mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-07 18:25:23 +00:00
8521b7d7bd
34060: Merged V4.0 (4.0) to 4.0-BUG-FIX (4.0.1) <<< NOTE ALF-12939 still needs to be done to complete this merge to 4.0.1 >>>
33056: Fix for ALF-12280: Upgrading from version 3.4.7 to 4.0.0 failed with MS SQL database
- Added dialect-specific script for SQL Server
33059: Fix for ALF-12127, ALF-11161, ALF-11988
Merged BRANCHES/DEV/THOR1 to BRANCHES/V4.0
33049: Fixed follow issues on THOR-839 & THOR-826
- Following webscripts now sets "Content-Type" response header to application/json
- which makes people search display follow buttons for people correctly
Fix for ALF-12077
Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/V4.0
32999: Fix for ALF-12050 - IE specific handling of Ajax requests does not correctly respect no-cache setting, need to set Expires header also
33060: Fix for ALF-12208 - group name encoding
33072: Merge from HEAD to V4.0
33071: ALF-11843 CLONE - Enterprise unlimited licenses still get invalidated turning the system into read-only mode
- Fixed build failure in HeartBeat. It had relied on the fact that the previous LicenseComponent kept calling onLicenseChange every time
the license was checked. It needed the check 1 minute after the initial bootstrap call as there was a memory model sync issue in the
HeartBeat constructor to do with setting the URL it needed to call.
33073: Fix for ALF-12295 - CLONE - Upload issue ? - Failed to get content ... (No such file or directory) ... x22
33083: Merge from HEAD to V4.0
33082: ALF-11843 CLONE - Enterprise unlimited licenses still get invalidated turning the system into read-only mode
- Did not refresh Tortoise window, this file was missed in the last commit
33080: ALF-11843 CLONE - Enterprise unlimited licenses still get invalidated turning the system into read-only mode
- On reflection decided to call onLicenseChange every time the license is checked.
A change of valid license would not have resulted in a call to onLicenseChange
Also have been able to make failure and success code more symmetrical.
- The previous commit also added a RetryingTransaction around the sendData() call to
currentRepoDescriptorDAO.getLicenseKey() which I found while making the HeartBeat
changes. As a result we should no longer see the error in 4.0 about there not being a
transaction.
33087: Calendar: Permissions updates, fixes: ALF-12179 & makes the permissions flag boolean.
33088: FIXED : ALF-11862: An error message appears when you open the "edit task", to request to join the "moderated site"
Now handles null value
33102: Fix for ACT #15024-37148 (will update with JIRA no. once available)
- issue where in a load balanced Share environment (multiple web-tiers behind a reverse proxy) the modification to the template layout selection for a site or user dashboard would not be reflected in all servers.
33105: Bitrock license notice file.
33114: Merged DEV to V4.0
33067: Fix ALF-12206: CMIS: Error getting association information referencing archived node
33122: Fix for ALF-12316 Repo -> SOLR query uses HTTPClient that only supports 2 simultaneous connections
- configurable via spring (default if unconfigured is 40 connections to one host and 40 max connections)
33142: ALF-12339: Prevents ArrayOutOfBoundsException that can occur with concurrent access of i18n bundle in WebScript
34065: Fix for ALF-12708 (part 2)
- Alfresco opencmis extensions library
34093: ALF-10902 : CIFS: No friendly notification occurs when Editor or Collaborator tries to delete content
34120: ALF-12767 : CIFS TextEdit - File has been modified outside TextEdit
34125: Merged BRANCHES\V4.0 to BRANCHES\DEV\V4.0-BUG-FIX
34094: Fix for ALF-12944 OpenCMIS - CMIS-QL - Range queries for date and datetime properties fail
34095: Fix for ALF-12944 OpenCMIS - CMIS-QL - Range queries for date and datetime properties fail
- caught incorrect exception - so much for reading the Java Doc :-)
- build fix
34138: ALF-564 : Is network-protocol-context.xml still useful ?
34149: Removes more server side rendered dates:
Fixes: ALF-12965, ALF-12984, ALF-12988.
34158: Fix for ALF-12741 - Steck specific : error on managing groups
34176: Merged BRANCHES\V4.0 to BRANCHES\DEV\V4.0-BUG-FIX
34155: Fix for ALF-12979 CLONE - Search - searching in site without any images for *.jpg brings back all the documents
- note this relies on wildcard/prefix/term/phrase all going through the phrase implementation for wildcard from ALF-12162
34193: Fix for ALF-12205
34196: Fix for ALF-12758
34201: ALF-12892: Ensure that document permissions are refreshed in the dialog after being changed
34214: Switched off the CIFS Kerberos ticket cracking code by default, added a config value to enable it, latest JVMs do not require this. Part of ALF-12294.
CIFS Kerberos authentication now works with the IBM JDK.
34215: Switched off the CIFS Kerberos ticket cracking code by default, added a property to enable it, latest JVMs do not require this. Part of ALF-12294.
CIFS Kerberos authentication now works with the IBM JDK (and OpenJDK, Oracle/Sun JVMs)
34219: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/V4.0-BUG-FIX:
32096: THOR-429: Fix "MT: Thumbnail + Preview are not updated (after uploading new version)"
32125: THOR-429: Fix "MT: Thumbnail + Preview are not updated (after uploading new version)"
34220: Minor: follow-on to r34219 (ALF-11563)
34226: ALF-12780: Mac OS X Lion 10.7.2: Editing a document via CIFS and TextEdit removes versionable aspect from this file
34228: ALF-12689: Fixed character encoding issue with dynamic welcome dashlet
34237: ALF-12740: Updated XHR requests to include a noCache request parameter to address IE issue where 304 reponse is assumed for XHR request
34240: ALF-12835: Second click in status box no longer clears status
34241: ALF-11991: Updated DocLib to support categories
34245: Merged BRANCHES/DEV/THOR1_SPRINTS to BRANCHES/DEV/V4.0-BUG-FIX:
33420: THOR-1000: Solr tracking: NodeContentGet should not create (empty) temp file if there is no transformer (eg. for image node)
34246: Reverse merge of BRANCHES/DEV/V4.0-BUG-FIX -c 34245
Due to an 'svn commit' command argument ordering error, I checked in the solrcore.properties files. This reverse merge removes those changes.
34247: Merged BRANCHES/DEV/THOR1_SPRINTS to BRANCHES/DEV/V4.0-BUG-FIX:
33420: THOR-1000: Solr tracking: NodeContentGet should not create (empty) temp file if there is no transformer (eg. for image node)
34249: ALF-12782 : IMAP - No friendly notification occurs when a user without delete permissions tries to delete content
34254: Fix for ALF-13090 SOLR - cross tokenisation field matches too much for "*u*a"
34262: Fixes: ALF-11557: Publishing Balloon popups appearing in wrong locations. Now appears in correct location in Doc Lib & replaced with standard popup message on Channel Admin page.
