You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by pa...@apache.org on 2021/01/29 04:55:31 UTC
[sling-org-apache-sling-jcr-repoinit] branch issues/SLING-9857
created (now dc891b2)
This is an automated email from the ASF dual-hosted git repository.
pauls pushed a change to branch issues/SLING-9857
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git.
at dc891b2 SLING-9857: implement forced path with simple recreate
This branch includes the following new commits:
new dc891b2 SLING-9857: implement forced path with simple recreate
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[sling-org-apache-sling-jcr-repoinit] 01/01: SLING-9857: implement
forced path with simple recreate
Posted by pa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch issues/SLING-9857
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit dc891b2b193c46d08e76af53c18186e90fbf97d0
Author: Karl Pauls <ka...@gmail.com>
AuthorDate: Fri Jan 29 05:55:14 2021 +0100
SLING-9857: implement forced path with simple recreate
---
.../sling/jcr/repoinit/impl/UserVisitor.java | 96 +++++++++++++++++++++-
.../sling/jcr/repoinit/CreateGroupsTest.java | 22 +++++
.../sling/jcr/repoinit/CreateServiceUsersTest.java | 26 ++++++
.../apache/sling/jcr/repoinit/CreateUsersTest.java | 33 ++++++++
4 files changed, 173 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
index bb0877c..1abb51a 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
@@ -17,8 +17,8 @@
package org.apache.sling.jcr.repoinit.impl;
import java.security.Principal;
-
import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.repoinit.parser.operations.CreateGroup;
@@ -53,7 +53,32 @@ class UserVisitor extends DoNothingVisitor {
log.info("Creating service user {}", username);
UserUtil.createServiceUser(session, username, s.getPath());
} else if (UserUtil.isServiceUser(session, username)) {
- log.info("Service user {} already exists, no changes made.", username);
+ if (s.isForcedPath()) {
+ Authorizable authorizable = UserUtil.getAuthorizable(session, username);
+ String path;
+ try {
+ path = authorizable.getPath();
+ } catch (UnsupportedRepositoryOperationException ex) {
+ path = null;
+ }
+ if (path != null) {
+ String requiredIntermediate = s.getPath() + "/";
+ if (!path.contains(requiredIntermediate)) {
+ log.info("Recreating service user {} to move path from {} to {}", username, path, s.getPath());
+ if (UserUtil.deleteAuthorizable(session, username)) {
+ UserUtil.createServiceUser(session, username, s.getPath());
+ } else {
+ log.info("Group {} already exists and could not be recreated to match path, no changes made.", username);
+ }
+ } else {
+ log.info("Service user {} already exists, no changes made.", username);
+ }
+ } else {
+ log.error("Service user {} already exists but no path can be determined, no changes made.", username);
+ }
+ } else {
+ log.info("Service user {} already exists, no changes made.", username);
+ }
} else {
final String message = String.format("Existing user %s is not a service user.", username);
throw new RuntimeException(message);
@@ -91,7 +116,35 @@ class UserVisitor extends DoNothingVisitor {
}, g.getPath());
}
} else {
- log.info("Group {} already exists, no changes made", groupname);
+ if (g.isForcedPath()) {
+ String path;
+ try {
+ path = group.getPath();
+ } catch (UnsupportedRepositoryOperationException ex) {
+ path = null;
+ }
+ if (path != null) {
+ String requiredIntermediate = g.getPath() + "/";
+ if (!path.contains(requiredIntermediate)) {
+ log.info("Recreating group {} to move path from {} to {}", groupname, path, g.getPath());
+ if (UserUtil.deleteAuthorizable(session, groupname)) {
+ UserUtil.getUserManager(session).createGroup(new Principal() {
+ public String getName() {
+ return groupname;
+ }
+ }, g.getPath());
+ } else {
+ log.info("Group {} already exists and could not be recreated to match path, no changes made.", groupname);
+ }
+ } else {
+ log.info("Group {} already exists, no changes made.", groupname);
+ }
+ } else {
+ log.error("Group {} already exists but no path can be determined, no changes made.", groupname);
+ }
+ } else {
+ log.info("Group {} already exists, no changes made", groupname);
+ }
}
} catch (Exception e) {
report(e, "Unable to create group [" + groupname + "]:" + e);
@@ -128,7 +181,42 @@ class UserVisitor extends DoNothingVisitor {
}
UserUtil.createUser(session, username, pwd, u.getPath());
} else {
- log.info("User {} already exists, no changes made", username);
+ if (u.isForcedPath()) {
+ Authorizable authorizable = UserUtil.getAuthorizable(session, username);
+ String path;
+ try {
+ path = authorizable.getPath();
+ } catch (UnsupportedRepositoryOperationException ex) {
+ path = null;
+ }
+ if (path != null) {
+ String requiredIntermediate = u.getPath() + "/";
+ if (!path.contains(requiredIntermediate)) {
+ log.info("Recreating user {} to move path from {} to {}", username, path, u.getPath());
+ if (UserUtil.deleteAuthorizable(session, username)) {
+ final String pwd = u.getPassword();
+ if (pwd != null) {
+ // TODO we might revise this warning once we're able
+ // to create users by providing their encoded password
+ // using u.getPasswordEncoding - for now I think only cleartext works
+ log.warn("Creating user {} with cleartext password - should NOT be used on production systems",
+ username);
+ } else {
+ log.info("Creating user {}", username);
+ }
+ UserUtil.createUser(session, username, pwd, u.getPath());
+ } else {
+ log.info("User {} already exists and could not be recreated to match path, no changes made.", username);
+ }
+ } else {
+ log.info("User {} already exists, no changes made.", username);
+ }
+ } else {
+ log.error("User {} already exists but no path can be determined, no changes made.", username);
