mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-07 18:25:23 +00:00
cf2e12eebc
40170: Fix compile error following merge from 4.1.0 to 4.1.1
40175: ALF-14002 (5108), ALF-14220 (5109), ALF-15419 (5110) patch versions for 4.1.1 that came from commits made to V4.0-BUG-FIX after 4.0.2 was released.
40203: Fix 4.1 -> 4.1.1 merge error that was stopping start up of Share.
Required change to extra config in 4.1.1 added for ALF-12524.
There are other differences in the file for ALF-14812 and ALF-14813 but were not impacted.
40206: ALF-15281 - FTP/FTPS: With preserve timestamps turned off, the modification date does not change.
40208: ALF-12831: Upgrade to swftools 0.9.2
40210: ALF-13933: First attempt at installing LibreOffice 3.5
- Installed to a subdirectory called libreoffice
- OpenOffice, Openoffice and OpenOffice.org replaced in all display strings
40229: ALF-7278: Merged V3.4-BUG-FIX (3.4.11) to V4.1-BUG-FIX (4.1.1)
40227: ALF-15436 CLONE Alfresco 3.4c + Share + TIFF preview only shows the first page
40237: Fix for ALF-14663 from Vadim Danilchenko - the 'edit online' button in Share fails but we do not send any error message
40258: Merged BRANCHES/DEV/BELARUS/V4.1-BUG-FIX-2012_07_09 to BRANCHES/DEV/V4.1-BUG-FIX:
39668: ALF-15214 patch.fixBpmPackages performs unnecessary work
40261: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
38592: Fixed ALF-14929: NodeDAO might not be last node write to the database
- Regression introduced when Hibernate was removed
- Fix validated by unit test
38596: Merged DEV to V3.4-BUG-FIX
38594: ALF-14744: Documents uploaded via WebDAV mount from Windows 7, and copied by a jscript rule are zero-length
Change CreateNodeRuleTrigger.onCreateNode() method:
Search for property of "d:content" type in node TypeDefinition, AspectDefinitions of node aspects and don't fire rules if found.
38781: Fixed ALF-14979: Long running AVM XPath queries on startup
- Basic XPath was always fetching all siblings
38896: ALF-14744: Fix rule-firing regressions plus unit test
- CreateNodeRuleTrigger must remember new nodes, regardless of whether it fires to avoid an update being fired on a node created in the same transaction
- Tests should not assume that inbound rule will be fired on a content-less node (when the node's type or aspects have content properties)
38909: Merged DEV to V3.4-BUG-FIX (3.4.11)
<< Fix for issued identified by QA on 20/6/12 after verification of customer issues >>
38849: ALF-11956: WCM accessibility
Navigation between the fields with erroneous data has been modified to allow navigation between elements of composite widgets such as Date/Time pickers etc...
- the fix for ALF-10804 is backported (required for the current fix);
- ability of cancelling and reactivating the strict navigation sequence has been added (pressing the Escape key for cancelling and focusing the alert link for reactivating);
- generation of duplicate ids for comboboxes of the 'MonthDayPicker' widget has been fixed
38544: ALF-11956: WCM accessibility
Draft implementation of 'FocusResolver' which introduces functionality of strict sequence for navigation between fields of the XForms widgets with erroneous data detected during validation
38934: Fix for ALF-13658/ALF-14849
38990: ALF-13048 Configuration of temp directories for converters (Openoffice and JOD)
More general approach taken for JOD :
- Allow an OpenOffice user template profile to be used by the JOD started OpenOffice process via
the alfresco global property jodconverter.templateProfileDir
- Among other settings, the profile contains values set in Tools|Options via the UI
This includes the temporary directory: Tools|Options|openOffice.org|Temporary Files
- If blank, a default profile is created. The user profile is recreated on each restart from the template.
May be set to an existing user's profile such as: C:\Users\<username>\AppData\Roaming\OpenOffice.org\3
39115: Merged V3.4 to V3.4-BUG-FIX
38593: Merged DEV to V3.4
38572: ALF-13578: CIFS: AlfJLANWorker threads (concurrency) - server not responding
Add nodeServices.exists(nodeRef) check to errorHandler in ContentDiskDriver.closeFile() to hide InvalidNodeRefException here.
38591: ALF-13578: CIFS: AlfJLANWorker threads (concurrency) - server not responding
Replace "catch (AlfrescoRuntimeException e)" with "catch (RuntimeException e)" in ContentDiskDriver.
