mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-30 18:15:39 +00:00
4872eb9909
20678: DAO5 branch: Preparation for merge back to HEAD
20689: Merged DAO4 to DAO5
- Removed all 'dbscripts/create/3.x/SomeDialect' and replaced with 'dbscripts/create/SomeDialect'
DB create scripts are taken from latest DAO4
- TODO: FixAuthoritiesCrcValuesPatch needs query implementation in PatchDAO
Merged DAO3 to DAO4
- Reapplied fixes for ALF-713 (race condition on Usages)
19350: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-2 to BRANCHES/DEV/V3.3-DAO-REFACTOR-3:
18939: SAIL-4 :2nd stage branch for DAO refactor off HEAD rev 18898
18948: Merged V3.3-DAO-REFACTOR to V3.3-DAO-REFACTOR-2
18202: Dev branch for DAO refactor
18252: SAIL-233: QName.hbm.xml
18295: Added missing CREATE TABLE statements for QName-related code
18324: SAIL-234: Node.hbm.xml: Node aspects initial integration
18355: Added 'setValue' method to manually update the cached value
18356: MV property stressing lowered to speed test up
18357: SAIL-234: Node.hbm.xml
18376: Pulled all Alfresco-related create SQL into script
18389: SAIL-234: Permissions DAO refactor - initial checkpoint
18390: Formatting only (line-endings)
18400: SAIL-234: Node.hbm.xml
18418: SAIL-234: Node.hbm.xml: 'alf_node_assoc' CRUD
18429: SAIL-234: Node.hbm.xml: Cleaned out all Hibernate references to NodeAssocImpl
18457: SAIL-234: Permissions DAO refactor
18959: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18479: SAIL-234: Node.hbm.xml - fix updateNode (missing id when saving oldDummyNode)
18482: SAIL-235: remove Permissions.hbm.xml
18517: SAIL-235: Permissions DAO refactor
18523: SAIL-234: Node.hbm.xml
18524: SAIL-235: Permissions DAO refactor
18960: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18533: Flipped back to Windows line endings
18535: Formatting-only (eol)
18540: Formatting-only (eol)
18541: SAIL-235: Permissions DAO refactor
18543: SAIL-234: Node.hbm.xml: Start alf_store changes
18567: SAIL-235: Permissions DAO refactor
18596: SAIL-305: Alfresco DDL - formatted/rationalized and added missing indexes & fk constraints
18603: SAIL-311: Minor cleanup for schema upgrade scripts (V3.3)
18604: SAIL-311: Remove empty dirs
18619: SAIL-274: Locale.hbm.xml
18621: Added method to create default ACL
18622: SAIL-234: Node.hbm.xml: Store, Transaction, Server and some node
18624: Formatting only (eol)
18631: SAIL-235: Permissions DAO refactor
18633: SAIL-235: Permissions DAO refactor - do not expose CRUD for AceContext (or AuthorityAlias) since currently unused
18639: getLocale(Locale) should return null if it doesn't exist
18640: SAIL-234 NodeDAO: More replacement of node queries and updates
18648: SAIL-310: Create SQL script for core repo tables (All DB ports)
18651: SAIL-234 NodeDAO: Moves across stores handle presence of target deleted nodes
18961: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18658: SAIL-274 Locale DAO: Missing getValueKey() method
18662: SAIL-235: Permissions DAO refactor - further cleanup (of DbAccessControlList usage, including copyACLs)
18664: DB scripts porting for PostgreSQL finished.
18668: SAIL-234 Node DAO: Note in case Transaction Change ID is dropped from indexes
18669: SAIL-234 Node DAO: deleteNode and archive (store move) fixes
18672: DB scripts porting for Oracle finished.
18675: SAIL-235: Permissions DAO refactor
18677: DB scripts porting for DB2 finished.
18964: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18687: Execute a callback with retries
18688: SAIL-234 Node DAO: Child association creation
18690: SAIL-234 Node DAO: Comment out raw creation of stores as it breaks subsequent bootstrap checks
18691: SAIL-234 Node DAO: More replacement of alf_child_assoc handling
18713: Commented about needing a more efficient removeChildAssociation method
18714: SAIL-234 Node DAO: Replaced queries on alf_child_assoc
18715: SAIL-234 Node DAO: More alf_child_assoc query replacement
18727: SAIL-234 Node DAO: alf_child_assoc queries complete
18737: SAIL-234 Node DAO: Tweaks to newNode and implemented prependPaths
18741: SAIL-234 and SAIL-334: Moved UsageDelta Hibernate code and queries over to UsageDeltaDAO
18748: SAIL-234 Node DAO: fix NPE (EditionServiceImplTest)
18769: SAIL-234 Node DAO: alf_node_properties ground work
18786: SAIL-234 Node DAO: alf_node_properties and cm:auditable properties
18810: Added EqualsHelper.getMapComparison
18813: TransactionalCache propagates cache clears and removals during rollback
18826: SAIL-234 Node DAO: Moved over sundry references to NodeDaoService to NodeDAO
18849: SAIL-237: UsageDelta.hbm.xml - eol formatting only (including removal of unwanted svn:eol-style=native property)
18869: SAIL-234 NodeDAO: Fixed more references to 'nodeDaoService'
18895: SAIL-234 NodeDAO: Queries for alf_transaction
18899: SAIL-234 Node DAO: Fixed bean fetching for 'nodeDAO'
18909: SAIL-234 NodeDAO: Fixes to getNodeRefStatus and various txn queries
18916: SAIL-234 NodeDAO: Fixed moveNode alf_child_assoc updates
18922: SAIL-235: DAO refactoring: Permission.hbm.xml
18930: SAIL-235: DAO refactoring: Permission.hbm.xml
18932: SAIL-234 NodeDAO: Fixing up gotchas, javadocs and some naming
18933: SAIL-234 NodeDAO: Minor neatening
18935: SAIL-234 Node DAO: Caches for ID to NodeRef and StoreRef
18936: EHCache config files line endings
18938: SAIL-237: Usage DAO refactor - initial checkpoint
18945: SAIL-235: DAO refactoring: Permission.hbm.xml. Move Node.
18975: Fix for move-node ACL jiggery-pokery
19067: SAIL-4: fix VersionHistoryImpl.getSuccessors (causing VersionServiceImplTest.testGetVersionHistorySameWorkspace failure)
19068: SAIL-234: fix VersionMigratorTest.testMigrateOneVersion
19074: SAIL-237: Usage DAO - update to common iBatis mapping pattern(s) to ease DB porting
19076: SAIL-231: Activities DAO - update to common iBatis mapping pattern(s)
19077: SAIL-232: AppliedPatch DAO - minor cleanup (comments & formatting only)
19092: Merging HEAD to DEV/V3.3-DAO-REFACTOR-2
18973: Temporarily comment out AVMTestSuite and run AVM tests individually
19056: AVM unit test improvements
19097: SAIL-235: DAO refactoring: Permission.hbm.xml: Additional index to support queries to find the id and acl id for the primary children of a node.
