You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2014/01/16 10:57:45 UTC
svn commit: r1558728 - in /sling/trunk/bundles/resourceaccesssecurity: ./
src/main/java/org/apache/sling/resourceaccesssecurity/
src/main/java/org/apache/sling/resourceaccesssecurity/impl/
Author: cziegeler
Date: Thu Jan 16 09:57:44 2014
New Revision: 1558728
URL: http://svn.apache.org/r1558728
Log:
SLING-2698 - resource access security service for resource providers. Distinguish between context application and provider
Added:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java (with props)
Modified:
sling/trunk/bundles/resourceaccesssecurity/pom.xml
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
Modified: sling/trunk/bundles/resourceaccesssecurity/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/pom.xml?rev=1558728&r1=1558727&r2=1558728&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/pom.xml (original)
+++ sling/trunk/bundles/resourceaccesssecurity/pom.xml Thu Jan 16 09:57:44 2014
@@ -77,6 +77,9 @@
<extensions>true</extensions>
<configuration>
<instructions>
+ <Bundle-Activator>
+ org.apache.sling.resourceaccesssecurity.impl.Activator
+ </Bundle-Activator>
</instructions>
</configuration>
</plugin>
Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java?rev=1558728&r1=1558727&r2=1558728&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java Thu Jan 16 09:57:44 2014
@@ -45,6 +45,10 @@ import aQute.bnd.annotation.ConsumerType
* final an no other service should be called (default none of them)</li>
* </ul>
*
+ * The resource access gate can either have the context {@link #PROVIDER_CONTEXT},
+ * in this case the gate is only applied to resource providers requesting the
+ * security checks. Or the context can be {@link #APPLICATION_CONTEXT}. In this
+ * case the access gate is invoked for the whole resource tree.
*/
@ConsumerType
public interface ResourceAccessGate {
@@ -57,6 +61,30 @@ public interface ResourceAccessGate {
String SERVICE_NAME = ResourceAccessGate.class.getName();
/**
+ * The name of the service registration property containing the context
+ * of this service. Allowed values are {@link #APPLICATION_CONTEXT} and
+ * {@link #PROVIDER_CONTEXT}.
+ * The default for this value is <code>{@link #PROVIDER_CONTEXT}</code>.
+ * (value is "access.context")
+ */
+ String CONTEXT = "access.context";
+
+ /**
+ * Allowed value for the {@link #CONTEXT} service registration property.
+ * Services marked with this context are applied to all resources.
+ */
+ String APPLICATION_CONTEXT = "application";
+
+ /**
+ * Allowed value for the {@link #CONTEXT} service registration property.
+ * Services marked with this context are only applied to resource
+ * providers which indicate the additional checks with the
+ * {@link org.apache.sling.api.resource.ResourceProvider#USE_RESOURCE_ACCESS_SECURITY}
+ * property.
+ */
+ String PROVIDER_CONTEXT = "provider";
+
+ /**
* The name of the service registration property containing the path as a
* regular expression for which the service should be called (value is
* "path").
Added: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java?rev=1558728&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java Thu Jan 16 09:57:44 2014
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.Dictionary;
+import java.util.Hashtable;
+
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.osgi.framework.BundleActivator;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
+import org.osgi.framework.ServiceRegistration;
+
+public class Activator implements BundleActivator {
+
+ /** Tracker for all resource access gate services. */
+ private ResourceAccessGateTracker resourceAccessGateTracker;
+
+ private ServiceRegistration appReg;
+
+ private ServiceRegistration provReg;
+
+ /**
+ * @see org.osgi.framework.BundleActivator#start(org.osgi.framework.BundleContext)
+ */
+ @Override
+ public void start(final BundleContext context) throws Exception {
+ this.resourceAccessGateTracker = new ResourceAccessGateTracker(context);
+ this.resourceAccessGateTracker.open();
+
+ final Dictionary<String, Object> appProps = new Hashtable<String, Object>();
+ appProps.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Application Resource Access Security");
+
+ this.appReg = context.registerService(ResourceAccessSecurity.class.getName(),
+ new ResourceAccessSecurityImpl(this.resourceAccessGateTracker, true), appProps);
+
+ final Dictionary<String, Object> provProps = new Hashtable<String, Object>();
+ provProps.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Provider Resource Access Security");
+
+ this.provReg = context.registerService(ResourceAccessSecurity.class.getName(),
+ new ResourceAccessSecurityImpl(this.resourceAccessGateTracker, false), provProps);
+ }
+
+ /**
+ * @see org.osgi.framework.BundleActivator#stop(org.osgi.framework.BundleContext)
+ */
+ @Override
+ public void stop(final BundleContext context) throws Exception {
+ if ( this.appReg != null ) {
+ this.appReg.unregister();
+ this.appReg = null;
+ }
+ if ( this.provReg != null ) {
+ this.provReg.unregister();
+ this.provReg = null;
+ }
+ if ( this.resourceAccessGateTracker != null ) {
+ this.resourceAccessGateTracker.close();
+ this.resourceAccessGateTracker = null;
+ }
+ }
+
+
+}
Propchange: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java
------------------------------------------------------------------------------
svn:keywords = author date id revision rev url
Propchange: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/Activator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java?rev=1558728&r1=1558727&r2=1558728&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java Thu Jan 16 09:57:44 2014
@@ -30,7 +30,8 @@ import org.osgi.framework.ServiceReferen
public class ResourceAccessGateTracker extends
