mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
e096d59076
16030: Merged V3.1 to V3.2
16001: Merged V2.2 to V3.1
15999: Temp build/test (AVM permissions - testSimpleInternalLayer)
16223: WCM UI - simple perf improvement when displaying modified list (lock icon)
16472: Merged V3.1 to V3.2
16180: ETHREEOH-2821 - fix deployment of WCM layered (ie. across web project) file
16188: WCM - minor: display (localisable) "File" text (follow-on fix for r15970)
16255: WCM - ETHREEOH-2836
16257: AVM - minor updates to unit tests
16275: WCM - ETHREEOH-2844
16277: WCM - ETHREEOH-2829 - added simple unit test
16341: AVM - minor update to reuse core (path) utils
16344: Merged V2.2 to V3.1
16323: Fix ETWOTWO-1266 (unexpected AVM conflict)
16457: Fix ETHREEOH-2836 (WCM layered files) - follow-on fix, with additional unit test
16649: Fix ETHREEOH-1878 - configure WCM locking for CIFS/FTP
16654: Merged V3.1 to V3.2
16507: Fix ETHREEOH-2604 - update unsecured-public-services-security-context.xml.sample (to allow server to start)
16527: Fix ETHREEOH-2868 - can't submit removal of WCM layered file (Older version prevents update)
16607: AVM - additional tests when deleting LD + fix to avoid cycle
16612: AVM - console improvement (lsver, rmvers) to enable admin/support to list & purge snapshots between dates
16638: Fix ETHREEOH-2893 - stale WCM/AVM layered dir
16643: AVM - console improvement (setopacity) -> eg. to set stale/modifed WCM layered folder as opaque
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16895 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
551 lines
27 KiB
XML
551 lines
27 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
|
|
|
|
<!-- ========================== -->
|
|
<!-- Enforcement of permissions -->
|
|
<!-- ========================== -->
|
|
|
|
<!-- -->
|
|
<!-- This file defines the beans that intercept method calls to the repository services -->
|
|
<!-- and enforce security based on the currently authenticated user. -->
|
|
<!-- -->
|
|
|
|
|
|
<beans>
|
|
|
|
|
|
<!-- ======================= -->
|
|
<!-- Support for permissions -->
|
|
<!-- ========================-->
|
|
|
|
<bean id='permissionService' class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
|
|
<property name="proxyInterfaces">
|
|
<value>org.alfresco.repo.security.permissions.PermissionServiceSPI</value>
|
|
</property>
|
|
<property name="transactionManager">
|
|
<ref bean="transactionManager" />
|
|
</property>
|
|
<property name="target">
|
|
<ref bean="permissionServiceImpl" />
|
|
</property>
|
|
<property name="transactionAttributes">
|
|
<props>
|
|
<prop key="*">${server.transaction.mode.default}</prop>
|
|
</props>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="permissionServiceImpl" class="org.alfresco.repo.security.permissions.noop.PermissionServiceNOOPImpl" />
|
|
|
|
<!--
|
|
<bean id="permissionServiceImpl" class="org.alfresco.repo.security.permissions.impl.PermissionServiceImpl">
|
|
<property name="nodeService">
|
|
<ref bean="mtAwareNodeService" />
|
|
</property>
|
|
<property name="tenantService">
|
|
<ref bean="tenantService"/>
|
|
</property>
|
|
<property name="dictionaryService">
|
|
<ref bean="dictionaryService" />
|
|
</property>
|
|
<property name="permissionsDaoComponent">
|
|
<ref bean="permissionsDaoComponent" />
|
|
</property>
|
|
<property name="modelDAO">
|
|
<ref bean="permissionsModelDAO" />
|
|
</property>
|
|
<property name="authorityService">
|
|
<ref bean="authorityService" />
|
|
</property>
|
|
<property name="accessCache">
|
|
<ref bean="permissionsAccessCache" />
|
|
</property>
|
|
<property name="policyComponent">
|
|
<ref bean="policyComponent" />
|
|
</property>
|
|
<property name="aclDaoComponent">
|
|
<ref bean="aclDaoComponent" />
|
|
</property>
|
|
<property name="dynamicAuthorities">
|
|
<list>
|
|
<ref bean="ownerDynamicAuthority" />
|
|
<ref bean="lockOwnerDynamicAuthority" />
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
-->
|
|
|
|
<!-- =================== -->
|
|
<!-- Dynamic Authorities -->
|
|
<!-- =================== -->
|
|
|
|
|
|
<!-- The provider to evaluate if the current authentication is the owner of a node. -->
|
|
<bean id="ownerDynamicAuthority" class="org.alfresco.repo.security.permissions.dynamic.OwnerDynamicAuthority">
|
|
<property name="ownableService">
|
|
