mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
6e225ce15d
9018: MT: system-wide jobs should run across all stores/indexes
9204: Merged V2.2 to V2.9
8633: Merged V2.1 to V2.2
8629: Merged V2.1-A to V2.1
8493: Fixed ADB-51: ImporterBootstrap doesn't use transaction retrying
8494: EHCache and JGroup patches and upgrades
8546: ACT-1650: performance optimization
8550: Fixes to transactional cache handling
8553: Fixed tests: MLText is a Map, but will always have at least one entry, even that entry is null.
8583: ACT-954: IndexInfo files now reopen when they close (for whatever reason)
8640: Merged V2.1 to V2.2
8638: Used correct exception type for IO channel reopen logic
9102: Unit test to check that transactional cache size overrun is handled
9106: Merged V2.1 to V2.2
9043: Fixed AR-2291: SchemaBootstrap lock is only required before first SQL execution
9045: Fix AR-2291: SchemaBootstrap lock is only required before first SQL execution
9047: Fixed AR-2305: Index tracking in AUTO mode doesn't report anything on bootstrap
9048: Fixed AR-2300: Random-based GUID instead of time-based GUIDs
9049: Fix patches to only run once
9050 <Defered>: Changed getString() method to use the available buffer length rather than a hard coded value.
9060: Fixed ETWOONE-109 and ETWOONE-128: RetryingTransactionHelper fixes and improvements
9061: Fixed NodeRefPropertyMethodInterceptorTest
9075 <Defered>: Added delete permission check when marking a file for delete on close. ETWOONE-141/ACT-2416.
9080: Fixed EHCache source zip
9081: Fixed ETWOONE-118: Tomcat failed bootstrap doesn't clean up EHCache cluster structures
9085: Fixed ETWOONE-154: Added JSR107 Jar to WAR
9115: Fixed test: TransactionalCache uses LRU so repeatedly checking if a entry is there keeps it in the cache.
9206: Merged V2.2 to V2.9
8857: Improvements to ACL performance for large ACLs
8951: Always check permission entry changes are made at position 0
9219 <No change>: Made NTLMLogonDetails class Serializable, port of r8973.
9220: Added delete permission check when marking a file for delete on close. Port of r9075.
9222: Merged V2.1 to V2.9
8683: Early warning for nodes indexed in the wrong store (ACT-964)
8684: Enhanced tests
8685: Enhanced tests
8686: Additional tests
9223: Merged V2.2 to V2.9
9120: Merged V2.1 to V2.2
8740: Fix for AR-2173 - do no recheck case of the user name when validating tickets (it has been done)
9122: Additional unit test from support case.
9224: Merged V2.2 to V2.9
9076: Fixed ETWOTWO-426: Upgrading alfresco from 2.1.1 to 2.2 throws errors with Mysql 5.0.51
9104: Merged V2.1 to V2.2
9025: Fixed AR-2314, AR-2299: Optimizations after profiling
9105: Merged V2.1 to V2.2
8745: Fix AR-2233 (regression introduced by fix for AR-2221)
9121: Merged V2.1 to V2.2
9017: Fix index back up failing due to background index merge/deletions (inlcudes back port of CHK-2588)
9137: Incorporated additions from Will into AVM console (ETWOTWO-439)
9225: Merged V2.1 to V2.9
8641: Merged V2.1-A to V2.1
7729: Fix to Repository Web Service (queryAssociated) to allow reverse association lookup (ie. given target, get the source)
8673: Fix for AR-2098 - shorter URL form now has NTLM filter mapping example in web.xml
8682: Fix for AR-2005
8695: AR-2054.
