mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
46f9f8c24e
42725: Record Only Merge: V3.4-BUG-FIX (3.4.12) to V4.1-BUG-FIX (4.1.2)
<< Record only as 4.1.2 used PDFBOX 1.0.7 rather than 1.0.6 >>
42721: ALF-14185 PDF not indexed as a result of PDFBOX-1143 workaround in Tika
42726: ALF-16388 CLONE: PDF not indexed as a result of PDFBOX-1143 workaround in Tika
- 4.1 specific fix (uses PDFBox 1.0.7) for the same issue as ALF-14185 on 3.4 (uses PDFBox 1.0.6).
42736: ALF-16093: Implement new getPeople CQ (eg. if using user admin console and/or Solr unavailable)
42740: Merged DEV to V4.1-BUG-FIX
42626: ALF-14336: SOLR indexing fails with unterminated string for PDF uploaded
Appeared exception due to postgreSQL (http://archives.postgresql.org/pgsql-jdbc/2007-02/msg00107.php).
Remove '\u0000' characters from the property.
42741: Fix for ALF-16332 - Alternative version of AbstractWebScriptViewResolver that uses a ConcurrentHashMap and thus allows multiple views to be resolved at the same time!
42755: Merged DEV to V4.1-BUG-FIX
42750 : ALF-16315
42762: ALF-15616: Merged V3.4-BUG-FIX (3.4.12) to V4.1-BUG-FIX (4.1.2)
42758: ALF-11956 WCM accessibility
- tabIndex code. See comment on 17 Oct 2012
"4) TinyMCE fields are not accessible using the keyboard (you have to use the mouse to select the "click to edit" option) - > It's reproduced for (+) icon, content created on press-release.xsd."
42768: Merged somehow-lost mergeinfo from r42679
42769: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
42738: ALF-12724 CLONE - Activities trigger high CPU usage and lock contention
42767: Merged V3.4 to V3.4-BUG-FIX
42727: ALF-16366: PermissionService calls were updating nodes but not reindexing them, leaving out of sync transactions after a clean bootstrap!
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@42770 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
671 lines
24 KiB
XML
671 lines
24 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
|
|
|
|
<!-- =================================================================== -->
|
|
<!-- This file contains the bean definitions that support authentication -->
|
|
<!-- =================================================================== -->
|
|
|
|
<!-- -->
|
|
<!-- Acegi is used for authentication and protecting method calls on public -->
|
|
<!-- services. To do this requires our authentication mechanism to work -->
|
|
<!-- within the acegi framework. -->
|
|
<!-- -->
|
|
<!-- It is important to decide if user names are case sensitive or not. -->
|
|
<!-- This is configured in repository.properties. -->
|
|
<!-- -->
|
|
<!-- -->
|
|
<!-- TODO: -->
|
|
<!-- -->
|
|
<!-- The transactional wrappers should be removed from the beans in this -->
|
|
<!-- file. This should be done in the public services definitions. -->
|
|
<!-- This requires some tests to be fixed up. -->
|
|
<!-- -->
|
|
|
|
|
|
<beans>
|
|
<!-- -->
|
|
<!-- The Acegi authentication manager. -->
|
|
<!-- -->
|
|
<!-- Provders are asked to authenticate in order. -->
|
|
<!-- First, is a provider that checks if an acegi authentication object -->
|
|
<!-- is already bound to the executing thread. If it is, and it is set -->
|
|
<!-- as authenticated then no further authentication is required. If -->
|
|
<!-- this is absent, Acegi validates the password for every method -->
|
|
<!-- invocation, which is too CPU expensive. If we set an -->
|
|
<!-- authentication based on a ticket etc .... or we want to set the -->
|
|
<!-- the system user as the current user ... we do not have the -->
|
|
<!-- password. So if we have set an authentication and set it as -->
|
|
<!-- authenticated that is sufficient to validate the user. -->
|
|
<!-- -->
|
|
<!-- If the authentication bound to the current thread is not set as -->
|
|
<!-- authenticated the standard Acegi DAO Authentication provider -->
|
|
<!-- is used to authenticate. -->
|
|
<!-- -->
|
|
|
|
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
|
|
<property name="providers">
|
|
<list>
|
|
<ref bean="authenticatedAuthenticationPassthroughProvider" />
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- An authentication Provider that just believes authentications -->
|
|
