how to limit the creation de site administrator in alfresco 5.0 ?

888 views
Skip to first unread message

Youmarva

unread,
Jan 6, 2015, 6:48:37 AM1/6/15
to alfresco-techn...@googlegroups.com
Hello,

I
recently migrate to a new version of Alfresco 5.0.c and I wanted to limit the creation of the site in alfresco to the administrator, I followed the alfresco documentation : http://docs.alfresco.com/5.0/tasks/site-creation-permission.html  but it seems not updated for version 5.0 of Alfresco.
I made all the changes indicated but it does not work;
  •  I have error at alfresco share
ther error:  "Unable to retrieve IMAP server status from Alfresco: 404"
  • and in alfresco.log:
ERROR [org.springframework.web.context.ContextLoader] [localhost StartStop-1] Context initialization failed
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL rental [classpath: alfresco / application-context.xml]
Offending resource: ServletContext resource [/WEB-INF/web-application-context.xml] nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL rental [classpath *: alfresco / extension / * - context.xml]
Offending resource: class path resource [alfresco / application-context.xml] nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 57 in XML document from file [/opt/alfresco-5.0.c/tomcat/shared/classes/alfresco/extension/custom-model-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 57; columnNumber: 9; An element with the identifier "afterInvocationManager" must APPEAR in the document.


I think that in this version of Alfresco the site creation limitation is done with another way.

Need help please.
thanks

Best Regards,
youmarva

Douglas C. R. Paes

unread,
Jan 6, 2015, 6:59:21 AM1/6/15
to alfresco-techn...@googlegroups.com
You have a problematic xml file:


Offending resource: class path resource [alfresco / application-context.xml] nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 57 in XML document from file [/opt/alfresco-5.0.c/tomcat/shared/classes/alfresco/extension/custom-model-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 57;columnNumber: 9; An element with the identifier "afterInvocationManager" must APPEAR in the document.

Try to identify and fix the problem then try again.

And the error "Unable to retrieve IMAP server status from Alfresco: 404" has nothing to do with site creation permission.
Check your alfresco-global.properties and look for any imap configuration.
If you don't want to use IMAP, so you can disable it as described here http://docs.alfresco.com/4.2/concepts/IMAP-subsystem-props.html

--
You received this message because you are subscribed to the Google Groups "Alfresco Technical Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alfresco-technical-d...@googlegroups.com.
To post to this group, send email to alfresco-techn...@googlegroups.com.
Visit this group at http://groups.google.com/group/alfresco-technical-discussion.
For more options, visit https://groups.google.com/d/optout.

Youmarva

unread,
Jan 6, 2015, 10:42:23 AM1/6/15
to alfresco-techn...@googlegroups.com
Hi,

Thank you for your reply.

Here is the contents
of custom-model-context.xml :
root@alfresco5:/opt/alfresco-5.0.c/tomcat/shared/classes/alfresco/extension# cat custom-model-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
 
<beans>

   
<!-- Registration of new models -->    
   
<bean id="extension.dictionaryBootstrap" parent="dictionaryModelBootstrap" depends-on="dictionaryBootstrap">
       
<property name="models">
           
<list>
               
<value>alfresco/extension/customModel.xml</value>
           
</list>
       
</property>
   
</bean>

<bean id="SiteService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
   
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
   
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
   
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
   
<property name="objectDefinitionSource">
       
<value>
         org.alfresco.service.cmr.site.SiteService.cleanSitePermissions=ACL_NODE.0.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.createContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.createSite=ACL_METHOD.ROLE_ADMINISTRATOR
         org.alfresco.service.cmr.site.SiteService.deleteSite=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.findSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.getContainer=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.listContainers=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.getMembersRole=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.getMembersRoleInfo=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.resolveSite=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.getSite=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.getSiteShortName=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.getSiteGroup=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.getSiteRoleGroup=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.getSiteRoles=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.getSiteRoot=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.hasContainer=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.hasCreateSitePermissions=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.hasSite=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.isMember=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.listMembers=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.listMembersInfo=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.listMembersPaged=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.listSites=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.listSitesPaged=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
         org.alfresco.service.cmr.site.SiteService.removeMembership=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.canAddMember=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.setMembership=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.updateSite=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.countAuthoritiesWithRole=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.isSiteAdmin=ACL_ALLOW
         org.alfresco.service.cmr.site.SiteService.*=ACL_DENY
       
</value>
   
</property>
</bean>
         
</beans>

Knowing that I have not found in the Alfresco 5.0 server the file public-services-security-context.xml  described in this documention : http://docs.alfresco.com/5.0/tasks/site-creation-permission.html , so I had to take the contents from the documentation .
The only file that I found is unsecured-public-services-security-context.xml.sample and its content is completely different.