8696: Improved sort test to include prefix form of field name
9226: Fix ALFCOM-994 (see also earlier change in r9223)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9233 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
410 lines
18 KiB
XML
410 lines
18 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
|
|
|
|
<!-- =================================================================== -->
|
|
<!-- This file contains the bean definitions that support authentication -->
|
|
<!-- =================================================================== -->
|
|
|
|
<!-- -->
|
|
<!-- Acegi is used for authentication and protecting method calls on public -->
|
|
<!-- services. To do this requires our authentication mechanism to work -->
|
|
<!-- within the acegi framework. -->
|
|
<!-- -->
|
|
<!-- It is important to decide if user names are case sensitive or not. -->
|
|
<!-- This is configured in repository.properties. -->
|
|
<!-- -->
|
|
<!-- -->
|
|
<!-- TODO: -->
|
|
<!-- -->
|
|
<!-- The transactional wrappers should be removed from the beans in this -->
|
|
<!-- file. This should be done in the public services definitions. -->
|
|
<!-- This requires some tests to be fixed up. -->
|
|
<!-- -->
|
|
|
|
|
|
<beans>
|
|
<!-- -->
|
|
<!-- The Acegi authentication manager. -->
|
|
<!-- -->
|
|
<!-- Provders are asked to authenticate in order. -->
|
|
<!-- First, is a provider that checks if an acegi authentication object -->
|
|
<!-- is already bound to the executing thread. If it is, and it is set -->
|
|
<!-- as authenticated then no further authentication is required. If -->
|
|
<!-- this is absent, Acegi validates the password for every method -->
|
|
<!-- invocation, which is too CPU expensive. If we set an -->
|
|
<!-- authentication based on a ticket etc .... or we want to set the -->
|
|
<!-- the system user as the current user ... we do not have the -->
|
|
<!-- password. So if we have set an authentication and set it as -->
|
|
<!-- authenticated that is sufficient to validate the user. -->
|
|
<!-- -->
|
|
<!-- If the authentication bound to the current thread is not set as -->
|
|
<!-- authenticated the standard Acegi DAO Authentication provider -->
|
|
<!-- is used to authenticate. -->
|
|
<!-- -->
|
|
|
|
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
|
|
<property name="providers">
|
|
<list>
|
|
<ref bean="authenticatedAuthenticationPassthroughProvider" />
|
|
<ref bean="daoAuthenticationProvider" />
|
|
</list>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- We provide a DAO to plug into the Acegi DaoAuthenticationProvider -->
|
|
|
|
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
|
<property name="authenticationDao">
|
|
<ref bean="authenticationDao" />
|
|
</property>
|
|
<property name="saltSource">
|
|
<ref bean="saltSource" />
|
|
</property>
|
|
<property name="passwordEncoder">
|
|
<ref bean="passwordEncoder" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- An authentication Provider that just believes authentications -->
|
|
<!-- bound to the local thread are valid if they are set as -->
|
|
<!-- authenticated. -->
|
|
|
|
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
|
|
|
|
<!-- The authroity DAO implements an interface extended from the Acegi -->
|
|
<!-- DAO that supports CRUD. -->
|
|
|
|
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="tenantService">
|
|
<ref bean="tenantService"/>
|
|
</property>
|
|
<property name="dictionaryService">
|
|
<ref bean="dictionaryService" />
|
|
</property>
|
|
<property name="namespaceService">
|
|
<ref bean="namespaceService" />
|
|
</property>
|
|
<property name="searchService">
|
|
<ref bean="admSearchService" />
|
|
</property>
|
|
<property name="retryingTransactionHelper">
|
|
<ref bean="retryingTransactionHelper"/>
|
|
</property>
|
|
<property name="userNamesAreCaseSensitive">
|
|
<value>${user.name.caseSensitive}</value>
|
|
</property>
|
|
<property name="passwordEncoder">
|
|
<ref bean="passwordEncoder" />
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- The DAO also acts as a salt provider. -->
|
|
|
|
<alias alias="saltSource" name="authenticationDao"/>
|
|
|
|
<!-- Passwords are encoded using MD4 -->
|
|