19185: SAIL-238: Permissions DAO - (minor) update to common iBatis mapping pattern
19289: SAIL-234 NodeDAO: Node cache replaces NodeRef cache
19302: SAIL-234 Node DAO: Added cache for node properties
19318: SAIL-4: AVM DAO - (minor) update to common iBatis mapping pattern
20690: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-4 to BRANCHES/DEV/V3.3-DAO-REFACTOR-5:
20063: (RECORD ONLY) DAO refactor branch V4
20146: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19401: SAIL-234 Node DAO: Fix permission service tests (setPrimaryChildrenSharedAclId needs to invalidate nodesCache)
19428: Fixed TransactionalCache issue with null and NullValueMarker
19429: Took empty cm:content creation out of FileFolderService#createImpl
19430: SAIL-234 Node DAO: Tweaks around caching and cm:auditable
19431: SAIL-4 DAO Refactor: Exception thrown when attempting writes in read-only txn have changed
19436: SAIL-234 Node DAO: Fix NPE during cm:auditable update
19475: Allow debugging of code without stepping into trivial stuff
19476: Follow-up on 19429 by ensuring CIFS/FTP set a mimetype on the ContentWriter
19477: SAIL-234 Node DAO: Leverage DAO better for NodeService.addProperties
19478: SAIL-234 NodeDAO: Added toString() for ParentAssocsInfo (cache value for parent assocs)
19479: SAIL-234 Node DAO: Fixed for parent association and property caches
19480: Made TransactionAwareSingleton bind-key a GUID
19481: SAIL-234 Node DAO: Reinstated 100K collection property tests
19482: SAIL-234 Node DAO: Node and property cache fixes highlighted by unit tests
19483: SAIL-234 Node DAO: Start on NodeBulkLoader implementation
19595: SAIL-234 Node DAO: Fix moveNode to detect cyclic relationship prior to updating ACLs for moved tree FileFolderServiceImplTest.testETHREEOH_3088_MoveIntoSelf)
20147: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19602: (RECORD ONLY) Reintegrated with HEAD up to rev 19433
19621: (RECORD ONLY) SAIL-347
19683: (RECORD ONLY) Reverse-merged 19621 for SAIL-347
19722: (RECORD ONLY) Merged /alfresco/HEAD:r19434-19721
20150: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19741: Merged DEV\V3.3-DAO-REFACTOR-2 to DEV\V3.3-DAO-REFACTOR-3
19739: Extended "move" tests
19743: Fix AuditableAspectTest.testAddAspect (to allow for node modified date tolerance)
19748: Remaining part of merge from HEAD to V3.3-DAO-REFACTOR-3
19367: Merged BRANCHES/V3.2 to HEAD:
19286: Fix for ALF-626 "Using 'null' as an authority argument in clearPermissions() cause a java.lang.NullPointerException"
19755: SAIL-234 Node DAO: Fix RepoAdminServiceImplTest.testConcurrentDynamicModelDelete (handle InvalidNodeRefException after getChildAssocs)
20692: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-4 to BRANCHES/DEV/V3.3-DAO-REFACTOR-5:
- Retired all 1.3 and 1.4 upgrade scripts ... R.I.P.
- Fixed CRC patch for Authorities (only tested on MySQL)
- Fixed SQL patch revision numbers and bumped version schema number up
20158: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19773: SQL mappings and scripts: SAIL-310, SAIL-304, SAIL-303 and SAIL-347
19774: Futher fix for SAIL-310: Sequence patch must take into account sequences created for 3.3
19851: SAIL-371 (SAIL-294) NodeDAO fallout: Fix QName and Namespace read/write handling and bean name in unit test
20183: Merged DAO3 to DAO4
19852: SAIL-370: Remove LinkValidation
19853: SAIL-239 (SAIL-294) Attributes.hbm.xml: Added ability to attach arbitrary property to unique context
19857: SAIL-373 Fallout from Permissions DAO refactor (SAIL-235)
19864: SAIL-239 (SAIL-294): Removed AttributeService RMI API
19865: More SAIL-239 (SAIL-294): Removed AttributeService RMI API
20208: DAO-refactor implementation of ALF-2712 query improvements
20209: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
20060: Removal of AttributeService for SAIL-239 (SAIL-294)
20348: SAIL-371 (SAIL-294): Protect collection properties during map insert and retrieval
20547: SAIL-371 (SAIL-294) Attributes.hbm.xml: implement getAttributes + fixes
20573: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests and other fallout
20597: SAIL-239 Attributes.hbm.xml: WCM/AVM locking test fixes (wip)
20598: SAIL-239 Attributes.hbm.xml: WCM/AVM locking test fixes (wip) - fix AssetServiceImplTest.testSimpleLockFile NPE
20600: Fix PropertyValueDAOTest.testPropertyValue_Enum (follow-on to r20060 for SAIL-239 - which introduces ENUM prop vals)
20601: Fix UsageDAOTest.testCreateAndDeleteUsageDeltas NPE (would also affect ContentStoreCleanerScalabilityRunner)
20603: Fix CMISPropertyServiceTest.* (fallout from r20146 <- r19429 <- Took empty cm:content creation out of FileFolderService#createImpl)
20604: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - TransferServiceImplTest.*
20618: SAIL-371 (SAIL-294): NodeDAO: AuditableAspectTest (fix testCreateNodeWithAuditableProperties_ALF_2565 + add remove aspect test)
20624: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - UserUsageTest.*
20626: Fixed random keys for RuleTrigger NodeRef tracking
20635: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - PersonTest.testSplitDuplicates
20642: SAIL-371 (SAIL-294) DAO: Fixed CacheTest
20643: Removed must of the 'distribute' target's dependencies. Not for HEAD
20645: Follow-on to r20643 (Removed most of the 'distribute' target's dependencies. Not for HEAD)
