You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 10:13:54 UTC
[sling-org-apache-sling-serviceusermapper] 04/08: SLING-3854 - Add
configuration option to restrict service user mapper to system users
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.serviceusermapper-1.1.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-serviceusermapper.git
commit 3d65ad79c9ed6e186e6274565dd3e3318519f406
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Thu Feb 19 10:30:03 2015 +0000
SLING-3854 - Add configuration option to restrict service user mapper to system users
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/serviceusermapper@1660832 13f79535-47bb-0310-9956-ffa450edef68
---
.../serviceusermapping/ServiceUserValidator.java | 35 +++++++
.../impl/ServiceUserMapperImpl.java | 101 +++++++++++++++------
.../sling/serviceusermapping/package-info.java | 2 +-
.../impl/ServiceUserMapperImplTest.java | 38 ++++++++
4 files changed, 149 insertions(+), 27 deletions(-)
diff --git a/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java b/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java
new file mode 100644
index 0000000..7930582
--- /dev/null
+++ b/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.serviceusermapping;
+
+import aQute.bnd.annotation.ConsumerType;
+
+/**
+ * The {@code ServiceUserValidator} allows to implement validation of configured
+ * service user mappings.
+ */
+@ConsumerType
+public interface ServiceUserValidator {
+
+ /**
+ * Validates the configured service user ID.
+ *
+ * @param serviceUserId The ID of the configured service user.
+ * @return {@code true} if the configured service user is valid; {@code false} otherwise.
+ */
+ boolean isValid(String serviceUserId, String serviceName, String subServiceName);
+}
\ No newline at end of file
diff --git a/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java b/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
index 02e22f6..914a642 100644
--- a/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
+++ b/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
@@ -23,6 +23,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Vector;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
@@ -32,9 +33,11 @@ import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.References;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.serviceusermapping.ServiceUserMapper;
+import org.apache.sling.serviceusermapping.ServiceUserValidator;
import org.osgi.framework.Bundle;
import org.osgi.framework.Constants;
import org.slf4j.Logger;
@@ -45,11 +48,18 @@ import org.slf4j.LoggerFactory;
label = "Apache Sling Service User Mapper Service",
description = "Configuration for the service mapping service names to names of users.")
@Service(value=ServiceUserMapper.class)
-@Reference(name="amendment",
- referenceInterface=MappingConfigAmendment.class,
- cardinality=ReferenceCardinality.OPTIONAL_MULTIPLE,
- policy=ReferencePolicy.DYNAMIC,
- updated="updateAmendment")
+@References( {
+ @Reference(name="amendment",
+ referenceInterface=MappingConfigAmendment.class,
+ cardinality=ReferenceCardinality.OPTIONAL_MULTIPLE,
+ policy=ReferencePolicy.DYNAMIC,
+ updated="updateAmendment"),
+ @Reference(name = "serviceUserValidator ", referenceInterface = ServiceUserValidator.class,
+ bind = "bindServiceUserValidator", unbind = "unbindServiceUserValidator",
+ cardinality= ReferenceCardinality.OPTIONAL_MULTIPLE, policy= ReferencePolicy.DYNAMIC)
+
+})
+
public class ServiceUserMapperImpl implements ServiceUserMapper {
@Property(
@@ -83,6 +93,8 @@ public class ServiceUserMapperImpl implements ServiceUserMapper {
private Mapping[] activeMappings = new Mapping[0];
+ private Vector <ServiceUserValidator> validators = new Vector<ServiceUserValidator>();
+
@Activate
@Modified
void configure(final Map<String, Object> config) {
@@ -96,7 +108,7 @@ public class ServiceUserMapperImpl implements ServiceUserMapper {
final Mapping mapping = new Mapping(prop.trim());
mappings.add(mapping);
} catch (final IllegalArgumentException iae) {
- log.info("configure: Ignoring '{}': {}", prop, iae.getMessage());
+ log.error("configure: Ignoring '{}': {}", prop, iae.getMessage());
}
}
}
@@ -107,31 +119,32 @@ public class ServiceUserMapperImpl implements ServiceUserMapper {
this.updateMappings();
}
}
+
+ /**
+ * bind the serviceUserValidator
+ * @param serviceUserValidator
+ * @param properties
+ */
+ protected void bindServiceUserValidator(final ServiceUserValidator serviceUserValidator, final Map<String, Object> properties){
+ validators.add(serviceUserValidator);
+ }
+
+ /**
+ * unbind the serviceUserValidator
+ * @param serviceUserValidator
+ * @param properties
+ */
+ protected void unbindServiceUserValidator(final ServiceUserValidator serviceUserValidator, final Map<String, Object> properties){
+ validators.remove(serviceUserValidator);
+ }
/**