<!-- bound to the local thread are valid if they are set as -->
|
|
<!-- authenticated. -->
|
|
|
|
<bean id="authenticatedAuthenticationPassthroughProvider"
|
|
class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
|
|
|
|
<!-- The authority DAO implements an interface extended from the Acegi -->
|
|
<!-- DAO that supports CRUD. -->
|
|
|
|
<!-- The editable authentication chain -->
|
|
<bean id="Authentication"
|
|
class="org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager"
|
|
parent="abstractPropertyBackedBean">
|
|
<property name="defaultChain">
|
|
<value>${authentication.chain}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Acegi providers now proxy to the first authentication DAO in the chain -->
|
|
<bean id="authenticationDao"
|
|
class="org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory">
|
|
<property name="applicationContextManager">
|
|
<ref bean="Authentication" />
|
|
</property>
|
|
<property name="interfaces">
|
|
<list>
|
|
<value>org.alfresco.repo.security.authentication.MutableAuthenticationDao</value>
|
|
</list>
|
|
</property>
|
|
<!-- A generic fallback implementation, in case the chain doesn't provide
|
|
one -->
|
|
<property name="defaultTarget">
|
|
<bean
|
|
class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao">
|
|
<property name="allowSetEnabled" value="true" />
|
|
<property name="allowGetEnabled" value="true" />
|
|
<property name="allowDeleteUser" value="true" />
|
|
<property name="allowCreateUser" value="true" />
|
|
</bean>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Allow the authentication subsystem to listen for SMB Server session
|
|
events -->
|
|
<bean id="SmbSessionListener"
|
|
class="org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory">
|
|
<property name="applicationContextManager">
|
|
<ref bean="Authentication" />
|
|
</property>
|
|
<property name="interfaces">
|
|
<list>
|
|
<value>org.alfresco.jlan.server.SessionListener</value>
|
|
</list>
|
|
</property>
|
|
<!-- A benign fallback implementation, in case the chain isn't interested! -->
|
|
<property name="defaultTarget">
|
|
<bean class="org.alfresco.filesys.NullSessionListener" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="CifsAuthenticator"
|
|
class="org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory">
|
|
<property name="applicationContextManager">
|
|
<ref bean="Authentication" />
|
|
</property>
|
|
<property name="sourceBeanName">
|
|
<value>cifsAuthenticator</value>
|
|
</property>
|
|
<property name="interfaces">
|
|
<list>
|
|
<value>org.alfresco.jlan.server.auth.ICifsAuthenticator</value>
|
|
<value>org.alfresco.repo.management.subsystems.ActivateableBean</value>
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="FtpAuthenticator"
|
|
class="org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory">
|
|
<property name="applicationContextManager">
|
|
<ref bean="Authentication" />
|
|
</property>
|
|
<property name="sourceBeanName">
|
|
<value>ftpAuthenticator</value>
|
|
</property>
|
|
<property name="interfaces">
|
|
<list>
|
|
<value>org.alfresco.jlan.ftp.FTPAuthenticator</value>
|
|
<value>org.alfresco.repo.management.subsystems.ActivateableBean</value>
|
|
</list>
|
|
</property>
|
|
<!-- A generic fallback implementation, in case the chain doesn't provide
|
|
one -->
|
|
<property name="defaultTarget">
|
|
<bean class="org.alfresco.filesys.auth.ftp.AlfrescoFtpAuthenticator"
|
|
parent="ftpAuthenticatorBase" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Passwords are encoded using MD4 -->
|
|
<!-- This is not ideal and only done to be compatible with NTLM -->
|
|
<!-- authentication against the default authentication mechanism. -->
|
|
|
|
<bean id="passwordEncoder"
|
|
class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
|
|
|
|
|
|
<!-- The Authentication Service implementation. -->
|
|
<!-- -->
|
|
<!-- Each method 'chains' through all AuthenticationService implementations
|
|
in the authentication chain -->
|
|
|
|
<bean id="authenticationService"
|
|
class="org.alfresco.repo.security.authentication.subsystems.SubsystemChainingAuthenticationService">
|
|
<property name="sysAdminParams">
|
|
<ref bean="sysAdminParams" />
|
|
</property>
|
|
<property name="applicationContextManager">