34279: NodeDAO: re-parent "lost & found" orphan child nodes (see ALF-12358 & ALF-13066 / SYS-301)
- if orphaned nodes are identified (eg. via getPath(s)) then attempt partial recovery by placing them in (temp) lost_found
- ... ALF-12358 ('child' node has deleted parent(s))
- ... ALF-13066 (non-root 'child' node has no parent(s))
- for internal use only - allows index tracking (eg. Solr) to continue
- precursor to fixing underlying root causes
- includes merge & extension of "testConcurrentLinkToDeletedNode" (from DEV/DEREK/ALF-12358)
34298: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
34068: Fix for ALF-342 - Entering a search containing a double quote displays pop-up 500 error in OpenSearch JSF component
34069: Fix for ALF-342 - Completed fix with additional encoded of output HTML
34070: Fix for ALF-12553 - Users are unable to see more than 100 sites under 'My Sites' page. List length now configurable.
34080: Fix for ALF-10306 - Share Advanced search issue with the Date Range form values
34107: Added missing jar lib to wcmquickstart and webeditor dependencies
34114: Fix for ALF-10284 - User should be informed when user provides invalid credentials while opening document using link
34151: Merged V3.4 (3.4.8) to V3.4-BUG-FIX (3.4.9)
34121: Merged BELARUS/V3.4-BUG-FIX-2012_01_26 to V3.4 (3.4.8)
Should have been done in 3.4.7 in ALF-12174 but was not found by Eclipse search
34100: ALF-12948 : Copyright year on "About Alfresco" page is out of date
Updated copyright year to 2012.
34150: ALF-10976 (relates to ALF-10412)
- Thumbnail mimetype check should have been >= 0 not > 0.
34171: ALF-13016 : TestModel class exits with a return code of 0 even if model fails validation.
34190: A modifiable map that protects and underlying map from modification
- When cloning the backing map (in the event of an potentially-modifying operation) keys and values
are specifically checked for mutability to prevent excessive cloning.
- Working towards fix for ALF-12855
34191: Fix ALF-12855: Improvement for Lucene in memory sorting and improvement for nodeService.getProperty()
- Use ValueProtectingMap when passing values out of the NodeDAO
- Solves the problem of map cloning when used internally as well as when calling NodeService.getProperty()
- If client code retrieves immutable values from the properties, then they will not be cloned
- TODO: Special handling of entrySet() and keySet() methods (see ALF-12868) to prevent interceptors from
triggering map cloning
34230: Fixes: ALF-12520. Adds i18n strings for siteModel
34253: Fix for ALF-13102 - JBoss: Unathorized responce recieved on a wcs/touch request with clustered alfrescos (ntlm sso enabled).
34272: ALF-13136 Merged V3.4.7 (3.4.7.5) to V3.4-BUG-FIX (3.4.9)
34267: ALF-12419 "Garbage collector error" LockAcquisition on the OrphanReaper process
- Modified OrphanReaper to use newer JobLockRefreshCallback.
Refresh lock every minute and timeout if it takes longer than an hour.
34281: ALF-13145: Merged PATCHES/V3.4.7 to V3.4-BUG-FIX
34273: ALF-13112: Groups are not displayed when 60k sites and 60 groups in the system
- Timeout adjustment approved by Kev and Erik
34291: Merged V3.4 to V3.4-BUG-FIX
34197: ALF-12900 Error occurs in My Documents dashlet
NodeRef (ScriptNode) passed to the doclist.get.js doesn't have any content. Not sure why yet.
Investigation continues, so there may be more changes to stop such nodes being passed in the first place.
NPE is as a result of having a nodeRef without content. It falls over on new code in 3.4.8 for ALF-10976 and ALF-10412.
Not too sure what would have happened in 3.4.7, but expect there world have been another exception in the transformer code.
- Addition of defensive code around contentData being null and the reader given to the transformer being null.
34198: ALF-12900 Error occurs in My Documents dashlet
- File missing from last commit
34242: ALF-13078 Copyright notice shows Alfresco Software, Inc. © 2005-2011 All rights reserved.... should now be to 2012
- Should have been done in 3.4.7 in ALF-12174 but was not found by Eclipse search
34265: Updated installer splash screen for 2012 (thanks Linton!)
34282: ALF-13059: Windows 7 specific: It's impossible to add documents to DWS
- Fix by Alex Malinovsky
34286: ALF-12949: Merged V4.0 to V3.4
34248: ALF-13102: NTLM on JBoss - Fix problem with Share SSO Authentication Filter corrupting cookie headers
34292: Merged V3.4 to V3.4-BUG-FIX (RECORD ONLY)
34284: ALF-12949: Merged V3.4-BUG-FIX to V3.4
34253: Fix for ALF-13102 - Surf mixing up cookies for different sessions
34299: Merged V4.0 to V4.0-BUG-FIX
34067: ALF-12423: Prevent script error on IE9
34102: SPANISH: Fixes minor encoding error
34115: Merged BRANCHES/DEV/BELARUS/V4.0-BUG-FIX-2012_01_20 to BRANCHES/V4.0:
34099: ALF-12710: Stack specific: It's impossible to log into CMIS Workbench through WebServices binding
34156: Missed from commit for r34154
34189: Fix for ALF-12822 - Script error when Add translation
34216: Fixes: ALF-11938 - A distinction needed making between the i18n labels for company address and personal address - I extended this to other company specific fields too.
34238: ALF-12864: Removed trailing spaces from installed jodconverter defaults
- Stopped forms from recognising booleans
34243: NFS, switch from read-only to writeable file if write access required and cached file was opened read-only. ALF-12193.
Fix I/O error saving from OpenOffice on Linux.
34263: Merged HEAD to V4.0
34250: Fixed THOR-1137 "Make Spring Surf enable-auto-deploy-modules by default"
34264: ALF-12975: alfresco-enterprise-4.0.1-installer-win-x64.exe / x32 installers fail
- Due to not detecting new stderr file
34278: ALF-12763: Re-applied change from ALF-7528 after it was lost in r28224 / ALF-5900
- PutMethod was modified to use only guessed mime type for documents and completely ignore the Content-Type header from client.
34303: Merged V4.0 to V4.0-BUG-FIX (RECORD ONLY)
33110: Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/V4.0:
33109: ALF-11479: When upgrading from Alfresco Community 3.4.d to 4.0.b, some nodes that are blocked and have versions fail after the upgrade
33320: Merged BRANCHES\DEV\V4.0-BUG-FIX to BRANCHESV4.0
33305: ALF-12463 Error querying database was detected during upgrade process from 3.1 to 4.0.0.
33326: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/V4.0
33277 ALF-12468 CLONE - Regression. Searches cause database server to thrash CPU - ALF-12426
33331: Merged BRANCHES\DEV\V3.4-BUG-FIX to BRANCHES\V4.0
33301: ALF-12464: Merged PATCHES/V3.4.5 to V3.4-BUG-FIX
33299: ALF-12281: Memory leak in ReferenceCountingReadOnlyIndexReaderFactory
33303: ALF-12464: Merged PATCHES/V3.4.5 to V3.4-BUG-FIX
33302: ALF-12281: Correction to previous checkin - deal with the initial reference created by the constructor and cleared by closeIfRequired()
33398: Merged V4.0-BUG-FIX to V4.0
33116: ALF-12517: Allow multiple deferred requests per oplock break, next level of fix for ALF-11935.
33147: FTP implemented set modification date/time command (MFMT). ALF-12105.
33151: Fix problems with FTP and UTF-8. JLAN-81.
When using the Java6 Normalizer use the NFC form.
33158: Fix NFS server swallows exceptions. ALF-11667.
Startup exception details are now saved.