* @see org.apache.sling.serviceusermapping.ServiceUserMapper#getServiceUserID(org.osgi.framework.Bundle, java.lang.String)
*/
public String getServiceUserID(final Bundle bundle, final String subServiceName) {
final String serviceName = bundle.getSymbolicName();
-
- // try with serviceInfo first
- for (Mapping mapping : this.activeMappings) {
- final String user = mapping.map(serviceName, subServiceName);
- if (user != null) {
- return user;
- }
- }
-
- // second round without serviceInfo
- for (Mapping mapping : this.activeMappings) {
- final String user = mapping.map(serviceName, null);
- if (user != null) {
- return user;
- }
- }
-
- // finally, fall back to default user
- return this.defaultUser;
+ final String userId = internalGetUserId(serviceName, subServiceName);
+ return isValidUser(userId, serviceName, subServiceName) ? userId : null;
}
protected void bindAmendment(final MappingConfigAmendment amendment, final Map<String, Object> props) {
@@ -147,7 +160,7 @@ public class ServiceUserMapperImpl implements ServiceUserMapper {
synchronized ( this.amendments ) {
if ( amendments.remove(key) != null ) {
this.updateMappings();
- };
+ }
}
}
@@ -174,5 +187,41 @@ public class ServiceUserMapperImpl implements ServiceUserMapper {
}
activeMappings = mappings.toArray(new Mapping[mappings.size()]);
}
+
+ private String internalGetUserId(String serviceName, String subServiceName) {
+ // try with serviceInfo first
+ for (Mapping mapping : this.activeMappings) {
+ final String userId = mapping.map(serviceName, subServiceName);
+ if (userId != null) {
+ return userId;
+ }
+ }
+
+ // second round without serviceInfo
+ for (Mapping mapping : this.activeMappings) {
+ final String userId = mapping.map(serviceName, null);
+ if (userId != null) {
+ return userId;
+ }
+ }
+
+ // finally, fall back to default user
+ return this.defaultUser;
+ }
+
+ private boolean isValidUser(String userId, String serviceName, String subServiceName) {
+ if (userId == null) {
+ return false;
+ }
+ if (validators != null && validators.size() > 0) {
+ for (ServiceUserValidator validator : validators) {
+ boolean valid = validator.isValid(userId, serviceName, subServiceName);
+ if (!valid) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
}
diff --git a/src/main/java/org/apache/sling/serviceusermapping/package-info.java b/src/main/java/org/apache/sling/serviceusermapping/package-info.java
index 3ebac13..c05c7ae 100644
--- a/src/main/java/org/apache/sling/serviceusermapping/package-info.java
+++ b/src/main/java/org/apache/sling/serviceusermapping/package-info.java
@@ -17,7 +17,7 @@
* under the License.
*/
-@Version("1.0")
+@Version("1.1")
@Export(optional = "provide:=true")
package org.apache.sling.serviceusermapping;
diff --git a/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java b/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java
index 2a98a45..ca5ba7f 100644
--- a/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java
+++ b/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java
@@ -25,6 +25,7 @@ import java.util.Map;
import junit.framework.TestCase;
import org.apache.sling.commons.testing.osgi.MockBundle;
+import org.apache.sling.serviceusermapping.ServiceUserValidator;
import org.junit.Test;
import org.osgi.framework.Bundle;
import org.osgi.framework.Constants;
@@ -100,6 +101,43 @@ public class ServiceUserMapperImplTest {
TestCase.assertEquals(SAMPLE_SUB, sum.getServiceUserID(BUNDLE1, SUB));
TestCase.assertEquals(ANOTHER_SUB, sum.getServiceUserID(BUNDLE2, SUB));
}
+
+ @Test
+ public void test_getServiceUserID_WithServiceUserValidator() {
+ @SuppressWarnings("serial")
+ Map<String, Object> config = new HashMap<String, Object>() {
+ {
+ put("user.mapping", new String[] {
+ BUNDLE_SYMBOLIC1 + "=" + SAMPLE, //
+ BUNDLE_SYMBOLIC2 + "=" + ANOTHER, //
+ BUNDLE_SYMBOLIC1 + ":" + SUB + "=" + SAMPLE_SUB, //
+ BUNDLE_SYMBOLIC2 + ":" + SUB + "=" + ANOTHER_SUB //
+ });
+ put("user.default", NONE);
+ }
+ };
+
+ final ServiceUserMapperImpl sum = new ServiceUserMapperImpl();
+ sum.configure(config);
+ ServiceUserValidator serviceUserValidator = new ServiceUserValidator() {
+
+ public boolean isValid(String serviceUserId, String serviceName,
+ String subServiceName) {
+ if (SAMPLE.equals(serviceUserId)) {
+ return false;
+ }
+ return true;
+ }
+ };
+ sum.bindServiceUserValidator(serviceUserValidator, null);
+
+ TestCase.assertEquals(null, sum.getServiceUserID(BUNDLE1, null));
+ TestCase.assertEquals(ANOTHER, sum.getServiceUserID(BUNDLE2, null));
+ TestCase.assertEquals(null, sum.getServiceUserID(BUNDLE1, ""));
+ TestCase.assertEquals(ANOTHER, sum.getServiceUserID(BUNDLE2, ""));
+ TestCase.assertEquals(SAMPLE_SUB, sum.getServiceUserID(BUNDLE1, SUB));
+ TestCase.assertEquals(ANOTHER_SUB, sum.getServiceUserID(BUNDLE2, SUB));
+ }
@Test
public void test_amendment() {
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.