And about the error with IMAP I mentioned it because when I removed all the changes I made, I havn't the IMAP error on IU Share after.

I try to see which way the problem can be.   Maybe missing the information in the file alfresco-global.properties :

root@alfresco5:~# cat  /opt/alfresco-5.0.c/tomcat/shared/classes/alfresco-global.properties

###############################
## Common Alfresco Properties #
###############################

dir
.root=/opt/alfresco-5.0.c/alf_data

alfresco
.context=alfresco
alfresco
.host=127.0.0.1
alfresco
.port=8080
alfresco
.protocol=http

share
.context=share
share
.host=127.0.0.1
share
.port=8080
share
.protocol=http

### database connection properties ###
db
.driver=org.postgresql.Driver
db
.username=alfresco
db
.password=Alfresco5
db
.name=alfresco
db
.url=jdbc:postgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections.  Please see your database documentation for instructions on how to configure this.
db
.pool.max=275
db
.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system
.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp
.enabled=true
ftp
.port=21

### RMI registry port for JMX ###
alfresco
.rmi.services.port=50500

### External executable locations ###
ooo
.exe=/opt/alfresco-5.0.c/libreoffice/program/soffice
ooo
.enabled=true
ooo
.port=8100
img
.root=/opt/alfresco-5.0.c/common
img
.dyn=${img.root}/lib
img
.exe=${img.root}/bin/convert
swf
.exe=/opt/alfresco-5.0.c/common/bin/pdf2swf
swf
.languagedir=/opt/alfresco-5.0.c/common/japanese

jodconverter
.enabled=false
jodconverter
.officeHome=/opt/alfresco-5.0.c/libreoffice
jodconverter
.portNumbers=8100

### Initial admin password ###
alfresco_user_store
.adminpassword=eb14fd05d306e78e73a4b47f66b2ca4b

### E-mail site invitation setting ###
notification
.email.siteinvite=false

### License location ###
dir
.license.external=/opt/alfresco-5.0.c

### Solr indexing ###
index
.subsystem.name=solr4
dir
.keystore=${dir.root}/keystore
solr
.port.ssl=8443

### BPM Engine ###
system
.workflow.engine.jbpm.enabled=false

### Allow extended ResultSet processing
security
.anyDenyDenies=false

### Authentication by ldap ad
authentication
.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
#You can login by build-din alfresco authentication system and ldap

ntlm
.authentication.sso.enabled=false

#do not allow guest logon
ldap
.authentication.allowGuestLogin=false

ldap
.authentication.userNameFormat=%s@domaine.infra
#your login is the same like user name in windows

ldap
.authentication.java.naming.provider.url=ldap://serverAD:389
#adres of ldap server

ldap
.authentication.defaultAdministratorUserNames=admin
#users with admin rights

ldap
.synchronization.java.naming.security.principal=admin@domaine.infra
#account ldap administrator on your server

ldap
.synchronization.java.naming.security.credentials=pass
#password to ldap_...@yourdomain.co
#ldap.synchronization.SearchBase=dc=sifast,dc=infra
#groups for alfresco, cn=Security_Groups,ou=Alfresco,dc=your_domain,dc=com must exist in Your ldap

ldap
.synchronization.userSearchBase=cn=users,dc=domaine,dc=infra
#users for alfresco, cn=User_Accounts,ou=Alfresco,dc=your_domain,dc=com must exist in Your ldap

Thanks for your help

(sorry for my english)

Youmarva
To unsubscribe from this group and stop receiving emails from it, send an email to alfresco-technical-discussion+unsub...@googlegroups.com.

Douglas C. R. Paes

unread,
Jan 6, 2015, 10:57:51 AM1/6/15
to alfresco-techn...@googlegroups.com
If I'm not wrong, when it comes to permission changes, you have to copy the full xml file, the original one, and make changes on it, because as you can see, your xml file has a problem in the "afterInvocationManager".
Pay attention to the error message:
An element with the identifier "afterInvocationManager" must APPEAR in the document.

That id is another bean that is declared into another xml file, so, try what I described. Copy the full original file and make your changes.
The public-services-security-context.xml is probably inside a jar file, but I don't know which one.

Try to fix this error first, and then we can try to fix the other one.

To unsubscribe from this group and stop receiving emails from it, send an email to alfresco-technical-d...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages