AnsweredAssumed Answered

personnel space

Question asked by karimdronet on Sep 5, 2007
Latest reply on Dec 3, 2007 by xexiz
:( Hi,I use Alfresco 2.1.0 with authetication LDAP,the probleme it's that alfresco creat un personnel space and a compte in eache autehtication user,i want to deny this comportement and use just authentication and delegate creating compte to administrateur .

authentication-services-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<!– ===================================================================  –>
<!– This file contains the bean definitions that support authentication  –>
<!– ===================================================================  –>

<!–                                                                        –>
<!– Acegi is used for authentication and protecting method calls on public –>
<!– services. To do this requires our authentication mechanism to work     –>
<!– within the acegi framework.                                            –>
<!–                                                                        –>
<!– It is important to decide if user names are case sensitive or not.     –>
<!– This is configured in repository.properties.                           –>
<!–                                                                        –> 
<!–                                                                        –>
<!– TODO:                                                                  –>
<!–                                                                        –>
<!– The transactional wrappers should be removed from the beans in this    –>
<!– file. This should be done in the public services definitions.          –>
<!– This requires some tests to be fixed up.                               –>
<!–                                                                        –>
                                                                        
   
<beans>
    <!–                                                                    –>
    <!– The Acegi authentication manager.                                  –>
    <!–                                                                    –>
    <!– Provders are asked to authenticate in order.                       –>
    <!– First, is a provider that checks if an acegi authentication object –>
    <!– is already bound to the executing thread. If it is, and it is set  –>
    <!– as authenticated then no further authentication is required. If    –>
    <!– this is absent, Acegi validates the password for every method      –>
    <!– invocation, which is too CPU expensive. If we set an               –>
    <!– authentication based on a ticket etc …. or we want to set the    –>
    <!– the system user as the current user … we do not have the         –>
    <!– password. So if we have set an authentication and set it as        –>
    <!– authenticated that is sufficient to validate the user.             –>
    <!–                                                                    –>
    <!– If the authentication bound to the current thread is not set as    –>
    <!– authenticated the standard Acegi DAO Authentication provider       –>
    <!– is used to authenticate.                                           –>
    <!–                                                                    –>

    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref bean="authenticatedAuthenticationPassthroughProvider" />
                <ref bean="daoAuthenticationProvider" />
            </list>
        </property>
    </bean>

    <!– We provide a DAO to plug into the Acegi DaoAuthenticationProvider  –>

    <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="saltSource">
            <ref bean="saltSource" />
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder" />
        </property>
    </bean>

    <!– An authentication Provider that just believes authentications      –>
    <!– bound to the local thread are valid if they are set as             –>
    <!– authenticated.                                                     –>

    <bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />

    <!– The authroity DAO implements an interface extended from the Acegi  –>
    <!– DAO that supports CRUD.                                            –>

    <alias name="authenticationDao" alias="alfDaoImpl"/>  <!– TODO: Remove –>
    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
       <property name="nodeService">
           <ref bean="nodeService" />
       </property>
       <property name="dictionaryService">
           <ref bean="dictionaryService" />
       </property>
       <property name="namespaceService">
           <ref bean="namespaceService" />
       </property>
       <property name="searchService">
           <ref bean="admSearchService" />
       </property>
       <property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
       </property>
       <property name="passwordEncoder">
           <ref bean="passwordEncoder" />
       </property>
    </bean>

    <!– The DAO also acts as a salt provider.                              –>
   
    <alias alias="saltSource" name="authenticationDao"/>

    <!– Passwords are encoded using MD4                                    –>
    <!– This is not ideal and only done to be compatible with NTLM         –>
    <!– authentication against the default authentication mechanism.       –>

    <bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>


    <!– The Authentication Service implementation.                         –>
    <!–                                                                    –>
    <!– This delegates its work to two services:                           –>
    <!– an AuthenticationComponent and a MutableAuthenticationDAO.         –>
    <!–                                                                    –>
    <!– The permissions service is required so that permissions can be     –>
    <!– cleaned up when a user is deleted.                                 –>
   
    <alias name="authenticationService" alias="authenticationServiceImpl"/>  <!– TODO: Remove –>
    <bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent" />
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent" />
        </property>
    </bean>

    <!– The authentication component.                                      –>

    <bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
        <property name="proxyInterfaces">
            <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
        </property>
        <property name="transactionManager">
            <ref bean="transactionManager" />
        </property>
        <property name="target">
            <ref bean="authenticationComponent" />
        </property>
        <property name="transactionAttributes">
            <props>
                <prop key="*">${server.transaction.mode.default}</prop>
            </props>
        </property>
    </bean>
   
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager" />
        </property>
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
    </bean>

   
    <!– Simple Authentication component that rejects all authentication requests –>
    <!– Use this defintion for Novell IChain integration.                        –>
    <!– It should never go to the login screen  so this is not required          –>
   
    <!–
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
        <property name="accept">
            <value>true</value>
        </property>   
    </bean>
    –>
   

    <!– The person service.                                                –>

    <bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="searchService">
            <ref bean="admSearchService" />
        </property>
        <property name="permissionServiceSPI">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="authorityService">
           <ref bean="authorityService" />
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent"/>
        </property>
        <property name="personCache">
            <ref bean="personCache" />
        </property>
        <!– Configurable properties.                                 –>
        <!–                                                          –>
        <!– TODO:                                                    –>
        <!– Add support for creating real home spaces adn setting    –>
        <!– permissions on the hame space and people created.        –>
        <!–                                                          –>
        <!– The store in which people are persisted.                 –>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <!– Some authentication mechanisms may need to create people –>
        <!– in the repository on demand. This enables that feature.  –>
        <!– If dsiabled an error will be generated for missing       –>
        <!– people. If enabled then a person will be created and     –>
        <!– persisted.                                               –>
        <!– Valid values are                                         –>
        <!–     ${server.transaction.allow-writes}                   –>
        <!–     false                                                –>
        <property name="createMissingPeople">
           <value>${server.transaction.allow-writes}</value>
        </property>
        <property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
        </property>
        <!– New properties after 1.4.0 to deal with duplicate user ids when found –>
        <property name="processDuplicates">
            <value>true</value>
        </property>
        <!– one of:  LEAVE, SPLIT, DELETE –>
        <property name="duplicateMode">
            <value>SPLIT</value>
        </property>
        <property name="lastIsBest">
            <value>true</value>
        </property>
        <property name="includeAutoCreated">
            <value>false</value>
        </property>
    </bean>

    <bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent" />
        </property>
        <property name="defaultProvider">
            <ref bean="personalHomeFolderProvider" />
        </property>
    </bean>
   
    <bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
    </bean>
   
    <bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
        <property name="userPemissions">
            <set>
                <value>Consumer</value>
            </set>
        </property>
    </bean>
   
    <bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
    </bean>
   
  
    <bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
   
    <bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
   
   
    <!– The ticket component.                                              –>
    <!– Used for reauthentication                                          –>
    <bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
        <property name="ticketsCache">
            <ref bean="ticketsCache"/>
        </property>
        <!– The period for which tickets are valid in XML duration format. –>
        <!– The default is P1H for one hour.                               –>
        <property name="validDuration">
            <value>P1H</value>
        </property>
        <!– Do tickets expire or live for ever?                            –>
        <property name="ticketsExpire">
            <value>false</value>
        </property>
        <!– Are tickets only valid for a single use?                       –>
        <property name="oneOff">
            <value>false</value>
        </property>
    </bean>
</beans>

Outcomes