Hyland Connect

pshark · ‎03-30-2012

Hey guys,

I posted the same question in an an old topic https://forums.alfresco.com/en/viewtopic.php?f=28&t=14004&start=15#p128586, but was advised to make a new one. I'm using 4.0d Community edition of Alfresco.

I'm trying to create a user on the fly when a user logs in to the system. Here is a snippet of the code I added to the function authenticateImpl in the class org.alfresco.repo.security.authentication.AuthenticationComponentImpl:

QName userVeto = QName.createQName(NamespaceService.APP_MODEL_1_0_URI, "UserVeto");
((TransactionServiceImpl)getTransactionService()).setAllowWrite(true, userVeto);
boolean testW = ((TransactionServiceImpl)getTransactionService()).isReadOnly();
boolean testW2 = ((TransactionServiceImpl)getTransactionService()).getAllowWrite();
((PersonServiceImpl)getPersonService()).setTransactionService((TransactionServiceImpl)getTransactionService());
getPersonService().createPerson(properties);‍‍‍‍‍‍

The var testW is false, testW2 is true as expected. The createPerson function is throwing the error:
org.alfresco.service.transaction.ReadOnlyServerException: 02290094 Access Denied. The system is currently in read-only mode.

Is there something else I need to do to authenticate / enable write access? I added the code to modify the transaction service, but it doesn't appear to have done anything. The error is originating in the function newNode in the class org.alfresco.repo.domain.node.AbstractNodeDAOImpl at line 1066.
Note that I do not have the matching source code for this version of the class, so i can't say what is happening at this line. If someone could tell me what source code revision corresponds to the 4.0d community release, that might help as well.

Mainly, I'm hoping there is some way to perform an authentication / enable writing to the directory.

jpotts · ‎03-30-2012

I've never seen Community Edition go into Read-Only mode. That typically only happens when someone is using the Enterprise Edition and the 30-day license expires. I can't help you with that, but I can tell you that the svn rev for 4.0.d is 33365. You can usually find that on the release notes.

Jeff

Jeff Potts
https://www.metaversant.com | https://ecmarchitect.com

pshark · ‎03-30-2012

Thanks for the tip about the revision.

I am able to import users with a csv after logging in. If I call the code within the RetryingTransactionHelper as follows:

getTransactionService().getRetryingTransactionHelper().setForceWritable(true);
String normalized = getTransactionService().getRetryingTransactionHelper().doInTransaction(‍‍

with doIntransaction parameter readonly set to false, the following error case is triggered:
throw new AlfrescoRuntimeException("Read-Write transaction started within read-only transaction");

Commenting out this error line in RetryingTransactionHelper only reverts back to a read only server error. Is there some way I can close the read only transaction, or is this normal behavior prior to a user logon :?:

I had also tried to run the transaction as the system user without success.

derek · ‎04-02-2012

Like Jeff said, you should not have to mess around with the read-write settings for the server. If you run using an Enterprise release, then you'll need a valid license or the License code will put a veto in place to prevent general user actions.

I think (and I can only guess based on the info available) that you are attempting to perform a read-write operation during login, which is a read-only operation. This is not a tricky transaction issue 🙂 You can never force a read-only transaction to morph into a read-write transaction. Once you're in a read-only transaction that is what you have to work with. If you need to be reactive based on user login, then you need to apply a transaction watch and fire a post-transaction process to do the read-write work.

PS. It is really bad form to plug write operations into logical read operations. It confuses people when get* actually modifies data, as an example.

pshark · ‎04-02-2012

Thanks for the informational response. I am seeking to create the user during the logon process, since there is another table which the users are actually being authenticated against.

Is there somewhere earlier in this process where I could complete a write transaction prior to logon?

Also can you clarify what would be required to complete the following? I could not find any information about either transaction watches or what a post-transaction process is.

If you need to be reactive based on user login, then you need to apply a transaction watch and fire a post-transaction process to do the read-write work.

andy · ‎04-02-2012

Hi

I am not clear what is going on here.

Are you:
1) Authenticating some principal that does not exists and auto-creating their credentials etc etc …..which does not make much sense to me
2) Trying to auto-import users at authentication time?
3) Creating the person object in Alfresco as a side effect of authentication
The person service already supports the auto-creation of people (on getPersons after login) if that is what you want
4) Some combination of the above

If you need to import users write a bootstrap bean to check and do this at start up, and periodically.
You should not do this as part of the authentication call.

My guess is you need to take a look at the LDAP authentication sub-system and implement something like this for CSV??
Or integrate with some external authenticaton system??
Both mean writing your own authentication sub-system.

Andy

pshark · ‎04-03-2012

I think it is more a combination of 2-4. I was hoping to generate users on the fly based on an external authentication source.

If I'm writing my own authentication sub system, will that solve the read only issue? Should my code be running sooner in the execution chain?

Hyland Connect

Read Only Server Issue Adding Users