You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:33:57 UTC
[sling-org-apache-sling-extensions-webconsolesecurityprovider]
01/06: SLING-1670 add repository based security provider for the Web
Console
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.extensions.webconsolesecurityprovider-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-extensions-webconsolesecurityprovider.git
commit 1ace8938eed410c1a04dcfe780adfbd9dce1f938
Author: Felix Meschberger <fm...@apache.org>
AuthorDate: Fri Aug 20 07:56:13 2010 +0000
SLING-1670 add repository based security provider for the Web Console
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/webconsolesecurityprovider@987396 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 88 ++++++++++++
.../internal/SlingWebConsoleSecurityProvider.java | 160 +++++++++++++++++++++
.../OSGI-INF/metatype/metatype.properties | 42 ++++++
3 files changed, 290 insertions(+)
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..d40188b
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+ <!--
+ Licensed to the Apache Software Foundation (ASF) under one or
+ more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information regarding
+ copyright ownership. The ASF licenses this file to you under the
+ Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain
+ a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0 Unless required by
+ applicable law or agreed to in writing, software distributed
+ under the License is distributed on an "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
+>
+
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>sling</artifactId>
+ <groupId>org.apache.sling</groupId>
+ <version>9</version>
+ </parent>
+
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.extensions.webconsolesecurityprovider</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Web Console Security Provider</name>
+ <description>
+ WebConsoleSecurityProvider for the Apache Felix Web Console using the
+ Apache Sling Auth Core bundle to authenticate users.
+ </description>
+
+ <scm>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/webconsolesecurityprovider</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/webconsolesecurityprovider</developerConnection>
+ <url>http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/webconsolesecurityprovider</url>
+ </scm>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.webconsole</artifactId>
+ <version>3.1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-api</artifactId>
+ <version>1.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.scr.annotations</artifactId>
+ <version>1.3.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider.java b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider.java
new file mode 100644
index 0000000..d722e07
--- /dev/null
+++ b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright 1997-2010 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.sling.extensions.webconsolesecurityprovider.internal;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.Credentials;
+import javax.jcr.LoginException;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Modified;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.felix.webconsole.WebConsoleSecurityProvider;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Component(specVersion = "1.1", metatype = true)
+@Service(WebConsoleSecurityProvider.class)
+public class SlingWebConsoleSecurityProvider implements
+ WebConsoleSecurityProvider {
+
+ private static final String PROP_USERS = "users";
+
+ private static final String PROP_GROUPS_DEFAULT_USER = "admin";
+
+ private static final String PROP_GROUPS = "groups";
+
+ /** default log */
+ private final Logger log = LoggerFactory.getLogger(getClass());
+
+ @Reference
+ private Repository repository;
+
+ @Property(name = PROP_USERS, cardinality = 20, value = PROP_GROUPS_DEFAULT_USER)
+ private Set<String> users;
+
+ @Property(name = PROP_GROUPS, cardinality = 20)
+ private Set<String> groups;
+
+ // ---------- SCR integration
+
+ @SuppressWarnings("unused")
+ @Activate
+ @Modified
+ private void configure(Map<String, Object> config) {
+ this.users = toSet(config.get(PROP_USERS));
+ this.groups = toSet(config.get(PROP_GROUPS));
+ }
+
+ public Object authenticate(String userName, String password) {
+ final Credentials creds = new SimpleCredentials(userName,
+ (password == null) ? new char[0] : password.toCharArray());
+ Session session = null;
+ try {
+ session = repository.login(creds);
+ if (session instanceof JackrabbitSession) {
+ UserManager umgr = ((JackrabbitSession) session).getUserManager();
+ String userId = session.getUserID();
+ Authorizable a = umgr.getAuthorizable(userId);
+ if (a instanceof User) {
+
+ // check users
+ if (users.contains(userId)) {
+ return true;
+ }
+
+ // check groups
+ Iterator<Group> gi = a.memberOf();
+ while (gi.hasNext()) {
+ if (groups.contains(gi.next().getID())) {
+ return userName;
+ }
+ }
+
+ log.info(
+ "authenticate: User {} is granted Web Console access",
+ userName);
+ } else {
+ log.error(
+ "authenticate: Expected user ID {} to refer to a user",
+ userId);
+ }
+ } else {
+ log.info(
+ "authenticate: Jackrabbit Session required to grant access to the Web Console for {}; got {}",
+ userName, session.getClass());
+ }
+ } catch (LoginException re) {
+ log.info(
+ "authenticate: User "
+ + userName
+ + " failed to authenticate with the repository for Web Console access",
+ re);
+ } catch (RepositoryException re) {
+ log.info("authenticate: Generic problem trying grant User "
+ + userName + " access to the Web Console", re);
+ } finally {
+ if (session != null) {
+ session.logout();
+ }
+ }
+
+ // no success (see log)
+ return null;
+ }
+
+ /**
+ * All users authenticated with the repository and being a member of the
+ * authorized groups are granted access for all roles in the Web Console.
+ */
+ public boolean authorize(Object user, String role) {
+ log.info("authorize: Grant user {} access for role {}", user, role);
+ return true;
+ }
+
+ private Set<String> toSet(final Object configObj) {
+ final HashSet<String> groups = new HashSet<String>();
+ if (configObj instanceof String) {
+ groups.add((String) configObj);
+ } else if (configObj instanceof Collection<?>) {
+ for (Object obj : ((Collection<?>) configObj)) {
+ if (obj instanceof String) {
+ groups.add((String) obj);
+ }
+ }
+ } else if (configObj instanceof String[]) {
+ for (String string : ((String[]) configObj)) {
+ if (string != null) {
+ groups.add(string);
+ }
+ }
+ }
+ return groups;
+ }
+}
diff --git a/src/main/resources/OSGI-INF/metatype/metatype.properties b/src/main/resources/OSGI-INF/metatype/metatype.properties
new file mode 100644
index 0000000..f747f47
--- /dev/null
+++ b/src/main/resources/OSGI-INF/metatype/metatype.properties
@@ -0,0 +1,42 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+
+#
+# This file contains localization strings for configuration labels and
+# descriptions as used in the metatype.xml descriptor generated by the
+# the Sling SCR plugin
+
+
+org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider.name = Apache Sling Web Console Security Provider
+org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider.description = Configuration for the security provider \
+ used to verfiy user credentials and grant access to the Apache Felix \
+ Web Console based on registered JCR Repository users.
+users.name = User Names
+users.description = Names of users granted full access to the Apache Felix \
+ Web Console. By default this lists the "admin" user. A maximum of 20 users \
+ may be configured. Administrators are encouraged to create a group whose \
+ members are to be granted access to Web Console instead of allowing access \
+ to individual users.
+groups.name = Group Names
+groups.description = Names of groups whose members are granted full access \
+ to the Apache Felix Web Console. The default lists no groups. Administrators \
+ are encouraged to create a group whose members are to be granted access to \
+ Web Console. A maximum of 20 groups may be configured. Using groups to control \
+ access requires a Jackrabbit based repository.
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.