|
|
<ref bean="Authentication" />
|
|
</property>
|
|
<property name="sourceBeanName">
|
|
<value>localAuthenticationService</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- The public authentication component. -->
|
|
|
|
<bean id="AuthenticationComponent"
|
|
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
|
|
<property name="proxyInterfaces">
|
|
<value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
|
|
</property>
|
|
<property name="transactionManager">
|
|
<ref bean="transactionManager" />
|
|
</property>
|
|
<property name="target">
|
|
<ref bean="authenticationComponent" />
|
|
</property>
|
|
<property name="transactionAttributes">
|
|
<props>
|
|
<prop key="*">${server.transaction.mode.default}</prop>
|
|
</props>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Parent bean for beans derived from AbstractAuthenticationComponent -->
|
|
<bean id="authenticationComponentBase" abstract="true">
|
|
<property name="authenticationContext">
|
|
<ref bean="authenticationContext" />
|
|
</property>
|
|
<property name="userRegistrySynchronizer">
|
|
<ref bean="userRegistrySynchronizer" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- The chaining authentication component -->
|
|
<bean id="authenticationComponent"
|
|
class="org.alfresco.repo.security.authentication.subsystems.SubsystemChainingAuthenticationComponent"
|
|
parent="authenticationComponentBase">
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="personService">
|
|
<ref bean="personService" />
|
|
</property>
|
|
<property name="transactionService">
|
|
<ref bean="transactionService" />
|
|
</property>
|
|
<property name="applicationContextManager">
|
|
<ref bean="Authentication" />
|
|
</property>
|
|
<property name="sourceBeanName">
|
|
<value>authenticationComponent</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Import the user registry synchronizer from the synchronization subsystem -->
|
|
<bean id="userRegistrySynchronizer"
|
|
class="org.alfresco.repo.management.subsystems.SubsystemProxyFactory">
|
|
<property name="sourceApplicationContextFactory">
|
|
<ref bean="Synchronization" />
|
|
</property>
|
|
<property name="interfaces">
|
|
<list>
|
|
<value>org.alfresco.repo.security.sync.UserRegistrySynchronizer</value>
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="authenticationContext"
|
|
class="org.alfresco.repo.security.authentication.AuthenticationContextImpl">
|
|
<property name="tenantService">
|
|
<ref bean="tenantService" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Simple Authentication component that rejects all authentication requests -->
|
|
<!-- Use this defintion for Novell IChain integration. -->
|
|
<!-- It should never go to the login screen so this is not required -->
|
|
|
|
<!-- <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl"
|
|
parent="authenticationComponentBase"> <property name="accept"> <value>true</value>
|
|
</property> </property> <property name="nodeService"> <ref bean="nodeService"
|
|
/> </property> <property name="personService"> <ref bean="personService"
|
|
/> </property> <property name="transactionService"> <ref bean="transactionService"
|
|
/> </property> </bean> -->
|
|
|
|
<!-- support to match user names -->
|
|
|
|
<bean id="userNameMatcher" class="org.alfresco.repo.security.person.UserNameMatcherImpl">
|
|
<property name="userNamesAreCaseSensitive">
|
|
<value>${user.name.caseSensitive}</value>
|
|
</property>
|
|
<property name="domainNamesAreCaseSensitive">
|
|
<value>${domain.name.caseSensitive}</value>
|
|
</property>
|
|
<property name="domainSeparator">
|
|
<value>${domain.separator}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- The person service. -->
|
|
|
|
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
|
|
<property name="transactionService" ref="transactionService" />
|
|
<property name="nodeService" ref="nodeService" />
|
|
<property name="tenantService" ref="tenantService"/>
|
|
<property name="searchService" ref="admSearchService" />
|
|
<property name="permissionServiceSPI" ref="permissionServiceImpl" />
|
|
<property name="authorityService" ref="authorityService" />
|
|
<property name="authenticationService" ref="authenticationService" />
|
|
