You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2018/03/26 13:55:09 UTC
svn commit: r1827765 - in /jackrabbit/oak/branches/1.8: ./ oak-authorization-cug/ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/secur...

Author: angela
Date: Mon Mar 26 13:55:09 2018
New Revision: 1827765

URL: http://svn.apache.org/viewvc?rev=1827765&view=rev
Log:
merge rev. 1827472 (backport of OAK-7356)

Added:
    jackrabbit/oak/branches/1.8/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.java
      - copied unchanged from r1827472, jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.java
Modified:
    jackrabbit/oak/branches/1.8/   (props changed)
    jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml
    jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
    jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java
    jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md

Propchange: jackrabbit/oak/branches/1.8/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar 26 13:55:09 2018
@@ -1,3 +1,3 @@
 /jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1820660-1820661,1820729,1820734,1820859,1820861,1820878,1820888,1820947,1821130,1821140-1821141,1821240,1821249,1821258,1821325,1821358,1821361-1821362,1821370,1821375,1821393,1821477,1821487,1821516,1821665,1821668,1821681,1822121,1822201,1822207,1822723,1822808,1822850,1822934,1823135,1823163,1823169,1824196,1824198,1824962,1825362,1825381,1825442,1825448,1825466,1825470,1825475,1825523,1825525,1825619-1825621,1825651,1825654,1825992,1826079,1826090,1826096,1826237,1826338,1826516,1826532,1826640,1826932,1826957,1827486
+/jackrabbit/oak/trunk:1820660-1820661,1820729,1820734,1820859,1820861,1820878,1820888,1820947,1821130,1821140-1821141,1821240,1821249,1821258,1821325,1821358,1821361-1821362,1821370,1821375,1821393,1821477,1821487,1821516,1821665,1821668,1821681,1822121,1822201,1822207,1822723,1822808,1822850,1822934,1823135,1823163,1823169,1824196,1824198,1824962,1825362,1825381,1825442,1825448,1825466,1825470,1825475,1825523,1825525,1825619-1825621,1825651,1825654,1825992,1826079,1826090,1826096,1826237,1826338,1826516,1826532,1826640,1826932,1826957,1827472,1827486
 /jackrabbit/trunk:1345480

Modified: jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml (original)
+++ jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml Mon Mar 26 13:55:09 2018
@@ -155,6 +155,12 @@
     </dependency>
     <dependency>
       <groupId>org.apache.jackrabbit</groupId>
+      <artifactId>oak-store-composite</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.jackrabbit</groupId>
       <artifactId>oak-jcr</artifactId>
       <version>${project.version}</version>
       <classifier>tests</classifier>
@@ -166,6 +172,11 @@
       <version>1.10.19</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.apache.sling</groupId>
+      <artifactId>org.apache.sling.testing.osgi-mock</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
 </project>
\ No newline at end of file

Modified: jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (original)
+++ jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java Mon Mar 26 13:55:09 2018
@@ -100,7 +100,7 @@ public class CugConfiguration extends Co
     /**
      * Reference to services implementing {@link org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude}.
      */
-    @Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY)
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
     private CugExclude exclude;
 
     /**
@@ -217,6 +217,14 @@ public class CugConfiguration extends Co
         this.mountInfoProvider = null;
     }
 
+    public void bindExclude(CugExclude exclude) {
+        this.exclude = exclude;
+    }
+
+    public void unbindExclude(CugExclude exclude) {
+        this.exclude = null;
+    }
+
     //--------------------------------------------------------------------------
     @Nonnull
     private CugExclude getExclude() {

Modified: jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java (original)
+++ jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java Mon Mar 26 13:55:09 2018
@@ -25,7 +25,6 @@ import javax.annotation.Nonnull;
 import com.google.common.collect.ImmutableSet;
 import org.apache.felix.scr.annotations.Activate;
 import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.ConfigurationPolicy;
 import org.apache.felix.scr.annotations.Modified;
 import org.apache.felix.scr.annotations.Properties;
 import org.apache.felix.scr.annotations.Property;
@@ -37,19 +36,18 @@ import org.apache.jackrabbit.oak.spi.sec
  * Extension of the default {@link org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude}
  * implementation that allow to specify additional principal names to be excluded
  * from CUG evaluation.
- *
- * Note: this component is requires a configuration (i.e. a configured list of
- * principal names) in order to be activated.
  */
 @Component(metatype = true,
+        immediate = true,
         label = "Apache Jackrabbit Oak CUG Exclude List",
-        description = "Allows to exclude principal(s) with the configured name(s) from CUG evaluation.",
-        policy = ConfigurationPolicy.REQUIRE)
+        description = "Exclude principal(s) from CUG evaluation. In addition to the " +
+                "principals defined by the default CugExclude ('AdminPrincipal', 'SystemPrincipal', 'SystemUserPrincipal' classes), " +
+                "this component allows to optionally configure additional principals by name.")
 @Service({CugExclude.class})
 @Properties({
         @Property(name = "principalNames",
                 label = "Principal Names",
-                description = "Name of principals that are always excluded from CUG evaluation.",
+                description = "Name(s) of additional principal(s) that are excluded from CUG evaluation.",
                 cardinality = Integer.MAX_VALUE)
 })
 public class CugExcludeImpl extends CugExclude.Default {

Modified: jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md (original)
+++ jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md Mon Mar 26 13:55:09 2018
@@ -233,7 +233,7 @@ to be excluded from the evaluation of re
 | `principalNames`            | Set\<String\>  | \-       | Name of principals that are always excluded from CUG evaluation.  |
 | | | | |
 
-_Note:_ this is an optional feature to extend the [default](/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.Default.html) 
+_Note:_ This implementation extends the [default](/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.Default.html) 
 exclusion list. Alternatively, it is possible to plug a custom `CugExclude` implementation matching 
 specific needs (see [below](#pluggability)).
 
@@ -296,7 +296,8 @@ in the `org.apache.jackrabbit.oak.spi.se
 
 1. implement `CugExclude` interface according to you needs,
 2. make your implementation an OSGi service
-3. deploy the bundle containing your implementation in the OSGi container and activate the service.
+3. deploy the bundle containing your implementation in the OSGi container and activate the service. 
+4. make sure the default CUGExclude service is properly replaced by the custom implementation.
 
 ###### Example