20654: SAIL-371 (SAIL-294): NodeDAO: DMDeploymentTargetTest.* (do not try to remove mandatory aspects)
20655: SAIL-371 (SAIL-294): NodeDAO: Initial fix for TaggingServiceImplTest.testTagScopeUpdateViaNodePolicies (+ minor test cleanup)
20657: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - VersionMigratorTest.testMigrateOneVersion (cm:accessed not returned if null)
20658: Merged (back merge only - no merge info) BRANCHES/V3.3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
20090: Dynamic models: minor improvements to DictionaryModelType
20554: Improvement to model delete validation (investigating intermittent failure of RepoAdminServiceImplTest.testSimpleDynamicModelViaNodeService)
20662: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - RecordsManagementAuditServiceImplTest.* (we now ignore attempt to update 'cm:modifier' prop so update 'cm:title' prop instead)
20666: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - ADMLuceneTest.*
20668: SAIL-239 (SAIL-294) - delete WCM locks + tests (follow-on to r20060)
20674: SAIL-371 (SAIL-294) NodeDAO fallout: Cleaner and additional checks for ContentStoreCleaner
20675: SAIL-371 (SAIL-294) NodeDAO fallout: Fixed handling of ContentData
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20693 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1279 lines
51 KiB
Java
1279 lines
51 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.tenant;
|
|
|
|
import java.io.File;
|
|
import java.io.PrintWriter;
|
|
import java.io.Serializable;
|
|
import java.io.StringWriter;
|
|
import java.util.ArrayList;
|
|
import java.util.Arrays;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Properties;
|
|
import java.util.regex.Pattern;
|
|
|
|
import javax.transaction.UserTransaction;
|
|
|
|
import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.repo.admin.RepoModelDefinition;
|
|
import org.alfresco.repo.content.TenantRoutingFileContentStore;
|
|
import org.alfresco.repo.dictionary.DictionaryComponent;
|
|
import org.alfresco.repo.importer.ImporterBootstrap;
|
|
import org.alfresco.repo.node.db.DbNodeServiceImpl;
|
|
import org.alfresco.repo.security.authentication.AuthenticationContext;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.site.SiteAVMBootstrap;
|
|
import org.alfresco.repo.usage.UserUsageTrackingComponent;
|
|
import org.alfresco.repo.workflow.WorkflowDeployer;
|
|
import org.alfresco.service.cmr.admin.RepoAdminService;
|
|
import org.alfresco.service.cmr.attributes.AttributeService;
|
|
import org.alfresco.service.cmr.attributes.AttributeService.AttributeQueryCallback;
|
|
import org.alfresco.service.cmr.module.ModuleService;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.view.RepositoryExporterService;
|
|
import org.alfresco.service.cmr.workflow.WorkflowDefinition;
|
|
import org.alfresco.service.cmr.workflow.WorkflowService;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.EqualsHelper;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.springframework.beans.BeansException;
|
|
import org.springframework.beans.factory.InitializingBean;
|
|
import org.springframework.context.ApplicationContext;
|
|
import org.springframework.context.ApplicationContextAware;
|
|
import org.springframework.extensions.surf.util.I18NUtil;
|
|
import org.springframework.extensions.surf.util.ParameterCheck;
|
|
|
|
/**
|
|
* MT Admin Service Implementation.
|
|
*
|
|
*/
|
|
|
|
public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationContextAware, InitializingBean
|
|
{
|
|
// Logger
|
|
private static Log logger = LogFactory.getLog(MultiTAdminServiceImpl.class);
|
|
|
|
// Keep hold of the app context
|
|
private ApplicationContext ctx;
|
|
|
|
// Dependencies
|
|
private NodeService nodeService;
|
|
private DictionaryComponent dictionaryComponent;
|
|
private RepoAdminService repoAdminService;
|
|
private AuthenticationContext authenticationContext;
|
|
private TransactionService transactionService;
|
|
private MultiTServiceImpl tenantService;
|
|
private AttributeService attributeService;
|
|
private PasswordEncoder passwordEncoder;
|
|
private TenantRoutingFileContentStore tenantFileContentStore;
|
|
private WorkflowService workflowService;
|
|
private RepositoryExporterService repositoryExporterService;
|
|
private ModuleService moduleService;
|
|
private SiteAVMBootstrap siteAVMBootstrap;
|
|
private List<WorkflowDeployer> workflowDeployers = new ArrayList<WorkflowDeployer>();
|
|
|
|
private String baseAdminUsername = null;
|
|
|
|
/*
|
|
* Tenant domain/ids are unique strings that are case-insensitive. Tenant ids must be valid filenames.
|
|
* They may also map onto domains and hence should allow valid FQDN.
|
|
*
|
|
* The following PCRE-style
|
|
* regex defines a valid label within a FQDN:
|
|
*
|
|
* ^[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]$
|
|
*
|
|
* Less formally:
|
|
*
|
|
* o Case insensitive
|
|
* o First/last character: alphanumeric
|
|
* o Interior characters: alphanumeric plus hyphen
|
|
* o Minimum length: 2 characters
|
|
* o Maximum length: 63 characters
|
|
*
|
|
* The FQDN (fully qualified domain name) has the following constraints:
|
|
*
|
|
* o Maximum 255 characters (***)
|
|
* o Must contain at least one alpha
|
|
*
|
|
* Note: (***) Due to various internal restrictions (such as store identifier) we restrict tenant ids to 75 characters.