<property name="dictionaryService" ref="dictionaryService" />
|
|
<property name="namespacePrefixResolver" ref="namespaceService" />
|
|
<property name="policyComponent" ref="policyComponent"/>
|
|
<property name="personCache" ref="personCache" />
|
|
<property name="permissionsManager" ref="personServicePermissionsManager" />
|
|
<property name="cannedQueryRegistry" ref="personServiceCannedQueryRegistry" />
|
|
<property name="aclDAO" ref="aclDAO" />
|
|
<property name="homeFolderManager" ref="HomeFolderManager" />
|
|
<property name="repoAdminService" ref="repoAdminService" />
|
|
<property name="serviceRegistry" ref="ServiceRegistry"/>
|
|
<!-- Configurable properties. -->
|
|
<property name="homeFolderCreationEager">
|
|
<value>${home.folder.creation.eager}</value>
|
|
</property>
|
|
<!-- -->
|
|
<!-- TODO: -->
|
|
<!-- Add support for creating real home spaces adn setting -->
|
|
<!-- permissions on the hame space and people created. -->
|
|
<!-- -->
|
|
<!-- The store in which people are persisted. -->
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
<!-- Some authentication mechanisms may need to create people -->
|
|
<!-- in the repository on demand. This enables that feature. -->
|
|
<!-- If dsiabled an error will be generated for missing -->
|
|
<!-- people. If enabled then a person will be created and -->
|
|
<!-- persisted. -->
|
|
<!-- Valid values are -->
|
|
<!-- ${server.transaction.allow-writes} -->
|
|
<!-- false -->
|
|
<property name="createMissingPeople">
|
|
<value>${server.transaction.allow-writes}</value>
|
|
</property>
|
|
<property name="userNameMatcher">
|
|
<ref bean="userNameMatcher" />
|
|
</property>
|
|
<!-- New properties after 1.4.0 to deal with duplicate user ids when found -->
|
|
<property name="processDuplicates">
|
|
<value>true</value>
|
|
</property>
|
|
<!-- one of: LEAVE, SPLIT, DELETE -->
|
|
<property name="duplicateMode">
|
|
<value>SPLIT</value>
|
|
</property>
|
|
<property name="lastIsBest">
|
|
<value>true</value>
|
|
</property>
|
|
<property name="includeAutoCreated">
|
|
<value>false</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="personServiceCannedQueryRegistry" class="org.alfresco.util.registry.NamedObjectRegistry">
|
|
<property name="storageType" value="org.alfresco.query.CannedQueryFactory"/>
|
|
</bean>
|
|
|
|
<!-- deprecated (see getPeopleCannedQueryFactory) -->
|
|
<bean name="peopleGetChildrenCannedQueryFactory" class="org.alfresco.repo.node.getchildren.GetChildrenCannedQueryFactory">
|
|
<property name="registry" ref="personServiceCannedQueryRegistry"/>
|
|
<property name="dictionaryService" ref="dictionaryService"/>
|
|
<property name="tenantService" ref="tenantService"/>
|
|
<property name="nodeDAO" ref="nodeDAO"/>
|
|
<property name="qnameDAO" ref="qnameDAO"/>
|
|
<property name="localeDAO" ref="localeDAO"/>
|
|
<property name="contentDataDAO" ref="contentDataDAO"/>
|
|
<property name="cannedQueryDAO" ref="cannedQueryDAO"/>
|
|
<property name="methodSecurity" ref="PersonService_security_getPeople"/>
|
|
</bean>
|
|
|
|
<bean name="getPeopleCannedQueryFactory" class="org.alfresco.repo.security.person.GetPeopleCannedQueryFactory">
|
|
<property name="registry" ref="personServiceCannedQueryRegistry"/>
|
|
<property name="tenantService" ref="tenantService"/>
|
|
<property name="nodeDAO" ref="nodeDAO"/>
|
|
<property name="qnameDAO" ref="qnameDAO"/>
|
|
<property name="cannedQueryDAO" ref="cannedQueryDAO"/>
|
|
</bean>
|
|
|
|
<bean name="personServicePermissionsManager" class="org.alfresco.repo.security.person.PermissionsManagerImpl" >
|
|
<property name="permissionService">
|
|
<ref bean="permissionServiceImpl" />
|
|
</property>
|
|
<property name="ownableService">
|
|
<ref bean="ownableService" />
|
|
</property>
|
|
<property name="ownerPermissions">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
<property name="userPermissions">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="homeFolderManager"
|
|
class="org.alfresco.repo.security.person.PortableHomeFolderManager">
|
|
<property name="nodeService">
|
|
<ref bean="NodeService" />
|
|
</property>
|
|
<property name="defaultProvider">
|
|
<ref bean="userHomesHomeFolderProvider" />
|
|
</property>
|
|