<!-- This is not ideal and only done to be compatible with NTLM -->
|
|
<!-- authentication against the default authentication mechanism. -->
|
|
|
|
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
|
|
|
|
|
|
<!-- The Authentication Service implementation. -->
|
|
<!-- -->
|
|
<!-- This delegates its work to two services: -->
|
|
<!-- an AuthenticationComponent and a MutableAuthenticationDAO. -->
|
|
<!-- -->
|
|
<!-- The permissions service is required so that permissions can be -->
|
|
<!-- cleaned up when a user is deleted. -->
|
|
|
|
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
|
|
<property name="authenticationDao">
|
|
<ref bean="authenticationDao" />
|
|
</property>
|
|
<property name="ticketComponent">
|
|
<ref bean="ticketComponent" />
|
|
</property>
|
|
<property name="authenticationComponent">
|
|
<ref bean="authenticationComponent" />
|
|
</property>
|
|
<property name="sysAdminCache">
|
|
<ref bean="sysAdminCache"/>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- The authentication component. -->
|
|
|
|
<bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
|
|
<property name="proxyInterfaces">
|
|
<value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
|
|
</property>
|
|
<property name="transactionManager">
|
|
<ref bean="transactionManager" />
|
|
</property>
|
|
<property name="target">
|
|
<ref bean="authenticationComponent" />
|
|
</property>
|
|
<property name="transactionAttributes">
|
|
<props>
|
|
<prop key="*">${server.transaction.mode.default}</prop>
|
|
</props>
|
|
</property>
|
|
</bean>
|
|
|
|
<!-- Parent bean for beans derived from AbstractAuthenticationComponent -->
|
|
<bean id="authenticationComponentBase" abstract="true">
|
|
<property name="tenantService">
|
|
<ref bean="tenantService"/>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="authenticationComponent"
|
|
class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl"
|
|
parent="authenticationComponentBase">
|
|
<property name="authenticationDao">
|
|
<ref bean="authenticationDao" />
|
|
</property>
|
|
<property name="authenticationManager">
|
|
<ref bean="authenticationManager" />
|
|
</property>
|
|
<property name="allowGuestLogin">
|
|
<value>true</value>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="personService">
|
|
<ref bean="personService" />
|
|
</property>
|
|
<property name="transactionService">
|
|
<ref bean="transactionService" />
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- Simple Authentication component that rejects all authentication requests -->
|
|
<!-- Use this defintion for Novell IChain integration. -->
|
|
<!-- It should never go to the login screen so this is not required -->
|
|
|
|
<!--
|
|
<bean id="authenticationComponent"
|
|
class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl"
|
|
parent="authenticationComponentBase">
|
|
<property name="accept">
|
|
<value>true</value>
|
|
</property>
|
|
</property>
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="personService">
|
|
<ref bean="personService" />
|
|
</property>
|
|
<property name="transactionService">
|
|
<ref bean="transactionService" />
|
|
</property>
|
|
</bean>
|
|
-->
|
|
|
|
|
|
<!-- The person service. -->
|
|
|
|
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="tenantService">
|
|
<ref bean="tenantService"/>
|
|
</property>
|
|
<property name="searchService">
|
|
<ref bean="admSearchService" />
|
|
</property>
|
|
<property name="permissionServiceSPI">
|
|
<ref bean="permissionServiceImpl" />
|
|
</property>
|
|
<property name="authorityService">
|
|
<ref bean="authorityService" />
|
|
</property>
|
|
<property name="namespacePrefixResolver">
|
|
<ref bean="namespaceService" />
|
|
</property>
|
|
<property name="policyComponent">
|
|
<ref bean="policyComponent"/>
|
|
</property>
|
|
<property name="personCache">
|
|
<ref bean="personCache" />
|
|
</property>
|
|
<!-- Configurable properties. -->
|
|
<!-- -->
|
|
<!-- TODO: -->
|
|
<!-- Add support for creating real home spaces adn setting -->
|
|
<!-- permissions on the hame space and people created. -->
|
|
<!-- -->
|
|
<!-- The store in which people are persisted. -->
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
<!-- Some authentication mechanisms may need to create people -->