Add "catch (InvalidNodeRefException ex)" to ContentDiskDriver.renameFile() method and throw java.io.FileNotFoundException here.
39063: Process the async packet queue at the end of CIFS NIO socket processing, before re-enabling socket events. ALF-13578.
39117: Merged V3.4 to V3.4-BUG-FIX (RECORD ONLY)
39116: ALF-13578: Reversed r39063 due to QA time constraints. Fix will be made limited availability and in next service pack.
39179: Merged DEV to V3.4-BUG-FIX (3.4.11)
38911: ALF-14827: Cannot see metrics data to Alfresco Enterprise Content Store in Hyperic HQ
The attribute "TotalSize" is no longer exists in the Alfresco 3.4.x
SpaceFree and SpaceTotal are added to the alfresco enterprise plugin.
38910: ALF-15016: Cannot see services to FTP, NFS Server in Hyperic HQ
Alfresco enterrprise plugin fixed so that FTP and NFS Server resources now available in resources tab.
39230: ALF-15048 - Create Rule 'Execute Script'- 'Append Copyright to file'
- Script that added the copyright was hidden in a .acp file (a zip file).
.acp is normally used by wireshark so was not found in searches.
39294: Merged V3.4 to V3.4-BUG-FIX
39293: ALF-14698: Merged PATCHES/V3.4.6 to V3.4
38786: Merged V4.0-BUG-FIX to PATCHES/V3.4.6 (partial rework)
34279: NodeDAO: re-parent "lost & found" orphan child nodes (see ALF-12358 & ALF-13066 / SYS-301)
- if orphaned nodes are identified (eg. via getPath(s)) then attempt partial recovery by placing them in (temp) lost_found
- ... ALF-12358 ('child' node has deleted parent(s))
- ... ALF-13066 (non-root 'child' node has no parent(s))
- for internal use only - allows index tracking (eg. Solr) to continue
- precursor to fixing underlying root causes
34338: NodeDAO: re-parent "lost & found" orphan child nodes (see ALF-12358 & ALF-13066 / SYS-301)
- test fix (follow-on to r34279)
34341: NodeDAO: re-parent "lost & found" orphan child nodes (see ALF-12358 & ALF-13066 / SYS-301)
- ano test fix (once more with feeling)
34434: ALF-13066: Fix for intermittent failure (testConcurrentLinkToDeletedNode)
38959: ALF-15136: Merged HEAD to PATCHES/V3.4.6
32659: Fixed ALF-11946: Lucene index recovery startup can cause full table scans and file sorts
- Made the backward timestepping work in bounded segments, whereas previously there
was no lower bound causing the database to creak under load and the whole process
to take a long time.
- Seen during benchmark testing as well
39211: ALF-15109: 'Touch' nodes in every case where we add / remove secondary parent associations. Causing group membership fallout at SAP.
39218: ALF-15109: Improved fix - must fire cascaded secondary association deletions at DbNodeServiceImpl level to ensure appropriate index events are fired and prevent out of sync indexes!
39240: ALF-15109: Another attempt. Now we are firing all the right events on cascade removal of secondary associations a lot of things are coming out in the wash!
- Cascade delete secondary associations in a first recursive pass
- Use a List of Pairs rather than a Map to avoid missing multiple associations to the same child
39295: Fixed merge issue
39381: ALF-12781 - Unable to set email contributors authority
39595: Fix for ALF-12506 - utils.setLocale() override the value to a lower case.
39932: ALF-9540: copy from drive to CIFS is slower than direct drive to drive copy by a factor of ~ 15
39935: ALF-9606: JSF, WebDav + Kerberos - Browser goes to a previous visited page when done/cancel edit online document
- User is now redirected to logon when session expires.
39961: ALF-9540: Fix some broken unit tests caused by missing policies.
40026: Return success status for CIFS set security descriptor call even when the SecurityDescriptorInterface is not implemented. ALF-15357
Attempt to fix slow MS Office docx file save, unable to reproduce locally.
