我正在使用最新版本的 Alfresco 5.0.a。 我遵循了关于限制创建 Alfresco 站点的权限的 wiki 指南。我希望只有 Alfresco 管理员能够创建它们。 我遵循了取自 Alfresco Wiki 的指南:
Controlling site creation permissions in Alfresco 3.4.6 and later
In Alfresco Versions 3.4.6 (and higher) and 4.0, the permissions on the Sites root has >been changed. To ensure that only Site objects are created within the Sites root, the >Contributor permissions have been removed from the Sites root, and site creation >permissions are now handled on the Site Service itself.
For Alfresco 4.0, to change who is able to create sites, you need to alter the spring >context to set the permissioning. One way is to change the alfresco/public-services-security-context.xml file (in the default install found in webapps/alfresco/WEB-INF/classes/alfresco/public-services-security-context.xml)
Change from
org.alfresco.service.cmr.site.SiteService.createSite=ACL_ALLOW
to
org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR
我在 $TOMCAT_HOME/shared/classes/alfresco/extension/unsecured-public-services-security-context.xml 中找到了另一个 Spring 文件,类似于 wiki 中的文件
但是我没有找到那些Spring bean行。 所以我添加了这段代码:
<bean id="SiteService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref local="accessDecisionManager"/>
</property>
<property name="afterInvocationManager">
<ref local="afterInvocationManager"/>
</property>
<property name="objectDefinitionSource">
<value>
org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR
org.alfresco.service.cmr.site.SiteService.*=ACL_ALLOW
</value>
</property>
</bean>
我明白了(还有很多其他的异常(exception),但这可能是最有趣的一个)
我添加了来自 catalina.out 的异常:
Jul 17, 2014 11:59:38 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Exception sending context initialized event to listener instance of class org.alfresco.web.app.ContextLoaderListener org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath:alfresco/application-context.xml] Offending resource: ServletContext resource [/WEB-INF/web-application-context.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath*:alfresco/extension/*-context.xml] Offending resource: class path resource [alfresco/application-context.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 29 in XML document from file [/opt/alfresco-5.0.a/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/extension/public-services-security-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 29; columnNumber: 9; An element with the identifier "afterInvocationManager" must appear in the document.
我不知道怎么办。我找不到 public-services-security-context.xml Spring 文件。虽然我找到了一个类似的文件,但指南中建议的任何更改都是无用的。 有什么想法吗? 非常感谢你。 谨致问候。
马蒂亚·帕里斯
最佳答案
这里有一个更具体的实现示例: https://forums.alfresco.com/forum/end-user-discussions/alfresco-share/siteservicesecurity-bean-override-causes-severe-error
具体来说,您需要将文件添加到您的 tomcat 实例中的 shared/classes/alfresco/extension/ 文件夹中,名称类似于 custom-public-services-security-context。 xml。添加相应的 bean 定义,如 Alfresco wiki 中所述,重新启动 Alfresco,瞧。
您可能还需要根据说明覆盖 site-services-context.xml 中的 bean 定义,这与完成方式大致相同。
作为引用,所需的文件更改如下: http://wiki.alfresco.com/wiki/Site_Service#Controlling_who_can_create_sites
特别是对于 Alfresco 5.0.a,我将以下文件添加到 shared/classes/alfresco/extension/。
custom-public-services-security-context.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="SiteService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
org.alfresco.service.cmr.site.SiteService.cleanSitePermissions=ACL_NODE.0.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.createContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR
org.alfresco.service.cmr.site.SiteService.deleteSite=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.findSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.listContainers=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getMembersRole=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getMembersRoleInfo=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.resolveSite=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSite=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getSiteShortName=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.getSiteGroup=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSiteRoleGroup=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSiteRoles=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.getSiteRoot=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.hasContainer=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.hasCreateSitePermissions=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.hasSite=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.isMember=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listMembers=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listMembersInfo=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listMembersPaged=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.listSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.listSitesPaged=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.site.SiteService.removeMembership=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.canAddMember=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.setMembership=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.updateSite=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.countAuthoritiesWithRole=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.isSiteAdmin=ACL_ALLOW
org.alfresco.service.cmr.site.SiteService.*=ACL_DENY
</value>
</property>
</bean>
</beans>
关于xml - 无法在 Alfresco 中禁用创建站点权限,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24814559/