|
|
*/
|
|
|
|
protected final static String REGEX_VALID_DNS_LABEL = "^[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]$";
|
|
|
|
protected final static String REGEX_CONTAINS_ALPHA = "^(.*)[a-zA-Z](.*)$";
|
|
|
|
protected final static int MAX_LEN = 75;
|
|
|
|
public void setNodeService(DbNodeServiceImpl dbNodeService)
|
|
{
|
|
this.nodeService = dbNodeService;
|
|
}
|
|
|
|
public void setDictionaryComponent(DictionaryComponent dictionaryComponent)
|
|
{
|
|
this.dictionaryComponent = dictionaryComponent;
|
|
}
|
|
|
|
public void setRepoAdminService(RepoAdminService repoAdminService)
|
|
{
|
|
this.repoAdminService = repoAdminService;
|
|
}
|
|
|
|
public void setAuthenticationContext(AuthenticationContext authenticationContext)
|
|
{
|
|
this.authenticationContext = authenticationContext;
|
|
}
|
|
|
|
public void setTransactionService(TransactionService transactionService)
|
|
{
|
|
this.transactionService = transactionService;
|
|
}
|
|
|
|
public void setTenantService(MultiTServiceImpl tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setAttributeService(AttributeService attributeService)
|
|
{
|
|
this.attributeService = attributeService;
|
|
}
|
|
|
|
public void setPasswordEncoder(PasswordEncoder passwordEncoder)
|
|
{
|
|
this.passwordEncoder = passwordEncoder;
|
|
}
|
|
|
|
public void setTenantFileContentStore(TenantRoutingFileContentStore tenantFileContentStore)
|
|
{
|
|
this.tenantFileContentStore = tenantFileContentStore;
|
|
}
|
|
|
|
public void setWorkflowService(WorkflowService workflowService)
|
|
{
|
|
this.workflowService = workflowService;
|
|
}
|
|
|
|
public void setRepositoryExporterService(RepositoryExporterService repositoryExporterService)
|
|
{
|
|
this.repositoryExporterService = repositoryExporterService;
|
|
}
|
|
|
|
/**
|
|
* @deprecated see setWorkflowDeployers
|
|
*/
|
|
public void setWorkflowDeployer(WorkflowDeployer workflowDeployer)
|
|
{
|
|
// NOOP
|
|
logger.warn(WARN_MSG);
|
|
}
|
|
|
|
public void setModuleService(ModuleService moduleService)
|
|
{
|
|
this.moduleService = moduleService;
|
|
}
|
|
|
|
public void setSiteAVMBootstrap(SiteAVMBootstrap siteAVMBootstrap)
|
|
{
|
|
this.siteAVMBootstrap = siteAVMBootstrap;
|
|
}
|
|
|
|
public void setBaseAdminUsername(String baseAdminUsername)
|
|
{
|
|
this.baseAdminUsername = baseAdminUsername;
|
|
}
|
|
|
|
public static final String PROTOCOL_STORE_USER = "user";
|
|
public static final String PROTOCOL_STORE_WORKSPACE = "workspace";
|
|
public static final String PROTOCOL_STORE_SYSTEM = "system";
|
|
public static final String PROTOCOL_STORE_ARCHIVE = "archive";
|
|
public static final String STORE_BASE_ID_USER = "alfrescoUserStore";
|
|
public static final String STORE_BASE_ID_SYSTEM = "system";
|
|
public static final String STORE_BASE_ID_VERSION1 = "lightWeightVersionStore"; // deprecated
|
|
public static final String STORE_BASE_ID_VERSION2 = "version2Store";
|
|
public static final String STORE_BASE_ID_SPACES = "SpacesStore";
|
|
|
|
private static final String TENANTS_ATTRIBUTE_PATH = "alfresco-tenants";
|
|
private static final String TENANT_ATTRIBUTE_ENABLED = "enabled";
|
|
private static final String TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR = "rootContentStoreDir";
|
|
|
|
private List<TenantDeployer> tenantDeployers = new ArrayList<TenantDeployer>();
|
|
|
|
private static final String WARN_MSG = "system.mt.warn.upgrade_mt_admin_context";
|
|
|
|
public void afterPropertiesSet() throws Exception
|
|
{
|
|
// for upgrade/backwards compatibility with 3.0.x (mt-admin-context.xml)
|
|
if (baseAdminUsername == null)
|
|
{
|
|
logger.warn(I18NUtil.getMessage(WARN_MSG));
|
|
}
|
|
|
|
// for upgrade/backwards compatibility with 3.0.x (mt-admin-context.xml)
|
|
if (siteAVMBootstrap == null)
|
|
{
|
|
logger.warn(I18NUtil.getMessage(WARN_MSG));
|
|
|
|
siteAVMBootstrap = (SiteAVMBootstrap) ctx.getBean("siteAVMBootstrap");
|
|
}
|
|
|
|
PropertyCheck.mandatory(this, "NodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "DictionaryComponent", dictionaryComponent);
|
|
PropertyCheck.mandatory(this, "RepoAdminService", repoAdminService);
|
|
PropertyCheck.mandatory(this, "TransactionService", transactionService);
|
|
PropertyCheck.mandatory(this, "TenantService", tenantService);
|
|
PropertyCheck.mandatory(this, "AttributeService", attributeService);
|
|
PropertyCheck.mandatory(this, "PasswordEncoder", passwordEncoder);
|
|
PropertyCheck.mandatory(this, "TenantFileContentStore", tenantFileContentStore);
|
|
PropertyCheck.mandatory(this, "WorkflowService", workflowService);
|
|
PropertyCheck.mandatory(this, "RepositoryExporterService", repositoryExporterService);
|
|
PropertyCheck.mandatory(this, "moduleService", moduleService);
|
|
PropertyCheck.mandatory(this, "siteAVMBootstrap", siteAVMBootstrap);
|
|
}
|
|
|
|
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
|
{
|
|
this.ctx = applicationContext;
|
|
}
|
|
|
|
public void startTenants()
|
|
{
|
|
AuthenticationUtil.setMtEnabled(true);
|
|
|
|
// initialise the tenant admin service and status of tenants (using attribute service)
|
|
// note: this requires that the repository schema has already been initialised
|
|
|
|
// register dictionary - to allow enable/disable tenant callbacks
|
|
register(dictionaryComponent);
|
|
|
|
// register file store - to allow enable/disable tenant callbacks
|
|
// note: tenantFileContentStore must be registed before dictionaryRepositoryBootstrap
|
|
register(tenantFileContentStore, 0);
|
|
|
|
UserTransaction userTransaction = transactionService.getUserTransaction();
|
|
|
|
try
|
|
{
|
|
authenticationContext.setSystemUserAsCurrentUser();
|
|
userTransaction.begin();
|
|
|
|
// bootstrap Tenant Service internal cache
|
|
List<Tenant> tenants = getAllTenants();
|
|
|
|
int enabledCount = 0;
|
|
int disabledCount = 0;
|
|
|
|
for (Tenant tenant : tenants)
|
|
{
|
|
if (tenant.isEnabled())
|
|
{
|
|
// this will also call tenant deployers registered so far ...
