Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP HOME FOLDER

karimdronet
Champ in-the-making
Champ in-the-making

‎08-29-2007 06:35 AM

Smiley Very Happy it's function now,eache user have a work space in comun space (space user) but I have  another question when I stop alfresco and I startet's I have a error like this:

org.alfresco.repo.security.permissions.AccessDeniedException: Accès interdit. Vous n'avez pas la permission de réaliser cette opération.
caused by:
net.sf.acegisecurity.AccessDeniedException: Access is denied.

but whene I reinstall a new data file alfresco  "alf_data" ,it's worked agains,but I lost all my files,can you help me:
this is mu authentication-service-context.xml:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<!– ===================================================================  –>
<!– This file contains the bean definitions that support authentication  –>
<!– ===================================================================  –>

<!–                                                                        –>
<!– Acegi is used for authentication and protecting method calls on public –>
<!– services. To do this requires our authentication mechanism to work     –>
<!– within the acegi framework.                                            –>
<!–                                                                        –>
<!– It is important to decide if user names are case sensitive or not.     –>
<!– This is configured in repository.properties.                           –>
<!–                                                                        –> 
<!–                                                                        –>
<!– TODO:                                                                  –>
<!–                                                                        –>
<!– The transactional wrappers should be removed from the beans in this    –>
<!– file. This should be done in the public services definitions.          –>
<!– This requires some tests to be fixed up.                               –>
<!–                                                                        –>
                                                                        
   
<beans>
    <!–                                                                    –>
    <!– The Acegi authentication manager.                                  –>
    <!–                                                                    –>
    <!– Provders are asked to authenticate in order.                       –>
    <!– First, is a provider that checks if an acegi authentication object –>
    <!– is already bound to the executing thread. If it is, and it is set  –>
    <!– as authenticated then no further authentication is required. If    –>
    <!– this is absent, Acegi validates the password for every method      –>
    <!– invocation, which is too CPU expensive. If we set an               –>
    <!– authentication based on a ticket etc …. or we want to set the    –>
    <!– the system user as the current user … we do not have the         –>
    <!– password. So if we have set an authentication and set it as        –>
    <!– authenticated that is sufficient to validate the user.             –>
    <!–                                                                    –>
    <!– If the authentication bound to the current thread is not set as    –>
    <!– authenticated the standard Acegi DAO Authentication provider       –>
    <!– is used to authenticate.                                           –>
    <!–                                                                    –>

    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref bean="authenticatedAuthenticationPassthroughProvider" />
                <ref bean="daoAuthenticationProvider" />
            </list>
        </property>
    </bean>

    <!– We provide a DAO to plug into the Acegi DaoAuthenticationProvider –>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
       <property name="authenticationDao">
           <ref bean="authenticationDao" />
        </property>
        <property name="saltSource"> 
       <ref bean="saltSource" />
        </property>
        <property name="passwordEncoder">
               <ref bean="passwordEncoder" />
            </property>
      </bean>  

    <!– An authentication Provider that just believes authentications      –>
    <!– bound to the local thread are valid if they are set as             –>
    <!– authenticated.                                                     –>

    <bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />

    <!– The authroity DAO implements an interface extended from the Acegi  –>
    <!– DAO that supports CRUD.                                            –>

   <alias name="authenticationDao" alias="alfDaoImpl"/>    <!– TODO: Remove –>
   
       <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
       <property name="nodeService">
           <ref bean="nodeService" />
       </property>
       <property name="dictionaryService">
           <ref bean="dictionaryService" />
       </property>
       <property name="namespaceService">
           <ref bean="namespaceService" />
       </property>
       <property name="searchService">
           <ref bean="searchService" />
       </property>
       <property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
       </property>
       <property name="passwordEncoder">
           <ref bean="passwordEncoder" />
       </property>
    </bean>

    <!– The DAO also acts as a salt provider.                              –>
   
    <alias alias="saltSource" name="authenticationDao"/>

    <!– Passwords are encoded using MD4                                    –>
    <!– This is not ideal and only done to be compatible with NTLM         –>
    <!– authentication against the default authentication mechanism.       –>

