AnsweredAssumed Answered

Can't limit to only admins creation of Alfresco Sites

Question asked by pliskin92 on Jul 18, 2014
I'm using Alfresco 5.0.a, the newest version. I've followed the wiki guides about restricting permissions about the creation of the Alfresco sites. I want only Alfresco administrators able to create them. I've followed this guide taken from Alfresco Wiki:

    Controlling site creation permissions in Alfresco 3.4.6 and later

    In Alfresco Versions 3.4.6 (and higher) and 4.0, the permissions on the Sites root has been changed. To ensure that only Site objects are created within the Sites root, the >Contributor permissions have been removed from the Sites root, and site creation >permissions are now handled on the Site Service itself.

    For Alfresco 4.0, to change who is able to create sites, you need to alter the spring context to set the permissioning. One way is to change the alfresco/public-services-security-context.xml file (in the default install found in webapps/alfresco/WEB-INF/classes/alfresco/public-services-security-context.xml)

    Change from

    org.alfresco.service.cmr.site.SiteService.createSite=ACL_ALLOW

    to

    org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR

I found another Spring file, similar to the file in the wiki, in $TOMCAT_HOME/shared/classes/alfresco/extension/unsecured-public-services-security-context.xml

But I did not find those Spring bean lines. So I added this code:

<bean id="SiteService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager">
  <ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
  <ref local="accessDecisionManager"/>
</property>
<property name="afterInvocationManager">
  <ref local="afterInvocationManager"/>
</property>
<property name="objectDefinitionSource">
  <value>
   org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR
   org.alfresco.service.cmr.site.SiteService.*=ACL_ALLOW
  </value>
</property>
</bean>

I get this ( and a lot of other exceptions, but probably this is the most interesting one )
I add the exception that could be interesting from catalina.out :

    Jul 17, 2014 11:59:38 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Exception sending context initialized event to listener instance of class org.alfresco.web.app.ContextLoaderListener org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath:alfresco/application-context.xml] Offending resource: ServletContext resource [/WEB-INF/web-application-context.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath*:alfresco/extension/*-context.xml] Offending resource: class path resource [alfresco/application-context.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 29 in XML document from file [/opt/alfresco-5.0.a/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/extension/public-services-security-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 29; columnNumber: 9; An element with the identifier "afterInvocationManager" must appear in the document.

I don't know how to proceed. I can't find the public-services-security-context.xml Spring file. Altough I found a similar file, any changes suggested from the guide are useless. Any thoughts? Thank you very much. With my best regards.

Mattia Parise

Outcomes