|
|
<!-- in the repository on demand. This enables that feature. -->
|
|
<!-- If dsiabled an error will be generated for missing -->
|
|
<!-- people. If enabled then a person will be created and -->
|
|
<!-- persisted. -->
|
|
<!-- Valid values are -->
|
|
<!-- ${server.transaction.allow-writes} -->
|
|
<!-- false -->
|
|
<property name="createMissingPeople">
|
|
<value>${server.transaction.allow-writes}</value>
|
|
</property>
|
|
<property name="userNamesAreCaseSensitive">
|
|
<value>${user.name.caseSensitive}</value>
|
|
</property>
|
|
<!-- New properties after 1.4.0 to deal with duplicate user ids when found -->
|
|
<property name="processDuplicates">
|
|
<value>true</value>
|
|
</property>
|
|
<!-- one of: LEAVE, SPLIT, DELETE -->
|
|
<property name="duplicateMode">
|
|
<value>SPLIT</value>
|
|
</property>
|
|
<property name="lastIsBest">
|
|
<value>true</value>
|
|
</property>
|
|
<property name="includeAutoCreated">
|
|
<value>false</value>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
|
|
<property name="nodeService">
|
|
<ref bean="nodeService" />
|
|
</property>
|
|
<property name="policyComponent">
|
|
<ref bean="policyComponent" />
|
|
</property>
|
|
<property name="defaultProvider">
|
|
<ref bean="userHomesHomeFolderProvider" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
|
|
<property name="serviceRegistry">
|
|
<ref bean="ServiceRegistry" />
|
|
</property>
|
|
<property name="path">
|
|
<value>/${spaces.company_home.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
<property name="homeFolderManager">
|
|
<ref bean="homeFolderManager" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
|
|
<property name="serviceRegistry">
|
|
<ref bean="ServiceRegistry" />
|
|
</property>
|
|
<property name="path">
|
|
<value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
<property name="homeFolderManager">
|
|
<ref bean="homeFolderManager" />
|
|
</property>
|
|
<property name="userPermissions">
|
|
<set>
|
|
<value>Consumer</value>
|
|
</set>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
|
|
<property name="homeFolderManager">
|
|
<ref bean="homeFolderManager" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
|
|
<property name="serviceRegistry">
|
|
<ref bean="ServiceRegistry" />
|
|
</property>
|
|
<property name="path">
|
|
<value>/${spaces.company_home.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
<property name="homeFolderManager">
|
|
<ref bean="homeFolderManager" />
|
|
</property>
|
|
<property name="inheritsPermissionsOnCreate">
|
|
<value>false</value>
|
|
</property>
|
|
<property name="ownerPermissionsToSetOnCreate">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
<property name="userPermissions">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
</bean>
|
|
|
|
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
|
|
<property name="serviceRegistry">
|
|
<ref bean="ServiceRegistry" />
|
|
</property>
|
|
<property name="path">
|
|
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
|
|
</property>
|
|
<property name="storeUrl">
|
|
<value>${spaces.store}</value>
|
|
</property>
|
|
<property name="homeFolderManager">
|
|
<ref bean="homeFolderManager" />
|
|
</property>
|
|
<property name="inheritsPermissionsOnCreate">
|
|
<value>false</value>
|
|
</property>
|
|
<property name="ownerPermissionsToSetOnCreate">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
<property name="userPermissions">
|
|
<set>
|
|
<value>All</value>
|
|
</set>
|
|
</property>
|
|
</bean>
|
|
|
|
|
|
<!-- The ticket component. -->
|
|
<!-- Used for reauthentication -->
|
|
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
|
|
<property name="ticketsCache">
|
|
<ref bean="ticketsCache"/>
|
|
</property>
|
|
<!-- The period for which tickets are valid in XML duration format. -->
|
|
<!-- The default is P1H for one hour. -->
|
|
<property name="validDuration">
|
|
<value>PT1H</value>
|
|
</property>
|
|
<!-- Do tickets expire or live for ever? -->
|
|
<property name="ticketsExpire">
|
|
<value>false</value>
|
|
</property>
|
|
<!-- Are tickets only valid for a single use? -->
|
|
<property name="oneOff">
|
|
<value>false</value>
|
|
</property>
|
|
</bean>
|
|
</beans> |