<ref bean="ownableService" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- The provider to evaluate if the currfent authentication is the local owner on a -->
|
|
<!-- node. -->
|
|
<bean id="lockOwnerDynamicAuthority" class="org.alfresco.repo.security.permissions.dynamic.LockOwnerDynamicAuthority">
|
|
<property name="lockService">
|
|
<ref bean="lockService" />
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="modelDAO">
|
|
<ref bean="permissionsModelDAO" />
|
|
</property>
|
|
<property name="requiredFor">
|
|
<list>
|
|
<value>Unlock</value>
|
|
<value>CheckIn</value>
|
|
<value>CancelCheckOut</value>
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- ===================== -->
|
|
<!-- Permissions Model DAO -->
|
|
<!-- ===================== -->
|
|
|
|
<bean id='permissionsModelDAO' class="org.alfresco.repo.security.permissions.impl.model.PermissionModel">
|
|
<property name="model">
|
|
<value>alfresco/model/permissionDefinitions.xml</value>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="dictionaryService">
|
|
<ref bean="dictionaryService" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- =========================== -->
|
|
<!-- Permissions Model Bootstrap -->
|
|
<!-- =========================== -->
|
|
|
|
<bean id="permissionModelBootstrap" class="org.alfresco.repo.security.permissions.impl.model.PermissionModelBootstrap" abstract="true" init-method="init">
|
|
<property name="permissionModel" ref="permissionsModelDAO"/>
|
|
</bean>
|
|
|
|
<!-- ====== -->
|
|
<!-- Voters -->
|
|
<!-- ====== -->
|
|
|
|
<!-- A voter to allow access base on the current authentication having authorities -->
|
|
<!-- starting with the prefix "ROLE_" -->
|
|
<!-- Any match grants -->
|
|
|
|
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" abstract="false" singleton="true"
|
|
lazy-init="default" autowire="default" dependency-check="default" >
|
|
<property name="rolePrefix">
|
|
<value>ROLE_</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- A voter to allow access base on the current authentication having authorities -->
|
|
<!-- starting with the prefix "GROUP_" -->
|
|
<!-- Any match grants -->
|
|
|
|
<bean id="groupVoter" class="net.sf.acegisecurity.vote.RoleVoter" abstract="false" singleton="true"
|
|
lazy-init="default" autowire="default" dependency-check="default" >
|
|
<property name="rolePrefix">
|
|
<value>GROUP_</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- A voter to allow access based on node access control. -->
|
|
<!-- These start ACL_NODE or ACL_PARENT and are followed by .methodArgumentPosition -->
|
|
<!-- then object type (prefix:localname) . permission -->
|
|
<!-- -->
|
|
<!-- All permissions starting ACL_NODE and ACL_PARENT must be present for access to -->
|
|
<!-- be granted. -->
|
|
<!-- -->
|
|
<!-- Note: ff the context evaluates to null (e.g. doing an exists test on a node -->
|
|
<!-- that does not exist) then access will be allowed. -->
|
|
|
|
<bean id="aclEntryVoter" class="org.alfresco.repo.security.permissions.impl.acegi.ACLEntryVoter" abstract="false" singleton="true"
|
|
lazy-init="default" autowire="default" dependency-check="default" >
|
|
<property name="permissionService">
|
|
<ref bean="permissionService"></ref>
|
|
</property>
|
|
<property name="namespacePrefixResolver">
|
|
<ref bean="namespaceService"></ref>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService"></ref>
|
|
</property>
|
|
<property name="authenticationService">
|
|
<ref bean="authenticationService" />
|
|
</property>
|
|
<property name="authorityService">
|
|
<ref bean="authorityService" />
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- ======================= -->
|
|
<!-- Access decision manager -->
|
|
<!-- ======================= -->
|
|
|
|
<!-- The access decision manager asks voters in order if they should allow access -->
|
|
<!-- Role and group access do not require ACL based access -->
|
|
|
|
<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
|
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
|
<property name="decisionVoters">
|
|
<list>
|
|
<ref local="roleVoter"/>
|
|
<ref local="groupVoter"/>
|
|
<ref local="aclEntryVoter"/>
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- ======================================== -->
|
|
<!-- Post method call application of security -->
|
|
