You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/10/18 23:21:43 UTC
[sling-org-apache-sling-resourceaccesssecurity] branch master
created (now 90281f0)
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git.
at 90281f0 SLING-7167 Adjust READMEs
This branch includes the following new commits:
new 535810d SLING-3435 - ResourceAccessSecurity does not secure access for update operations
new d12e4d8 SLING-3458 - Restrictions imposed by ProviderResourceAccessSecurity should not be discarded by ApplicationResourceAccessSecurity, SLING-3462 - Make ResourceAccessSecurity provider context and application context behave the same way
new c99ea4c Update to parent pom v19
new a09a4b3 Updated to parent version 20
new 7a989ba SLING-3918 - If a resource does not have a path a NPE occurrs
new 558a071 SLING-3917 - Add transformQuery support to the ResourceAccessSecurity Implementation
new 9519a4c SLING-3929 - Methods ResourceAccessGate#has<opt>Restrictions are not used by ResourceAccessSecurity
new 8838b02 SLING-3930 - Service rankings from ResourceAccessGates are not properly handled
new 2258639 [maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
new 277fcba revert changes from not released release...
new 5383f44 [maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
new f45e926 [maven-release-plugin] prepare for next development iteration
new 871ddfc Update to Sling Parent POM 22 with baselining enabled
new 113d226 SLING-4698 - Set parent.relativePath to empty for all modules
new ba97889 Update to Sling Parent 23
new a83889d Remove superflous sling.java.version=6 as it's the default now
new 9d428e7 set parent version to 24 and add empty relativePath where missing
new 0aff8a0 Update the main reactor to parent 25
new 4c52c31 Switch to parent pom 26
new ef15601 Update to parent pom 29
new 497c853 Back to parent 26
new 44f6b14 SLING-7167 Adjust READMEs
new e7618ad SLING-7167 Adjust READMEs
new 90281f0 SLING-7167 Adjust READMEs
The 24 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
--
To stop receiving notification emails like this one, please contact
['"commits@sling.apache.org" <co...@sling.apache.org>'].
[sling-org-apache-sling-resourceaccesssecurity] 02/24: SLING-3458 -
Restrictions imposed by ProviderResourceAccessSecurity should not be
discarded by ApplicationResourceAccessSecurity,
SLING-3462 - Make ResourceAccessSecurity provider context and application
context behave the same way
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit d12e4d88df92e12c621260283538736893591350
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Mar 19 12:40:59 2014 +0000
SLING-3458 - Restrictions imposed by ProviderResourceAccessSecurity should not be discarded by ApplicationResourceAccessSecurity,
SLING-3462 - Make ResourceAccessSecurity provider context and application context behave the same way
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1579213 13f79535-47bb-0310-9956-ffa450edef68
---
.../AllowingResourceAccessGate.java | 18 +++---
.../resourceaccesssecurity/ResourceAccessGate.java | 2 +-
.../ApplicationResourceAccessSecurityImpl.java | 2 +-
.../impl/ResourceAccessSecurityImpl.java | 72 ++++++++++++++--------
4 files changed, 59 insertions(+), 35 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
index 1e7d8c7..2570f81 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
@@ -32,48 +32,48 @@ public abstract class AllowingResourceAccessGate implements ResourceAccessGate {
@Override
public GateResult canRead(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canCreate(final String absPathName,
final ResourceResolver resourceResolver) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canUpdate(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canDelete(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canExecute(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canReadValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canCreateValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canUpdateValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canDeleteValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
index 4b096e8..6ee4e2b 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -123,7 +123,7 @@ public interface ResourceAccessGate {
* </ul>
*/
public enum GateResult {
- GRANTED, DENIED, DONTCARE
+ GRANTED, DENIED, CANT_DECIDE
};
public enum Operation {
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
index e784236..d4ac38e 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
@@ -37,6 +37,6 @@ import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
public ApplicationResourceAccessSecurityImpl() {
- super(true);
+ super(false);
}
}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index 72279e5..cd1f200 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -36,10 +36,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
- private final boolean defaultAllow;
+ private final boolean defaultAllowIfNoGateMatches;
- public ResourceAccessSecurityImpl(final boolean defaultAllow) {
- this.defaultAllow = defaultAllow;
+ public ResourceAccessSecurityImpl(final boolean defaultAllowIfNoGateMatches) {
+ this.defaultAllowIfNoGateMatches = defaultAllowIfNoGateMatches;
}
/**
@@ -101,7 +101,7 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
@Override
public Resource getReadableResource(final Resource resource) {
- Resource returnValue = (this.defaultAllow ? resource : null);
+ Resource returnValue = null;
final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.READ);
@@ -113,7 +113,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
if ( accessGateHandlers != null ) {
+ boolean noGateMatched = true;
+
while ( accessGateHandlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
@@ -130,23 +133,24 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
}
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
// stop checking if the operation is final and the result not GateResult.DONTCARE
- if (gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
+ if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
break;
}
}
// return null if access is denied or no ResourceAccessGate is present
- if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
+ if (finalGateResult == GateResult.DENIED) {
returnValue = null;
- } else if (finalGateResult == GateResult.DONTCARE) {
- returnValue = (this.defaultAllow ? resource : null);
} else if (finalGateResult == GateResult.GRANTED ) {
returnValue = resource;
+ } else if (noGateMatched && this.defaultAllowIfNoGateMatches)
+ {
+ returnValue = resource;
}
}
@@ -169,20 +173,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
final ResourceResolver resolver) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
path, ResourceAccessGate.Operation.CREATE);
- boolean result = this.defaultAllow;
+ boolean result = false;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
break;
}
@@ -192,6 +198,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -201,20 +210,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canUpdate(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.UPDATE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
break;
}
@@ -224,6 +235,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -233,20 +247,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canDelete(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.DELETE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
break;
}
@@ -256,6 +272,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -265,20 +284,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canExecute(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
break;
