You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2014/01/17 09:33:46 UTC
svn commit: r1559045 - in
/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl:
ApplicationResourceAccessSecurityImpl.java
ProviderResourceAccessSecurityImpl.java ResourceAccessSecurityImpl.java
Author: cziegeler
Date: Fri Jan 17 08:33:45 2014
New Revision: 1559045
URL: http://svn.apache.org/r1559045
Log:
SLING-2698 - resource access security service for resource providers. Distinguish between context application and provider
Modified:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java?rev=1559045&r1=1559044&r2=1559045&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java Fri Jan 17 08:33:45 2014
@@ -36,4 +36,7 @@ import org.apache.sling.resourceaccessse
target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.APPLICATION_CONTEXT + ")")
public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+ public ApplicationResourceAccessSecurityImpl() {
+ super(true);
+ }
}
Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java?rev=1559045&r1=1559044&r2=1559045&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java Fri Jan 17 08:33:45 2014
@@ -36,4 +36,7 @@ import org.apache.sling.resourceaccessse
target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.PROVIDER_CONTEXT + ")")
public class ProviderResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+ public ProviderResourceAccessSecurityImpl() {
+ super(false);
+ }
}
Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1559045&r1=1559044&r2=1559045&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java Fri Jan 17 08:33:45 2014
@@ -24,10 +24,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.ReferencePolicy;
-import org.apache.felix.scr.annotations.ReferencePolicyOption;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.security.AccessSecurityException;
@@ -36,15 +32,16 @@ import org.apache.sling.resourceaccessse
import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
import org.osgi.framework.ServiceReference;
-@Reference(policyOption=ReferencePolicyOption.GREEDY,
-cardinality=ReferenceCardinality.OPTIONAL_UNARY,
-policy=ReferencePolicy.DYNAMIC,
-target="(" + ResourceAccessSecurity.CONTEXT + "=" + ResourceAccessSecurity.PROVIDER_CONTEXT + ")")
-
-public class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
+public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
+ private final boolean defaultAllow;
+
+ public ResourceAccessSecurityImpl(final boolean defaultAllow) {
+ this.defaultAllow = defaultAllow;
+ }
+
/**
* This method returns either an iterator delivering the matching handlers
* or <code>null</code>.
@@ -104,7 +101,7 @@ public class ResourceAccessSecurityImpl
@Override
public Resource getReadableResource(final Resource resource) {
- Resource returnValue = resource;
+ Resource returnValue = (this.defaultAllow ? resource : null);
final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.READ);
@@ -143,7 +140,7 @@ public class ResourceAccessSecurityImpl
if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
returnValue = null;
} else if (finalGateResult == GateResult.DONTCARE) {
- returnValue = resource;
+ returnValue = (this.defaultAllow ? resource : null);
}
// wrap Resource if read access is not or partly (values) not granted
else if (!canReadAllValues) {
@@ -159,7 +156,7 @@ public class ResourceAccessSecurityImpl
final ResourceResolver resolver) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
path, ResourceAccessGate.Operation.CREATE);
- boolean result = true;
+ boolean result = this.defaultAllow;
if ( handlers != null ) {
GateResult finalGateResult = null;
@@ -188,7 +185,7 @@ public class ResourceAccessSecurityImpl
public boolean canUpdate(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.UPDATE);
- boolean result = true;
+ boolean result = this.defaultAllow;
if ( handlers != null ) {
GateResult finalGateResult = null;
@@ -217,7 +214,7 @@ public class ResourceAccessSecurityImpl
public boolean canDelete(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.DELETE);
- boolean result = true;
+ boolean result = this.defaultAllow;
if ( handlers != null ) {
GateResult finalGateResult = null;
@@ -246,7 +243,7 @@ public class ResourceAccessSecurityImpl
public boolean canExecute(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
- boolean result = true;
+ boolean result = this.defaultAllow;
if ( handlers != null ) {
GateResult finalGateResult = null;
@@ -274,19 +271,19 @@ public class ResourceAccessSecurityImpl
@Override
public boolean canReadValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return false;
+ return this.defaultAllow;
}
@Override
public boolean canSetValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return false;
+ return this.defaultAllow;
}
@Override
public boolean canDeleteValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return false;
+ return this.defaultAllow;
}
@Override