<!-- ======================================== -->
|
|
|
|
<bean id="afterAcl" class="org.alfresco.repo.security.permissions.impl.acegi.ACLEntryAfterInvocationProvider" abstract="false" singleton="true"
|
|
lazy-init="default" autowire="default" dependency-check="default" >
|
|
<property name="permissionService">
|
|
<ref bean="permissionServiceImpl"></ref>
|
|
</property>
|
|
<property name="namespacePrefixResolver">
|
|
<ref bean="namespaceService"></ref>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService"></ref>
|
|
</property>
|
|
<property name="authenticationService">
|
|
<ref bean="authenticationService" />
|
|
</property>
|
|
<property name="maxPermissionCheckTimeMillis">
|
|
<value>${system.acl.maxPermissionCheckTimeMillis}</value>
|
|
</property>
|
|
<property name="maxPermissionChecks">
|
|
<value>${system.acl.maxPermissionChecks}</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Link up after method call security -->
|
|
|
|
<bean id="afterInvocationManager" class="net.sf.acegisecurity.afterinvocation.AfterInvocationProviderManager">
|
|
<property name="providers">
|
|
<list>
|
|
<ref local="afterAcl"/>
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- ================================ -->
|
|
<!-- Beans that enforce secure access -->
|
|
<!-- ================================ -->
|
|
|
|
<!-- Each bean defines a new methos security interceptor wired up with the -->
|
|
<!-- authenticationManager, accessDecisionManager and afterInvocationManager, which -->
|
|
<!-- can all be reused. -->
|
|
|
|
<!-- If one method cal requires security enforcement - all methods must gave a -->
|
|
<!-- security entry of some sort. ACL_ALLOW can be used to give access to all -->
|
|
<!-- ROLE_ADMINISTRATOR can be used to grant access to administrator related methods -->
|
|
|
|
|
|
<!-- The namespace service does not enforce any security requirements -->
|
|
<bean id="NamespaceService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- The dictionary service does not enforce any security requirements -->
|
|
<bean id="DictionaryService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ======================== -->
|
|
<!-- Node service permissions -->
|
|
<!-- ======================== -->
|
|
|
|
<!-- See the NodeService for the parameters required for each method call. -->
|
|
<!-- -->
|
|
<!-- getStores -->
|
|
<!-- returns a list fo the stores to which the curent authentication has Read -->
|
|
<!-- permission. (See the permission model defintion for what this means) -->
|
|
<!-- createStore -->
|
|
<!-- only a user with the administrator role can create new stores -->
|
|
<!-- exists -->
|
|
<!-- check if a node exists. If the current user does not have read access then -->
|
|
<!-- the node will not exist. -->
|
|
<!-- getRootNode -->
|
|
<!-- get the root node for a store - access will be denied for users who do not -->
|
|
<!-- have Read permission for the root node of the store. -->
|
|
<!-- createNode -->
|
|
<!-- requires that the current authentication has the permission to create -->
|
|
<!-- children for the containing node. -->
|
|
<!-- moveNode -->
|
|
<!-- requires that the current authentication has the permission to delete the -->
|
|
<!-- the node in the source folder and create it in the destination folder. -->
|
|
<!-- setChildAssociationIndex -->
|
|
<!-- required write properties permission on the parent -->
|
|
<!-- getType -->
|
|
<!-- obtaining the type of a node requires read access -->
|
|
<!-- addAspect -->
|
|
<!-- adding an aspect updates a multi-valued property so this requires write -->
|
|
<!-- access to properties. -->
|
|
<!-- removeAspect -->
|
|
<!-- removing an aspect updates a multi-valued property so this requires write -->
|
|
<!-- access to properties. -->
|
|
<!-- hasAspect -->
|
|
<!-- querying for an aspect requires read access to a property -->
|
|
<!-- getAspects -->
|
|
<!-- querying for all aspect requires read access to a property -->
|
|
<!-- deleteNode -->
|
|
<!-- requires the delete permission -->
|
|
<!-- addChild -->
|
|
<!-- requires create children on the parent -->
|
|
<!-- removeChild -->
|
|
<!-- Requires delete children from the parent and delete for the child -->
|
|
<!-- removeChildAssociation -->
|
|
<!-- Requires delete children from the parent and delete for the child -->
|
|
<!-- getProperties -->