}
}
@@ -287,6 +308,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -295,19 +319,19 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
@Override
public boolean canReadValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
public boolean canSetValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
public boolean canDeleteValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 08/24: SLING-3930 -
Service rankings from ResourceAccessGates are not properly handled
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 8838b02b71ca7294a8a84a77717a9ee748425e8b
Author: Mike Müller <my...@apache.org>
AuthorDate: Sun Sep 14 10:02:54 2014 +0000
SLING-3930 - Service rankings from ResourceAccessGates are not properly handled
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1624823 13f79535-47bb-0310-9956-ffa450edef68
---
.../sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
index b064910..daa25bb 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
@@ -110,7 +110,8 @@ public class ResourceAccessGateHandler implements Comparable<ResourceAccessGateH
@Override
public int compareTo(final ResourceAccessGateHandler o) {
- return this.reference.compareTo(o.reference);
+ // services with higher service ranking should be the first in a list
+ return -this.reference.compareTo(o.reference);
}
@Override
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 04/24: Updated to
parent version 20
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit a09a4b32892ae5c34ab13d7e17d9e1a1ff1a4275
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Fri Aug 1 19:16:26 2014 +0000
Updated to parent version 20
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1615208 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a6472b6..666fffd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>19</version>
+ <version>20</version>
<relativePath>../../../parent/pom.xml</relativePath>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 06/24: SLING-3917 -
Add transformQuery support to the ResourceAccessSecurity Implementation
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 558a071087eb6c588529755423fb7cbff55a775f
Author: Mike Müller <my...@apache.org>
AuthorDate: Tue Sep 9 06:49:02 2014 +0000
SLING-3917 - Add transformQuery support to the ResourceAccessSecurity Implementation
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1623676 13f79535-47bb-0310-9956-ffa450edef68
---
.../sling/resourceaccesssecurity/ResourceAccessGate.java | 3 ++-
.../impl/ResourceAccessSecurityImpl.java | 15 ++++++++++++++-
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
index 6ee4e2b..dd7ce7a 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -187,7 +187,8 @@ public interface ResourceAccessGate {
* the language in which the query is expressed
* @param resourceResolver
* the resource resolver which resolves the query
- * @return the transformed query
+ * @return the transformed query or the original query if no tranformation
+ * took place. This method should never return <code>null</code>
* @throws AccessSecurityException
*/
public String transformQuery(String query, String language,
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index cd1f200..53adb79 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -339,7 +339,20 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
final String language,
final ResourceResolver resourceResolver)
throws AccessSecurityException {
- return query;
+ String returnValue = query;
+
+ for (ResourceAccessGateHandler handler : allHandlers) {
+ returnValue = handler.getResourceAccessGate().transformQuery(
+ returnValue, language, resourceResolver);
+ if (returnValue == null) {
+ throw new AccessSecurityException(
+ "Method transformQuery in ResourceAccessGate "
+ + handler.getResourceAccessGate().getClass()
+ .getName() + " returned null.");
+ }
+ }
+
+ return returnValue;
}
/**
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 22/24: SLING-7167
Adjust READMEs
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 44f6b14f193a92b36c040b504d70efd998ae31a7
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Mon Oct 2 14:58:40 2017 +0000
SLING-7167 Adjust READMEs
remove outdated information
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1810406 13f79535-47bb-0310-9956-ffa450edef68
---
README.txt | 24 ------------------------
1 file changed, 24 deletions(-)
diff --git a/README.txt b/README.txt
index 948b6c2..48320aa 100644
--- a/README.txt
+++ b/README.txt
@@ -1,27 +1,3 @@
Apache Sling Resource Access Security
This bundle provides in implementation of the ResourceAccessSecurity
-
-Getting Started
-===============
-
-This component uses a Maven 3 (http://maven.apache.org/) build
-environment. It requires a Java 5 JDK (or higher) and Maven (http://maven.apache.org/)
-3.0.3 or later. We recommend to use the latest Maven version.
-
-If you have Maven 3 installed, you can compile and
-package the jar using the following command:
-
- mvn package
-
-See the Maven 3 documentation for other build features.
-
-The latest source code for this component is available in the
-Subversion (http://subversion.apache.org/) source repository of
-the Apache Software Foundation. If you have Subversion installed,
-you can checkout the latest source using the following command:
-
- svn checkout http://svn.apache.org/repos/asf/sling/trunk/resourceresolver/core
-
-See the Subversion documentation for other source control features.
-
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 17/24: set parent
version to 24 and add empty relativePath where missing
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 9d428e79f69ef98389c37e30155ef860b1b615bb
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Tue Jul 7 08:09:17 2015 +0000
set parent version to 24 and add empty relativePath where missing
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1689593 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 4306ac9..b01c8c6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>23</version>
+ <version>24</version>
<relativePath/>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 23/24: SLING-7167
Adjust READMEs
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit e7618adcc139d2ec38e1c8c87112ef6d03a8c6c9
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Mon Oct 2 16:16:19 2017 +0000
SLING-7167 Adjust READMEs
switch from plain text to Markdown
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1810493 13f79535-47bb-0310-9956-ffa450edef68
---
README.txt => README.md | 0
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/README.txt b/README.md
similarity index 100%
rename from README.txt
rename to README.md
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 14/24: SLING-4698 -
Set parent.relativePath to empty for all modules
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 113d226a571d471348fdea96f17b4cc489d7b92d
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu May 7 10:14:40 2015 +0000
SLING-4698 - Set parent.relativePath to empty for all modules
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1678154 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index f996124..79c56cc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
<version>22</version>
- <relativePath>../../../parent/pom.xml</relativePath>
+ <relativePath/>
</parent>
<artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 10/24: revert
changes from not released release...
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 277fcba62ae817c5e85a20dd887ccbfe19b90eaa
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 11:54:10 2014 +0000
revert changes from not released release...