33183: Minor fix to exception string in extendBuffer().
34061: Merged V4.0-BUG-FIX to V4.0 (Start of 4.0.1)
34062: Merge V4.0-BUG-FIX to V4.0 RECORD ONLY (changes that came from V4.0)
34109: Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/V4.0
34108: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/DEV/V4.0-BUG-FIX
Added missing jar lib to wcmquickstart and webeditor dependencies
34154: Merged BRANCHES/DEV/V4.0-BUG-FIX/ to BRANCHES/V4.0:
34149: Removes more server side rendered dates: Fixes: ALF-12965, ALF-12984, ALF-12988.
34274: Merged V4.0-BUG-FIX to V4.0
34237: ALF-12740: Updated XHR requests to include a noCache request parameter to address IE issue where 304 reponse is assumed for XHR request
34288: Merged V3.4 to V4.0
34197: ALF-12900 Error occurs in My Documents dashlet
NodeRef (ScriptNode) passed to the doclist.get.js doesn't have any content. Not sure why yet.
Investigation continues, so there may be more changes to stop such nodes being passed in the first place.
NPE is as a result of having a nodeRef without content. It falls over on new code in 3.4.8 for ALF-10976 and ALF-10412.
Not too sure what would have happened in 3.4.7, but expect there world have been another exception in the transformer code.
- Addition of defensive code around contentData being null and the reader given to the transformer being null.
34198: ALF-12900 Error occurs in My Documents dashlet
- File missing from last commit
34242: ALF-13078 Copyright notice shows Alfresco Software, Inc. © 2005-2011 All rights reserved.... should now be to 2012
- Should have been done in 3.4.7 in ALF-12174 but was not found by Eclipse search
34265: Updated installer splash screen for 2012 (thanks Linton!)
34284: ALF-12949: Merged V3.4-BUG-FIX to V3.4
34253: Fix for ALF-13102 - Surf mixing up cookies for different sessions
34286: ALF-12949: Merged V4.0 to V3.4
34248: ALF-13102: NTLM on JBoss - Fix problem with Share SSO Authentication Filter corrupting cookie headers
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@34305 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1299 lines
51 KiB
Java
1299 lines
51 KiB
Java
/*
|
|
* Copyright (C) 2005-2012 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.tenant;
|
|
|
|
import java.io.File;
|
|
import java.io.PrintWriter;
|
|
import java.io.Serializable;
|
|
import java.io.StringWriter;
|
|
import java.util.ArrayList;
|
|
import java.util.Arrays;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Properties;
|
|
import java.util.regex.Pattern;
|
|
|
|
import javax.transaction.UserTransaction;
|
|
|
|
import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.repo.admin.RepoModelDefinition;
|
|
import org.alfresco.repo.content.TenantRoutingFileContentStore;
|
|
import org.alfresco.repo.dictionary.DictionaryComponent;
|
|
import org.alfresco.repo.importer.ImporterBootstrap;
|
|
import org.alfresco.repo.node.db.DbNodeServiceImpl;
|
|
import org.alfresco.repo.security.authentication.AuthenticationContext;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.thumbnail.ThumbnailRegistry;
|
|
import org.alfresco.repo.usage.UserUsageTrackingComponent;
|
|
import org.alfresco.repo.workflow.WorkflowDeployer;
|
|
import org.alfresco.service.cmr.admin.RepoAdminService;
|
|
import org.alfresco.service.cmr.attributes.AttributeService;
|
|
import org.alfresco.service.cmr.attributes.AttributeService.AttributeQueryCallback;
|
|
import org.alfresco.service.cmr.module.ModuleService;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.view.RepositoryExporterService;
|
|
import org.alfresco.service.cmr.workflow.WorkflowDefinition;
|
|
import org.alfresco.service.cmr.workflow.WorkflowService;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.EqualsHelper;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.springframework.beans.BeansException;
|
|
import org.springframework.beans.factory.InitializingBean;
|
|
import org.springframework.context.ApplicationContext;
|
|
import org.springframework.context.ApplicationContextAware;
|
|
import org.springframework.extensions.surf.util.I18NUtil;
|
|
import org.springframework.extensions.surf.util.ParameterCheck;
|
|
|
|
/**
|
|
* MT Admin Service Implementation.
|
|
*
|
|
*/
|
|
public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationContextAware, InitializingBean
|
|
{
|
|
// Logger
|
|
private static Log logger = LogFactory.getLog(MultiTAdminServiceImpl.class);
|
|
|
|
// Keep hold of the app context
|
|
private ApplicationContext ctx;
|
|
|
|
// Dependencies
|
|
private NodeService nodeService;
|
|
private DictionaryComponent dictionaryComponent;
|
|
private RepoAdminService repoAdminService;
|
|
private AuthenticationContext authenticationContext;
|
|
private TransactionService transactionService;
|
|
private MultiTServiceImpl tenantService;
|
|
private AttributeService attributeService;
|
|
private PasswordEncoder passwordEncoder;
|
|
private TenantRoutingFileContentStore tenantFileContentStore;
|
|
private ThumbnailRegistry thumbnailRegistry;
|
|
private WorkflowService workflowService;
|
|
private RepositoryExporterService repositoryExporterService;
|
|
private ModuleService moduleService;
|
|
private List<WorkflowDeployer> workflowDeployers = new ArrayList<WorkflowDeployer>();
|
|
|
|
private String baseAdminUsername = null;
|
|
|
|
/*
|
|
* Tenant domain/ids are unique strings that are case-insensitive. Tenant ids must be valid filenames.
|
|
* They may also map onto domains and hence should allow valid FQDN.
|
|
*
|
|
* The following PCRE-style
|
|
* regex defines a valid label within a FQDN:
|
|
*
|
|
* ^[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]$
|
|
*
|
|
* Less formally:
|
|
*
|
|
* o Case insensitive
|
|
* o First/last character: alphanumeric
|
|
* o Interior characters: alphanumeric plus hyphen
|
|
* o Minimum length: 2 characters
|
|
* o Maximum length: 63 characters
|
|
*
|
|
* The FQDN (fully qualified domain name) has the following constraints:
|
|
*
|
|
* o Maximum 255 characters (***)
|
|
* o Must contain at least one alpha
|
|
*
|
|
* Note: (***) Due to various internal restrictions (such as store identifier) we restrict tenant ids to 75 characters.
