You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by jo...@apache.org on 2022/07/29 16:28:50 UTC
[sling-org-apache-sling-extensions-webconsolesecurityprovider] 01/01: SLING-11503 option to authenticate webconsole only against JCR
This is an automated email from the ASF dual-hosted git repository.
joerghoh pushed a commit to branch SLING-11503
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-extensions-webconsolesecurityprovider.git
commit 2abaa2603899b0027866c89fca44236b269a10d8
Author: Joerg Hoh <jo...@apache.org>
AuthorDate: Fri Jul 29 18:27:56 2022 +0200
SLING-11503 option to authenticate webconsole only against JCR
---
pom.xml | 20 ++-
.../internal/ServicesListener.java | 10 +-
.../ServiceListenerTest.java | 137 +++++++++++++++++++++
3 files changed, 164 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 333c9f5..6f1f20b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
<parent>
<artifactId>sling-bundle-parent</artifactId>
<groupId>org.apache.sling</groupId>
- <version>35</version>
+ <version>48</version>
<relativePath />
</parent>
@@ -105,5 +105,23 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.testing.osgi-mock.junit4</artifactId>
+ <version>3.3.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>4.6.1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
diff --git a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java
index e52daad..d5b0923 100644
--- a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java
+++ b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java
@@ -41,6 +41,8 @@ public class ServicesListener {
private static final String AUTH_SUPPORT_CLASS = "org.apache.sling.auth.core.AuthenticationSupport";
private static final String AUTHENTICATOR_CLASS = "org.apache.sling.api.auth.Authenticator";
private static final String REPO_CLASS = "javax.jcr.Repository";
+
+ public static final String WEBCONSOLE_FORCE_AUTH_AGAINST_JCR = "webconsole.forceJCRAuthentication";
/** The bundle context. */
private final BundleContext bundleContext;
@@ -68,6 +70,8 @@ public class ServicesListener {
/** The registration for the provider2 */
private ServiceRegistration<?> provider2Reg;
+
+ boolean forceJcrAuth;
/**
* Start listeners
@@ -80,6 +84,7 @@ public class ServicesListener {
this.authSupportListener.start();
this.repositoryListener.start();
this.authListener.start();
+ forceJcrAuth = System.getProperty(WEBCONSOLE_FORCE_AUTH_AGAINST_JCR) != null;
}
/**
@@ -87,18 +92,19 @@ public class ServicesListener {
*/
public synchronized void notifyChange() {
// check if all services are available
+
final Object authSupport = this.authSupportListener.getService();
final Object authenticator = this.authListener.getService();
final boolean hasAuthServices = authSupport != null && authenticator != null;
final Object repository = this.repositoryListener.getService();
if ( registrationState == State.NONE ) {
- if ( hasAuthServices ) {
+ if ( hasAuthServices && !forceJcrAuth ) {
registerProvider2(authSupport, authenticator);
} else if ( repository != null ) {
registerProvider(repository);
}
} else if ( registrationState == State.PROVIDER ) {
- if ( hasAuthServices ) {
+ if ( hasAuthServices && !forceJcrAuth ) {
registerProvider2(authSupport, authenticator);
unregisterProvider();
} else if ( repository == null ) {
diff --git a/src/test/java/org/apache/sling/extensions/webconsolesecurityprovider/ServiceListenerTest.java b/src/test/java/org/apache/sling/extensions/webconsolesecurityprovider/ServiceListenerTest.java
new file mode 100644
index 0000000..f3006e8
--- /dev/null
+++ b/src/test/java/org/apache/sling/extensions/webconsolesecurityprovider/ServiceListenerTest.java
@@ -0,0 +1,137 @@
+package org.apache.sling.extensions.webconsolesecurityprovider;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import javax.jcr.Repository;
+
+import org.apache.felix.webconsole.WebConsoleSecurityProvider;
+import org.apache.sling.api.auth.Authenticator;
+import org.apache.sling.auth.core.AuthenticationSupport;
+import org.apache.sling.extensions.webconsolesecurityprovider.internal.ServicesListener;
+import org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider;
+import org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2;
+import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+public class ServiceListenerTest {
+
+ @Rule
+ public OsgiContext context = new OsgiContext();
+
+ @Mock
+ Repository repository;
+
+ @Mock
+ AuthenticationSupport authenticationSupport;
+
+ @Mock
+ Authenticator authenticator;
+
+
+ ServicesListener listener;
+
+ @Before
+ public void setup() {
+ MockitoAnnotations.openMocks(this);
+
+ }
+
+ @After
+ public void shutdown() {
+ listener.deactivate();
+ }
+
+
+
+ @Test
+ public void testWithSlingAuth() {
+ listener = new ServicesListener(context.bundleContext());
+ assertNoSecurityProviderRegistered();
+
+ context.registerService(Repository.class,repository);
+ listener.notifyChange();
+ assertRepositoryRegistered();
+
+ context.registerService(AuthenticationSupport.class, authenticationSupport);
+ listener.notifyChange();
+ assertRepositoryRegistered();
+
+ context.registerService(Authenticator.class, authenticator);
+ listener.notifyChange();
+ assertSlingAuthRegistered();
+ }
+
+ @Test
+ public void testWithForcedJcrAuth() {
+ try {
+ System.setProperty(ServicesListener.WEBCONSOLE_FORCE_AUTH_AGAINST_JCR, "true");
+ listener = new ServicesListener(context.bundleContext());
+ assertNoSecurityProviderRegistered();
+
+ // no matter what is registered, always the auth against the repo needs to be there
+
+ context.registerService(Repository.class,repository);
+ listener.notifyChange();
+ assertRepositoryRegistered();
+
+ context.registerService(AuthenticationSupport.class, authenticationSupport);
+ listener.notifyChange();
+ assertRepositoryRegistered();
+
+ context.registerService(Authenticator.class, authenticator);
+ listener.notifyChange();
+ assertRepositoryRegistered();
+ } finally {
+ System.getProperties().remove(ServicesListener.WEBCONSOLE_FORCE_AUTH_AGAINST_JCR);
+ }
+ }
+
+
+
+ // Helpers
+
+ private void assertRepositoryRegistered() {
+ assertTrue("Expected to have the repository registered",getSecurityProvider() instanceof SlingWebConsoleSecurityProvider);
+ }
+
+ private void assertSlingAuthRegistered() {
+ assertTrue("Expected to have SlingAuth registered",getSecurityProvider() instanceof SlingWebConsoleSecurityProvider2);
+ }
+
+ private WebConsoleSecurityProvider getSecurityProvider() {
+ return context.getService(WebConsoleSecurityProvider.class);
+ }
+
+
+ private void assertNoSecurityProviderRegistered () {
+ Object registeredSecurityProvider = context.getService(WebConsoleSecurityProvider.class);
+ assertNull(registeredSecurityProvider);
+ }
+
+
+
+}