|
|
enableTenant(tenant.getTenantDomain(), true);
|
|
enabledCount++;
|
|
}
|
|
else
|
|
{
|
|
// explicitly disable, without calling disableTenant callback
|
|
disableTenant(tenant.getTenantDomain(), false);
|
|
disabledCount++;
|
|
}
|
|
}
|
|
|
|
tenantService.register(this); // callback to refresh tenantStatus cache
|
|
|
|
userTransaction.commit();
|
|
|
|
if (logger.isInfoEnabled())
|
|
{
|
|
logger.info(String.format("Alfresco Multi-Tenant startup - %d enabled tenants, %d disabled tenants",
|
|
enabledCount, disabledCount));
|
|
}
|
|
}
|
|
catch(Throwable e)
|
|
{
|
|
// rollback the transaction
|
|
try { if (userTransaction != null) {userTransaction.rollback();} } catch (Exception ex) {}
|
|
throw new AlfrescoRuntimeException("Failed to bootstrap tenants", e);
|
|
}
|
|
finally
|
|
{
|
|
authenticationContext.clearCurrentSecurityContext();
|
|
}
|
|
}
|
|
|
|
public void stopTenants()
|
|
{
|
|
tenantDeployers.clear();
|
|
tenantDeployers = null;
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.createTenant()
|
|
*/
|
|
public void createTenant(final String tenantDomain, final char[] tenantAdminRawPassword)
|
|
{
|
|
createTenant(tenantDomain, tenantAdminRawPassword, null);
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.createTenant()
|
|
*/
|
|
public void createTenant(final String tenantDomain, final char[] tenantAdminRawPassword, String rootContentStoreDir)
|
|
{
|
|
ParameterCheck.mandatory("tenantAdminRawPassword", tenantAdminRawPassword);
|
|
|
|
initTenant(tenantDomain, rootContentStoreDir);
|
|
|
|
try
|
|
{
|
|
// note: runAs would cause auditable property "creator" to be "admin" instead of "System@xxx"
|
|
AuthenticationUtil.pushAuthentication();
|
|
AuthenticationUtil.setFullyAuthenticatedUser(getSystemUser(tenantDomain));
|
|
|
|
dictionaryComponent.init();
|
|
tenantFileContentStore.init();
|
|
|
|
// create tenant-specific stores
|
|
ImporterBootstrap userImporterBootstrap = (ImporterBootstrap)ctx.getBean("userBootstrap-mt");
|
|
bootstrapUserTenantStore(userImporterBootstrap, tenantDomain, tenantAdminRawPassword);
|
|
|
|
ImporterBootstrap systemImporterBootstrap = (ImporterBootstrap)ctx.getBean("systemBootstrap-mt");
|
|
bootstrapSystemTenantStore(systemImporterBootstrap, tenantDomain);
|
|
|
|
// deprecated
|
|
ImporterBootstrap versionImporterBootstrap = (ImporterBootstrap)ctx.getBean("versionBootstrap-mt");
|
|
bootstrapVersionTenantStore(versionImporterBootstrap, tenantDomain);
|
|
|
|
ImporterBootstrap version2ImporterBootstrap = (ImporterBootstrap)ctx.getBean("version2Bootstrap-mt");
|
|
bootstrapVersionTenantStore(version2ImporterBootstrap, tenantDomain);
|
|
|
|
ImporterBootstrap spacesArchiveImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesArchiveBootstrap-mt");
|
|
bootstrapSpacesArchiveTenantStore(spacesArchiveImporterBootstrap, tenantDomain);
|
|
|
|
ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap-mt");
|
|
bootstrapSpacesTenantStore(spacesImporterBootstrap, tenantDomain);
|
|
|
|
siteAVMBootstrap.bootstrap();
|
|
|
|
// notify listeners that tenant has been created & hence enabled
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onEnableTenant();
|
|
}
|
|
|
|
// bootstrap workflows
|
|
for (WorkflowDeployer workflowDeployer : workflowDeployers)
|
|
{
|
|
workflowDeployer.init();
|
|
}
|
|
|
|
// bootstrap modules (if any)
|
|
moduleService.startModules();
|
|
}
|
|
finally
|
|
{
|
|
AuthenticationUtil.popAuthentication();
|
|
}
|
|
|
|
logger.info("Tenant created: " + tenantDomain);
|
|
}
|
|
|
|
/**
|
|
* Export tenant - equivalent to the tenant admin running a 'complete repo' export from the Web Client Admin
|
|
*/
|
|
public void exportTenant(final String tenantDomain, final File directoryDestination)
|
|
{
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
repositoryExporterService.export(directoryDestination, tenantDomain);
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
|
|
logger.info("Tenant exported: " + tenantDomain);
|
|
}
|
|
|
|
/**
|
|
* Create tenant by restoring from a complete repository export. This is equivalent to a bootstrap import using restore-context.xml.
|
|
*/
|
|
public void importTenant(final String tenantDomain, final File directorySource, String rootContentStoreDir)
|
|
{
|
|
initTenant(tenantDomain, rootContentStoreDir);
|
|
|
|
try
|
|
{
|
|
// note: runAs would cause auditable property "creator" to be "admin" instead of "System@xxx"
|
|
AuthenticationUtil.pushAuthentication();
|
|
AuthenticationUtil.setFullyAuthenticatedUser(getSystemUser(tenantDomain));
|
|
|
|
dictionaryComponent.init();
|
|
tenantFileContentStore.init();
|
|
|
|
// import tenant-specific stores
|
|
importBootstrapUserTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSystemTenantStore(tenantDomain, directorySource);
|
|
importBootstrapVersionTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSpacesArchiveTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSpacesModelsTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSpacesTenantStore(tenantDomain, directorySource);
|
|
|
|
// notify listeners that tenant has been created & hence enabled
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onEnableTenant();
|
|
}
|
|
|
|
// bootstrap workflows
|
|
for (WorkflowDeployer workflowDeployer : workflowDeployers)
|
|
{
|
|
workflowDeployer.init();
|
|
}
|
|
|
|
// bootstrap modules (if any)
|
|
moduleService.startModules();
|
|
}
|
|
finally
|
|
{
|
|
AuthenticationUtil.popAuthentication();
|
|
}
|
|
|
|
logger.info("Tenant imported: " + tenantDomain);
|
|
}
|
|
|
|
public boolean existsTenant(String tenantDomain)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
return (getTenantAttributes(tenantDomain) != null);
|
|
}
|
|
|
|
private void putTenantAttributes(String tenantDomain, Tenant tenant)
|
|
{
|
|
Map<String, Serializable> tenantAttributes = new HashMap<String, Serializable>(7);
|
|
tenantAttributes.put(TENANT_ATTRIBUTE_ENABLED, new Boolean(tenant.isEnabled()));
|
|
tenantAttributes.put(TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR, tenant.getRootContentStoreDir());
|
|
|
|
attributeService.setAttribute(
|
|
(Serializable) tenantAttributes,
|
|
TENANTS_ATTRIBUTE_PATH, tenantDomain);
|
|
|
|
// update tenant status cache
|
|
((MultiTServiceImpl)tenantService).putTenant(tenantDomain, tenant);
|
|
}
|
|
|
|
@SuppressWarnings("unchecked")
|
|
private Tenant getTenantAttributes(String tenantDomain)
|
|
{
|
|
Map<String, Serializable> tenantAttributes = (Map<String, Serializable>) attributeService.getAttribute(
|
|
TENANTS_ATTRIBUTE_PATH,
|
|
tenantDomain);
|
|
if (tenantAttributes == null)
|
|
{
|
|
return null;
|
|
}
|
|
else
|
|
{
|
|
Boolean enabled = (Boolean) tenantAttributes.get(TENANT_ATTRIBUTE_ENABLED);
|
|
String storeDir = (String) tenantAttributes.get(TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR);
|
|
Tenant tenant = new Tenant(tenantDomain, enabled.booleanValue(), storeDir);
|
|
return tenant;
|
|
}