+ }
+ } else {
+ log.info("User {} already exists, no changes made.", username);
+ }
}
} catch (Exception e) {
report(e, "Unable to create user [" + username + "]:" + e);
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java
index 328d4ab..5b07d8c 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java
@@ -77,6 +77,28 @@ public class CreateGroupsTest {
}
@Test
+ public void createGroupWithForcedRelativePathTest() throws Exception {
+ final String groupId = namePrefix + "_cgwpt";
+ final String path = "testgroup/folder_for_" + groupId;
+ final String forcedPath = "testgroup/folder_for_" + groupId + "_forced";
+ U.parseAndExecute("create group " + groupId + " with path " + path);
+ U.assertGroup("after creating group " + groupId, groupId, true, path);
+ U.parseAndExecute("create group " + groupId + " with forced path " + forcedPath);
+ U.assertGroup("after creating group " + groupId, groupId, true, forcedPath);
+ }
+
+ @Test
+ public void createGroupWithForcedAbsolutePathTest() throws Exception {
+ final String groupId = namePrefix + "_cgwpt";
+ final String path = "/rep:security/rep:authorizables/rep:groups/testgroup/folder_for_" + groupId;
+ final String forcedPath = "/rep:security/rep:authorizables/rep:groups/testgroup/folder_for_" + groupId + "_forced";
+ U.parseAndExecute("create group " + groupId + " with path " + path);
+ U.assertGroup("after creating group " + groupId, groupId, true, path);
+ U.parseAndExecute("create group " + groupId + " with forced path " + forcedPath);
+ U.assertGroup("after creating group " + groupId, groupId, true, forcedPath);
+ }
+
+ @Test
public void createGroupMultipleTimes() throws Exception {
final String groupname = namePrefix + "_cgm";
U.assertGroup("before test", groupname, false);
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java
index 8642ec0..1c3d7db 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java
@@ -135,6 +135,20 @@ public class CreateServiceUsersTest {
}
@Test
+ public void createServiceUserWithForcedRelativePathTest() throws Exception {
+ final String userId = namePrefix + "_cdst";
+ // Oak requires system/ prefix for service users
+ final String path = "system/forServiceUser/test";
+ final String pathForced = "system/forServiceUser/test2";
+ U.assertServiceUser("at start of test", userId, false);
+ U.parseAndExecute("create service user " + userId + " with path " + path);
+ U.assertServiceUser("after creating user", userId, true, path);
+
+ U.parseAndExecute("create service user " + userId + " with forced path " + pathForced);
+ U.assertServiceUser("after forcing creating user", userId, true, pathForced);
+ }
+
+ @Test
public void createServiceUserWithAbsPathTest() throws Exception {
final String userId = namePrefix + "_cdst";
final String path = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test";
@@ -142,4 +156,16 @@ public class CreateServiceUsersTest {
U.parseAndExecute("create service user " + userId + " with path " + path);
U.assertServiceUser("after creating user", userId, true, path);
}
+
+ @Test
+ public void createServiceUserWithForcedAbsPathTest() throws Exception {
+ final String userId = namePrefix + "_cdst";
+ final String path = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test1";
+ final String pathForced = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test2";
+ U.assertServiceUser("at start of test", userId, false);
+ U.parseAndExecute("create service user " + userId + " with path " + path);
+ U.assertServiceUser("after creating user", userId, true, path);
+ U.parseAndExecute("create service user " + userId + " with forced path " + pathForced);
+ U.assertServiceUser("after forcing creating user", userId, true, pathForced);
+ }
}
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java
index 492dbc5..93198bb 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java
@@ -87,6 +87,39 @@ public class CreateUsersTest {
U.assertUser("after creating user " + userId, userId, true, path);
}
+ @Test
+ public void createUserWithForcedRelativePathTest() throws Exception {
+ final String userId = namePrefix + "_cuwpt";
+ final String path = "testusers/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + path);
+ U.assertUser("after creating user " + userId, userId, true, path);
+ final String forcedPath = "testusers/folder_for_" + userId + "_forec";
+ U.parseAndExecute("create user " + userId + " with forced path " + forcedPath);
+ U.assertUser("after creating user " + userId, userId, true, forcedPath);
+ }
+
+ @Test
+ public void createUserWithForcedAbsolutePathTest() throws Exception {
+ final String userId = namePrefix + "_cuwpt";
+ final String path = "/rep:security/rep:authorizables/rep:users/testusers/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + path);
+ U.assertUser("after creating user " + userId, userId, true, path);
+ final String forcedPath = "/rep:security/rep:authorizables/rep:users/testusers/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + forcedPath);
+ U.assertUser("after creating user " + userId, userId, true, forcedPath);
+ }
+
+ @Test
+ public void createUserWithForcedPathAndPasswordTest() throws Exception {
+ final String userId = namePrefix + "_cuwpt";
+ final String path = "testuserwithpassword/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + path + " with password asdf");
+ U.assertUser("after creating user " + userId, userId, true, path);
+ final String forcedPath = "testuserwithpassword/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with forced path " + forcedPath + " with password asdf");
+ U.assertUser("after creating user " + userId, userId, true, forcedPath);
+ }
+
private String user(int index) {
return namePrefix + "_" + index;
}