    <bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>


    <!– The Authentication Service implementation.                         –>
    <!–                                                                    –>
    <!– This delegates its work to two services:                           –>
    <!– an AuthenticationComponent and a MutableAuthenticationDAO.         –>
    <!–                                                                    –>
    <!– The permissions service is required so that permissions can be     –>
    <!– cleaned up when a user is deleted.                                 –>
   
    <alias name="authenticationService" alias="authenticationServiceImpl"/>    <!–TODO: Remove –>
   <bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent" />
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImpl" />
        </property>
    </bean>

    <!– The authentication component.                                      –>

    <bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
        <property name="proxyInterfaces">
            <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
        </property>
        <property name="transactionManager">
            <ref bean="transactionManager" />
        </property>
        <property name="target">
            <ref bean="authenticationComponent" />
        </property>
        <property name="transactionAttributes">
            <props>
                <prop key="*">${server.transaction.mode.default}</prop>
            </props>
        </property>
    </bean>
   
    <alias name="authenticationComponent" alias="authenticationComponentImpl"/>      <!– TODO: Remove –>
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager" />
        </property>
        <property name="allowGuestLogin">
            <value>false</value>
        </property>
    </bean>

   
    <!– Simple Authentication component that rejects all authentication requests –>
    <!– Use this defintion for Novell IChain integration.                        –>
    <!– It should never go to the login screen  so this is not required          –>
   
    <!–
    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
        <property name="accept">
            <value>true</value>
        </property>   
    </bean>
   
    –>


    <!– The person service.                                                –>

    <bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl">
   <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="searchService">
            <ref bean="admSearchService" />
        </property>
        <property name="permissionServiceSPI">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="authorityService">
           <ref bean="authorityService" />
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent"/>
        </property>
        <property name="personCache">
            <ref bean="personCache" />
        </property>

        <!– Configurable properties.                                 –>
        <!–                                                          –>
        <!– TODO:                                                    –>
        <!– Add support for creating real home spaces adn setting    –>
        <!– permissions on the hame space and people created.        –>
        <!–                                                          –>
        <!– The store in which people are persisted.                 –>
        <property name="storeUrl">
           <value>${spaces.store}</value>
   </property>
        <!– Some authentication mechanisms may need to create people –>
        <!– in the repository on demand. This enables that feature.  –>
        <!– If dsiabled an error will be generated for missing       –>
        <!– people. If enabled then a person will be created and     –>
        <!– persisted.                                               –>
        <!– Valid values are                                         –>
        <!–     ${server.transaction.allow-writes}                   –>
        <!–     false                                                –>
        <property name="createMissingPeople">
           <value>${server.transaction.allow-writes}</value>
        </property>
        <property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
        </property>
        <!– New properties after 1.4.0 to deal with duplicate user ids when found –>
        <property name="processDuplicates">
            <value>true</value>
        </property>
        <!– one of:  LEAVE, SPLIT, DELETE –>
        <property name="duplicateMode">
            <value>SPLIT</value>
        </property>
        <property name="lastIsBest">
            <value>true</value>
        </property>
        <property name="includeAutoCreated">
            <value>false</value>
        </property>
    </bean>

    <bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
        <property name="nodeService">
          <ref bean="nodeService" />
      </property>
        <property name="policyComponent">
          <ref bean="policyComponent" />
      </property>
        <property name="defaultProvider">
          <ref bean="personalHomeFolderProvider" />
      </property>
    </bean>
   
    <bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
        <property name="serviceRegistry">
          <ref bean="ServiceRegistry" />
      </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
         <ref bean="homeFolderManager" />
      </property>
    </bean>
   
    <bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
        <property name="serviceRegistry">
          <ref bean="ServiceRegistry" />
      </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
         <ref bean="homeFolderManager" />
      </property>
        <property name="userPemissions">
            <set>
                <value>Consumer</value>
            </set>
        </property>
    </bean>
   
    <bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
        <property name="homeFolderManager">
         <ref bean="homeFolderManager" />
      </property>
    </bean>
   
    <bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
          <ref bean="ServiceRegistry" />
      </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
         <ref bean="homeFolderManager" />
      </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
   