SortingServiceTracker<ResourceAccessGate> {
- private List<ResourceAccessGateHandler> resourceAccessGateHandlers;
+ private List<ResourceAccessGateHandler> providerResourceAccessGateHandlers;
+ private List<ResourceAccessGateHandler> applicationResourceAccessGateHandlers;
/**
* Constructor
@@ -44,9 +45,9 @@ public class ResourceAccessGateTracker e
* java.lang.Object)
*/
@Override
- public void removedService(ServiceReference reference, Object service) {
+ public void removedService(final ServiceReference reference, final Object service) {
super.removedService(reference, service);
- resourceAccessGateHandlers = null;
+ this.clearCache();
}
/**
@@ -54,36 +55,59 @@ public class ResourceAccessGateTracker e
* java.lang.Object)
*/
@Override
- public void modifiedService(ServiceReference reference, Object service) {
+ public void modifiedService(final ServiceReference reference, final Object service) {
super.modifiedService(reference, service);
- resourceAccessGateHandlers = null;
+ this.clearCache();
}
/**
* @see org.osgi.util.tracker.ServiceTrackerCustomizer#addingService(org.osgi.framework.ServiceReference)
*/
@Override
- public Object addingService(ServiceReference reference) {
- Object returnValue = super.addingService(reference);
- resourceAccessGateHandlers = null;
+ public Object addingService(final ServiceReference reference) {
+ final Object returnValue = super.addingService(reference);
+ this.clearCache();
return returnValue;
}
- public List<ResourceAccessGateHandler> getResourceAccessGateHandlers() {
- List<ResourceAccessGateHandler> returnValue = resourceAccessGateHandlers;
+ private void clearCache() {
+ this.providerResourceAccessGateHandlers = null;
+ this.applicationResourceAccessGateHandlers = null;
+ }
+
+ public List<ResourceAccessGateHandler> getApplicationResourceAccessGateHandlers() {
+ List<ResourceAccessGateHandler> returnValue = this.applicationResourceAccessGateHandlers;
if (returnValue == null) {
- resourceAccessGateHandlers = new ArrayList<ResourceAccessGateHandler>();
+ returnValue = new ArrayList<ResourceAccessGateHandler>();
for (ServiceReference serviceReference : getSortedServiceReferences()) {
- resourceAccessGateHandlers.add(new ResourceAccessGateHandler(
- serviceReference));
+ final String context = (String) serviceReference.getProperty(ResourceAccessGate.CONTEXT);
+ if ( ResourceAccessGate.APPLICATION_CONTEXT.equals(context) ) {
+ returnValue.add(new ResourceAccessGateHandler(serviceReference));
+ }
}
- resourceAccessGateHandlers = Collections
- .unmodifiableList(resourceAccessGateHandlers);
- returnValue = resourceAccessGateHandlers;
+ returnValue = Collections.unmodifiableList(returnValue);
+ this.applicationResourceAccessGateHandlers = returnValue;
}
return returnValue;
}
+ public List<ResourceAccessGateHandler> getProviderResourceAccessGateHandlers() {
+ List<ResourceAccessGateHandler> returnValue = this.providerResourceAccessGateHandlers;
+
+ if (returnValue == null) {
+ returnValue = new ArrayList<ResourceAccessGateHandler>();
+ for (ServiceReference serviceReference : getSortedServiceReferences()) {
+ final String context = (String) serviceReference.getProperty(ResourceAccessGate.CONTEXT);
+ if ( ResourceAccessGate.PROVIDER_CONTEXT.equals(context) || context == null || context.trim().length() == 0 ) {
+ returnValue.add(new ResourceAccessGateHandler(serviceReference));
+ }
+ }
+ returnValue = Collections.unmodifiableList(returnValue);
+ this.providerResourceAccessGateHandlers = returnValue;
+ }
+
+ return returnValue;
+ }
}
Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1558728&r1=1558727&r2=1558728&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java Thu Jan 16 09:57:44 2014
@@ -23,44 +23,23 @@ import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Property;
-import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.security.AccessSecurityException;
import org.apache.sling.api.security.ResourceAccessSecurity;
import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
-import org.osgi.framework.Constants;
-import org.osgi.service.component.ComponentContext;
-@Component(name = "org.apache.sling.api.security.ResourceAccessSecurity")
-@Service(value = { ResourceAccessSecurity.class })
-@Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling ResourceAccessSecurity")
public class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
- private ResourceAccessGateTracker resourceAccessGateTracker;
+ private final ResourceAccessGateTracker resourceAccessGateTracker;
- // ---------- SCR Integration ---------------------------------------------
+ private final boolean appContext;
- /** Activates this component, called by SCR before registering as a service */
- @Activate
- protected void activate(final ComponentContext componentContext) {
- resourceAccessGateTracker = new ResourceAccessGateTracker(
- componentContext.getBundleContext());
- resourceAccessGateTracker.open();
-
- }
-
- /**
- * Deativates this component (called by SCR to take out of service)
- */
- @Deactivate
- protected void deactivate() {
- resourceAccessGateTracker.close();
+ public ResourceAccessSecurityImpl(
+ final ResourceAccessGateTracker resourceAccessGateTracker, final boolean appContext) {
+ this.resourceAccessGateTracker = resourceAccessGateTracker;
+ this.appContext = appContext;
}
/**
@@ -73,7 +52,8 @@ public class ResourceAccessSecurityImpl
// TODO: maybe caching some frequent paths with read operation would be
// a good idea
//
- final List<ResourceAccessGateHandler> handlers = resourceAccessGateTracker.getResourceAccessGateHandlers();
+ final List<ResourceAccessGateHandler> handlers = (this.appContext ? resourceAccessGateTracker.getApplicationResourceAccessGateHandlers()
+ : resourceAccessGateTracker.getProviderResourceAccessGateHandlers());
if (handlers.size() > 0) {