|
|
*/
|
|
|
|
protected final static String REGEX_VALID_DNS_LABEL = "^[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]$";
|
|
|
|
protected final static String REGEX_CONTAINS_ALPHA = "^(.*)[a-zA-Z](.*)$";
|
|
|
|
protected final static int MAX_LEN = 75;
|
|
|
|
public void setNodeService(DbNodeServiceImpl dbNodeService)
|
|
{
|
|
this.nodeService = dbNodeService;
|
|
}
|
|
|
|
public void setDictionaryComponent(DictionaryComponent dictionaryComponent)
|
|
{
|
|
this.dictionaryComponent = dictionaryComponent;
|
|
}
|
|
|
|
public void setRepoAdminService(RepoAdminService repoAdminService)
|
|
{
|
|
this.repoAdminService = repoAdminService;
|
|
}
|
|
|
|
public void setAuthenticationContext(AuthenticationContext authenticationContext)
|
|
{
|
|
this.authenticationContext = authenticationContext;
|
|
}
|
|
|
|
public void setTransactionService(TransactionService transactionService)
|
|
{
|
|
this.transactionService = transactionService;
|
|
}
|
|
|
|
public void setTenantService(MultiTServiceImpl tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setAttributeService(AttributeService attributeService)
|
|
{
|
|
this.attributeService = attributeService;
|
|
}
|
|
|
|
public void setPasswordEncoder(PasswordEncoder passwordEncoder)
|
|
{
|
|
this.passwordEncoder = passwordEncoder;
|
|
}
|
|
|
|
public void setTenantFileContentStore(TenantRoutingFileContentStore tenantFileContentStore)
|
|
{
|
|
this.tenantFileContentStore = tenantFileContentStore;
|
|
}
|
|
|
|
public void setWorkflowService(WorkflowService workflowService)
|
|
{
|
|
this.workflowService = workflowService;
|
|
}
|
|
|
|
public void setRepositoryExporterService(RepositoryExporterService repositoryExporterService)
|
|
{
|
|
this.repositoryExporterService = repositoryExporterService;
|
|
}
|
|
|
|
/**
|
|
* @deprecated see setWorkflowDeployers
|
|
*/
|
|
public void setWorkflowDeployer(WorkflowDeployer workflowDeployer)
|
|
{
|
|
// NOOP
|
|
logger.warn(WARN_MSG);
|
|
}
|
|
|
|
public void setModuleService(ModuleService moduleService)
|
|
{
|
|
this.moduleService = moduleService;
|
|
}
|
|
|
|
public void setThumbnailRegistry(ThumbnailRegistry thumbnailRegistry)
|
|
{
|
|
this.thumbnailRegistry = thumbnailRegistry;
|
|
}
|
|
|
|
public void setBaseAdminUsername(String baseAdminUsername)
|
|
{
|
|
this.baseAdminUsername = baseAdminUsername;
|
|
}
|
|
|
|
public static final String PROTOCOL_STORE_USER = "user";
|
|
public static final String PROTOCOL_STORE_WORKSPACE = "workspace";
|
|
public static final String PROTOCOL_STORE_SYSTEM = "system";
|
|
public static final String PROTOCOL_STORE_ARCHIVE = "archive";
|
|
public static final String STORE_BASE_ID_USER = "alfrescoUserStore";
|
|
public static final String STORE_BASE_ID_SYSTEM = "system";
|
|
public static final String STORE_BASE_ID_VERSION1 = "lightWeightVersionStore"; // deprecated
|
|
public static final String STORE_BASE_ID_VERSION2 = "version2Store";
|
|
public static final String STORE_BASE_ID_SPACES = "SpacesStore";
|
|
|
|
public static final String TENANTS_ATTRIBUTE_PATH = "alfresco-tenants";
|
|
public static final String TENANT_ATTRIBUTE_ENABLED = "enabled";
|
|
public static final String TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR = "rootContentStoreDir";
|
|
|
|
private List<TenantDeployer> tenantDeployers = new ArrayList<TenantDeployer>();
|
|
|
|
private static final String WARN_MSG = "system.mt.warn.upgrade_mt_admin_context";
|
|
|
|
public void afterPropertiesSet() throws Exception
|
|
{
|
|
// for upgrade/backwards compatibility with 3.0.x (mt-admin-context.xml)
|
|
if (baseAdminUsername == null)
|
|
{
|
|
logger.warn(I18NUtil.getMessage(WARN_MSG));
|
|
}
|
|
|
|
PropertyCheck.mandatory(this, "NodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "DictionaryComponent", dictionaryComponent);
|
|
PropertyCheck.mandatory(this, "RepoAdminService", repoAdminService);
|
|
PropertyCheck.mandatory(this, "TransactionService", transactionService);
|
|
PropertyCheck.mandatory(this, "TenantService", tenantService);
|
|
PropertyCheck.mandatory(this, "AttributeService", attributeService);
|
|
PropertyCheck.mandatory(this, "PasswordEncoder", passwordEncoder);
|
|
PropertyCheck.mandatory(this, "TenantFileContentStore", tenantFileContentStore);
|
|
PropertyCheck.mandatory(this, "WorkflowService", workflowService);
|
|
PropertyCheck.mandatory(this, "RepositoryExporterService", repositoryExporterService);
|
|
PropertyCheck.mandatory(this, "moduleService", moduleService);
|
|
}
|
|
|
|
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
|
{
|
|
this.ctx = applicationContext;
|
|
}
|
|
|
|
public void startTenants()
|
|
{
|
|
AuthenticationUtil.setMtEnabled(true);
|
|
|
|
// initialise the tenant admin service and status of tenants (using attribute service)
|
|
// note: this requires that the repository schema has already been initialised
|
|
|
|
// register dictionary - to allow enable/disable tenant callbacks
|
|
register(dictionaryComponent);
|
|
|
|
// register file store - to allow enable/disable tenant callbacks
|
|
// note: tenantFileContentStore must be registed before dictionaryRepositoryBootstrap
|
|
register(tenantFileContentStore, 0);
|
|
|
|
UserTransaction userTransaction = transactionService.getUserTransaction();
|
|
|
|
try
|
|
{
|
|
authenticationContext.setSystemUserAsCurrentUser();
|
|
userTransaction.begin();
|
|
|
|
// bootstrap Tenant Service internal cache
|
|
List<Tenant> tenants = getAllTenants();
|
|
|
|
int enabledCount = 0;
|
|
int disabledCount = 0;
|
|
|
|
for (Tenant tenant : tenants)
|
|
{
|
|
if (tenant.isEnabled())
|
|
{
|
|
// this will also call tenant deployers registered so far ...