40090: ALF-15388: Merged V4.1-BUG-FIX to V3.4-BUG-FIX
40022: Fix for ALF-15144 - Slow Share doclib high-level folder browsing due to version history retrieval
Revision: 40159
Author: taksoy
Date: Tuesday, August 07, 2012 1:44:29 PM
Message:
ALF-13636: ReferenceError: "containerId" is not defined - Exception thrown during folder rule creation
----
Modified : /alfresco/BRANCHES/DEV/V3.4-BUG-FIX/root/projects/slingshot/source/web/modules/documentlibrary/global-folder.js
40231: ALF-13575: Merged DEV to V3.4-BUG-FIX
39879: Use of NetBIOS name versus DNS name in links accessed through CIFS
- hostname is now determined from the path used to mount the drive on the client
40251: Merged DEV to V3.4-BUG-FIX
39667: ALF-4832: Incorrect behaviour of user's activities information in Moderated sites
Introduce new method to ActivityPostService that accept userName.
Post activity using new method when user is joined to site.
40252: Merged PATCHES/V3.4.6 to V3.4-BUG-FIX
39437: ALF-15458 / ALF-15184: ADMLuceneIndexerImpl debug can cause indexing to fail
- Don't try to print the path of a deleted node!
39520: Merged DEV to PATCHES/V3.4.6
38728: ALF-15459 / ALF-14714 : A user can overwrite a "WRITE_LOCK" on a document created by a different user
-The document owner is not considered to be the lock owner now.
-ALF-12081 was backported.
39581: ALF-15460 / ALF-15216: Need predefined JGroups configuration for FILE_PING
- Now FILE_PING can be selected using alfresco.jgroups.defaultProtocol=TCP-FPING
- New parameter alfresco.fping.shared.dir specifies its shared directory and defaults to ${dir.contentstore}
39662: ALF-15461 / ALF-15243: "Failed to initialise config service" after a node comes back into the cluster
- Nested writable transaction in a read only transaction
- Removed old school transaction management
39768: ALF-15462 / ALF-10725: Account for local index impact of reparenting orphaned nodes
- Unfortunately this means AbstractNodeDAOImpl now must talk to NodeIndexer but this may be revisited
39770: ALF-15462 / ALF-10725: Fix test failure - an orphaned node WITH the root aspect must still have parents or it is unindexable!
39816: ALF-15462 / ALF-10725: Revisit orphans once more
- delete_ChildAssocsToAndFrom removed because it's evil and could orphan a node that's just shown up (read committed) from another transaction
- Now only parent assocs of the deleted node are removed automatically and children are handled through normal cascading operations
- The foreign keys will now block the deletion of a node with a new child created mid-transaction
39846: ALF-15461 / ALF-15243: Fix unit test failures
40253: Merged PATCHES/V3.4.9 to V3.4.-BUG-FIX
39703: ALF-15463: More synchronization, TRACE logging and test for ALF-15215: Missing synchronization in RepositoryContainer.getRegistry()
39885: ALF-15464 / ALF-15311: JGroups resends incorrect message for XMIT_REQ
- Added new configuration files for heartbeat channel that removes NAKACK protocol as guaranteed delivery is not necessary for heartbeat.
40262: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
36853: Merge DEV to V3.4-BUG-FIX
31272 : ALF-8588 - IMAP Cannot attach two attachments with the same name.
38923: Merged HEAD to BRANCHES/DEV/V3.4-BUG-FIX
32757: Fix for ALF-9365
Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/DEV/V3.4-BUG-FIX
35693: Fix for ALF-13806 - Get content webscript incorrectly returns text/plain mimetype for HTML files, not text/html
Merged BRANCHES/V4.0 to BRANCHES/DEV/V3.4-BUG-FIX
36560: Correctly size content length header after HTML stripping process (ALF-9365)
39015: Merged in upgrade of truezip to 7.5.5 see ALF-14247
39056: Merged V4.1-BUG-FIX to V3.4-BUG-FIX:
ALF-15053: Ensure that sub-folders of "res" can be accessed in the DocLib
39361: Added truezip-swing jar. It seems that Truezip needs Swing :(
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@40274 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
648 lines
21 KiB
Java
648 lines
21 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.security.authentication;
|
|
|
|
import java.util.Arrays;
|
|
import java.util.Collections;
|
|
import java.util.Set;
|
|
import java.util.TreeSet;
|
|
|
|
import net.sf.acegisecurity.Authentication;
|
|
import net.sf.acegisecurity.GrantedAuthority;
|
|
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
|
import net.sf.acegisecurity.UserDetails;
|
|
import net.sf.acegisecurity.providers.dao.User;
|
|
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
/**
|
|
* This class abstract the support required to set up and query the Acegi context for security enforcement. There are
|
|
* some simple default method implementations to support simple authentication.