<property name="fileFolderService">
|
|
<ref bean="FileFolderService" />
|
|
</property>
|
|
<property name="searchService">
|
|
<ref bean="SearchService" />
|
|
</property>
|
|
<property name="NamespaceService">
|
|
<ref bean="NamespaceService" />
|
|
</property>
|
|
<property name="singletonCache">
|
|
<ref bean="immutableSingletonCache" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="HomeFolderManager" class="org.springframework.aop.framework.ProxyFactoryBean">
|
|
<property name="proxyInterfaces">
|
|
<list>
|
|
<value>org.alfresco.repo.security.person.HomeFolderManager</value>
|
|
</list>
|
|
</property>
|
|
<!-- Lazy init to avoid circular dependencies -->
|
|
<property name="targetSource">
|
|
<bean class="org.springframework.aop.target.LazyInitTargetSource">
|
|
<property name="targetBeanName">
|
|
<idref bean="homeFolderManager" />
|
|
</property>
|
|
</bean>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- deprecated use baseHomeFolderProvider2 -->
|
|
<bean name="baseHomeFolderProvider"
|
|
class="org.alfresco.repo.security.person.AbstractHomeFolderProvider"
|
|
abstract="true">
|
|
<!-- Requests services via ServiceRegistry for audit -->
|
|
<property name="serviceRegistry">
|
|
<ref bean="ServiceRegistry" />
|
|
</property>
|
|
<property name="homeFolderManager">
|
|
<ref bean="homeFolderManager" />
|
|
</property>
|
|
<property name="tenantService">
|
|
<ref bean="tenantService" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="baseHomeFolderProvider2"
|
|
class="org.alfresco.repo.security.person.AbstractHomeFolderProvider2"
|
|
abstract="true">
|
|
<property name="homeFolderManager">
|
|
<ref bean="homeFolderManager" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="existingHomeFolderProvider"
|
|
class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider2"
|
|
abstract="true" parent="baseHomeFolderProvider2">
|
|
</bean>
|
|
|
|
<bean name="usernameHomeFolderProvider"
|
|
class="org.alfresco.repo.security.person.UsernameHomeFolderProvider"
|
|
abstract="true" parent="baseHomeFolderProvider2">
|
|
<property name="onCreatePermissionsManager">
|
|
<ref bean="defaultOnCreatePermissionsManager" />
|
|
</property>
|
|
<property name="onReferencePermissionsManager">
|
|
<ref bean="defaultOnReferencePermissionsManager" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="regexHomeFolderProvider"
|
|
class="org.alfresco.repo.security.person.RegexHomeFolderProvider"
|
|
abstract="true" parent="usernameHomeFolderProvider">
|
|
<property name="propertyName">
|
|
<value>${spaces.user_homes.regex.key}</value>
|
|
</property>
|
|
<property name="pattern">
|
|
<value>${spaces.user_homes.regex.pattern}</value>
|
|
</property>
|
|
<property name="groupOrder">
|
|
<value>${spaces.user_homes.regex.group_order}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<bean name="companyHomeFolderProvider" parent="existingHomeFolderProvider">
|
|
<property name="rootPath">
|
|
<value>/${spaces.company_home.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="guestHomeFolderProviderPermissionsManager"
|
|
class="org.alfresco.repo.security.person.PermissionsManagerImpl">
|
|
<property name="permissionService">
|
|
<ref bean="permissionServiceImpl" />
|
|
</property>
|
|
<property name="ownableService">
|
|
<ref bean="ownableService" />
|
|
</property>
|
|
<property name="userPermissions">
|
|
<set>
|
|
<value>Consumer</value>
|
|
</set>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<bean name="guestHomeFolderProvider" parent="existingHomeFolderProvider">
|
|
<property name="rootPath">
|
|
<value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
<property name="onCreatePermissionsManager">
|
|
<ref bean="guestHomeFolderProviderPermissionsManager" />
|
|
</property>
|
|
<property name="onReferencePermissionsManager">
|
|
<ref bean="guestHomeFolderProviderPermissionsManager" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="bootstrapHomeFolderProvider"
|
|
class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider"
|
|
parent="baseHomeFolderProvider2" />
|
|
|
|
<bean name="defaultOnCreatePermissionsManager"
|
|
class="org.alfresco.repo.security.person.PermissionsManagerImpl">
|
|
<property name="permissionService">
|
|
<ref bean="permissionServiceImpl" />
