You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2014/01/17 09:33:46 UTC
svn commit: r1559045 - in /sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl: ApplicationResourceAccessSecurityImpl.java ProviderResourceAccessSecurityImpl.java ResourceAccessSecurityImpl.java

Author: cziegeler
Date: Fri Jan 17 08:33:45 2014
New Revision: 1559045

URL: http://svn.apache.org/r1559045
Log:
SLING-2698 - resource access security service for resource providers. Distinguish between context application and provider

Modified:
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java

Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java?rev=1559045&r1=1559044&r2=1559045&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java Fri Jan 17 08:33:45 2014
@@ -36,4 +36,7 @@ import org.apache.sling.resourceaccessse
            target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.APPLICATION_CONTEXT + ")")
 public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
 
+    public ApplicationResourceAccessSecurityImpl() {
+        super(true);
+    }
 }

Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java?rev=1559045&r1=1559044&r2=1559045&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java Fri Jan 17 08:33:45 2014
@@ -36,4 +36,7 @@ import org.apache.sling.resourceaccessse
            target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.PROVIDER_CONTEXT + ")")
 public class ProviderResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
 
+    public ProviderResourceAccessSecurityImpl() {
+        super(false);
+    }
 }

Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1559045&r1=1559044&r2=1559045&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java Fri Jan 17 08:33:45 2014
@@ -24,10 +24,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.NoSuchElementException;
 
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.ReferencePolicy;
-import org.apache.felix.scr.annotations.ReferencePolicyOption;
 import org.apache.sling.api.resource.Resource;
 import org.apache.sling.api.resource.ResourceResolver;
 import org.apache.sling.api.security.AccessSecurityException;
@@ -36,15 +32,16 @@ import org.apache.sling.resourceaccessse
 import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
 import org.osgi.framework.ServiceReference;
 
-@Reference(policyOption=ReferencePolicyOption.GREEDY,
-cardinality=ReferenceCardinality.OPTIONAL_UNARY,
-policy=ReferencePolicy.DYNAMIC,
-target="(" + ResourceAccessSecurity.CONTEXT + "=" + ResourceAccessSecurity.PROVIDER_CONTEXT + ")")
-
-public class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
+public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
 
     private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
 
+    private final boolean defaultAllow;
+
+    public ResourceAccessSecurityImpl(final boolean defaultAllow) {
+        this.defaultAllow = defaultAllow;
+    }
+
     /**
      * This method returns either an iterator delivering the matching handlers
      * or <code>null</code>.
@@ -104,7 +101,7 @@ public class ResourceAccessSecurityImpl 
 
     @Override
     public Resource getReadableResource(final Resource resource) {
-        Resource returnValue = resource;
+        Resource returnValue = (this.defaultAllow ? resource : null);
 
         final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.READ);
@@ -143,7 +140,7 @@ public class ResourceAccessSecurityImpl 
             if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
                 returnValue = null;
             } else if (finalGateResult == GateResult.DONTCARE) {
-                returnValue = resource;
+                returnValue = (this.defaultAllow ? resource : null);
             }
             // wrap Resource if read access is not or partly (values) not granted
             else if (!canReadAllValues) {
@@ -159,7 +156,7 @@ public class ResourceAccessSecurityImpl 
             final ResourceResolver resolver) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 path, ResourceAccessGate.Operation.CREATE);
-        boolean result = true;
+        boolean result = this.defaultAllow;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
 
@@ -188,7 +185,7 @@ public class ResourceAccessSecurityImpl 
     public boolean canUpdate(final Resource resource) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.UPDATE);
-        boolean result = true;
+        boolean result = this.defaultAllow;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
 
@@ -217,7 +214,7 @@ public class ResourceAccessSecurityImpl 
     public boolean canDelete(final Resource resource) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.DELETE);
-        boolean result = true;
+        boolean result = this.defaultAllow;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
 
@@ -246,7 +243,7 @@ public class ResourceAccessSecurityImpl 
     public boolean canExecute(final Resource resource) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
-        boolean result = true;
+        boolean result = this.defaultAllow;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
 
@@ -274,19 +271,19 @@ public class ResourceAccessSecurityImpl 
     @Override
     public boolean canReadValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
-        return false;
+        return this.defaultAllow;
     }
 
     @Override
     public boolean canSetValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
-        return false;
+        return this.defaultAllow;
     }
 
     @Override
     public boolean canDeleteValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
-        return false;
+        return this.defaultAllow;
     }
 
     @Override