|
|
<!-- Requires read properties for the node -->
|
|
<!-- getProperty -->
|
|
<!-- Requires read properties for the node -->
|
|
<!-- setProperties -->
|
|
<!-- Requires write properties for the node -->
|
|
<!-- setProperty -->
|
|
<!-- Requires write properties for the node -->
|
|
<!-- getParentAssocs -->
|
|
<!-- Requires read on the node and returns only parents that can be seen -->
|
|
<!-- It is possible that no parents are accessible -->
|
|
<!-- getChildAssocs -->
|
|
<!-- Requires read on the node and returns only children that can be seen -->
|
|
<!-- It is possible that no children are accessible -->
|
|
<!-- getPrimaryParent -->
|
|
<!-- Requires read on the node an aceess error will be thrown if the primary -->
|
|
<!-- parent can not be read -->
|
|
<!-- createAssociation -->
|
|
<!-- NOT SET YET -->
|
|
<!-- removeAssociation -->
|
|
<!-- NOT SET YET -->
|
|
<!-- getTargetAssocs -->
|
|
<!-- NOT SET YET -->
|
|
<!-- getSourceAssocs -->
|
|
<!-- NOT SET YET -->
|
|
<!-- getPath -->
|
|
<!-- Requires read for the node -->
|
|
<!-- getPaths -->
|
|
<!-- Requires read for the node -->
|
|
|
|
|
|
<bean id="NodeService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ============================== -->
|
|
<!-- FileFolder Service Permissions -->
|
|
<!-- ============================== -->
|
|
|
|
<bean id="FileFolderService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- =========================== -->
|
|
<!-- Content Service Permissions -->
|
|
<!-- =========================== -->
|
|
|
|
<!-- Reading requires the permission to read content -->
|
|
<!-- Writing required the permission to write conent -->
|
|
|
|
<bean id="ContentService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ================ -->
|
|
<!-- MimeType Service -->
|
|
<!-- ================ -->
|
|
|
|
<!-- There are no permissions around mime types -->
|
|
<bean id="MimetypeService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ============== -->
|
|
<!-- Search Service -->
|
|
<!-- ============== -->
|
|
|
|
<!-- All search results are filtered to exclude nodes that the current user can not -->
|
|
<!-- read. Other methods restrict queries to those nodes the user can read -->
|
|
|
|
<bean id="SearchService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ================ -->
|
|
<!-- Category Service -->
|
|
<!-- ================ -->
|
|
|
|
<!-- Category queries are filtered for nodes that are visible to the current user -->
|
|
<!-- Other methods are unrestricted at the moment -->
|
|
|
|
<!-- Uses the public node service for all mutations - access is allowed here and enforced by the public node service -->
|
|
|
|
<bean id="CategoryService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ============ -->
|
|
<!-- Copy Service -->
|
|
<!-- ============ -->
|
|
|
|
<!-- The copy service does not require any security restrictions, they are imposed -->
|
|
<!-- by the node service it uses to do its work. -->
|
|
|
|
<bean id="CopyService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ================ -->
|
|
<!-- The Lock Service -->
|
|
<!-- ================ -->
|
|
|
|
<!-- Lock and Unlock require the related aspect specific permissions. Querying the -->
|
|
<!-- lock status just requires read access to the node. -->
|
|
|
|
<bean id="LockService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- =============== -->
|
|
<!-- Version Service -->
|
|
<!-- =============== -->
|
|
|
|
<!-- The version service does not have any restrictions applied at the moment. It -->
|
|
<!-- does not use a node service that would apply any permissions. -->
|
|
|
|
<bean id="VersionService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- =============================== -->
|
|
<!-- Multilingual Content Service -->
|
|
<!-- =============================== -->
|
|
|
|
<!-- The version service does not have any restrictions applied at the moment. It -->
|
|
<!-- does not use a node service that would apply any permissions. -->
|
|
|
|
<bean id="MultilingualContentService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- =================== -->
|
|
<!-- Edition Service -->
|
|
<!-- =================== -->
|
|
|
|
<bean id="EditionService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ============================== -->
|
|
<!-- The Check-out/Check-in service -->
