Hyland Connect

rbramley · ‎02-23-2006

There doesn't seem to be a configuration parameter to enable/disable guest access…

org.alfresco.repo.security.authentication.AbstractAuthenticationComponent declares

protected abstract boolean implementationAllowsGuestLogin();
‍‍

and org.alfresco.repo.security.authentication.AuthenticationComponentImpl implements it as:

    @Override
    protected boolean implementationAllowsGuestLogin()
    {
        return true;
    }‍‍‍‍‍

If this is altered to return false, will Alfresco behave in the same way as pre-1.2RC1?
If so, are there any plans to make this configurable in repository.properties/Spring config?

Thanks,

Robin

steve · ‎02-23-2006

Hello,

You can disable guest access within the authentication-services-context.xml

The relevant section is:


    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="alfDaoImpl" />
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager" />
        </property>
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
    </bean>‍‍‍‍‍‍‍‍‍‍‍‍

Change


        <property name="allowGuestLogin">
            <value>true</value>
        </property>
‍‍‍‍‍

To:


        <property name="allowGuestLogin">
            <value>false</value>
        </property>
‍‍‍‍‍

You can use the new extension configuration functionality to change this setting: see here

Hope this helps,

Steve

jora · ‎09-04-2006

when disabling the guest access, the link "Guest Home" is still visible. Can this also be disabled? Thanks.

kevinr · ‎09-26-2006

Not currently, please raise this as a JIRA issue.

Thanks,

Kevin

konalexiou · ‎02-15-2008

when disabling the guest access, the link "Guest Home" is still visible. Can this also be disabled? Thanks.

I noticed that it disappears when deleting the 'Guest Home' space. Is this a good way to disable the Guest Home ?

I am also trying to disable the Guest user and can't get it done.
I have installed the latest AlfrescoCommunity-2.9.0B in a Windows 20003 Server.
Can anybody help me with this ?

authentication-services-context.xml doesn't exist and even if i create it, still doesn't work.
also tried with ntlm-authentication-services-context.xml and can't work it out.

monitloth · ‎11-21-2008

If you use LDAP, you must also deactivate guest in his configuration file.

pescha · ‎05-20-2009

It appears that the above instructions no longer apply for Alfresco 3.2 preview 2

What is the new method for disabling guest access?

dward · ‎05-21-2009

In the very latest nightly builds, it's just a matter of setting

alfresco.authentication.allowGuestLogin=false

in your custom-repository.properties if you are using the preconfigured authentication chain.

For the preview release, this method of propagating defaults to the subsystems wasn't complete. So instead you have to provide an instance-specific override file.

So suppose your authentication.chain looks like the default one in repository.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm

This has a single instance called 'alfrescoNtlm1' of type alfrescoNtlm. Interestingly enough the alfrescoNtlm authentication subsystem type is capable of handling NTLM single-sign on but this is switched off by default.

Subsystem properties can be oveerriden in a classpath file with path

alfresco/extension/subsystems/<category>/<type>/<instance>

So to configure the alfrescoNtlm1 subsystem's properties, copy root\projects\repository\config\alfresco\subsystems\Authentication\alfrescoNtlm\alfresco-authentication.properties to %TOMCAT_HOME%\shared\classes\alfresco\extension\subsystems\Authentication\alfrescoNtlm\alfrescoNtlm1\alfresco-authentication.properties and then edit as required.

A more complex authentication chain might look like this

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap,ldap2:ldap

In which case you could configure each authentication subsystem instance separately using property files with appropriate paths.

More details on the new improved authentication chaining and configuring subsystems will be posted on the Wiki shortly.

pescha · ‎05-21-2009

I followed your instructions and now Alfresco does not login directly to guest by default. However, in the login window, I am still able to login as guest/guest. Is there a way to just delete the guest account altogether?

kevinr · ‎06-19-2009

Wiki docs for Alfresco Subsystems in 3.2 is starting to appear here: http://wiki.alfresco.com/wiki/Alfresco_Subsystems


As of Alfresco version 3.2, the subsystems are:

Authentication
    Handles all Alfresco's authentication related functions, including:

        * Password-based authentication
        * Single Sign-on (SSO) for WebClient, WebDAV, Web Scripts and Sharepoint
        * CIFS and FTP authentication
        * User registry export (LDAP only) 

    The subsystem is 'chained' so that multiple instances of different types can be configured and used together 
Synchronization
    Performs regular synchronization with the user registry exporters (usually LDAP directories) in the authentication chain 
File Servers
    Owns the CIFS, FTP and NFS servers 
Third Party
    Owns the OpenOffice, Swftools and ImageMagick content transformers 
IMAP
    Owns the IMAP service 
WCM Deployment Receiver 
    Part of WCM. WCM_Deployment_Engine 
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Kevin

Hyland Connect

Disabling guest access