mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
85c1b71826
16662: LDAP sync: improved group association filtering, referential integrity checking, deletion strategy and performance tuning of batch sizes
16648: ETHREEOH-2752: Improved ticket validation fix
- Invalidate user's tickets during person deletion rather than validation or it can mess up chained validation
16647: ETHREEOH-2534: Fixed Sharepoint NTLM authentication
- user details were never getting cached in the session
16579: Small improvement to LDAP error reporting
- Committed errors counted before successes in a logging interval
16515: LDAP sync performance
- Improved full sync strategy - run differential queries to work out required updates/additions and full queries to work out required deletions. Saves updating unchanged nodes.
- Use a TreeSet rather than a HashSet to gather group associations in an attempt to avoid blowing the heap size
16498: More LDAP performance improvements
- Uses thread pool with 4 worker threads and blocking queue to process returned results. The number of worker threads can be controlled by the synchronization.workerThreads property.
- Switched LDAP connection pooling back on again
- Group Associations processsed individually so that errors are collated and we get a better idea of their throughput
- Fixed potential bug. Group membership resolution done with isolated LDAP context to avoid cookies from paging creeping in.
16424: Try switching off LDAP connection pooling to see if it works better with our flaky server.
16414: Further LDAP fault tolerance
- Log causes of group member resolution failures where possible
16413: More fault tolerance for LDAP sync
- Always commit last sync times before overall sync is complete to avoid the 'forgetting' of differential sync information
- DN comparisons should be case insensitive to avoid issues resolving DNs to user and group IDs
16398: Improved monitoring and fault tolerance for LDAP sync
- When the batch is complete a summary of the number of errors and the last error stack trace will be logged at ERROR level
- Each individual error is logged at WARN level and progress information (including % complete) is collated and logged at INFO level after a configurable interval
- In the Enterprise Edition all metrics can be monitored in real time through JMX
- Sanity testing to be performed by Mike!
16319: Merged HEAD to V3.2
16316: ALFCOM-3397: JBoss 5 compatibility fix
- Relative paths used by LDAP subsystem configuration weren't being resolved correctly
- See also https://jira.jboss.org/jira/browse/JBAS-6548 and https://jira.springsource.org/browse/SPR-5120
16272: ETHREEOH-2752: Once more with feeling!
16261: ETHREEOH-2752: Correct exception propagation.
16260: ETHREEOH-2752: Fix ticket validation
- Current ticket was getting forgotten by previous fix
- Person validation in CHECK mode now done AFTER the current user is set, so that the current ticket is remembered
16243: ETHREEOH-2752: Improve ticket validation used by all authentication filters
- Now takes into account whether person actually exists or not
- Tickets for non-nonexistent persons are now considered invalid and cached session information is invalidated
- New BaseAuthenticationFilter superclass for all authentication filters
- Improved fix to ETHREEOH-2839: WebDAV user is cached consistently using a different session attribute from the Web Client
16233: ETHREEOH-2754: Correction to previous checkin.
- relogin for SSO authentication, logout for normal login page
- logout is default
16232: ETHREEOH-2754: Log Out Action outcome passed as a parameter
- relogin for SSO authentication, login for normal login page
- Means the log out link always leads to the correct place, even when the session has expired
- Also lowered ticket validation error logging to DEBUG level to avoid unnecessary noise in the logs from expired sessions
16220: ETHREEOH-2839: Fixed potential ClassCastExceptions when Alfresco accessed via WebDAV and Web Client links in same browser
- WebDAV side no longer directly casts session user to a WebDAVUser
- ContextListener no longer casts session user to web client user
- Web client side will 'promote' session user to a web client User if necessary via AuthenticationHelper
- All authentication filters made to use appropriate AuthenticationHelper methods
16211: ETHREEOH-2835: LDAP sync batches user and group deletions as well as creations
- Also improved logging of sync failures
16197: ETHREEOH-2782: LDAP subsystems now support search-based user DN resolution
- When ldap.authentication.userNameFormat isn't set (now the default) converts a user ID to a DN by running ldap.synchronization.personQuery with an extra condition tacked on the end to find the user by ID
- Structured directories and authentication by attributes not in the DN such as email address now supported
16189: ALFCOM-3283: Prevent errors when user accepts an invite when not logged in
- new isGuest attribute propagated to user object
- header component (used by accept-invite page) needs to avoid calling prefs and site webscripts for guest user
- Conditional stuff in header template changed to use user.isGuest
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16896 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
77 lines
3.0 KiB
XML
77 lines
3.0 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
|
|
|
|
<beans>
|
|
<!--
|
|
Job definition to import people and groups from one or more external user registries in the authentication chain
|
|
(e.g. LDAP directory)
|
|
-->
|
|
|
|
<bean id="syncTrigger" class="org.alfresco.util.CronTriggerBean">
|
|
<property name="jobDetail">
|
|
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
|
|
<property name="jobClass">
|
|
<value>org.alfresco.repo.security.sync.UserRegistrySynchronizerJob</value>
|
|
</property>
|
|
<property name="jobDataAsMap">
|
|
<map>
|
|
<entry key="userRegistrySynchronizer">
|
|
<ref bean="UserRegistrySynchronizer" />
|
|
</entry>
|
|
<entry key="synchronizeChangesOnly">
|
|
<value>${synchronization.synchronizeChangesOnly}</value>
|
|
</entry>
|
|
</map>
|
|
</property>
|
|
</bean>
|
|
</property>
|
|
<property name="cronExpression">
|
|
<value>${synchronization.import.cron}</value>
|
|
</property>
|
|
<property name="scheduler">
|
|
<ref bean="schedulerFactory" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- The chaining user registry synchronizer -->
|
|
<bean id="userRegistrySynchronizer" class="org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer">
|
|
<property name="syncWhenMissingPeopleLogIn">
|
|
<value>${synchronization.syncWhenMissingPeopleLogIn}</value>
|
|
</property>
|
|
<property name="syncOnStartup">
|
|
<value>${synchronization.syncOnStartup}</value>
|
|
</property>
|
|
<property name="autoCreatePeopleOnLogin">
|
|
<value>${synchronization.autoCreatePeopleOnLogin}</value>
|
|
</property>
|
|
<property name="authorityService">
|
|
<ref bean="authorityService" />
|
|
</property>
|
|
<property name="personService">
|
|
<ref bean="personService" />
|
|
</property>
|
|
<property name="attributeService">
|
|
<ref bean="attributeService" />
|
|
</property>
|
|
<property name="applicationContextManager">
|
|
<ref bean="Authentication" />
|
|
</property>
|
|
<property name="retryingTransactionHelper">
|
|
<ref bean="retryingTransactionHelper" />
|
|
</property>
|
|
<property name="jobLockService">
|
|
<ref bean="jobLockService" />
|
|
</property>
|
|
<property name="sourceBeanName">
|
|
<value>userRegistry</value>
|
|
</property>
|
|
<property name="loggingInterval">
|
|
<value>${synchronization.loggingInterval}</value>
|
|
</property>
|
|
<property name="workerThreads">
|
|
<value>${synchronization.workerThreads}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
</beans> |