|
|
<!-- ============================== -->
|
|
|
|
<!-- To check out a node requires that you have permission to check out the node and -->
|
|
<!-- create the working copy in the specified location. Check in requires the -->
|
|
<!-- the associated permission, as does cancel check out. See the permission model -->
|
|
<!-- for how these permissions are granted. -->
|
|
|
|
<bean id="CheckoutCheckinService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ================ -->
|
|
<!-- The Rule Service -->
|
|
<!-- ================ -->
|
|
|
|
<!-- The rule service does not require any security restrictions, they are imposed -->
|
|
<!-- by the node service it uses to do its work. -->
|
|
|
|
<bean id="RuleService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ==================== -->
|
|
<!-- The Importer Service -->
|
|
<!-- ==================== -->
|
|
|
|
<!-- The importer service does not require any security restrictions, they are -->
|
|
<!-- imposed by the node service it uses to do its work. -->
|
|
|
|
<bean id="ImporterService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ================== -->
|
|
<!-- The Action Service -->
|
|
<!-- ================== -->
|
|
|
|
<!-- The action service does not require any security restrictions, they are imposed -->
|
|
<!-- by the node service it uses to do its work. -->
|
|
<bean id="ActionService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ====================== -->
|
|
<!-- The Permission Service -->
|
|
<!-- ====================== -->
|
|
|
|
<!-- Requests to this service are controlled by the ReadPermissions and -->
|
|
<!-- and ChangePermissions permissions. Access to some methods are not restricted at -->
|
|
<!-- the moment. -->
|
|
|
|
<bean id="PermissionService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ===================== -->
|
|
<!-- The Authority Service -->
|
|
<!-- ===================== -->
|
|
|
|
<!-- This service currently has no restrictions. -->
|
|
|
|
<bean id="AuthorityService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- =============================================== -->
|
|
<!-- The Authentication Service security interceptor -->
|
|
<!-- =============================================== -->
|
|
|
|
<!-- NOTE: Authentication is excluded as it sets or clears authentication -->
|
|
<!-- The same for validate ticaket -->
|
|
<!-- Update authentication checks internally -->
|
|
<bean id="AuthenticationService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- =================== -->
|
|
<!-- The Ownable Service -->
|
|
<!-- =================== -->
|
|
|
|
<!-- This service currently has no restrictions. -->
|
|
<!-- TODO: respect the permissions on the ownable service -->
|
|
|
|
<bean id="OwnableService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- Person Service -->
|
|
|
|
<bean id="PersonService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ==================== -->
|
|
<!-- The Template Service -->
|
|
<!-- ==================== -->
|
|
|
|
<!-- This service currently has no restrictions. -->
|
|
|
|
<bean id="TemplateService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ==================== -->
|
|
<!-- The Script Service -->
|
|
<!-- ==================== -->
|
|
|
|
<!-- This service currently has no restrictions. -->
|
|
|
|
<bean id="ScriptService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ================ -->
|
|
<!-- Workflow Service -->
|
|
<!-- ================ -->
|
|
|
|
<!-- TODO: Add workflow security -->
|
|
|
|
<bean id="WorkflowService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ============= -->
|
|
<!-- Audit Service -->
|
|
<!-- ============= -->
|
|
|
|
<!-- TODO: Add audit security -->
|
|
|
|
<bean id="AuditService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ======================== -->
|
|
<!-- Repository Admin Service -->
|
|
<!-- ======================== -->
|
|
|
|
<!-- TODO: Add repository admin security -->
|
|
|
|
<bean id="RepoAdminService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
<!-- ===================== -->
|
|
<!-- Content Usage Service -->
|
|
<!-- ===================== -->
|
|
|
|
<!-- TODO: Add content usage security -->
|
|
<bean id="ContentUsageService_security" class="org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor" />
|
|
|
|
</beans> |