Couple of things, Are you trying to create the site as Admin or user is a general user ? Did you verified whether context file is configured properly to get loaded by spring ioc container? Can you cross check all the steps again to see if there is anything missing?
Document here: https://docs.alfresco.com/6.1/tasks/site-creation-permission.html works as expected when configured. As mentioned in document, ACL_METHOD.ROLE_ADMINISTRATOR executes a method that allows access to users who are members of the administrator group. Means, only users part of administrator group can create sites.
Another example apart form document, if you have a custom group e.g. GROUP_SITE_ADMINISTRATORS and you want to allow only users who are part of this group can create/delete site then as per the document steps you can do following:
<beans>
<bean id="SiteService_security"
class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager" />
</property>
<property name="afterInvocationManager">
<ref bean="afterInvocationManager" />
</property>
<!-- Allow site creation for the users who only part of SITE_ADMINISTRATORS
group only and allow site deletion only for GROUP_SITE_ADMINISTRATORS.
Sites Manager is available to users in the ALFRESCO_ADMINISTRATORS
and SITES_ADMINISTRATORS permissions groups.
If you are in the ALFRESCO_ADMINISTRATORS group, you can access the Site Manager through the Admin Tools on the Alfresco
toolbar. If you are a member of SITE_ADMINISTRATORS group, you'll have an
additional Sites Manager option on the Alfresco toolbar. -->
<property name="objectDefinitionSource">
<value>
org.alfresco.service.cmr.site.SiteService.cleanSitePermissions=ACL_NODE.0.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.createContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.GROUP_SITE_ADMINISTRATORS
org.alfresco.service.cmr.site.SiteService.deleteSite=ACL_METHOD.GROUP_SITE_ADMINISTRATORS
org.alfresco.service.cmr.site.SiteService.findSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.listContainers=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getMembersRole=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getMembersRoleInfo=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.resolveSite=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSite=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getSiteShortName=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getSiteGroup=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSiteRoleGroup=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSiteRoles=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSiteRoot=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.hasContainer=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.hasCreateSitePermissions=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.hasSite=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.isMember=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listMembers=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listMembersInfo=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listMembersPaged=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listSiteMemberships=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.listSitesPaged=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.removeMembership=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.canAddMember=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.setMembership=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.updateSite=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.countAuthoritiesWithRole=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.isSiteAdmin=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.*=ACL_DENY
</value>
</property>
</bean>
</beans>
Apart from this you can also restrict the create site action in share at various places where create site option is available, by following below given steps.
Create an extension (e.g. site-action-restrictions-extension.xml) under <yourShareModule>/src/main/resources/alfresco/web-extension/site-data/extensions/ folder:
<extension>
<modules>
<module>
<!-- Disable site creation link for everyone who is not part of SITE_ADMINISTRATORS group -->
<id>Site Restrictions</id>
<version>1.0</version>
<auto-deploy>true</auto-deploy>
<evaluator type="group.module.evaluator">
<params>
<groups>GROUP_SITE_ADMINISTRATORS</groups>
<groupRelation>AND</groupRelation>
<negate>true</negate>
</params>
</evaluator>
<customizations>
<customization>
<!-- extension for my-sites dashlet -->
<targetPackageRoot>org.alfresco.components.dashlets</targetPackageRoot>
<sourcePackageRoot>com.siterestrictions.components.dashlets</sourcePackageRoot>
</customization>
<customization>
<!-- extension for share header -->
<targetPackageRoot>org.alfresco.share.header</targetPackageRoot>
<sourcePackageRoot>com.siterestrictions.share.header</sourcePackageRoot>
</customization>
<customization>
<!-- extension for faceted search page -->
<targetPackageRoot>org.alfresco.share.pages.faceted-search</targetPackageRoot>
<sourcePackageRoot>com.siterestrictions.share.pages.faceted-search</sourcePackageRoot>
</customization>
</customizations>
</module>
</modules>
</extension>
Create "my-sites.get.js" file under <yourShareModule>/src/main/resources/alfresco/web-extension/site-webscripts/com/siterestrictions/components/dashlets/ folder:
Add following line of code:
//Disable site creation link for everyone who is not part of SITE_ADMINISTRATORS group
model.showCreateSite = false;
Create "share-header.get.js" file under <yourShareModule>/src/main/resources/alfresco/web-extension/site-webscripts/com/siterestrictions/share/header/ folder:
Add following line of code:
//Disable site creation link for everyone who is not part of SITE_ADMINISTRATORS group
var sitesMenu = widgetUtils.findObject(model.jsonModel, "id", "HEADER_SITES_MENU");
if (sitesMenu) {
sitesMenu.config.showCreateSite = false;
}
Create "faceted-search.get.js" file under <yourShareModule>/src/main/resources/alfresco/web-extension/site-webscripts/com/siterestrictions/share/pages/faceted-search/ folder.
Add following line of code:
//Disable site creation link for everyone who is not part of SITE_ADMINISTRATORS group
var sitesMenu = widgetUtils.findObject(model.jsonModel, "id", "HEADER_SITES_MENU");
if (sitesMenu) {
sitesMenu.config.showCreateSite = false;
}
To learn more on extensions, refer following documents:
https://docs.alfresco.com/5.2/concepts/dev-extensions-share-surf-extension-modules.html
https://docs.alfresco.com/5.2/concepts/dev-extensions-share-override-ootb-surf-webscripts.html
~Abhinav
(ACSCE, AWS SAA, Azure Admin)