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1625530 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 282 ++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 141 insertions(+), 141 deletions(-)
diff --git a/pom.xml b/pom.xml
index 5aff0d5..666fffd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,141 +1,141 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sling</groupId>
- <artifactId>sling</artifactId>
- <version>20</version>
- <relativePath>../../../parent/pom.xml</relativePath>
- </parent>
-
- <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
- <version>1.0.0</version>
- <packaging>bundle</packaging>
-
- <name>Apache Sling Resource Access Security</name>
- <description>
- This bundle provides in implementation of the ResourceAccessSecurity service
- </description>
-
- <scm>
- <connection>
- scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
- </connection>
- <developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
- </developerConnection>
- <url>
- http://svn.apache.org/viewvc/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
- </url>
- </scm>
-
- <properties>
- <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
- <sling.java.version>6</sling.java.version>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- </plugin>
- <plugin>
- <groupId>org.apache.sling</groupId>
- <artifactId>maven-sling-plugin</artifactId>
- <executions>
- <execution>
- <id>generate-adapter-metadata</id>
- <phase>process-classes</phase>
- <goals>
- <goal>generate-adapter-metadata</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.api</artifactId>
- <version>2.5.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.osgi</artifactId>
- <version>2.2.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>adapter-annotations</artifactId>
- <version>1.0.0</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Testing -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.9.5</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>20</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 07/24: SLING-3929 -
Methods ResourceAccessGate#hasRestrictions are not used by
ResourceAccessSecurity
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 9519a4cac9d837d2b5a1d14e876cb680ad260cf4
Author: Mike Müller <my...@apache.org>
AuthorDate: Sat Sep 13 18:57:41 2014 +0000
SLING-3929 - Methods ResourceAccessGate#has<opt>Restrictions are not used by ResourceAccessSecurity
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1624774 13f79535-47bb-0310-9956-ffa450edef68
---
.../impl/ResourceAccessSecurityImpl.java | 27 +++++++++++++++++-----
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index 53adb79..4504cc1 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -119,7 +119,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasReadRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canRead(resource);
if (!canReadAllValues && gateResult == GateResult.GRANTED) {
if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
canReadAllValues = true;
@@ -136,7 +139,7 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- // stop checking if the operation is final and the result not GateResult.DONTCARE
+ // stop checking if the operation is final and the result not GateResult.CANT_DECIDE
if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
break;
}
@@ -182,7 +185,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasCreateRestrictions(resolver) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canCreate(path, resolver);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
@@ -219,7 +225,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasUpdateRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canUpdate(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
@@ -256,7 +265,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasDeleteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canDelete(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
@@ -293,7 +305,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasExecuteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canExecute(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 20/24: Update to
parent pom 29
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit ef156015e236da4cfccd09643561ea16a6a67263
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Fri Oct 21 06:23:09 2016 +0000
Update to parent pom 29
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1765932 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0ba9ccf..417017b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>26</version>
+ <version>29</version>
<relativePath/>
</parent>
@@ -86,15 +86,10 @@
<dependency>
<groupId>javax.jcr</groupId>
<artifactId>jcr</artifactId>
- <version>2.0</version>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
+ <artifactId>osgi.core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 24/24: SLING-7167
Adjust READMEs
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 90281f00467cf539936738a716312a69d2b2257f
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Tue Oct 3 09:59:04 2017 +0000
SLING-7167 Adjust READMEs
add uniform header linking to Sling project
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1810867 13f79535-47bb-0310-9956-ffa450edef68
---
README.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 48320aa..2985187 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
-Apache Sling Resource Access Security
+# Apache Sling Resource Access Security
+
+This module is part of the [Apache Sling](https://sling.apache.org) project.
This bundle provides in implementation of the ResourceAccessSecurity
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 09/24:
[maven-release-plugin] prepare release
org.apache.sling.resourceaccesssecurity-1.0.0
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 2258639cf5ffb4b52fe3c7fd600cc60b9a2db4b6
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 11:49:09 2014 +0000
[maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1625529 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 282 ++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 141 insertions(+), 141 deletions(-)
diff --git a/pom.xml b/pom.xml
index 666fffd..5aff0d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,141 +1,141 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sling</groupId>
- <artifactId>sling</artifactId>
- <version>20</version>
- <relativePath>../../../parent/pom.xml</relativePath>
- </parent>
-
- <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <packaging>bundle</packaging>
-
- <name>Apache Sling Resource Access Security</name>
- <description>
- This bundle provides in implementation of the ResourceAccessSecurity service
- </description>
-
- <scm>
- <connection>
- scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </connection>
- <developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </developerConnection>
- <url>
- http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
- </url>
- </scm>
-
- <properties>
- <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
- <sling.java.version>6</sling.java.version>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- </plugin>
- <plugin>
- <groupId>org.apache.sling</groupId>
- <artifactId>maven-sling-plugin</artifactId>
- <executions>
- <execution>
- <id>generate-adapter-metadata</id>
- <phase>process-classes</phase>
- <goals>
- <goal>generate-adapter-metadata</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.api</artifactId>
- <version>2.5.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.osgi</artifactId>
- <version>2.2.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>adapter-annotations</artifactId>
- <version>1.0.0</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Testing -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.9.5</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>20</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>1.0.0</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 13/24: Update to
Sling Parent POM 22 with baselining enabled
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 871ddfce6a516437233dc7e0de4008ecff10c526
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Wed Oct 1 06:57:44 2014 +0000
Update to Sling Parent POM 22 with baselining enabled
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1628622 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a60e413..f996124 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>20</version>
+ <version>22</version>
<relativePath>../../../parent/pom.xml</relativePath>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 11/24:
[maven-release-plugin] prepare release
org.apache.sling.resourceaccesssecurity-1.0.0
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 5383f44d1dc03f7a126849f933f13e1e8a70bace
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 11:59:44 2014 +0000
[maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1625532 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 282 ++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 141 insertions(+), 141 deletions(-)
diff --git a/pom.xml b/pom.xml
index 666fffd..5aff0d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,141 +1,141 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sling</groupId>
- <artifactId>sling</artifactId>
- <version>20</version>
- <relativePath>../../../parent/pom.xml</relativePath>
- </parent>
-
- <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <packaging>bundle</packaging>
-
- <name>Apache Sling Resource Access Security</name>
- <description>
- This bundle provides in implementation of the ResourceAccessSecurity service
- </description>
-
- <scm>
- <connection>
- scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </connection>
- <developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </developerConnection>
- <url>
- http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
- </url>
- </scm>
-
- <properties>
- <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
- <sling.java.version>6</sling.java.version>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- </plugin>
- <plugin>
- <groupId>org.apache.sling</groupId>
- <artifactId>maven-sling-plugin</artifactId>
- <executions>
- <execution>
- <id>generate-adapter-metadata</id>
- <phase>process-classes</phase>
- <goals>
- <goal>generate-adapter-metadata</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.api</artifactId>
- <version>2.5.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.osgi</artifactId>
- <version>2.2.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>adapter-annotations</artifactId>
- <version>1.0.0</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Testing -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.9.5</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>20</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>1.0.0</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 15/24: Update to
Sling Parent 23
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit ba97889263736d2055ed5aeab089b4a82814d4fe
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu Jun 25 13:08:16 2015 +0000
Update to Sling Parent 23
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1687500 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 79c56cc..1bddbdc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>22</version>
+ <version>23</version>
<relativePath/>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 01/24: SLING-3435 -
ResourceAccessSecurity does not secure access for update operations
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 535810d6ffcb8180308f0c6ea1b2ab3c8ee05f60
Author: Mike Müller <my...@apache.org>
AuthorDate: Sun Mar 16 19:17:41 2014 +0000
SLING-3435 - ResourceAccessSecurity does not secure access for update operations
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1578141 13f79535-47bb-0310-9956-ffa450edef68
---
README.txt | 27 ++
pom.xml | 141 +++++++++
.../AllowingResourceAccessGate.java | 129 ++++++++
.../resourceaccesssecurity/ResourceAccessGate.java | 215 +++++++++++++
.../impl/AccessGateResourceWrapper.java | 87 ++++++
.../ApplicationResourceAccessSecurityImpl.java | 42 +++
.../impl/ProviderResourceAccessSecurityImpl.java | 42 +++
.../impl/ReadOnlyValueMapWrapper.java | 63 ++++
.../impl/ResourceAccessGateHandler.java | 122 ++++++++
.../impl/ResourceAccessSecurityImpl.java | 347 +++++++++++++++++++++
.../sling/resourceaccesssecurity/package-info.java | 24 ++
.../impl/ResourceAccessSecurityImplTests.java | 189 +++++++++++
12 files changed, 1428 insertions(+)
diff --git a/README.txt b/README.txt
new file mode 100644
index 0000000..948b6c2
--- /dev/null
+++ b/README.txt
@@ -0,0 +1,27 @@
+Apache Sling Resource Access Security
+
+This bundle provides in implementation of the ResourceAccessSecurity
+
+Getting Started
+===============
+
+This component uses a Maven 3 (http://maven.apache.org/) build
+environment. It requires a Java 5 JDK (or higher) and Maven (http://maven.apache.org/)
+3.0.3 or later. We recommend to use the latest Maven version.
+
+If you have Maven 3 installed, you can compile and
+package the jar using the following command:
+
+ mvn package
+
+See the Maven 3 documentation for other build features.
+
+The latest source code for this component is available in the
+Subversion (http://subversion.apache.org/) source repository of
+the Apache Software Foundation. If you have Subversion installed,
+you can checkout the latest source using the following command:
+
+ svn checkout http://svn.apache.org/repos/asf/sling/trunk/resourceresolver/core
+
+See the Subversion documentation for other source control features.
+
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..2bafb55
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>18</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
new file mode 100644
index 0000000..1e7d8c7
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+
+/**
+ * This abstract implementation of the <code>ResourceAccessGate</code> can be
+ * used to implement own resource access gates.
+ * This implementation simply allows operations, restricting implementations
+ * just need to overwrite the operations they want to restrict.
+ */
+public abstract class AllowingResourceAccessGate implements ResourceAccessGate {
+
+ @Override
+ public GateResult canRead(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canCreate(final String absPathName,
+ final ResourceResolver resourceResolver) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canUpdate(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canDelete(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canExecute(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canReadValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canCreateValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canUpdateValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canDeleteValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public String transformQuery(final String query, final String language,
+ final ResourceResolver resourceResolver) throws AccessSecurityException {
+ return query;
+ }
+
+ @Override
+ public boolean hasReadRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasCreateRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasUpdateRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasDeleteRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasExecuteRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean canReadAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canCreateAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canUpdateAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canDeleteAllValues(final Resource resource) {
+ return true;
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
new file mode 100644
index 0000000..4b096e8
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -0,0 +1,215 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+
+import aQute.bnd.annotation.ConsumerType;
+
+/**
+ * The <code>ResourceAccessGate</code> defines a service API which might be used
+ * to make some restrictions to accessing resources.
+ *
+ * Implementations of this service interface must be registered like
+ * ResourceProvider with a path (like provider.roots). If different
+ * ResourceAccessGateService services match a path, not only the
+ * ResourceAccessGateService with the longest path will be called, but all of
+ * them, that's in contrast to the ResourceProvider, but in this case more
+ * logical (and secure!). The gates will be called in the order of the
+ * service ranking.
+ * If one of the gates grants access for a given operation access will be granted.
+ *
+ * service properties:
+ * <ul>
+ * <li><b>path</b>: regexp to define on which paths the service should be called
+ * (default .*)</li>
+ * <li><b>operations</b>: set of operations on which the service should be
+ * called ("read,create,update,delete,execute", default all of them)</li>
+ * <li><b>finaloperations</b>: set of operations on which the service answer is
+ * final and no further service should be called (default none of them), except
+ * the GateResult is {@link GateResult.DONTCARE}</li>
+ * </ul>
+ *
+ * The resource access gate can either have the context {@link #PROVIDER_CONTEXT},
+ * in this case the gate is only applied to resource providers requesting the
+ * security checks. Or the context can be {@link #APPLICATION_CONTEXT}. In this
+ * case the access gate is invoked for the whole resource tree.
+ * This is indicated by the required service property {@link #CONTEXT}. If the
+ * property is missing or invalid, the service is ignored.
+ */
+@ConsumerType
+public interface ResourceAccessGate {
+
+ /**
+ * The service name to use when registering implementations of this
+ * interface as services (value is
+ * "org.apache.sling.api.resource.ResourceAccessGate").
+ */
+ String SERVICE_NAME = ResourceAccessGate.class.getName();
+
+ /**
+ * The name of the service registration property containing the context
+ * of this service. Allowed values are {@link #APPLICATION_CONTEXT} and
+ * {@link #PROVIDER_CONTEXT}.
+ * This property is required and has no default value.
+ * (value is "access.context")
+ */
+ String CONTEXT = "access.context";
+
+ /**
+ * Allowed value for the {@link #CONTEXT} service registration property.
+ * Services marked with this context are applied to all resources.
+ */
+ String APPLICATION_CONTEXT = "application";
+
+ /**
+ * Allowed value for the {@link #CONTEXT} service registration property.
+ * Services marked with this context are only applied to resource
+ * providers which indicate the additional checks with the
+ * {@link org.apache.sling.api.resource.ResourceProvider#USE_RESOURCE_ACCESS_SECURITY}
+ * property.
+ */
+ String PROVIDER_CONTEXT = "provider";
+
+ /**
+ * The name of the service registration property containing the path as a
+ * regular expression for which the service should be called (value is
+ * "path").
+ */
+ String PATH = "path";
+
+ /**
+ * The name of the service registration property containing the operations
+ * for which the service should be called, defaults to all the operations
+ * (value is "operations").
+ */
+ String OPERATIONS = "operations";
+
+ /**
+ * The name of the service registration property containing the operations
+ * for which the service should be called and no further service should be
+ * called after this, except the services returns DONTCARE as result,
+ * default is empty (non of them are final) (value is "finaloperations").
+ */
+ String FINALOPERATIONS = "finaloperations";
+
+ /**
+ * <code>GateResult</code> defines 3 possible states which can be returned
+ * by the different canXXX methods of this interface.
+ * <ul>
+ * <li>GRANTED: means no restrictions</li>
+ * <li>DENIED: means no permission for the requested action</li>
+ * <li>DONTCARE: means that the implementation of the service has no
+ * information or can't decide and therefore neither can't grant or deny
+ * access</li>
+ * </ul>
+ */
+ public enum GateResult {
+ GRANTED, DENIED, DONTCARE
+ };
+
+ public enum Operation {
+ READ("read"), CREATE("create"), UPDATE("update"), DELETE("delete"), EXECUTE(
+ "execute");
+
+ private String text;
+
+ Operation(String text) {
+ this.text = text;
+ }
+
+ public static Operation fromString(String opAsString) {
+ Operation returnValue = null;
+
+ for (Operation op : Operation.values()) {
+ if (opAsString.equals(op.getText())) {
+ returnValue = op;
+ break;
+ }
+ }
+
+ return returnValue;
+ }
+
+ public String getText() {
+ return this.text;
+ }
+ }
+
+ public GateResult canRead(Resource resource);
+
+ public GateResult canCreate(String absPathName,
+ ResourceResolver resourceResolver);
+
+ public GateResult canUpdate(Resource resource);
+
+ public GateResult canDelete(Resource resource);
+
+ public GateResult canExecute(Resource resource);
+
+ public GateResult canReadValue(Resource resource, String valueName);
+
+ public GateResult canCreateValue(Resource resource, String valueName);
+
+ public GateResult canUpdateValue(Resource resource, String valueName);
+
+ public GateResult canDeleteValue(Resource resource, String valueName);
+
+ /**
+ * Allows to transform the query based on the current user's credentials.
+ * Can be used to narrow down queries to omit results that the current user
+ * is not allowed to see anyway, speeding up downstream access control.
+ *
+ * Query transformations are not critical with respect to access control as
+ * results are checked using the canRead.. methods anyway.
+ *
+ * @param query
+ * the query
+ * @param language
+ * the language in which the query is expressed
+ * @param resourceResolver
+ * the resource resolver which resolves the query
+ * @return the transformed query
+ * @throws AccessSecurityException
+ */
+ public String transformQuery(String query, String language,
+ ResourceResolver resourceResolver) throws AccessSecurityException;
+
+ /* for convenience (and performance) */
+ public boolean hasReadRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasCreateRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasUpdateRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasDeleteRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasExecuteRestrictions(ResourceResolver resourceResolver);
+
+ public boolean canReadAllValues(Resource resource);
+
+ public boolean canCreateAllValues(Resource resource);
+
+ public boolean canUpdateAllValues(Resource resource);
+
+ public boolean canDeleteAllValues(Resource resource);
+
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
new file mode 100644
index 0000000..fd93b2f
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.sling.api.resource.ModifiableValueMap;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceWrapper;
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+/**
+ * The <code>AccessGateResourceWrapper</code> wraps a <code>Resource</code> and
+ * intercepts calls to adaptTo to wrap the adapted <code>ValueMap</code> or
+ * also a <code>ModifiableValueMap</code> to enforce access rules defined
+ * by implementations of <code>ResourceAccessGate</code>
+ *
+ */
+public class AccessGateResourceWrapper extends ResourceWrapper {
+
+ private final List<ResourceAccessGate> accessGatesForReadValues;
+ private final boolean modifiable;
+
+ /**
+ * Creates a new wrapper instance delegating all method calls to the given
+ * <code>resource</code>, but intercepts the calls with checks to the
+ * applied ResourceAccessGate instances for read and/or update values.
+ *
+ * @param resource resource to protect
+ * @param accessGatesForReadForValues list of access gates to ask when reading values. If
+ * the list is <code>null</code> or empty there are no read restrictions
+ * @param modifiable if <code>true</code> the resource can be updated
+ */
+ public AccessGateResourceWrapper(final Resource resource,
+ final List<ResourceAccessGate> accessGatesForReadForValues,
+ final boolean modifiable ) {
+ super( resource );
+ this.accessGatesForReadValues = accessGatesForReadForValues;
+ this.modifiable = modifiable;
+ }
+
+ /**
+ * Returns the value of calling <code>adaptTo</code> on the
+ * {@link #getResource() wrapped resource}.
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public <AdapterType> AdapterType adaptTo(Class<AdapterType> type) {
+ // we do not support the deprecated PersistableValueMap
+ AdapterType adapter = getResource().adaptTo(type);
+
+ if (adapter != null && !modifiable) {
+ if (type == ModifiableValueMap.class) {
+ adapter = null;
+ }
+ else if (type == Map.class || type == ValueMap.class) {
+ // protect also against accidental modifications when changes are done in an adapted map
+ adapter = (AdapterType) new ReadOnlyValueMapWrapper((Map) adapter);
+ }
+ }
+
+
+ return adapter;
+
+
+ }
+
+
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
new file mode 100644
index 0000000..e784236
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+@Component
+@Service(value=ResourceAccessSecurity.class)
+@Property(name=ResourceAccessSecurity.CONTEXT, value=ResourceAccessSecurity.APPLICATION_CONTEXT)
+@Reference(name="ResourceAccessGate", referenceInterface=ResourceAccessGate.class,
+ cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
+ policy=ReferencePolicy.DYNAMIC,
+ target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.APPLICATION_CONTEXT + ")")
+public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+
+ public ApplicationResourceAccessSecurityImpl() {
+ super(true);
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
new file mode 100644
index 0000000..80fd43e
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+@Component
+@Service(value=ResourceAccessSecurity.class)
+@Property(name=ResourceAccessSecurity.CONTEXT, value=ResourceAccessSecurity.PROVIDER_CONTEXT)
+@Reference(name="ResourceAccessGate", referenceInterface=ResourceAccessGate.class,
+ cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
+ policy=ReferencePolicy.DYNAMIC,
+ target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.PROVIDER_CONTEXT + ")")
+public class ProviderResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+
+ public ProviderResourceAccessSecurityImpl() {
+ super(false);
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java
new file mode 100644
index 0000000..43ac8db
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.Map;
+
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.api.wrappers.ValueMapDecorator;
+
+/**
+ * Wrapper class that does protect the underlying map from modifications.
+ */
+public class ReadOnlyValueMapWrapper extends ValueMapDecorator
+ implements ValueMap {
+
+ /**
+ * Creates a new wrapper around a given map.
+ *
+ * @param base wrapped object
+ */
+ public ReadOnlyValueMapWrapper(Map<String, Object> base) {
+ super(base);
+ }
+
+ @Override
+ public Object put(String key, Object value) {
+ // TODO we probably should log this as a warning
+ return null;
+ }
+
+ @Override
+ public Object remove(Object key) {
+ // TODO we probably should log this as a warning
+ return null;
+ }
+
+ @Override
+ public void putAll(Map<? extends String, ?> t) {
+ // TODO we probably should log this as a warning
+ }
+
+ @Override
+ public void clear() {
+ // TODO we probably should log this as a warning
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
new file mode 100644
index 0000000..7cb94d6
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
@@ -0,0 +1,122 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.sling.commons.osgi.PropertiesUtil;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.osgi.framework.ServiceReference;
+
+public class ResourceAccessGateHandler implements Comparable<ResourceAccessGateHandler> {
+
+ private final ResourceAccessGate resourceAccessGate;
+
+ private final ServiceReference reference;
+
+ private final Pattern pathPattern;
+ private final Set<ResourceAccessGate.Operation> operations = new HashSet<ResourceAccessGate.Operation>();
+ private final Set<ResourceAccessGate.Operation> finalOperations = new HashSet<ResourceAccessGate.Operation>();
+
+ /**
+ * constructor
+ */
+ public ResourceAccessGateHandler ( final ServiceReference resourceAccessGateRef ) {
+ this.reference = resourceAccessGateRef;
+
+ resourceAccessGate = (ResourceAccessGate) resourceAccessGateRef.getBundle().
+ getBundleContext().getService(resourceAccessGateRef);
+ // extract the service property "path"
+ final String path = (String) resourceAccessGateRef.getProperty(ResourceAccessGate.PATH);
+ if ( path != null ) {
+ pathPattern = Pattern.compile(path);
+ } else {
+ pathPattern = Pattern.compile(".*");
+ }
+
+ // extract the service property "operations"
+ final String ops = PropertiesUtil.toString( resourceAccessGateRef.getProperty(ResourceAccessGate.OPERATIONS), null );
+ if ( ops != null && ops.length() > 0 ) {
+ final String[] opsArray = ops.split( "," );
+ for (final String opAsString : opsArray) {
+ final ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+ if ( operation != null ) {
+ operations.add(operation);
+ }
+ }
+ } else {
+ for (final ResourceAccessGate.Operation op : ResourceAccessGate.Operation.values() ) {
+ operations.add(op);
+ }
+ }
+
+ // extract the service property "finaloperations"
+ final String finalOps = PropertiesUtil.toString(resourceAccessGateRef.getProperty(ResourceAccessGate.FINALOPERATIONS), null );
+ if ( finalOps != null && finalOps.length() > 0 ) {
+ final String[] finOpsArray = finalOps.split( "," );
+ for (final String opAsString : finOpsArray) {
+ final ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+ if ( operation != null ) {
+ finalOperations.add(operation);
+ }
+ }
+ }
+
+ }
+
+ public boolean matches ( final String path, final ResourceAccessGate.Operation operation ) {
+ boolean returnValue = false;
+
+ if ( operations.contains( operation ) ) {
+ final Matcher match = pathPattern.matcher(path);
+ returnValue = match.matches();
+ }
+
+ return returnValue;
+ }
+
+ public boolean isFinalOperation( final ResourceAccessGate.Operation operation ) {
+ return finalOperations.contains(operation);
+ }
+
+ public ResourceAccessGate getResourceAccessGate () {
+ return resourceAccessGate;
+ }
+
+ @Override
+ public int compareTo(final ResourceAccessGateHandler o) {
+ return this.reference.compareTo(o.reference);
+ }
+
+ @Override
+ public boolean equals(final Object obj) {
+ if ( obj instanceof ResourceAccessGateHandler ) {
+ return ((ResourceAccessGateHandler)obj).reference.equals(this.reference);
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode() {
+ return this.reference.hashCode();
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
new file mode 100644
index 0000000..72279e5
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -0,0 +1,347 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
+import org.osgi.framework.ServiceReference;
+
+public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
+
+ private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
+
+ private final boolean defaultAllow;
+
+ public ResourceAccessSecurityImpl(final boolean defaultAllow) {
+ this.defaultAllow = defaultAllow;
+ }
+
+ /**
+ * This method returns either an iterator delivering the matching handlers
+ * or <code>null</code>.
+ */
+ private Iterator<ResourceAccessGateHandler> getMatchingResourceAccessGateHandlerIterator(
+ final String path, final ResourceAccessGate.Operation operation) {
+ //
+ // TODO: maybe caching some frequent paths with read operation would be
+ // a good idea
+ //
+ final List<ResourceAccessGateHandler> handlers = allHandlers;
+ if (handlers.size() > 0) {
+
+ final Iterator<ResourceAccessGateHandler> iter = handlers.iterator();
+ return new Iterator<ResourceAccessGateHandler>() {
+
+ private ResourceAccessGateHandler next;
+
+ {
+ peek();
+ }
+
+ private void peek() {
+ this.next = null;
+ while ( iter.hasNext() && next == null ) {
+ final ResourceAccessGateHandler handler = iter.next();
+ if (handler.matches(path, operation)) {
+ next = handler;
+ }
+ }
+ }
+
+ @Override
+ public boolean hasNext() {
+ return next != null;
+ }
+
+ @Override
+ public ResourceAccessGateHandler next() {
+ if ( next == null ) {
+ throw new NoSuchElementException();
+ }
+ final ResourceAccessGateHandler handler = this.next;
+ peek();
+ return handler;
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+ };
+ }
+
+ return null;
+ }
+
+ @Override
+ public Resource getReadableResource(final Resource resource) {
+ Resource returnValue = (this.defaultAllow ? resource : null);
+
+ final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.READ);
+
+ GateResult finalGateResult = null;
+ List<ResourceAccessGate> accessGatesForReadValues = null;
+ boolean canReadAllValues = false;
+
+
+ if ( accessGateHandlers != null ) {
+
+ while ( accessGateHandlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
+ if (!canReadAllValues && gateResult == GateResult.GRANTED) {
+ if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
+ canReadAllValues = true;
+ accessGatesForReadValues = null;
+ } else {
+ if (accessGatesForReadValues == null) {
+ accessGatesForReadValues = new ArrayList<ResourceAccessGate>();
+ }
+ accessGatesForReadValues.add(resourceAccessGateHandler.getResourceAccessGate());
+ }
+ }
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ // stop checking if the operation is final and the result not GateResult.DONTCARE
+ if (gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
+ break;
+ }
+ }
+
+
+ // return null if access is denied or no ResourceAccessGate is present
+ if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
+ returnValue = null;
+ } else if (finalGateResult == GateResult.DONTCARE) {
+ returnValue = (this.defaultAllow ? resource : null);
+ } else if (finalGateResult == GateResult.GRANTED ) {
+ returnValue = resource;
+ }
+ }
+
+ boolean canUpdateResource = canUpdate(resource);
+
+ // wrap Resource if read access is not or partly (values) not granted
+ if (returnValue != null) {
+ if( !canReadAllValues || !canUpdateResource ) {
+ returnValue = new AccessGateResourceWrapper(returnValue,
+ accessGatesForReadValues,
+ canUpdateResource);
+ }
+ }
+
+ return returnValue;
+ }
+
+ @Override
+ public boolean canCreate(final String path,
+ final ResourceResolver resolver) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ path, ResourceAccessGate.Operation.CREATE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canUpdate(final Resource resource) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.UPDATE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canDelete(final Resource resource) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.DELETE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canExecute(final Resource resource) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canReadValue(final Resource resource, final String valueName) {
+ // TODO Auto-generated method stub
+ return this.defaultAllow;
+ }
+
+ @Override
+ public boolean canSetValue(final Resource resource, final String valueName) {
+ // TODO Auto-generated method stub
+ return this.defaultAllow;
+ }
+
+ @Override
+ public boolean canDeleteValue(final Resource resource, final String valueName) {
+ // TODO Auto-generated method stub
+ return this.defaultAllow;
+ }
+
+ @Override
+ public String transformQuery(final String query,
+ final String language,
+ final ResourceResolver resourceResolver)
+ throws AccessSecurityException {
+ return query;
+ }
+
+ /**
+ * Add a new resource access gate
+ */
+ protected void bindResourceAccessGate(final ServiceReference ref) {
+ synchronized ( this ) {
+ final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);
+
+ final ResourceAccessGateHandler h = new ResourceAccessGateHandler(ref);
+ newList.add(h);
+ Collections.sort(newList);
+ this.allHandlers = newList;
+ }
+ }
+
+ /**
+ * Remove a resource access gate
+ */
+ protected void unbindResourceAccessGate(final ServiceReference ref) {
+ synchronized ( this ) {
+ final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);
+
+ final ResourceAccessGateHandler h = new ResourceAccessGateHandler(ref);
+ newList.remove(h);
+ this.allHandlers = newList;
+ }
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java b/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
new file mode 100644
index 0000000..61145aa
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+@Version("1.0.0")
+package org.apache.sling.resourceaccesssecurity;
+
+import aQute.bnd.annotation.Version;
+
diff --git a/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java b/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java
new file mode 100644
index 0000000..c7575a6
--- /dev/null
+++ b/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java
@@ -0,0 +1,189 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+
+import junit.framework.TestCase;
+import org.apache.sling.api.resource.ModifiableValueMap;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.junit.Before;
+import org.junit.Test;
+import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.verify;
+
+import static org.junit.Assert.assertTrue;
+
+public class ResourceAccessSecurityImplTests {
+
+ ServiceReference serviceReference;
+ ResourceAccessSecurity resourceAccessSecurity;
+ ResourceAccessGate resourceAccessGate;
+
+ @Before
+ public void setUp() {
+ resourceAccessSecurity = new ProviderResourceAccessSecurityImpl();
+ }
+
+
+ @Test
+ public void testCanUpdate(){
+ initMocks("/content", new String[] { "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ assertTrue(resourceAccessSecurity.canUpdate(resource));
+ }
+
+ @Test
+ public void testCannotUpdate(){
+ initMocks("/content", new String[] { "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ assertFalse(resourceAccessSecurity.canUpdate(resource));
+ }
+
+ @Test
+ public void testCannotUpdateWrongPath(){
+ initMocks("/content", new String[] { "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/wrongcontent");
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ assertFalse(resourceAccessSecurity.canUpdate(resource));
+ }
+
+ @Test
+ public void testCanUpdateUsingReadableResource(){
+ // one needs to have also read rights to obtain the resource
+
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+ ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class);
+
+
+ resultValueMap.put("modified", "value");
+
+ verify(valueMap, times(1)).put("modified", "value");
+ }
+
+
+ @Test
+ public void testCannotUpdateUsingReadableResourceIfCannotRead(){
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+
+ assertNull(readableResource);
+ }
+
+
+ @Test
+ public void testCannotUpdateUsingReadableResourceIfCannotUpdate(){
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+ ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class);
+
+ assertNull(resultValueMap);
+ }
+
+
+ @Test
+ public void testCannotUpdateAccidentallyUsingReadableResourceIfCannotUpdate(){
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+ ValueMap resultValueMap = readableResource.adaptTo(ValueMap.class);
+
+ resultValueMap.put("modified", "value");
+
+ verify(valueMap, times(0)).put("modified", "value");
+ }
+
+ private void initMocks(String path, String[] operations){
+ serviceReference = mock(ServiceReference.class);
+ Bundle bundle = mock(Bundle.class);
+ BundleContext bundleContext = mock(BundleContext.class);
+ resourceAccessGate = mock(ResourceAccessGate.class);
+
+ when(serviceReference.getBundle()).thenReturn(bundle);
+ when(bundle.getBundleContext()).thenReturn(bundleContext);
+ when(bundleContext.getService(serviceReference)).thenReturn(resourceAccessGate);
+
+ when(serviceReference.getProperty(ResourceAccessGate.PATH)).thenReturn(path);
+ when(serviceReference.getProperty(ResourceAccessGate.OPERATIONS)).thenReturn(operations);
+
+ ((ProviderResourceAccessSecurityImpl) resourceAccessSecurity).bindResourceAccessGate(serviceReference);
+ }
+
+
+
+}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 21/24: Back to
parent 26
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 497c853fbc109f0a3f5e1e77657925aac1574752
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Fri Oct 21 06:31:19 2016 +0000
Back to parent 26
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1765933 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 417017b..9028a9a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>29</version>
+ <version>26</version>
<relativePath/>
</parent>
@@ -86,10 +86,11 @@
<dependency>
<groupId>javax.jcr</groupId>
<artifactId>jcr</artifactId>
+ <version>2.0</version>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>osgi.core</artifactId>
+ <artifactId>org.osgi.core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 05/24: SLING-3918 -
If a resource does not have a path a NPE occurrs
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 7a989bae7cc3b5d568b85bdb52a061abb89b0bde
Author: Mike Müller <my...@apache.org>
AuthorDate: Tue Sep 9 06:41:16 2014 +0000
SLING-3918 - If a resource does not have a path a NPE occurrs
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1623668 13f79535-47bb-0310-9956-ffa450edef68
---
.../resourceaccesssecurity/impl/ResourceAccessGateHandler.java | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
index 7cb94d6..b064910 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
@@ -87,8 +87,14 @@ public class ResourceAccessGateHandler implements Comparable<ResourceAccessGateH
boolean returnValue = false;
if ( operations.contains( operation ) ) {
- final Matcher match = pathPattern.matcher(path);
- returnValue = match.matches();
+ if (path != null) {
+ final Matcher match = pathPattern.matcher(path);
+ returnValue = match.matches();
+ } else {
+ // if no path is given just add every ResourceAccessGate for
+ // security reason
+ return true;
+ }
}
return returnValue;
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 12/24:
[maven-release-plugin] prepare for next development iteration
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit f45e92666f376325a246cfeefa93aafcd9ecda40
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 12:01:28 2014 +0000
[maven-release-plugin] prepare for next development iteration
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1625535 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index 5aff0d5..a60e413 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
</parent>
<artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
- <version>1.0.0</version>
+ <version>1.0.1-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>Apache Sling Resource Access Security</name>
@@ -37,13 +37,13 @@
<scm>
<connection>
- scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
</connection>
<developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
</developerConnection>
<url>
- http://svn.apache.org/viewvc/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
</url>
</scm>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 18/24: Update the
main reactor to parent 25
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 0aff8a01e19a26e34873dc91fdf99f5077f914c9
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Mon Oct 5 10:03:45 2015 +0000
Update the main reactor to parent 25
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1706780 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index b01c8c6..9156f81 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>24</version>
+ <version>25</version>
<relativePath/>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 03/24: Update to
parent pom v19
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit c99ea4c067e53fca7d513c8b52d78b02c32dfd99
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Mon Mar 31 14:39:20 2014 +0000
Update to parent pom v19
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1583337 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 2bafb55..a6472b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>18</version>
+ <version>19</version>
<relativePath>../../../parent/pom.xml</relativePath>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 19/24: Switch to
parent pom 26
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 4c52c31b6aa8e6412a5520c7f1c2ec3321ba2305
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Sun Jan 3 14:07:46 2016 +0000
Switch to parent pom 26
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1722720 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 9156f81..0ba9ccf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>25</version>
+ <version>26</version>
<relativePath/>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 16/24: Remove
superflous sling.java.version=6 as it's the default now
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit a83889d1abcc2472082c710e0611fee98304e6f6
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu Jun 25 13:14:53 2015 +0000
Remove superflous sling.java.version=6 as it's the default now
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1687505 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 1 -
1 file changed, 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 1bddbdc..4306ac9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,6 @@
<properties>
<site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
- <sling.java.version>6</sling.java.version>
</properties>
<build>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.