|
|
}
|
|
|
|
public void enableTenant(String tenantDomain)
|
|
{
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new RuntimeException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
|
|
if (isEnabledTenant(tenantDomain))
|
|
{
|
|
logger.warn("Tenant already enabled: " + tenantDomain);
|
|
}
|
|
|
|
enableTenant(tenantDomain, true);
|
|
}
|
|
|
|
private void enableTenant(String tenantDomain, boolean notifyTenantDeployers)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
tenant = new Tenant(tenantDomain, true, tenant.getRootContentStoreDir()); // enable
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
|
|
if (notifyTenantDeployers)
|
|
{
|
|
// notify listeners that tenant has been enabled
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onEnableTenant();
|
|
}
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
}
|
|
|
|
logger.info("Tenant enabled: " + tenantDomain);
|
|
}
|
|
|
|
public void disableTenant(String tenantDomain)
|
|
{
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new RuntimeException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
|
|
if (! isEnabledTenant(tenantDomain))
|
|
{
|
|
logger.warn("Tenant already disabled: " + tenantDomain);
|
|
}
|
|
|
|
disableTenant(tenantDomain, true);
|
|
}
|
|
|
|
public void disableTenant(String tenantDomain, boolean notifyTenantDeployers)
|
|
{
|
|
if (notifyTenantDeployers)
|
|
{
|
|
// notify listeners that tenant has been disabled
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onDisableTenant();
|
|
}
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
}
|
|
|
|
// update tenant attributes / tenant cache - need to disable after notifying listeners (else they cannot disable)
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
tenant = new Tenant(tenantDomain, false, tenant.getRootContentStoreDir()); // disable
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
|
|
logger.info("Tenant disabled: " + tenantDomain);
|
|
}
|
|
|
|
public boolean isEnabledTenant(String tenantDomain)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
if (tenant != null)
|
|
{
|
|
return tenant.isEnabled();
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
protected String getRootContentStoreDir(String tenantDomain)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
if (tenant != null)
|
|
{
|
|
return tenant.getRootContentStoreDir();
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
protected void putRootContentStoreDir(String tenantDomain, String rootContentStoreDir)
|
|
{
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
tenant = new Tenant(tenantDomain, tenant.isEnabled(), rootContentStoreDir);
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
}
|
|
|
|
public Tenant getTenant(String tenantDomain)
|
|
{
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new RuntimeException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
|
|
return new Tenant(tenantDomain, isEnabledTenant(tenantDomain), getRootContentStoreDir(tenantDomain));
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.deleteTenant()
|
|
*/
|
|
public void deleteTenant(String tenantDomain)
|
|
{
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new RuntimeException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
else
|
|
{
|
|
try
|
|
{
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
List<WorkflowDefinition> workflowDefs = workflowService.getDefinitions();
|
|
if (workflowDefs != null)
|
|
{
|
|
for (WorkflowDefinition workflowDef : workflowDefs)
|
|
{
|
|
workflowService.undeployDefinition(workflowDef.getId());
|
|
}
|
|
}
|
|
|
|
List<String> messageResourceBundles = repoAdminService.getMessageBundles();
|
|
if (messageResourceBundles != null)
|
|
{
|
|
for (String messageResourceBundle : messageResourceBundles)
|
|
{
|
|
repoAdminService.undeployMessageBundle(messageResourceBundle);
|
|
}
|
|
}
|
|
|
|
List<RepoModelDefinition> models = repoAdminService.getModels();
|
|
if (models != null)
|
|
{
|
|
for (RepoModelDefinition model : models)
|
|
{
|
|
repoAdminService.undeployModel(model.getRepoName());
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
|
|
final String tenantAdminUser = getTenantAdminUser(tenantDomain);
|
|
|
|
// delete tenant-specific stores
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_WORKSPACE, STORE_BASE_ID_SPACES)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_ARCHIVE, STORE_BASE_ID_SPACES)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_WORKSPACE, STORE_BASE_ID_VERSION1)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_WORKSPACE, STORE_BASE_ID_VERSION2)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_SYSTEM, STORE_BASE_ID_SYSTEM)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_USER, STORE_BASE_ID_USER)));
|
|
|
|
|
|
// notify listeners that tenant has been deleted & hence disabled
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onDisableTenant();
|
|
}
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
|
|
// remove tenant
|
|
attributeService.removeAttribute(TENANTS_ATTRIBUTE_PATH, tenantDomain);
|
|
}
|
|
catch (Throwable t)
|
|
{
|
|
throw new AlfrescoRuntimeException("Failed to delete tenant: " + tenantDomain, t);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.getAllTenants()
|
|
*/
|
|
public List<Tenant> getAllTenants()
|
|
{
|
|
final List<Tenant> tenants = new ArrayList<Tenant>();
|
|
|
|
AttributeQueryCallback callback = new AttributeQueryCallback()
|
|
{
|
|
@SuppressWarnings("unchecked")
|
|
public boolean handleAttribute(Long id, Serializable value, Serializable[] keys)
|
|
{
|
|
if (keys.length != 3 || !EqualsHelper.nullSafeEquals(keys[0], TENANTS_ATTRIBUTE_PATH) || keys[1] == null)
|
|
{
|
|
logger.warn("Unexpected tenant attribute: \n" +
|
|
" id: " + id + "\n" +
|
|
" keys: " + Arrays.toString(keys) + "\n" +
|
|
" value: " + value);
|
|
return true;
|
|
}
|
|
String tenantDomain = (String) keys[1];
|
|
Map<String, Serializable> tenantAttributes = (Map<String, Serializable>) value;
|
|
Boolean enabled = (Boolean) tenantAttributes.get(TENANT_ATTRIBUTE_ENABLED);
|
|
String storeDir = (String) tenantAttributes.get(TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR);
|
|
Tenant tenant = new Tenant(tenantDomain, enabled.booleanValue(), storeDir);
|
|
tenants.add(tenant);
|
|
// Continue
|
|
return true;
|
|
}
|
|
};
|
|
attributeService.getAttributes(callback, TENANTS_ATTRIBUTE_PATH);
|
|
return tenants;
|
|
}
|
|
|
|
private void importBootstrapSystemTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Version Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_system.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap systemImporterBootstrap = (ImporterBootstrap)ctx.getBean("systemBootstrap");
|
|
systemImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapSystemTenantStore(systemImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapSystemTenantStore(ImporterBootstrap systemImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific System Store
