xml, only loaded on initial bootstrap so that admin and guest users not duplicated
- Modified org.alfresco.repo.jscript.People and org.alfresco.web.bean.users.UsersDialog so that person deletion doesn't fail if internal authentication information doesn't exist
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15658 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Username and password field length checks based on config values (ALFCOM-2907, ETHREEOH-1199)
- Password checked against Validate Password field on Create and Update of a user (ALFCOM-2913, ALFCOM-2922)
- Fix to recently broken script People API - attempting to create a user with a username that already exists did not return null but instead throw an exception (ALFCOM-2921)
- Field validation correctly trims fields before validation (ALFCOM-2920)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14663 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!)
14586: Use US spelling of synchronization in filenames for consistency
14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users.
14583: Unit test for ChainingUserRegistrySynchronizer
14571: Migration patch for existing authorities previously held in users store
- Uses AuthorityService to recreate authorities in spaces store with new structure
14555: Authority service changes for LDAP sync improvements
- Moved sys:authorities container to spaces store
- All authorities now stored directly under sys:authorities
- Authorities can now be looked up directly by node service
- Secondary child associations used to model group relationships
- 'Root' groups for UI navigation determined dynamically by node service query
- cm:member association used to relate both authority containers and persons to other authorities
- New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones
- Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync
14524: Dev branch for finishing LDAP zones and upgrade impact
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- changePassword(string oldpw, string newpw) - changes password for the current user only, old password must be supplied
- setPassword(string userName, string password) - set the password for the given user - only executable by an admin user
Fix up and clean up of my-sites.get.js so that IMAP favorites are only retrieved if the IMAP server is enabled
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14280 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- Can create new users - no form validation etc. yet.
- User password is set.
ChangePassword webscript improved to support admin user setting a user password without knowing the old one.
JavaScript People API fixes.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14097 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Repository JavaScript API now supports getting/setting user account enabled status (admin authority required).
Repository Template API now supports retrieving user account enabled status.
Fixed up line endings on template-services-context.xml.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13884 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- due to a problem with the Enter key handler - would sometimes "disappear"
People search REST API now allows search for all people again with empty filter arg
Removal of unused fields in People Finder results
Removal of 'title' field from People REST API results JSON template - never applied to cm:person!
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13753 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
13409: Fix for ETHREEOH-1337 - to escape query characters in Site/People service filter methods.
13410: Fix for ETHREEOH-1272 - another missing pager control.
13425: Italian lang pack for TinyMCE editors. Fixes ETHREEOH-1491.
13430: Fix for ETHREEOH-1488.
Also IDs added to a couple of pagers - not causing a bug, but completes the pager fixes.
13464: Fix for ETHREEOH-1474 - now possible to use NTLM auth with Alfresco and SURF apps hosted in same app-server with same user browser session in different tabs.
Added additional NTLM filter debugging info for Session ID.
13483: Fix for ETHREEOH-1547 - System error happens when trying to create any Web Project.
Also fixes issue where webproject FormImpl objects did not deserialize correctly due to unsafe service call usage in constructor.
13501: Fix for ETHREEOH-965 - disallow guest login until explicit Guest support is added to Share.
13507: Fix for ETHREEOH-1586 - language selectable at login working again.
13512: Fix for ETHREEOH-1522 - wiki RSS feed template variable named incorrectly.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13598 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
12140: Merged V2.2 to V3.0
11732: Fixed ETWOTWO-804: Node and Transaction Cleanup Job
11747: Missed config for Node and Txn purging
11826: WCM - fix ETWOTWO-817
11951: Fixed ETWOTWO-901: NodeService cleanup must be pluggable
11961: Merged V2.1 to V2.2
11561: ETWOONE-224: when renaming duplicates during copy association names where not renamed
11583: (ALREADY PRESENT) Updated NTLM config example in web.xml - adding missing servlet mappings
11584: Fix for ETWOONE-209 - JavaScript People.createGroup() API now correctly checks for actual group name when testing for existence
11585: Fix for ETWOONE-214 - View In CIFS link now works even when users des not have view permissions on the parent folder
11612: Fix for ETWOONE-91: the description textarea in the modify space properties web form eats one leading newline each time it is submitted
11613: Fix 2.1 build and adjust implementation of ETWOONE-224 fix
11621: Fix for ETWOONE-343
11669: Improved debug from index tracking when exceptions occur
12141: Avoid annoying Spring WARN messages for ClientAbortException
12143: File that should have been deleted in CHK-5460 (rev 12140)
12177: Fix failing FS Deployment Tests since introduction of transaction check advice.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12507 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
11943: Fix for ETHREEOH-879 & ETHREEOH-783: Multi-valued properties not allowed in Alfresco 3.0 (due to java.lang.UnsupportedOperationException)
11944: Fix for ETHREEOH-865
11947: Build fix for site service unit test failures. This will be reviewed since it works round the issue rather than tackle why runAs is now failing.
11952: ETHREEOH-845, ETHREEOH-871, ETHREEOH-853, ETHREEOH-839
11953: ETHREEOH-483 Unable to upload files [with Flash 10 installed] Fixed to fit into yui 2.6.0
11954: Added missing 'protocolOrder' configuration value.
11956: Fix for ETHREEOH-895
11957: Fix for ETHREEOH-891.
11958: Readded generated source line for RemoteAPI project.
11959: ETHREEOH-483 Unable to upload files [with Flash 10 installed] Missed to add this image
11960: Removed JDK6 specific method.
11962: Fixed missing setup of the share mapper class name when the <class> config tag is used. ALFCOM-2060.
11964: fix for ETHREEOH-266 - restrict length of webapp to 150 chars.
11965: Merged 2.2 to 3.0
11926: Fox for ETHREEOH-725 User doesn't receive email to his box when rule 'Send an Email to specified users' is created
11966: ETHREEOH-872: Editing Email-notify-rules fails w/ ClassCastException
11967: MT - test fixes (post runAs merge)
11968: Changed Windows x64 NetBIOS warning message to be a debug message. ETHREEOH-897.
11971: ETHREEOH-829 Case issue when inserting Document Share links into a discussion using richtext editor
11973: Fix for ETHREEOH-890 - users with apostrophe in their login name can now login to Alfresco Explorer (and Share).
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12490 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- TBD: read only view (which will be the initial view), Save Changes, Upload photo.
Alfresco Share logo added to slingshot header area.
Improvements to user meta-data retrieval to return content strings if content properties are found.
AlfrescoUserFactory now retrieves user bio property.
Enhanced FreeMarker template API - added method to test for content properties.
Enhanced script People API - added method to test for admin authority.
Changed User Dashboard default template to two column.
Removed some old files/folders no longer needed in slingshot.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9942 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Hightlights of check-in include:
- Introduction of script processor
- Neutralisation of script and template models
- The notion of a processor extension introduced
- Extensions applied to processor implementation rather than the services
- Auto selection of processor based on file extension of template or script
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5519 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
- similar pattern to existing script bean extension support
- new root model helper objects and custom methods can be added via spring configuration
Cleanup of script extension spring support
Fix to thread safety of configured script extension beans that use the Scopable interface
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5369 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
svn merge svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@5141 svn://svn.alfresco.com:3691/alfresco/BRANCHES/V2.0@51352 .
- FLOSS
- Some files will need a follow-up
-root/projects/repository/source/java/org/alfresco/repo/avm/wf/AVMRemoveWFStoreHandler.java (not yet on HEAD: 5094)
-root/projects/repository/source/java/org/alfresco/filesys/server/state/FileStateLockManager.java (not yet on HEAD: 5093)
-onContentUpdateRecord (not on HEAD)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5167 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