|
|
enableTenant(tenant.getTenantDomain(), true);
|
|
enabledCount++;
|
|
}
|
|
else
|
|
{
|
|
// explicitly disable, without calling disableTenant callback
|
|
disableTenant(tenant.getTenantDomain(), false);
|
|
disabledCount++;
|
|
}
|
|
}
|
|
|
|
tenantService.register(this); // callback to refresh tenantStatus cache
|
|
|
|
userTransaction.commit();
|
|
|
|
if (logger.isInfoEnabled())
|
|
{
|
|
logger.info(String.format("Alfresco Multi-Tenant startup - %d enabled tenants, %d disabled tenants",
|
|
enabledCount, disabledCount));
|
|
}
|
|
}
|
|
catch(Throwable e)
|
|
{
|
|
// rollback the transaction
|
|
try { if (userTransaction != null) {userTransaction.rollback();} } catch (Exception ex) {}
|
|
throw new AlfrescoRuntimeException("Failed to bootstrap tenants", e);
|
|
}
|
|
finally
|
|
{
|
|
authenticationContext.clearCurrentSecurityContext();
|
|
}
|
|
}
|
|
|
|
public void stopTenants()
|
|
{
|
|
tenantDeployers.clear();
|
|
tenantDeployers = null;
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.createTenant()
|
|
*/
|
|
public void createTenant(final String tenantDomain, final char[] tenantAdminRawPassword)
|
|
{
|
|
createTenant(tenantDomain, tenantAdminRawPassword, null);
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.createTenant()
|
|
*/
|
|
public void createTenant(String tenantDomain, final char[] tenantAdminRawPassword, String rootContentStoreDir)
|
|
{
|
|
ParameterCheck.mandatory("tenantAdminRawPassword", tenantAdminRawPassword);
|
|
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
initTenant(tenantDomain, rootContentStoreDir);
|
|
|
|
try
|
|
{
|
|
// note: runAs would cause auditable property "creator" to be "admin" instead of "System@xxx"
|
|
AuthenticationUtil.pushAuthentication();
|
|
AuthenticationUtil.setFullyAuthenticatedUser(getSystemUser(tenantDomain));
|
|
|
|
dictionaryComponent.init();
|
|
tenantFileContentStore.init();
|
|
|
|
// create tenant-specific stores
|
|
ImporterBootstrap userImporterBootstrap = (ImporterBootstrap)ctx.getBean("userBootstrap-mt");
|
|
bootstrapUserTenantStore(userImporterBootstrap, tenantDomain, tenantAdminRawPassword);
|
|
|
|
ImporterBootstrap systemImporterBootstrap = (ImporterBootstrap)ctx.getBean("systemBootstrap-mt");
|
|
bootstrapSystemTenantStore(systemImporterBootstrap, tenantDomain);
|
|
|
|
// deprecated
|
|
ImporterBootstrap versionImporterBootstrap = (ImporterBootstrap)ctx.getBean("versionBootstrap-mt");
|
|
bootstrapVersionTenantStore(versionImporterBootstrap, tenantDomain);
|
|
|
|
ImporterBootstrap version2ImporterBootstrap = (ImporterBootstrap)ctx.getBean("version2Bootstrap-mt");
|
|
bootstrapVersionTenantStore(version2ImporterBootstrap, tenantDomain);
|
|
|
|
ImporterBootstrap spacesArchiveImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesArchiveBootstrap-mt");
|
|
bootstrapSpacesArchiveTenantStore(spacesArchiveImporterBootstrap, tenantDomain);
|
|
|
|
ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap-mt");
|
|
bootstrapSpacesTenantStore(spacesImporterBootstrap, tenantDomain);
|
|
|
|
thumbnailRegistry.initThumbnailDefinitions();
|
|
|
|
// notify listeners that tenant has been created & hence enabled
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onEnableTenant();
|
|
}
|
|
|
|
// bootstrap workflows
|
|
for (WorkflowDeployer workflowDeployer : workflowDeployers)
|
|
{
|
|
workflowDeployer.init();
|
|
}
|
|
|
|
// bootstrap modules (if any)
|
|
moduleService.startModules();
|
|
}
|
|
finally
|
|
{
|
|
AuthenticationUtil.popAuthentication();
|
|
}
|
|
|
|
logger.info("Tenant created: " + tenantDomain);
|
|
}
|
|
|
|
/**
|
|
* Export tenant - equivalent to the tenant admin running a 'complete repo' export from the Web Client Admin
|
|
*/
|
|
public void exportTenant(String tenantDomain, final File directoryDestination)
|
|
{
|
|
final String lowerTenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
repositoryExporterService.export(directoryDestination, lowerTenantDomain);
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
|
|
logger.info("Tenant exported: " + tenantDomain);
|
|
}
|
|
|
|
/**
|
|
* Create tenant by restoring from a complete repository export. This is equivalent to a bootstrap import using restore-context.xml.
|
|
*/
|
|
public void importTenant(String tenantDomain, final File directorySource, String rootContentStoreDir)
|
|
{
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
initTenant(tenantDomain, rootContentStoreDir);
|
|
|
|
try
|
|
{
|
|
// note: runAs would cause auditable property "creator" to be "admin" instead of "System@xxx"
|
|
AuthenticationUtil.pushAuthentication();
|
|
AuthenticationUtil.setFullyAuthenticatedUser(getSystemUser(tenantDomain));
|
|
|
|
dictionaryComponent.init();
|
|
tenantFileContentStore.init();
|
|
|
|
// import tenant-specific stores
|
|
importBootstrapUserTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSystemTenantStore(tenantDomain, directorySource);
|
|
importBootstrapVersionTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSpacesArchiveTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSpacesModelsTenantStore(tenantDomain, directorySource);
|
|
importBootstrapSpacesTenantStore(tenantDomain, directorySource);
|
|
|
|
thumbnailRegistry.initThumbnailDefinitions();
|
|
|
|
// notify listeners that tenant has been created & hence enabled
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onEnableTenant();
|
|
}
|
|
|
|
// bootstrap workflows
|
|
for (WorkflowDeployer workflowDeployer : workflowDeployers)
|
|
{
|
|
workflowDeployer.init();
|
|
}
|
|
|
|
// bootstrap modules (if any)
|
|
moduleService.startModules();
|
|
}
|
|
finally
|
|
{
|
|
AuthenticationUtil.popAuthentication();
|
|
}
|
|
|
|
logger.info("Tenant imported: " + tenantDomain);
|
|
}
|
|
|
|
public boolean existsTenant(String tenantDomain)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
return (getTenantAttributes(tenantDomain) != null);
|
|
}
|
|
|
|
private void putTenantAttributes(String tenantDomain, Tenant tenant)
|
|
{
|
|
Map<String, Serializable> tenantAttributes = new HashMap<String, Serializable>(7);
|
|
tenantAttributes.put(TENANT_ATTRIBUTE_ENABLED, new Boolean(tenant.isEnabled()));
|
|
tenantAttributes.put(TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR, tenant.getRootContentStoreDir());
|
|
|
|
attributeService.setAttribute(
|
|
(Serializable) tenantAttributes,
|
|
TENANTS_ATTRIBUTE_PATH, tenantDomain);
|
|
|
|
// update tenant status cache
|
|
((MultiTServiceImpl)tenantService).putTenant(tenantDomain, tenant);
|
|
}
|
|
|
|
@SuppressWarnings("unchecked")
|
|
private Tenant getTenantAttributes(String tenantDomain)
|
|
{
|
|
Map<String, Serializable> tenantAttributes = (Map<String, Serializable>) attributeService.getAttribute(
|
|
TENANTS_ATTRIBUTE_PATH,
|
|
tenantDomain);
|
|
if (tenantAttributes == null)
|
|
{
|
|
return null;
|
|
}
|
|
else
|
|
{
|
|
Boolean enabled = (Boolean) tenantAttributes.get(TENANT_ATTRIBUTE_ENABLED);
|
|
String storeDir = (String) tenantAttributes.get(TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR);
|
|
Tenant tenant = new Tenant(tenantDomain, enabled.booleanValue(), storeDir);
|
|
return tenant;
|
|
}
|
|
}
|
|
|
|
public void enableTenant(String tenantDomain)
|
|
{
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new AuthenticationException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