|
|
StoreRef bootstrapStoreRef = systemImporterBootstrap.getStoreRef();
|
|
StoreRef tenantBootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
systemImporterBootstrap.setStoreUrl(tenantBootstrapStoreRef.toString());
|
|
|
|
// override default property (workspace://SpacesStore)
|
|
List<String> mustNotExistStoreUrls = new ArrayList<String>();
|
|
mustNotExistStoreUrls.add(new StoreRef(PROTOCOL_STORE_WORKSPACE, tenantService.getName(STORE_BASE_ID_USER, tenantDomain)).toString());
|
|
systemImporterBootstrap.setMustNotExistStoreUrls(mustNotExistStoreUrls);
|
|
|
|
systemImporterBootstrap.bootstrap();
|
|
|
|
// reset since systemImporter is singleton (hence reused)
|
|
systemImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(tenantBootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapUserTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific User Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_users.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap userImporterBootstrap = (ImporterBootstrap)ctx.getBean("userBootstrap");
|
|
userImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapUserTenantStore(userImporterBootstrap, tenantDomain, null);
|
|
}
|
|
|
|
private void bootstrapUserTenantStore(ImporterBootstrap userImporterBootstrap, String tenantDomain, char[] tenantAdminRawPassword)
|
|
{
|
|
// Bootstrap Tenant-Specific User Store
|
|
StoreRef bootstrapStoreRef = userImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
userImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
// override admin username property
|
|
Properties props = userImporterBootstrap.getConfiguration();
|
|
props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
|
|
|
|
if (tenantAdminRawPassword != null)
|
|
{
|
|
String salt = null; // GUID.generate();
|
|
props.put("alfresco_user_store.adminpassword", passwordEncoder.encodePassword(new String(tenantAdminRawPassword), salt));
|
|
}
|
|
|
|
userImporterBootstrap.bootstrap();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapVersionTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Version Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_versions2.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap versionImporterBootstrap = (ImporterBootstrap)ctx.getBean("versionBootstrap");
|
|
versionImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapVersionTenantStore(versionImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapVersionTenantStore(ImporterBootstrap versionImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific Version Store
|
|
StoreRef bootstrapStoreRef = versionImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
versionImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
versionImporterBootstrap.bootstrap();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapSpacesArchiveTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Spaces Archive Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_spaces_archive.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap spacesArchiveImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesArchiveBootstrap");
|
|
spacesArchiveImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapSpacesArchiveTenantStore(spacesArchiveImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapSpacesArchiveTenantStore(ImporterBootstrap spacesArchiveImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific Spaces Archive Store
|
|
StoreRef bootstrapStoreRef = spacesArchiveImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
spacesArchiveImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
// override default property (archive://SpacesStore)
|
|
List<String> mustNotExistStoreUrls = new ArrayList<String>();
|
|
mustNotExistStoreUrls.add(bootstrapStoreRef.toString());
|
|
spacesArchiveImporterBootstrap.setMustNotExistStoreUrls(mustNotExistStoreUrls);
|
|
|
|
spacesArchiveImporterBootstrap.bootstrap();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapSpacesModelsTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Spaces Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_models.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap");
|
|
spacesImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapSpacesTenantStore(spacesImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void importBootstrapSpacesTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Spaces Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_spaces.acp");
|
|
bootstrapView.put("uuidBinding", "UPDATE_EXISTING");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap");
|
|
spacesImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
spacesImporterBootstrap.setUseExistingStore(true);
|
|
|
|
bootstrapSpacesTenantStore(spacesImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapSpacesTenantStore(ImporterBootstrap spacesImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific Spaces Store
|
|
StoreRef bootstrapStoreRef = spacesImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
spacesImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
// override admin username property
|
|
Properties props = spacesImporterBootstrap.getConfiguration();
|
|
props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
|
|
|
|
// override guest username property
|
|
props.put("alfresco_user_store.guestusername", getTenantGuestUser(tenantDomain));
|
|
|
|
spacesImporterBootstrap.bootstrap();
|
|
|
|
// calculate any missing usages
|
|
UserUsageTrackingComponent userUsageTrackingComponent = (UserUsageTrackingComponent)ctx.getBean("userUsageTrackingComponent");
|
|
userUsageTrackingComponent.bootstrapInternal();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
public void deployTenants(final TenantDeployer deployer, Log logger)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Deployer must be provided");
|
|
}
|
|
if (logger == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Logger must be provided");
|
|
}
|
|
|
|
if (tenantService.isEnabled())
|
|
{
|
|
UserTransaction userTransaction = transactionService.getUserTransaction();
|
|
authenticationContext.setSystemUserAsCurrentUser();
|
|
|
|
List<Tenant> tenants = null;
|
|
try
|
|
{
|
|
userTransaction.begin();
|
|
tenants = getAllTenants();
|
|
userTransaction.commit();
|
|
}
|
|
catch(Throwable e)
|
|
{
|
|
// rollback the transaction
|
|
try { if (userTransaction != null) {userTransaction.rollback();} } catch (Exception ex) {}
|
|
throw new AlfrescoRuntimeException("Failed to get tenants", e);
|
|
}
|
|
finally
|
|
{
|
|
authenticationContext.clearCurrentSecurityContext();
|
|
}
|
|
|
|
for (Tenant tenant : tenants)
|
|
{
|
|
if (tenant.isEnabled())
|
|
{
|
|
try
|
|
{
|
|
// deploy within context of tenant domain
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
// init the service within tenant context
|
|
deployer.init();
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenant.getTenantDomain()));
|
|
|
|
}
|
|
catch (Throwable e)
|
|
{
|
|