|
|
*
|
|
* @author Andy Hind
|
|
*/
|
|
public abstract class AbstractAuthenticationComponent implements AuthenticationComponent
|
|
{
|
|
/**
|
|
* The abstract class keeps track of support for guest login
|
|
*/
|
|
private Boolean allowGuestLogin = null;
|
|
|
|
private Set<String> defaultAdministratorUserNames = Collections.emptySet();
|
|
|
|
private Set<String> defaultGuestUserNames = Collections.emptySet();
|
|
|
|
private AuthenticationContext authenticationContext;
|
|
|
|
private PersonService personService;
|
|
|
|
private NodeService nodeService;
|
|
|
|
private TransactionService transactionService;
|
|
|
|
private UserRegistrySynchronizer userRegistrySynchronizer;
|
|
|
|
private final Log logger = LogFactory.getLog(getClass());
|
|
|
|
public AbstractAuthenticationComponent()
|
|
{
|
|
super();
|
|
}
|
|
|
|
/**
|
|
* Set if guest login is supported.
|
|
*
|
|
* @param allowGuestLogin
|
|
*/
|
|
public void setAllowGuestLogin(Boolean allowGuestLogin)
|
|
{
|
|
this.allowGuestLogin = allowGuestLogin;
|
|
}
|
|
|
|
public void setAuthenticationContext(AuthenticationContext authenticationContext)
|
|
{
|
|
this.authenticationContext = authenticationContext;
|
|
}
|
|
|
|
public void setPersonService(PersonService personService)
|
|
{
|
|
this.personService = personService;
|
|
}
|
|
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
public void setTransactionService(TransactionService transactionService)
|
|
{
|
|
this.transactionService = transactionService;
|
|
}
|
|
|
|
public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)
|
|
{
|
|
this.userRegistrySynchronizer = userRegistrySynchronizer;
|
|
}
|
|
|
|
public TransactionService getTransactionService()
|
|
{
|
|
return transactionService;
|
|
}
|
|
|
|
public Boolean getAllowGuestLogin()
|
|
{
|
|
return allowGuestLogin;
|
|
}
|
|
|
|
public NodeService getNodeService()
|
|
{
|
|
return nodeService;
|
|
}
|
|
|
|
public PersonService getPersonService()
|
|
{
|
|
return personService;
|
|
}
|
|
|
|
public void authenticate(String userName, char[] password) throws AuthenticationException
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Authenticating user \"" + userName + '"');
|
|
}
|
|
if (userName == null)
|
|
{
|
|
throw new AuthenticationException("Null user name");
|
|
}
|
|
// Support guest login from the login screen
|
|
if (isGuestUserName(userName))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("User \"" + userName + "\" recognized as a guest user");
|
|
}
|
|
setGuestUserAsCurrentUser(getUserDomain(userName));
|
|
}
|
|
else
|
|
{
|
|
try
|
|
{
|
|
authenticateImpl(userName, password);
|
|
}
|
|
catch (RuntimeException e)
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Failed to authenticate user \"" + userName + '"', e);
|
|
}
|
|
throw e;
|
|
}
|
|
}
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("User \"" + userName + "\" authenticated successfully");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Default unsupported authentication implementation - as of 2.1 this is the best way to implement your own
|
|
* authentication component as it will support guest login - prior to this direct over ride for authenticate(String ,
|
|
* char[]) was used. This will still work.
|
|
*
|
|
* @param userName
|
|
* @param password
|
|
*/
|
|
protected void authenticateImpl(String userName, char[] password)
|
|
{
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
|
|
public Authentication setCurrentUser(final String userName) throws AuthenticationException
|
|
{
|
|
return setCurrentUser(userName, UserNameValidationMode.CHECK_AND_FIX);
|
|
}
|
|
|
|
public Authentication setCurrentUser(String userName, UserNameValidationMode validationMode)
|
|
{
|
|
if (validationMode == UserNameValidationMode.NONE || isSystemUserName(userName))
|
|
{
|
|
return setCurrentUserImpl(userName);
|
|
}
|
|
else
|
|
{
|
|
CurrentUserCallback callback = validationMode == UserNameValidationMode.CHECK_AND_FIX ? new FixCurrentUserCallback(
|
|
userName)
|
|
: new CheckCurrentUserCallback(userName);
|
|
Authentication authentication;
|
|
// If the repository is read only, we have to settle for a read only transaction. Auto user creation
|
|
// will not be possible.