|
|
if (isEnabledTenant(tenantDomain))
|
|
{
|
|
logger.warn("Tenant already enabled: " + tenantDomain);
|
|
}
|
|
|
|
enableTenant(tenantDomain, true);
|
|
}
|
|
|
|
private void enableTenant(String tenantDomain, boolean notifyTenantDeployers)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
tenant = new Tenant(tenantDomain, true, tenant.getRootContentStoreDir()); // enable
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
|
|
if (notifyTenantDeployers)
|
|
{
|
|
// notify listeners that tenant has been enabled
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onEnableTenant();
|
|
}
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
}
|
|
|
|
logger.info("Tenant enabled: " + tenantDomain);
|
|
}
|
|
|
|
public void disableTenant(String tenantDomain)
|
|
{
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new AuthenticationException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
|
|
if (! isEnabledTenant(tenantDomain))
|
|
{
|
|
logger.warn("Tenant already disabled: " + tenantDomain);
|
|
}
|
|
|
|
disableTenant(tenantDomain, true);
|
|
}
|
|
|
|
public void disableTenant(String tenantDomain, boolean notifyTenantDeployers)
|
|
{
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
if (notifyTenantDeployers)
|
|
{
|
|
// notify listeners that tenant has been disabled
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onDisableTenant();
|
|
}
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
}
|
|
|
|
// update tenant attributes / tenant cache - need to disable after notifying listeners (else they cannot disable)
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
tenant = new Tenant(tenantDomain, false, tenant.getRootContentStoreDir()); // disable
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
|
|
logger.info("Tenant disabled: " + tenantDomain);
|
|
}
|
|
|
|
public boolean isEnabledTenant(String tenantDomain)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
if (tenant != null)
|
|
{
|
|
return tenant.isEnabled();
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
protected String getRootContentStoreDir(String tenantDomain)
|
|
{
|
|
// Check that all the passed values are not null
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
if (tenant != null)
|
|
{
|
|
return tenant.getRootContentStoreDir();
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
protected void putRootContentStoreDir(String tenantDomain, String rootContentStoreDir)
|
|
{
|
|
Tenant tenant = getTenantAttributes(tenantDomain);
|
|
tenant = new Tenant(tenantDomain, tenant.isEnabled(), rootContentStoreDir);
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
}
|
|
|
|
public Tenant getTenant(String tenantDomain)
|
|
{
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new AuthenticationException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
|
|
return new Tenant(tenantDomain, isEnabledTenant(tenantDomain), getRootContentStoreDir(tenantDomain));
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.deleteTenant()
|
|
*/
|
|
public void deleteTenant(String tenantDomain)
|
|
{
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
|
|
if (! existsTenant(tenantDomain))
|
|
{
|
|
throw new AuthenticationException("Tenant does not exist: " + tenantDomain);
|
|
}
|
|
else
|
|
{
|
|
try
|
|
{
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
List<WorkflowDefinition> workflowDefs = workflowService.getDefinitions();
|
|
if (workflowDefs != null)
|
|
{
|
|
for (WorkflowDefinition workflowDef : workflowDefs)
|
|
{
|
|
workflowService.undeployDefinition(workflowDef.getId());
|
|
}
|
|
}
|
|
|
|
List<String> messageResourceBundles = repoAdminService.getMessageBundles();
|
|
if (messageResourceBundles != null)
|
|
{
|
|
for (String messageResourceBundle : messageResourceBundles)
|
|
{
|
|
repoAdminService.undeployMessageBundle(messageResourceBundle);
|
|
}
|
|
}
|
|
|
|
List<RepoModelDefinition> models = repoAdminService.getModels();
|
|
if (models != null)
|
|
{
|
|
for (RepoModelDefinition model : models)
|
|
{
|
|
repoAdminService.undeployModel(model.getRepoName());
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
|
|
final String tenantAdminUser = getTenantAdminUser(tenantDomain);
|
|
|
|
// delete tenant-specific stores
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_WORKSPACE, STORE_BASE_ID_SPACES)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_ARCHIVE, STORE_BASE_ID_SPACES)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_WORKSPACE, STORE_BASE_ID_VERSION1)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_WORKSPACE, STORE_BASE_ID_VERSION2)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_SYSTEM, STORE_BASE_ID_SYSTEM)));
|
|
nodeService.deleteStore(tenantService.getName(tenantAdminUser, new StoreRef(PROTOCOL_STORE_USER, STORE_BASE_ID_USER)));
|
|
|
|
|
|
// notify listeners that tenant has been deleted & hence disabled
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
for (TenantDeployer tenantDeployer : tenantDeployers)
|
|
{
|
|
tenantDeployer.onDisableTenant();
|
|
}
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenantDomain));
|
|
|
|
// remove tenant
|
|
attributeService.removeAttribute(TENANTS_ATTRIBUTE_PATH, tenantDomain);
|
|
}
|
|
catch (Throwable t)
|
|
{
|
|
throw new AlfrescoRuntimeException("Failed to delete tenant: " + tenantDomain, t);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see TenantAdminService.getAllTenants()
|
|
*/
|
|
public List<Tenant> getAllTenants()
|
|
{
|
|
final List<Tenant> tenants = new ArrayList<Tenant>();
|
|
|
|
AttributeQueryCallback callback = new AttributeQueryCallback()
|
|
{
|
|
@SuppressWarnings("unchecked")
|
|
public boolean handleAttribute(Long id, Serializable value, Serializable[] keys)
|
|
{
|
|
if (keys.length != 3 || !EqualsHelper.nullSafeEquals(keys[0], TENANTS_ATTRIBUTE_PATH) || keys[1] == null)
|
|
{
|
|
logger.warn("Unexpected tenant attribute: \n" +
|
|
" id: " + id + "\n" +
|
|
" keys: " + Arrays.toString(keys) + "\n" +
|
|
" value: " + value);
|
|
return true;
|
|
}
|
|
String tenantDomain = (String) keys[1];
|
|
Map<String, Serializable> tenantAttributes = (Map<String, Serializable>) value;
|
|
Boolean enabled = (Boolean) tenantAttributes.get(TENANT_ATTRIBUTE_ENABLED);
|
|
String storeDir = (String) tenantAttributes.get(TENANT_ATTRIBUTE_ROOT_CONTENT_STORE_DIR);
|
|
Tenant tenant = new Tenant(tenantDomain, enabled.booleanValue(), storeDir);
|
|
tenants.add(tenant);
|
|
// Continue
|
|
return true;
|
|
}
|
|
};
|
|
attributeService.getAttributes(callback, TENANTS_ATTRIBUTE_PATH);
|
|
return tenants;
|
|
}
|
|
|
|
private void importBootstrapSystemTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Version Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_system.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap systemImporterBootstrap = (ImporterBootstrap)ctx.getBean("systemBootstrap");
|
|
systemImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapSystemTenantStore(systemImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapSystemTenantStore(ImporterBootstrap systemImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific System Store
|
|
StoreRef bootstrapStoreRef = systemImporterBootstrap.getStoreRef();
|
|
StoreRef tenantBootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
