其他分享
首页 > 其他分享> > xml – 无法在Alfresco中禁用创建网站权限

xml – 无法在Alfresco中禁用创建网站权限

作者:互联网

我正在使用最新版本的Alfresco 5.0.a.
我遵循了维基指南关于限制Alfresco网站创建的权限.我只希望Alfresco管理员能够创建它们.
我遵循了Alfresco Wiki的指南:

Controlling site creation permissions in Alfresco 3.4.6 and later

In Alfresco Versions 3.4.6 (and higher) and 4.0, the permissions on the Sites root has >been changed. To ensure that only Site objects are created within the Sites root, the >Contributor permissions have been removed from the Sites root, and site creation >permissions are now handled on the Site Service itself.

For Alfresco 4.0, to change who is able to create sites, you need to alter the spring >context to set the permissioning. One way is to change the
alfresco/public-services-security-context.xml file (in the default install found in
webapps/alfresco/WEB-INF/classes/alfresco/public-services-security-context.xml)

Change from

org.alfresco.service.cmr.site.SiteService.createSite=ACL_ALLOW

to

org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR

我找到了另一个Spring文件,类似于wiki中的文件,位于$TOMCAT_HOME / shared / classes / alfresco / extension / unsecured-public-services-security-context.xml

但我没有找到那些Spring bean系列.
所以我添加了这段代码:

<bean id="SiteService_security"     class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
 <property name="authenticationManager">
  <ref bean="authenticationManager"/>
 </property>
 <property name="accessDecisionManager">
  <ref local="accessDecisionManager"/>
 </property>
 <property name="afterInvocationManager">
  <ref local="afterInvocationManager"/>
 </property>
 <property name="objectDefinitionSource">
  <value>
   org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR
   org.alfresco.service.cmr.site.SiteService.*=ACL_ALLOW
  </value>
 </property>
</bean>

我得到了这个(以及许多其他例外,但可能这是最有趣的一个)

我添加了catalina.out可能有趣的异常:

Jul 17, 2014 11:59:38 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.alfresco.web.app.ContextLoaderListener
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath:alfresco/application-context.xml]
Offending resource: ServletContext resource [/WEB-INF/web-application-context.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath*:alfresco/extension/*-context.xml]
Offending resource: class path resource [alfresco/application-context.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 29 in XML document from file
[/opt/alfresco-5.0.a/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/extension/public-services-security-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 29; columnNumber: 9; An element with the identifier “afterInvocationManager” must appear in the document.

我不知道该怎么办.我找不到public-services-security-context.xml Spring文件.尽管我找到了类似的文件,但指南中提出的任何更改都是无用的.
有什么想法吗?
非常感谢你.
我最好的问候.

Mattia Parise

解决方法:

这里有一个更具体的实现示例:
https://forums.alfresco.com/forum/end-user-discussions/alfresco-share/siteservicesecurity-bean-override-causes-severe-error

具体来说,您需要将文件添加到tomcat实例中的shared / classes / alfresco / extension /文件夹中,其名称类似于custom-public-services-security-context.xml.添加Alfresco wiki中提到的相应bean定义,重启Alfresco并瞧.

您可能还需要根据说明从site-services-context.xml覆盖bean定义,这样做的方式大致相同.

作为参考,所需的文件更改如下:
http://wiki.alfresco.com/wiki/Site_Service#Controlling_who_can_create_sites

对于Alfresco 5.0.a,我特意将以下文件添加到shared / classes / alfresco / extension /.

定制公共服务,安全的context.xml:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

    <bean id="SiteService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
        <property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
        <property name="objectDefinitionSource">
            <value>
                org.alfresco.service.cmr.site.SiteService.cleanSitePermissions=ACL_NODE.0.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.createContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR
                org.alfresco.service.cmr.site.SiteService.deleteSite=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.findSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.getContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.listContainers=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.getMembersRole=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.getMembersRoleInfo=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.resolveSite=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.getSite=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.getSiteShortName=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.getSiteGroup=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.getSiteRoleGroup=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.getSiteRoles=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.getSiteRoot=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.hasContainer=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.hasCreateSitePermissions=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.hasSite=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.isMember=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.listMembers=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.listMembersInfo=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.listMembersPaged=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.listSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.listSitesPaged=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
                org.alfresco.service.cmr.site.SiteService.removeMembership=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.canAddMember=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.setMembership=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.updateSite=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.countAuthoritiesWithRole=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.isSiteAdmin=ACL_ALLOW
                org.alfresco.service.cmr.site.SiteService.*=ACL_DENY
            </value>
        </property>
    </bean>

</beans>

标签:alfresco,spring,xml,alfresco-share
来源: https://codeday.me/bug/20190830/1769593.html