|
|
if (transactionService.isReadOnly())
|
|
{
|
|
authentication = transactionService.getRetryingTransactionHelper().doInTransaction(callback, true,
|
|
false);
|
|
}
|
|
// Otherwise,
|
|
// - for check-only mode we want a readable txn or
|
|
// - for check-and-fix mode we want a writeable transaction, so if the current transaction is read only we set the
|
|
// requiresNew flag to true
|
|
else
|
|
{
|
|
boolean readOnly = (validationMode == UserNameValidationMode.CHECK);
|
|
boolean requiresNew = ((!readOnly) && (AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY));
|
|
|
|
authentication = transactionService.getRetryingTransactionHelper().doInTransaction(callback, readOnly, requiresNew);
|
|
}
|
|
if ((authentication == null) || (callback.ae != null))
|
|
{
|
|
throw callback.ae;
|
|
}
|
|
return authentication;
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Explicitly set the current user to be authenticated.
|
|
*
|
|
* @param userName
|
|
* String
|
|
* @return Authentication
|
|
*/
|
|
private Authentication setCurrentUserImpl(String userName) throws AuthenticationException
|
|
{
|
|
if (userName == null)
|
|
{
|
|
throw new AuthenticationException("Null user name");
|
|
}
|
|
|
|
if (isSystemUserName(userName))
|
|
{
|
|
return setSystemUserAsCurrentUser(getUserDomain(userName));
|
|
}
|
|
|
|
try
|
|
{
|
|
UserDetails ud = null;
|
|
if (isGuestUserName(userName))
|
|
{
|
|
String tenantDomain = getUserDomain(userName);
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Setting the current user to the guest user of tenant domain \"" + tenantDomain + '"');
|
|
}
|
|
GrantedAuthority[] gas = new GrantedAuthority[0];
|
|
ud = new User(userName, "", true, true, true, true, gas);
|
|
}
|
|
else
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Setting the current user to \"" + userName + '"');
|
|
}
|
|
ud = getUserDetails(userName);
|
|
if(!userName.equals(ud.getUsername()))
|
|
{
|
|
ud = new User(userName, ud.getPassword(), ud.isEnabled(), ud.isAccountNonExpired(),
|
|
ud.isCredentialsNonExpired(), ud.isAccountNonLocked(), ud.getAuthorities());
|
|
}
|
|
|
|
}
|
|
return setUserDetails(ud);
|
|
}
|
|
catch (net.sf.acegisecurity.AuthenticationException ae)
|
|
{
|
|
throw new AuthenticationException(ae.getMessage(), ae);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Default implementation that makes an ACEGI object on the fly
|
|
*
|
|
* @param userName
|
|
* @return
|
|
*/
|
|
protected UserDetails getUserDetails(String userName)
|
|
{
|
|
GrantedAuthority[] gas = new GrantedAuthority[1];
|
|
gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
|
|
UserDetails ud = new User(userName, "", true, true, true, true, gas);
|
|
return ud;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public Authentication setCurrentAuthentication(Authentication authentication)
|
|
{
|
|
return this.authenticationContext.setCurrentAuthentication(authentication);
|
|
}
|
|
|
|
/**
|
|
* Get the current authentication context
|
|
*
|
|
* @return Authentication
|
|
* @throws AuthenticationException
|
|
*/
|
|
public Authentication getCurrentAuthentication() throws AuthenticationException
|
|
{
|
|
return authenticationContext.getCurrentAuthentication();
|
|
}
|
|
|
|
/**
|
|
* Get the current user name.
|
|
*
|
|
* @return String
|
|
* @throws AuthenticationException
|
|
*/
|
|
public String getCurrentUserName() throws AuthenticationException
|
|
{
|
|
return authenticationContext.getCurrentUserName();
|
|
}
|
|
|
|
/**
|
|
* Set the system user as the current user note: for MT, will set to default domain only
|
|
*
|
|
* @return Authentication
|
|
*/
|
|
public Authentication setSystemUserAsCurrentUser()
|
|
{
|
|
return authenticationContext.setSystemUserAsCurrentUser();
|
|
}
|
|
|
|
/**
|
|
* Get the name of the system user note: for MT, will get system for default domain only
|
|
*
|
|
* @return String
|
|
*/
|
|
public String getSystemUserName()
|
|
{
|
|
return authenticationContext.getSystemUserName();
|
|
}
|
|
|
|
/**
|
|
* Is this the system user ?