systemImporterBootstrap.setStoreUrl(tenantBootstrapStoreRef.toString());
|
|
|
|
// override default property (workspace://SpacesStore)
|
|
List<String> mustNotExistStoreUrls = new ArrayList<String>();
|
|
mustNotExistStoreUrls.add(new StoreRef(PROTOCOL_STORE_WORKSPACE, tenantService.getName(STORE_BASE_ID_USER, tenantDomain)).toString());
|
|
systemImporterBootstrap.setMustNotExistStoreUrls(mustNotExistStoreUrls);
|
|
|
|
systemImporterBootstrap.bootstrap();
|
|
|
|
// reset since systemImporter is singleton (hence reused)
|
|
systemImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(tenantBootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapUserTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific User Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_users.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap userImporterBootstrap = (ImporterBootstrap)ctx.getBean("userBootstrap");
|
|
userImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapUserTenantStore(userImporterBootstrap, tenantDomain, null);
|
|
}
|
|
|
|
private void bootstrapUserTenantStore(ImporterBootstrap userImporterBootstrap, String tenantDomain, char[] tenantAdminRawPassword)
|
|
{
|
|
// Bootstrap Tenant-Specific User Store
|
|
StoreRef bootstrapStoreRef = userImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
userImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
// override admin username property
|
|
Properties props = userImporterBootstrap.getConfiguration();
|
|
props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
|
|
|
|
if (tenantAdminRawPassword != null)
|
|
{
|
|
String salt = null; // GUID.generate();
|
|
props.put("alfresco_user_store.adminpassword", passwordEncoder.encodePassword(new String(tenantAdminRawPassword), salt));
|
|
}
|
|
|
|
userImporterBootstrap.bootstrap();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapVersionTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Version Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_versions2.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap versionImporterBootstrap = (ImporterBootstrap)ctx.getBean("versionBootstrap");
|
|
versionImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapVersionTenantStore(versionImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapVersionTenantStore(ImporterBootstrap versionImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific Version Store
|
|
StoreRef bootstrapStoreRef = versionImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
versionImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
versionImporterBootstrap.bootstrap();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapSpacesArchiveTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Spaces Archive Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_spaces_archive.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap spacesArchiveImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesArchiveBootstrap");
|
|
spacesArchiveImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapSpacesArchiveTenantStore(spacesArchiveImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapSpacesArchiveTenantStore(ImporterBootstrap spacesArchiveImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific Spaces Archive Store
|
|
StoreRef bootstrapStoreRef = spacesArchiveImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
spacesArchiveImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
// override default property (archive://SpacesStore)
|
|
List<String> mustNotExistStoreUrls = new ArrayList<String>();
|
|
mustNotExistStoreUrls.add(bootstrapStoreRef.toString());
|
|
spacesArchiveImporterBootstrap.setMustNotExistStoreUrls(mustNotExistStoreUrls);
|
|
|
|
spacesArchiveImporterBootstrap.bootstrap();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
private void importBootstrapSpacesModelsTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Spaces Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_models.acp");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap");
|
|
spacesImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
bootstrapSpacesTenantStore(spacesImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void importBootstrapSpacesTenantStore(String tenantDomain, File directorySource)
|
|
{
|
|
// Import Bootstrap (restore) Tenant-Specific Spaces Store
|
|
Properties bootstrapView = new Properties();
|
|
bootstrapView.put("path", "/");
|
|
bootstrapView.put("location", directorySource.getPath()+"/"+tenantDomain+"_spaces.acp");
|
|
bootstrapView.put("uuidBinding", "UPDATE_EXISTING");
|
|
|
|
List<Properties> bootstrapViews = new ArrayList<Properties>(1);
|
|
bootstrapViews.add(bootstrapView);
|
|
|
|
ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap");
|
|
spacesImporterBootstrap.setBootstrapViews(bootstrapViews);
|
|
|
|
spacesImporterBootstrap.setUseExistingStore(true);
|
|
|
|
bootstrapSpacesTenantStore(spacesImporterBootstrap, tenantDomain);
|
|
}
|
|
|
|
private void bootstrapSpacesTenantStore(ImporterBootstrap spacesImporterBootstrap, String tenantDomain)
|
|
{
|
|
// Bootstrap Tenant-Specific Spaces Store
|
|
StoreRef bootstrapStoreRef = spacesImporterBootstrap.getStoreRef();
|
|
bootstrapStoreRef = new StoreRef(bootstrapStoreRef.getProtocol(), tenantService.getName(bootstrapStoreRef.getIdentifier(), tenantDomain));
|
|
spacesImporterBootstrap.setStoreUrl(bootstrapStoreRef.toString());
|
|
|
|
// override admin username property
|
|
Properties props = spacesImporterBootstrap.getConfiguration();
|
|
props.put("alfresco_user_store.adminusername", getTenantAdminUser(tenantDomain));
|
|
|
|
// override guest username property
|
|
props.put("alfresco_user_store.guestusername", getTenantGuestUser(tenantDomain));
|
|
|
|
spacesImporterBootstrap.bootstrap();
|
|
|
|
// calculate any missing usages
|
|
UserUsageTrackingComponent userUsageTrackingComponent = (UserUsageTrackingComponent)ctx.getBean("userUsageTrackingComponent");
|
|
userUsageTrackingComponent.bootstrapInternal();
|
|
|
|
logger.debug("Bootstrapped store: " + tenantService.getBaseName(bootstrapStoreRef));
|
|
}
|
|
|
|
public void deployTenants(final TenantDeployer deployer, Log logger)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Deployer must be provided");
|
|
}
|
|
if (logger == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Logger must be provided");
|
|
}
|
|
|
|
if (tenantService.isEnabled())
|
|
{
|
|
UserTransaction userTransaction = transactionService.getUserTransaction();
|
|
authenticationContext.setSystemUserAsCurrentUser();
|
|
|
|
List<Tenant> tenants = null;
|
|
try
|
|
{
|
|
userTransaction.begin();
|
|
tenants = getAllTenants();
|
|
userTransaction.commit();
|
|
}
|
|
catch(Throwable e)
|
|
{
|
|
// rollback the transaction
|
|
try { if (userTransaction != null) {userTransaction.rollback();} } catch (Exception ex) {}
|
|
throw new AlfrescoRuntimeException("Failed to get tenants", e);
|
|
}
|
|
finally
|
|
{
|
|
authenticationContext.clearCurrentSecurityContext();
|
|
}
|
|
|
|
for (Tenant tenant : tenants)
|
|
{
|
|
if (tenant.isEnabled())
|
|
{
|
|
try
|
|
{
|
|
// deploy within context of tenant domain
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
// init the service within tenant context
|
|
deployer.init();
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenant.getTenantDomain()));
