You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by as...@apache.org on 2015/02/19 11:30:03 UTC
svn commit: r1660832 - in
/sling/trunk/bundles/extensions/serviceusermapper/src:
main/java/org/apache/sling/serviceusermapping/
main/java/org/apache/sling/serviceusermapping/impl/
test/java/org/apache/sling/serviceusermapping/impl/
Author: asanso
Date: Thu Feb 19 10:30:03 2015
New Revision: 1660832
URL: http://svn.apache.org/r1660832
Log:
SLING-3854 - Add configuration option to restrict service user mapper to system users
Added:
sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java
Modified:
sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/package-info.java
sling/trunk/bundles/extensions/serviceusermapper/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java
Added: sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java?rev=1660832&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java (added)
+++ sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/ServiceUserValidator.java Thu Feb 19 10:30:03 2015
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.serviceusermapping;
+
+import aQute.bnd.annotation.ConsumerType;
+
+/**
+ * The {@code ServiceUserValidator} allows to implement validation of configured
+ * service user mappings.
+ */
+@ConsumerType
+public interface ServiceUserValidator {
+
+ /**
+ * Validates the configured service user ID.
+ *
+ * @param serviceUserId The ID of the configured service user.
+ * @return {@code true} if the configured service user is valid; {@code false} otherwise.
+ */
+ boolean isValid(String serviceUserId, String serviceName, String subServiceName);
+}
\ No newline at end of file
Modified: sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java?rev=1660832&r1=1660831&r2=1660832&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java (original)
+++ sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java Thu Feb 19 10:30:03 2015
@@ -23,6 +23,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Vector;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
@@ -32,9 +33,11 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.References;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.serviceusermapping.ServiceUserMapper;
+import org.apache.sling.serviceusermapping.ServiceUserValidator;
import org.osgi.framework.Bundle;
import org.osgi.framework.Constants;
import org.slf4j.Logger;
@@ -45,11 +48,18 @@ import org.slf4j.LoggerFactory;
label = "Apache Sling Service User Mapper Service",
description = "Configuration for the service mapping service names to names of users.")
@Service(value=ServiceUserMapper.class)
-@Reference(name="amendment",
- referenceInterface=MappingConfigAmendment.class,
- cardinality=ReferenceCardinality.OPTIONAL_MULTIPLE,
- policy=ReferencePolicy.DYNAMIC,
- updated="updateAmendment")
+@References( {
+ @Reference(name="amendment",
+ referenceInterface=MappingConfigAmendment.class,
+ cardinality=ReferenceCardinality.OPTIONAL_MULTIPLE,
+ policy=ReferencePolicy.DYNAMIC,
+ updated="updateAmendment"),
+ @Reference(name = "serviceUserValidator ", referenceInterface = ServiceUserValidator.class,
+ bind = "bindServiceUserValidator", unbind = "unbindServiceUserValidator",
+ cardinality= ReferenceCardinality.OPTIONAL_MULTIPLE, policy= ReferencePolicy.DYNAMIC)
+
+})
+
public class ServiceUserMapperImpl implements ServiceUserMapper {
@Property(
@@ -83,6 +93,8 @@ public class ServiceUserMapperImpl imple
private Mapping[] activeMappings = new Mapping[0];
+ private Vector <ServiceUserValidator> validators = new Vector<ServiceUserValidator>();
+
@Activate
@Modified
void configure(final Map<String, Object> config) {
@@ -96,7 +108,7 @@ public class ServiceUserMapperImpl imple
final Mapping mapping = new Mapping(prop.trim());
mappings.add(mapping);
} catch (final IllegalArgumentException iae) {
- log.info("configure: Ignoring '{}': {}", prop, iae.getMessage());
+ log.error("configure: Ignoring '{}': {}", prop, iae.getMessage());
}
}
}
@@ -107,31 +119,32 @@ public class ServiceUserMapperImpl imple
this.updateMappings();
}
}
+
+ /**
+ * bind the serviceUserValidator
+ * @param serviceUserValidator
+ * @param properties
+ */
+ protected void bindServiceUserValidator(final ServiceUserValidator serviceUserValidator, final Map<String, Object> properties){
+ validators.add(serviceUserValidator);
+ }
+
+ /**
+ * unbind the serviceUserValidator
+ * @param serviceUserValidator
+ * @param properties
+ */
+ protected void unbindServiceUserValidator(final ServiceUserValidator serviceUserValidator, final Map<String, Object> properties){
+ validators.remove(serviceUserValidator);
+ }
/**
* @see org.apache.sling.serviceusermapping.ServiceUserMapper#getServiceUserID(org.osgi.framework.Bundle, java.lang.String)
*/
public String getServiceUserID(final Bundle bundle, final String subServiceName) {
final String serviceName = bundle.getSymbolicName();