|
|
*
|
|
* @return boolean
|
|
*/
|
|
public boolean isSystemUserName(String userName)
|
|
{
|
|
return authenticationContext.isSystemUserName(userName);
|
|
}
|
|
|
|
/**
|
|
* Is the current user the system user?
|
|
*
|
|
* @return boolean
|
|
*/
|
|
public boolean isCurrentUserTheSystemUser()
|
|
{
|
|
return authenticationContext.isCurrentUserTheSystemUser();
|
|
}
|
|
|
|
/**
|
|
* Get the name of the Guest User note: for MT, will get guest for default domain only
|
|
*
|
|
* @return String
|
|
*/
|
|
public String getGuestUserName()
|
|
{
|
|
return authenticationContext.getGuestUserName();
|
|
}
|
|
|
|
public String getGuestUserName(String tenantDomain)
|
|
{
|
|
return authenticationContext.getGuestUserName(tenantDomain);
|
|
}
|
|
|
|
/**
|
|
* Set the guest user as the current user. note: for MT, will set to default domain only
|
|
*/
|
|
public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
|
|
{
|
|
return setGuestUserAsCurrentUser(TenantService.DEFAULT_DOMAIN);
|
|
}
|
|
|
|
/**
|
|
* Set the guest user as the current user.
|
|
*/
|
|
private Authentication setGuestUserAsCurrentUser(String tenantDomain) throws AuthenticationException
|
|
{
|
|
if (allowGuestLogin == null)
|
|
{
|
|
if (implementationAllowsGuestLogin())
|
|
{
|
|
return setCurrentUser(getGuestUserName(tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
throw new AuthenticationException("Guest authentication is not allowed");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (allowGuestLogin.booleanValue())
|
|
{
|
|
return setCurrentUser(getGuestUserName(tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
throw new AuthenticationException("Guest authentication is not allowed");
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
public boolean isGuestUserName(String userName)
|
|
{
|
|
return authenticationContext.isGuestUserName(userName);
|
|
}
|
|
|
|
|
|
protected abstract boolean implementationAllowsGuestLogin();
|
|
|
|
|
|
/**
|
|
* @return true if Guest user authentication is allowed, false otherwise
|
|
*/
|
|
public boolean guestUserAuthenticationAllowed()
|
|
{
|
|
if (allowGuestLogin == null)
|
|
{
|
|
return (implementationAllowsGuestLogin());
|
|
}
|
|
else
|
|
{
|
|
return (allowGuestLogin.booleanValue());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Remove the current security information
|
|
*/
|
|
public void clearCurrentSecurityContext()
|
|
{
|
|
authenticationContext.clearCurrentSecurityContext();
|
|
}
|
|
|
|
abstract class CurrentUserCallback implements RetryingTransactionHelper.RetryingTransactionCallback<Authentication>
|
|
{
|
|
AuthenticationException ae = null;
|
|
|
|
String userName;
|
|
|
|
CurrentUserCallback(String userName)
|
|
{
|
|
this.userName = userName;
|
|
}
|
|
}
|
|
|
|
class CheckCurrentUserCallback extends CurrentUserCallback
|
|
{
|
|
|
|
CheckCurrentUserCallback(String userName)
|
|
{
|
|
super(userName);
|
|
}
|
|
|
|
public Authentication execute() throws Throwable
|
|
{
|
|
try
|
|
{
|
|
// We must set full authentication before calling runAs in order to retain tickets
|
|
Authentication authentication = setCurrentUserImpl(userName);
|
|
AuthenticationUtil.runAs(new RunAsWork<Object>()
|
|
{
|
|
public Object doWork() throws Exception
|
|
{
|
|
String identifier;
|
|
if ((identifier = personService.getUserIdentifier(userName)) == null
|
|
|| !identifier.equals(userName))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("User \"" + userName
|
|
+ "\" does not exist in Alfresco. Failing validation.");
|
|
}
|
|
throw new AuthenticationException("User \"" + userName + "\" does not exist in Alfresco");
|
|
}
|
|
return null;
|
|
}
|
|
}, getSystemUserName(getUserDomain(userName)));
|
|
return authentication;
|
|
}
|
|
catch (AuthenticationException ae)
|
|
{
|
|
this.ae = ae;
|
|
return null;
|
|
}
|
|
}
|
|
}
|
|
|
|
class FixCurrentUserCallback extends CurrentUserCallback
|
|
{