   <bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
          <ref bean="ServiceRegistry" />
      </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
         <ref bean="homeFolderManager" />
      </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
   
   
    <!– The ticket component.                                              –>
    <!– Used for reauthentication                                          –>
    <bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
        <property name="ticketsCache">
            <ref bean="ticketsCache"/>
        </property>
        <!– The period for which tickets are valid in XML duration format. –>
        <!– The default is P1H for one hour.                               –>
        <property name="validDuration">
            <value>P1H</value>
        </property>
        <!– Do tickets expire or live for ever?                            –>
        <property name="ticketsExpire">
            <value>false</value>
        </property>
        <!– Are tickets only valid for a single use?                       –>
        <property name="oneOff">
            <value>false</value>
        </property>
    </bean>
   
    <!– Here for now. Probably want remote-context.xml file. –>
    <!– The AuthenticationService exported as an RMI service. –>
   <bean id="rmiAuthenticationService" class="org.springframework.remoting.rmi.RmiServiceExporter">
      <property name="service">
         <ref bean="AuthenticationService"/>
      </property>
      <property name="serviceInterface">
         <value>org.alfresco.service.cmr.security.AuthenticationService</value>
      </property>
      <property name="serviceName">
         <value>authentication</value>
      </property>
      <property name="registryPort">
         <value>${avm.remote.port}</value>
      </property>
   </bean>
</beans>
Labels:
0 Kudos
2 REPLIES 2

robertoroberto
Champ in-the-making
Champ in-the-making

‎09-20-2007 05:32 AM

I have a webdav client to access to Alfresco repository.
I have 3 user homes.
The webdav client is executed as an applet in a dinamic jsp page.
When I start the applet for fisrt time I have no problem to access to the chosen user home.
Then I go again in applet page and I connect with new user and password to an other user home.
I have this excpetion


11:22:41,781 INFO  [STDOUT] 11:22:41,781 ERROR [alfresco.webdav.protocol] Internal Server Error:
org.alfresco.repo.security.permissions.AccessDeniedException: Access Denied.  You do not have the appropriate permissions to perform this operation.
   at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
   at org.alfresco.repo.audit.AuditComponentImpl.auditImpl(AuditComponentImpl.java:256)
   at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:191)
   at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
   at $Proxy103.resolveNamePath(Unknown Source)
   at org.alfresco.repo.webdav.WebDAVHelper.getNodeForPath(WebDAVHelper.java:278)
   at org.alfresco.repo.webdav.OptionsMethod.executeImpl(OptionsMethod.java:91)
   at org.alfresco.repo.webdav.WebDAVMethod$1.execute(WebDAVMethod.java:144)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:225)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:174)
   at org.alfresco.repo.webdav.WebDAVMethod.execute(WebDAVMethod.java:152)
   at org.alfresco.repo.webdav.WebDAVServlet.service(WebDAVServlet.java:129)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.repo.webdav.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
   at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
   at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)
Caused by: net.sf.acegisecurity.AccessDeniedException: Access Denied
   at org.alfresco.repo.security.permissions.impl.acegi.ACLEntryAfterInvocationProvider.decide(ACLEntryAfterInvocationProvider.java:299)
   at org.alfresco.repo.security.permissions.impl.acegi.ACLEntryAfterInvocationProvider.decide(ACLEntryAfterInvocationProvider.java:316)
   at org.alfresco.repo.security.permissions.impl.acegi.ACLEntryAfterInvocationProvider.decide(ACLEntryAfterInvocationProvider.java:200)
   at net.sf.acegisecurity.afterinvocation.AfterInvocationProviderManager.decide(AfterInvocationProviderManager.java:107)
   at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.afterInvocation(AbstractSecurityInterceptor.java:329)
   at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:82)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
   at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
   … 38 more

Username and password are correct.
If I try to access to the user home that I have accessed for first, I don't have problems.

Please help me!! :cry:

Sorry for my English, I'm Italian  :roll:
0 Kudos

naveenkumar
Champ in-the-making
Champ in-the-making

‎05-29-2008 12:01 PM

Hi!this is little old post, but did you find a solution for this error on webdav edit? If so cud u share it
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC