You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2018/03/26 13:55:09 UTC
svn commit: r1827765 - in /jackrabbit/oak/branches/1.8: ./
oak-authorization-cug/
oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/secur...
Author: angela
Date: Mon Mar 26 13:55:09 2018
New Revision: 1827765
URL: http://svn.apache.org/viewvc?rev=1827765&view=rev
Log:
merge rev. 1827472 (backport of OAK-7356)
Added:
jackrabbit/oak/branches/1.8/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.java
- copied unchanged from r1827472, jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.java
Modified:
jackrabbit/oak/branches/1.8/ (props changed)
jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml
jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java
jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md
Propchange: jackrabbit/oak/branches/1.8/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar 26 13:55:09 2018
@@ -1,3 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1820660-1820661,1820729,1820734,1820859,1820861,1820878,1820888,1820947,1821130,1821140-1821141,1821240,1821249,1821258,1821325,1821358,1821361-1821362,1821370,1821375,1821393,1821477,1821487,1821516,1821665,1821668,1821681,1822121,1822201,1822207,1822723,1822808,1822850,1822934,1823135,1823163,1823169,1824196,1824198,1824962,1825362,1825381,1825442,1825448,1825466,1825470,1825475,1825523,1825525,1825619-1825621,1825651,1825654,1825992,1826079,1826090,1826096,1826237,1826338,1826516,1826532,1826640,1826932,1826957,1827486
+/jackrabbit/oak/trunk:1820660-1820661,1820729,1820734,1820859,1820861,1820878,1820888,1820947,1821130,1821140-1821141,1821240,1821249,1821258,1821325,1821358,1821361-1821362,1821370,1821375,1821393,1821477,1821487,1821516,1821665,1821668,1821681,1822121,1822201,1822207,1822723,1822808,1822850,1822934,1823135,1823163,1823169,1824196,1824198,1824962,1825362,1825381,1825442,1825448,1825466,1825470,1825475,1825523,1825525,1825619-1825621,1825651,1825654,1825992,1826079,1826090,1826096,1826237,1826338,1826516,1826532,1826640,1826932,1826957,1827472,1827486
/jackrabbit/trunk:1345480
Modified: jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml (original)
+++ jackrabbit/oak/branches/1.8/oak-authorization-cug/pom.xml Mon Mar 26 13:55:09 2018
@@ -155,6 +155,12 @@
</dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-store-composite</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
<artifactId>oak-jcr</artifactId>
<version>${project.version}</version>
<classifier>tests</classifier>
@@ -166,6 +172,11 @@
<version>1.10.19</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.testing.osgi-mock</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
Modified: jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (original)
+++ jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java Mon Mar 26 13:55:09 2018
@@ -100,7 +100,7 @@ public class CugConfiguration extends Co
/**
* Reference to services implementing {@link org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude}.
*/
- @Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY)
+ @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
private CugExclude exclude;
/**
@@ -217,6 +217,14 @@ public class CugConfiguration extends Co
this.mountInfoProvider = null;
}
+ public void bindExclude(CugExclude exclude) {
+ this.exclude = exclude;
+ }
+
+ public void unbindExclude(CugExclude exclude) {
+ this.exclude = null;
+ }
+
//--------------------------------------------------------------------------
@Nonnull
private CugExclude getExclude() {
Modified: jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java (original)
+++ jackrabbit/oak/branches/1.8/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java Mon Mar 26 13:55:09 2018
@@ -25,7 +25,6 @@ import javax.annotation.Nonnull;
import com.google.common.collect.ImmutableSet;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
@@ -37,19 +36,18 @@ import org.apache.jackrabbit.oak.spi.sec
* Extension of the default {@link org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude}
* implementation that allow to specify additional principal names to be excluded
* from CUG evaluation.
- *
- * Note: this component is requires a configuration (i.e. a configured list of
- * principal names) in order to be activated.
*/
@Component(metatype = true,
+ immediate = true,
label = "Apache Jackrabbit Oak CUG Exclude List",
- description = "Allows to exclude principal(s) with the configured name(s) from CUG evaluation.",
- policy = ConfigurationPolicy.REQUIRE)
+ description = "Exclude principal(s) from CUG evaluation. In addition to the " +
+ "principals defined by the default CugExclude ('AdminPrincipal', 'SystemPrincipal', 'SystemUserPrincipal' classes), " +
+ "this component allows to optionally configure additional principals by name.")
@Service({CugExclude.class})
@Properties({
@Property(name = "principalNames",
label = "Principal Names",
- description = "Name of principals that are always excluded from CUG evaluation.",
+ description = "Name(s) of additional principal(s) that are excluded from CUG evaluation.",
cardinality = Integer.MAX_VALUE)
})
public class CugExcludeImpl extends CugExclude.Default {
Modified: jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md?rev=1827765&r1=1827764&r2=1827765&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md (original)
+++ jackrabbit/oak/branches/1.8/oak-doc/src/site/markdown/security/authorization/cug.md Mon Mar 26 13:55:09 2018
@@ -233,7 +233,7 @@ to be excluded from the evaluation of re
| `principalNames` | Set\<String\> | \- | Name of principals that are always excluded from CUG evaluation. |
| | | | |
-_Note:_ this is an optional feature to extend the [default](/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.Default.html)
+_Note:_ This implementation extends the [default](/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.Default.html)
exclusion list. Alternatively, it is possible to plug a custom `CugExclude` implementation matching
specific needs (see [below](#pluggability)).
@@ -296,7 +296,8 @@ in the `org.apache.jackrabbit.oak.spi.se
1. implement `CugExclude` interface according to you needs,
2. make your implementation an OSGi service
-3. deploy the bundle containing your implementation in the OSGi container and activate the service.
+3. deploy the bundle containing your implementation in the OSGi container and activate the service.
+4. make sure the default CUGExclude service is properly replaced by the custom implementation.
###### Example