|
|
FixCurrentUserCallback(String userName)
|
|
{
|
|
super(userName);
|
|
}
|
|
|
|
public Authentication execute() throws Throwable
|
|
{
|
|
try
|
|
{
|
|
return setCurrentUserImpl(AuthenticationUtil.runAs(new RunAsWork<String>()
|
|
{
|
|
public String doWork() throws Exception
|
|
{
|
|
if (!personService.personExists(userName))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("User \"" + userName
|
|
+ "\" does not exist in Alfresco. Attempting to import / create the user.");
|
|
}
|
|
if (!userRegistrySynchronizer.createMissingPerson(userName))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Failed to import / create user \"" + userName + '"');
|
|
}
|
|
throw new AuthenticationException("User \"" + userName
|
|
+ "\" does not exist in Alfresco");
|
|
}
|
|
}
|
|
NodeRef userNode = personService.getPerson(userName);
|
|
// Get the person name and use that as the current user to line up with permission
|
|
// checks
|
|
return (String) nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
|
|
}
|
|
}, getSystemUserName(getUserDomain(userName))));
|
|
}
|
|
catch (AuthenticationException ae)
|
|
{
|
|
this.ae = ae;
|
|
return null;
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public Set<String> getDefaultAdministratorUserNames()
|
|
{
|
|
return this.defaultAdministratorUserNames;
|
|
}
|
|
|
|
/**
|
|
* Sets the user names who for this particular authentication system should be considered administrators by default.
|
|
*
|
|
* @param defaultAdministratorUserNames
|
|
* a set of user names
|
|
*/
|
|
public void setDefaultAdministratorUserNames(Set<String> defaultAdministratorUserNames)
|
|
{
|
|
this.defaultAdministratorUserNames = defaultAdministratorUserNames;
|
|
}
|
|
|
|
/**
|
|
* Convenience method to allow the administrator user names to be specified as a comma separated list
|
|
*
|
|
* @param defaultAdministratorUserNames
|
|
*/
|
|
public void setDefaultAdministratorUserNameList(String defaultAdministratorUserNames)
|
|
{
|
|
Set<String> nameSet = new TreeSet<String>();
|
|
if (defaultAdministratorUserNames.length() > 0)
|
|
{
|
|
nameSet.addAll(Arrays.asList(defaultAdministratorUserNames.split(",")));
|
|
}
|
|
setDefaultAdministratorUserNames(nameSet);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public Set<String> getDefaultGuestUserNames()
|
|
{
|
|
return this.defaultGuestUserNames;
|
|
}
|
|
|
|
/**
|
|
* Sets the user names who for this particular authentication system should be considered administrators by default.
|
|
*
|
|
* @param defaultAdministratorUserNames
|
|
* a set of user names
|
|
*/
|
|
public void setDefaultGuestUserNames(Set<String> defaultGuestUserNames)
|
|
{
|
|
this.defaultGuestUserNames = defaultGuestUserNames;
|
|
}
|
|
|
|
/**
|
|
* Convenience method to allow the administrator user names to be specified as a comma separated list
|
|
*
|
|
* @param defaultAdministratorUserNames
|
|
*/
|
|
public void setDefaultGuestUserNameList(String defaultGuestUserNames)
|
|
{
|
|
Set<String> nameSet = new TreeSet<String>();
|
|
if (defaultGuestUserNames.length() > 0)
|
|
{
|
|
nameSet.addAll(Arrays.asList(defaultGuestUserNames.split(",")));
|
|
}
|
|
setDefaultGuestUserNames(nameSet);
|
|
}
|
|
|
|
public String getSystemUserName(String tenantDomain)
|
|
{
|
|
return authenticationContext.getSystemUserName(tenantDomain);
|
|
}
|
|
|
|
public String getUserDomain(String userName)
|
|
{
|
|
return authenticationContext.getUserDomain(userName);
|
|
}
|
|
|
|
public Authentication setSystemUserAsCurrentUser(String tenantDomain)
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Setting the current user to the system user of tenant domain \"" + tenantDomain + '"');
|
|
}
|
|
return authenticationContext.setSystemUserAsCurrentUser(tenantDomain);
|
|
}
|
|
|
|
public Authentication setUserDetails(UserDetails ud)
|
|
{
|
|
return authenticationContext.setUserDetails(ud);
|
|
}
|
|
}
|