-
- // try with serviceInfo first
- for (Mapping mapping : this.activeMappings) {
- final String user = mapping.map(serviceName, subServiceName);
- if (user != null) {
- return user;
- }
- }
-
- // second round without serviceInfo
- for (Mapping mapping : this.activeMappings) {
- final String user = mapping.map(serviceName, null);
- if (user != null) {
- return user;
- }
- }
-
- // finally, fall back to default user
- return this.defaultUser;
+ final String userId = internalGetUserId(serviceName, subServiceName);
+ return isValidUser(userId, serviceName, subServiceName) ? userId : null;
}
protected void bindAmendment(final MappingConfigAmendment amendment, final Map<String, Object> props) {
@@ -147,7 +160,7 @@ public class ServiceUserMapperImpl imple
synchronized ( this.amendments ) {
if ( amendments.remove(key) != null ) {
this.updateMappings();
- };
+ }
}
}
@@ -174,5 +187,41 @@ public class ServiceUserMapperImpl imple
}
activeMappings = mappings.toArray(new Mapping[mappings.size()]);
}
+
+ private String internalGetUserId(String serviceName, String subServiceName) {
+ // try with serviceInfo first
+ for (Mapping mapping : this.activeMappings) {
+ final String userId = mapping.map(serviceName, subServiceName);
+ if (userId != null) {
+ return userId;
+ }
+ }
+
+ // second round without serviceInfo
+ for (Mapping mapping : this.activeMappings) {
+ final String userId = mapping.map(serviceName, null);
+ if (userId != null) {
+ return userId;
+ }
+ }
+
+ // finally, fall back to default user
+ return this.defaultUser;
+ }
+
+ private boolean isValidUser(String userId, String serviceName, String subServiceName) {
+ if (userId == null) {
+ return false;
+ }
+ if (validators != null && validators.size() > 0) {
+ for (ServiceUserValidator validator : validators) {
+ boolean valid = validator.isValid(userId, serviceName, subServiceName);
+ if (!valid) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
}
Modified: sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/package-info.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/package-info.java?rev=1660832&r1=1660831&r2=1660832&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/package-info.java (original)
+++ sling/trunk/bundles/extensions/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/package-info.java Thu Feb 19 10:30:03 2015
@@ -17,7 +17,7 @@
* under the License.
*/
-@Version("1.0")
+@Version("1.1")
@Export(optional = "provide:=true")
package org.apache.sling.serviceusermapping;
Modified: sling/trunk/bundles/extensions/serviceusermapper/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/serviceusermapper/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java?rev=1660832&r1=1660831&r2=1660832&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/serviceusermapper/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java (original)
+++ sling/trunk/bundles/extensions/serviceusermapper/src/test/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImplTest.java Thu Feb 19 10:30:03 2015
@@ -25,6 +25,7 @@ import java.util.Map;
import junit.framework.TestCase;
import org.apache.sling.commons.testing.osgi.MockBundle;
+import org.apache.sling.serviceusermapping.ServiceUserValidator;
import org.junit.Test;
import org.osgi.framework.Bundle;
import org.osgi.framework.Constants;
@@ -99,6 +100,43 @@ public class ServiceUserMapperImplTest {
TestCase.assertEquals(ANOTHER, sum.getServiceUserID(BUNDLE2, ""));
TestCase.assertEquals(SAMPLE_SUB, sum.getServiceUserID(BUNDLE1, SUB));
TestCase.assertEquals(ANOTHER_SUB, sum.getServiceUserID(BUNDLE2, SUB));
+ }
+
+ @Test
+ public void test_getServiceUserID_WithServiceUserValidator() {
+ @SuppressWarnings("serial")
+ Map<String, Object> config = new HashMap<String, Object>() {
+ {
+ put("user.mapping", new String[] {
+ BUNDLE_SYMBOLIC1 + "=" + SAMPLE, //
+ BUNDLE_SYMBOLIC2 + "=" + ANOTHER, //
+ BUNDLE_SYMBOLIC1 + ":" + SUB + "=" + SAMPLE_SUB, //
+ BUNDLE_SYMBOLIC2 + ":" + SUB + "=" + ANOTHER_SUB //
+ });
+ put("user.default", NONE);
+ }
+ };
+
+ final ServiceUserMapperImpl sum = new ServiceUserMapperImpl();
+ sum.configure(config);
+ ServiceUserValidator serviceUserValidator = new ServiceUserValidator() {
+
+ public boolean isValid(String serviceUserId, String serviceName,
+ String subServiceName) {
+ if (SAMPLE.equals(serviceUserId)) {
+ return false;
+ }
+ return true;
+ }
+ };
+ sum.bindServiceUserValidator(serviceUserValidator, null);
+
+ TestCase.assertEquals(null, sum.getServiceUserID(BUNDLE1, null));
+ TestCase.assertEquals(ANOTHER, sum.getServiceUserID(BUNDLE2, null));
+ TestCase.assertEquals(null, sum.getServiceUserID(BUNDLE1, ""));
+ TestCase.assertEquals(ANOTHER, sum.getServiceUserID(BUNDLE2, ""));
+ TestCase.assertEquals(SAMPLE_SUB, sum.getServiceUserID(BUNDLE1, SUB));
+ TestCase.assertEquals(ANOTHER_SUB, sum.getServiceUserID(BUNDLE2, SUB));
}
@Test