inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
00e96d08251ea373359cee2a2ddf5dba2dd6241d
alfresco-community-repo/config/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication-context.xml
Derek Hulley 47b45d9ee1 PersonService and AuthenticationDao changes 
- Clean up javadocs (remove uncommented parameters and fix method comments)
 - ALF-8996: Administrator users can disable themselves
   - Administrator users cannot be disabled (the repo ignores the request)
   - Administrator users cannot expire, be locked; they remain active no matter what
   - UI attempts to disable admin but the request just does nothing (UI could gray it out, I suppose)
 - (ALF-8805) ALF-9056: RINF 40: Fix XPath query to use selectNodes
   - Final (Team-introduced) Lucene query in PersonServiceImpl
   - Cleanup and better tests
   - Unit test template retrieval for user notification (not easy via UI)


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@28528 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2011-06-22 19:51:46 +00:00

158 lines
7.6 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="authenticationDao">
<ref bean="authenticationDao" />
</property>
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="allowGuestLogin">
<value>${alfresco.authentication.allowGuestLogin}</value>
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="transactionService">
<ref bean="transactionService" />
</property>
<!-- -->
<!-- A list of default users with admin rights. -->
<!-- -->
<!-- If the security framework is case sensitive these values should -->
<!-- be case sensitive user names. If the security framework is not -->
<!-- case sensitive these values should be the lower-case user names. -->
<!-- -->
<!-- By default this includes: -->
<!-- admin (the user name of default alfresco admin user) -->
<!-- administrator (the windows default admin user) -->
<!-- -->
<!-- This assumes that user names are not case sensitive. -->
<!-- -->
<property name="defaultAdministratorUserNames">
<set>
<value>${alfresco_user_store.adminusername}</value>
<value>administrator</value>
</set>
</property>
<!-- -->
<!-- A list of default users acting as guests. -->
<!-- -->
<!-- By default this includes: -->
<!-- guest (the user name of default alfresco guest user) -->
<!-- -->
<!-- This assumes that user names are not case sensitive. -->
<!-- -->
<property name="defaultGuestUserNames">
<set>
<value>${alfresco_user_store.guestusername}</value>
</set>
</property>
</bean>
<!-- Wrapped version to be used within subsystem -->
<bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<list>
<value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
<value>org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator</value>
</list>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationComponent" />
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService" ref="nodeService" />
<property name="authorityService" ref="authorityService" />
<property name="tenantService" ref="tenantService" />
<property name="namespaceService" ref="namespaceService" />
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="policyComponent" ref="policyComponent" />
<property name="authenticationCache" ref="authenticationCache" />
</bean>
<!-- Authentication service for chaining -->
<bean id="localAuthenticationService" class="org.alfresco.repo.security.authentication.MutableAuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDao" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent" />
</property>
<property name="sysAdminParams">
<ref bean="sysAdminParams" />
</property>
</bean>
<!-- CIFS authentication -->
<bean id="cifsAuthenticator" class="org.alfresco.filesys.auth.cifs.EnterpriseCifsAuthenticator" parent="cifsAuthenticatorBase">
<property name="active">
<value>${alfresco.authentication.authenticateCIFS}</value>
</property>
</bean>
<!-- -->
<!-- The Acegi authentication manager. -->
<!-- -->
<!-- Provders are asked to authenticate in order. -->
<!-- First, is a provider that checks if an acegi authentication object -->
<!-- is already bound to the executing thread. If it is, and it is set -->
<!-- as authenticated then no further authentication is required. If -->
<!-- this is absent, Acegi validates the password for every method -->
<!-- invocation, which is too CPU expensive. If we set an -->
<!-- authentication based on a ticket etc .... or we want to set the -->
<!-- the system user as the current user ... we do not have the -->
<!-- password. So if we have set an authentication and set it as -->
<!-- authenticated that is sufficient to validate the user. -->
<!-- -->
<!-- If the authentication bound to the current thread is not set as -->
<!-- authenticated the standard Acegi DAO Authentication provider -->
<!-- is used to authenticate. -->
<!-- -->
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="authenticatedAuthenticationPassthroughProvider" />
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<!-- We provide a DAO to plug into the Acegi DaoAuthenticationProvider -->
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao">
<ref bean="authenticationDao" />
</property>
<property name="saltSource">
<ref bean="saltSource" />
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
<!-- The DAO also acts as a salt provider. -->
<alias alias="saltSource" name="authenticationDao" />
</beans>
Reference in New Issue View Git Blame Copy Permalink