|
|
</property>
|
|
<property name="ownableService">
|
|
<ref bean="ownableService" />
|
|
</property>
|
|
<property name="inheritPermissions">
|
|
<value>false</value>
|
|
</property>
|
|
<property name="ownerPermissions">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
<property name="userPermissions">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="defaultOnReferencePermissionsManager"
|
|
class="org.alfresco.repo.security.person.PermissionsManagerImpl">
|
|
<property name="permissionService">
|
|
<ref bean="permissionServiceImpl" />
|
|
</property>
|
|
<property name="ownableService">
|
|
<ref bean="ownableService" />
|
|
</property>
|
|
<property name="userPermissions">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="personalHomeFolderProvider" parent="usernameHomeFolderProvider">
|
|
<property name="rootPath">
|
|
<value>/${spaces.company_home.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="userHomesHomeFolderProvider" parent="usernameHomeFolderProvider">
|
|
<property name="rootPath">
|
|
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="largeHomeFolderProvider" parent="regexHomeFolderProvider">
|
|
<property name="rootPath">
|
|
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- The ticket component. -->
|
|
<!-- Used for reauthentication -->
|
|
<bean id="ticketComponent" class="org.springframework.aop.framework.ProxyFactoryBean">
|
|
<property name="proxyInterfaces">
|
|
<value>org.alfresco.repo.security.authentication.TicketComponent</value>
|
|
</property>
|
|
<property name="target">
|
|
<bean
|
|
class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
|
|
<property name="ticketsCache">
|
|
<ref bean="ticketsCache" />
|
|
</property>
|
|
<!-- The period for which tickets are valid in XML duration format. -->
|
|
<!-- The default is PT1H for one hour. -->
|
|
<property name="validDuration">
|
|
<value>${authentication.ticket.validDuration}</value>
|
|
</property>
|
|
<!-- Do tickets expire or live for ever? -->
|
|
<property name="ticketsExpire">
|
|
<value>${authentication.ticket.ticketsExpire}</value>
|
|
</property>
|
|
<!-- Are tickets only valid for a single use? -->
|
|
<property name="oneOff">
|
|
<value>false</value>
|
|
</property>
|
|
<!-- If ticketsEpire is true then how they should expire -->
|
|
<!-- AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE -->
|
|
<!-- The default is AFTER_FIXED_TIME -->
|
|
<property name="expiryMode">
|
|
<value>${authentication.ticket.expiryMode}</value>
|
|
</property>
|
|
</bean>
|
|
</property>
|
|
<property name="interceptorNames">
|
|
<list>
|
|
<idref bean="AuditMethodInterceptor" />
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- -->
|
|
<bean id="nameBasedUserNameGenerator"
|
|
class="org.alfresco.repo.security.authentication.NameBasedUserNameGenerator">
|
|
<!-- name patterns available: %lastName%, lower case last name %firstName%,
|
|
lower case first name %emailAddress% email address %i% lower case first name
|
|
inital -->
|
|
<property name="namePattern">
|
|
<value>%firstName%_%lastName%</value>
|
|
</property>
|
|
|
|
<property name="userNameLength">
|
|
<value>10</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Used for generating user names -->
|
|
<bean id="userNameGenerator"
|
|
class="org.alfresco.repo.security.authentication.TenantAwareUserNameGenerator">
|
|
<property name="generator">
|
|
<ref bean="nameBasedUserNameGenerator" />
|
|
</property>
|
|
<property name="tenantService">
|
|
<ref bean="tenantService" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Used for generating passwords -->
|
|
<bean id="passwordGenerator"
|
|
class="org.alfresco.repo.security.authentication.BasicPasswordGenerator">
|
|
<property name="passwordLength">
|
|
<value>8</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Authentication Util initialization -->
|
|
<bean id="authenticationUtil"
|
|
class="org.alfresco.repo.security.authentication.AuthenticationUtil">
|
|
<property name="defaultAdminUserName">
|
|
<value>${alfresco_user_store.adminusername}</value>
|
|
</property>
|
|
<property name="defaultGuestUserName">
|
|
<value>${alfresco_user_store.guestusername}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
</beans>
|