logger.error("Deployment failed" + e);
|
|
|
|
StringWriter stringWriter = new StringWriter();
|
|
e.printStackTrace(new PrintWriter(stringWriter));
|
|
logger.error(stringWriter.toString());
|
|
|
|
// tenant deploy failure should not necessarily affect other tenants
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
public void undeployTenants(final TenantDeployer deployer, Log logger)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Deployer must be provided");
|
|
}
|
|
if (logger == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Logger must be provided");
|
|
}
|
|
|
|
if (tenantService.isEnabled())
|
|
{
|
|
UserTransaction userTransaction = transactionService.getUserTransaction();
|
|
authenticationContext.setSystemUserAsCurrentUser();
|
|
|
|
List<Tenant> tenants = null;
|
|
try
|
|
{
|
|
userTransaction.begin();
|
|
tenants = getAllTenants();
|
|
userTransaction.commit();
|
|
}
|
|
catch(Throwable e)
|
|
{
|
|
// rollback the transaction
|
|
try { if (userTransaction != null) {userTransaction.rollback();} } catch (Exception ex) {}
|
|
try {authenticationContext.clearCurrentSecurityContext(); } catch (Exception ex) {}
|
|
throw new AlfrescoRuntimeException("Failed to get tenants", e);
|
|
}
|
|
|
|
try
|
|
{
|
|
AuthenticationUtil.pushAuthentication();
|
|
for (Tenant tenant : tenants)
|
|
{
|
|
if (tenant.isEnabled())
|
|
{
|
|
try
|
|
{
|
|
// undeploy within context of tenant domain
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
// destroy the service within tenant context
|
|
deployer.destroy();
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenant.getTenantDomain()));
|
|
|
|
}
|
|
catch (Throwable e)
|
|
{
|
|
logger.error("Undeployment failed" + e);
|
|
|
|
StringWriter stringWriter = new StringWriter();
|
|
e.printStackTrace(new PrintWriter(stringWriter));
|
|
logger.error(stringWriter.toString());
|
|
|
|
// tenant undeploy failure should not necessarily affect other tenants
|
|
}
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
AuthenticationUtil.popAuthentication();
|
|
}
|
|
}
|
|
}
|
|
|
|
public void register(TenantDeployer deployer)
|
|
{
|
|
register(deployer, -1);
|
|
}
|
|
|
|
protected void register(TenantDeployer deployer, int position)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Deployer must be provided");
|
|
}
|
|
|
|
if (! tenantDeployers.contains(deployer))
|
|
{
|
|
if (position == -1)
|
|
{
|
|
tenantDeployers.add(deployer);
|
|
}
|
|
else
|
|
{
|
|
tenantDeployers.add(position, deployer);
|
|
}
|
|
}
|
|
}
|
|
|
|
public void unregister(TenantDeployer deployer)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("TenantDeployer must be provided");
|
|
}
|
|
|
|
if (tenantDeployers != null)
|
|
{
|
|
tenantDeployers.remove(deployer);
|
|
}
|
|
}
|
|
|
|
public void register(WorkflowDeployer workflowDeployer)
|
|
{
|
|
if (workflowDeployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("WorkflowDeployer must be provided");
|
|
}
|
|
|
|
if (! workflowDeployers.contains(workflowDeployer))
|
|
{
|
|
workflowDeployers.add(workflowDeployer);
|
|
}
|
|
}
|
|
|
|
public void resetCache(String tenantDomain)
|
|
{
|
|
if (existsTenant(tenantDomain))
|
|
{
|
|
if (isEnabledTenant(tenantDomain))
|
|
{
|
|
enableTenant(tenantDomain);
|
|
}
|
|
else
|
|
{
|
|
disableTenant(tenantDomain);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
throw new AlfrescoRuntimeException("No such tenant " + tenantDomain);
|
|
}
|
|
}
|
|
|
|
private void initTenant(String tenantDomain, String rootContentStoreDir)
|
|
{
|
|
validateTenantName(tenantDomain);
|
|
|
|
if (existsTenant(tenantDomain))
|
|
{
|
|
throw new AlfrescoRuntimeException("Tenant already exists: " + tenantDomain);
|
|
}
|
|
|
|
if (rootContentStoreDir == null)
|
|
{
|
|
rootContentStoreDir = tenantFileContentStore.getDefaultRootDir();
|
|
}
|
|
else
|
|
{
|
|
File tenantRootDir = new File(rootContentStoreDir);
|
|
if ((tenantRootDir.exists()) && (tenantRootDir.list().length != 0))
|
|
{
|
|
throw new AlfrescoRuntimeException("Tenant root directory is not empty: " + rootContentStoreDir);
|
|
}
|
|
}
|
|
|
|
// init - need to enable tenant (including tenant service) before stores bootstrap
|
|
Tenant tenant = new Tenant(tenantDomain, true, rootContentStoreDir);
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
}
|
|
|
|
private void validateTenantName(String tenantDomain)
|
|
{
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
if (tenantDomain.length() > MAX_LEN)
|
|
{
|
|
throw new IllegalArgumentException(tenantDomain + " is not a valid tenant name (must be less than " + MAX_LEN + " characters)");
|
|
}
|
|
|
|
if (! Pattern.matches(REGEX_CONTAINS_ALPHA, tenantDomain))
|
|
{
|
|
throw new IllegalArgumentException(tenantDomain + " is not a valid tenant name (must contain at least one alpha character)");
|
|
}
|
|
|
|
String[] dnsLabels = tenantDomain.split("\\.");
|
|
if (dnsLabels.length != 0)
|
|
{
|
|
for (int i = 0; i < dnsLabels.length; i++)
|
|
{
|
|
if (! Pattern.matches(REGEX_VALID_DNS_LABEL, dnsLabels[i]))
|
|
{
|
|
throw new IllegalArgumentException(dnsLabels[i] + " is not a valid DNS label (must match " + REGEX_VALID_DNS_LABEL + ")");
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (! Pattern.matches(REGEX_VALID_DNS_LABEL, tenantDomain))
|
|
{
|
|
throw new IllegalArgumentException(tenantDomain + " is not a valid DNS label (must match " + REGEX_VALID_DNS_LABEL + ")");
|
|
}
|
|
}
|
|
}
|
|
|
|
// tenant deployer/user services delegated to tenant service
|
|
|
|
public boolean isEnabled()
|
|
{
|
|
return tenantService.isEnabled();
|
|
}
|
|
|
|
public String getCurrentUserDomain()
|
|
{
|
|
return tenantService.getCurrentUserDomain();
|
|
}
|
|
|
|
public String getUserDomain(String username)
|
|
{
|
|
return tenantService.getUserDomain(username);
|
|
}
|
|
|
|
public String getBaseNameUser(String username)
|
|
{
|
|
return tenantService.getBaseNameUser(username);
|
|
}
|
|
|
|
public String getDomainUser(String baseUsername, String tenantDomain)
|
|
{
|
|
return tenantService.getDomainUser(baseUsername, tenantDomain);
|
|
}
|
|
|
|
public String getDomain(String name)
|
|
{
|
|
return tenantService.getDomain(name);
|
|
}
|
|
|
|
// local helpers
|
|
|
|
public String getBaseAdminUser()
|
|
{
|
|
// default for backwards compatibility only - eg. upgrade of existing MT instance (mt-admin-context.xml.sample)
|
|
if (baseAdminUsername != null)
|
|
{
|
|
return baseAdminUsername;
|
|
}
|
|
return getBaseNameUser(AuthenticationUtil.getAdminUserName());
|
|
}
|
|
|
|
private String getSystemUser(String tenantDomain)
|
|
{
|
|
return tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain);
|
|
}
|
|
|
|
private String getTenantAdminUser(String tenantDomain)
|
|
{
|
|
|
|
return tenantService.getDomainUser(getBaseAdminUser(), tenantDomain);
|
|
}
|
|
|
|
private String getTenantGuestUser(String tenantDomain)
|
|
{
|
|
return authenticationContext.getGuestUserName(tenantDomain);
|
|
}
|
|
}
|