|
|
|
|
}
|
|
catch (Throwable e)
|
|
{
|
|
logger.error("Deployment failed" + e);
|
|
|
|
StringWriter stringWriter = new StringWriter();
|
|
e.printStackTrace(new PrintWriter(stringWriter));
|
|
logger.error(stringWriter.toString());
|
|
|
|
// tenant deploy failure should not necessarily affect other tenants
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
public void undeployTenants(final TenantDeployer deployer, Log logger)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Deployer must be provided");
|
|
}
|
|
if (logger == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Logger must be provided");
|
|
}
|
|
|
|
if (tenantService.isEnabled())
|
|
{
|
|
UserTransaction userTransaction = transactionService.getUserTransaction();
|
|
authenticationContext.setSystemUserAsCurrentUser();
|
|
|
|
List<Tenant> tenants = null;
|
|
try
|
|
{
|
|
userTransaction.begin();
|
|
tenants = getAllTenants();
|
|
userTransaction.commit();
|
|
}
|
|
catch(Throwable e)
|
|
{
|
|
// rollback the transaction
|
|
try { if (userTransaction != null) {userTransaction.rollback();} } catch (Exception ex) {}
|
|
try {authenticationContext.clearCurrentSecurityContext(); } catch (Exception ex) {}
|
|
throw new AlfrescoRuntimeException("Failed to get tenants", e);
|
|
}
|
|
|
|
try
|
|
{
|
|
AuthenticationUtil.pushAuthentication();
|
|
for (Tenant tenant : tenants)
|
|
{
|
|
if (tenant.isEnabled())
|
|
{
|
|
try
|
|
{
|
|
// undeploy within context of tenant domain
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork()
|
|
{
|
|
// destroy the service within tenant context
|
|
deployer.destroy();
|
|
return null;
|
|
}
|
|
}, getSystemUser(tenant.getTenantDomain()));
|
|
|
|
}
|
|
catch (Throwable e)
|
|
{
|
|
logger.error("Undeployment failed" + e);
|
|
|
|
StringWriter stringWriter = new StringWriter();
|
|
e.printStackTrace(new PrintWriter(stringWriter));
|
|
logger.error(stringWriter.toString());
|
|
|
|
// tenant undeploy failure should not necessarily affect other tenants
|
|
}
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
AuthenticationUtil.popAuthentication();
|
|
}
|
|
}
|
|
}
|
|
|
|
public void register(TenantDeployer deployer)
|
|
{
|
|
register(deployer, -1);
|
|
}
|
|
|
|
protected void register(TenantDeployer deployer, int position)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Deployer must be provided");
|
|
}
|
|
|
|
if (! tenantDeployers.contains(deployer))
|
|
{
|
|
if (position == -1)
|
|
{
|
|
tenantDeployers.add(deployer);
|
|
}
|
|
else
|
|
{
|
|
tenantDeployers.add(position, deployer);
|
|
}
|
|
}
|
|
}
|
|
|
|
public void unregister(TenantDeployer deployer)
|
|
{
|
|
if (deployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("TenantDeployer must be provided");
|
|
}
|
|
|
|
if (tenantDeployers != null)
|
|
{
|
|
tenantDeployers.remove(deployer);
|
|
}
|
|
}
|
|
|
|
public void register(WorkflowDeployer workflowDeployer)
|
|
{
|
|
if (workflowDeployer == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("WorkflowDeployer must be provided");
|
|
}
|
|
|
|
if (! workflowDeployers.contains(workflowDeployer))
|
|
{
|
|
workflowDeployers.add(workflowDeployer);
|
|
}
|
|
}
|
|
|
|
public void resetCache(String tenantDomain)
|
|
{
|
|
if (existsTenant(tenantDomain))
|
|
{
|
|
if (isEnabledTenant(tenantDomain))
|
|
{
|
|
enableTenant(tenantDomain);
|
|
}
|
|
else
|
|
{
|
|
disableTenant(tenantDomain);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
throw new AuthenticationException("No such tenant " + tenantDomain);
|
|
}
|
|
}
|
|
|
|
private void initTenant(String tenantDomain, String rootContentStoreDir)
|
|
{
|
|
validateTenantName(tenantDomain);
|
|
|
|
if (existsTenant(tenantDomain))
|
|
{
|
|
throw new AlfrescoRuntimeException("Tenant already exists: " + tenantDomain);
|
|
}
|
|
|
|
if (rootContentStoreDir == null)
|
|
{
|
|
rootContentStoreDir = tenantFileContentStore.getDefaultRootDir();
|
|
}
|
|
else
|
|
{
|
|
File tenantRootDir = new File(rootContentStoreDir);
|
|
if ((tenantRootDir.exists()) && (tenantRootDir.list().length != 0))
|
|
{
|
|
throw new AlfrescoRuntimeException("Tenant root directory is not empty: " + rootContentStoreDir);
|
|
}
|
|
}
|
|
|
|
// init - need to enable tenant (including tenant service) before stores bootstrap
|
|
Tenant tenant = new Tenant(tenantDomain, true, rootContentStoreDir);
|
|
putTenantAttributes(tenantDomain, tenant);
|
|
}
|
|
|
|
private void validateTenantName(String tenantDomain)
|
|
{
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
|
|
if (tenantDomain.length() > MAX_LEN)
|
|
{
|
|
throw new IllegalArgumentException(tenantDomain + " is not a valid tenant name (must be less than " + MAX_LEN + " characters)");
|
|
}
|
|
|
|
if (! Pattern.matches(REGEX_CONTAINS_ALPHA, tenantDomain))
|
|
{
|
|
throw new IllegalArgumentException(tenantDomain + " is not a valid tenant name (must contain at least one alpha character)");
|
|
}
|
|
|
|
String[] dnsLabels = tenantDomain.split("\\.");
|
|
if (dnsLabels.length != 0)
|
|
{
|
|
for (int i = 0; i < dnsLabels.length; i++)
|
|
{
|
|
if (! Pattern.matches(REGEX_VALID_DNS_LABEL, dnsLabels[i]))
|
|
{
|
|
throw new IllegalArgumentException(dnsLabels[i] + " is not a valid DNS label (must match " + REGEX_VALID_DNS_LABEL + ")");
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (! Pattern.matches(REGEX_VALID_DNS_LABEL, tenantDomain))
|
|
{
|
|
throw new IllegalArgumentException(tenantDomain + " is not a valid DNS label (must match " + REGEX_VALID_DNS_LABEL + ")");
|
|
}
|
|
}
|
|
}
|
|
|
|
// tenant deployer/user services delegated to tenant service
|
|
|
|
public boolean isEnabled()
|
|
{
|
|
return tenantService.isEnabled();
|
|
}
|
|
|
|
public String getCurrentUserDomain()
|
|
{
|
|
return tenantService.getCurrentUserDomain();
|
|
}
|
|
|
|
public String getUserDomain(String username)
|
|
{
|
|
return tenantService.getUserDomain(username);
|
|
}
|
|
|
|
public String getBaseNameUser(String username)
|
|
{
|
|
return tenantService.getBaseNameUser(username);
|
|
}
|
|
|
|
public String getDomainUser(String baseUsername, String tenantDomain)
|
|
{
|
|
tenantDomain = getTenantDomain(tenantDomain);
|
|
return tenantService.getDomainUser(baseUsername, tenantDomain);
|
|
}
|
|
|
|
public String getDomain(String name)
|
|
{
|
|
name = getTenantDomain(name);
|
|
return tenantService.getDomain(name);
|
|
}
|
|
|
|
// local helpers
|
|
|
|
public String getBaseAdminUser()
|
|
{
|
|
// default for backwards compatibility only - eg. upgrade of existing MT instance (mt-admin-context.xml.sample)
|
|
if (baseAdminUsername != null)
|
|
{
|
|
return baseAdminUsername;
|
|
}
|
|
return getBaseNameUser(AuthenticationUtil.getAdminUserName());
|
|
}
|
|
|
|
private String getSystemUser(String tenantDomain)
|
|
{
|
|
return tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain);
|
|
}
|
|
|
|
private String getTenantAdminUser(String tenantDomain)
|
|
{
|
|
|
|
return tenantService.getDomainUser(getBaseAdminUser(), tenantDomain);
|
|
}
|
|
|
|
private String getTenantGuestUser(String tenantDomain)
|
|
{
|
|
return authenticationContext.getGuestUserName(tenantDomain);
|
|
}
|
|
|
|
protected String getTenantDomain(String tenantDomain)
|
|
{
|
|
ParameterCheck.mandatory("tenantDomain", tenantDomain);
|
|
return tenantDomain.toLowerCase(I18NUtil.getLocale());
|
|
}
|
|
}
|