You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:30:43 UTC
[sling-org-apache-sling-distribution-sample] 05/07: SLING-5281:
allow execution with calling user session
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.distribution.sample-0.1.4
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-distribution-sample.git
commit f2fa793e89b7aca9d2c7bfff161a0febd227fc4e
Author: Marius Petria <mp...@apache.org>
AuthorDate: Mon Nov 9 13:41:52 2015 +0000
SLING-5281: allow execution with calling user session
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/distribution/sample@1713432 13f79535-47bb-0310-9956-ffa450edef68
---
.../org/apache/sling/distribution/test/Init.java | 60 ++++++++++++++++------
...onAgentFactory-impersonate-publish-reverse.json | 17 ++++++
...tory-impersonate-publish-reverse-scheduled.json | 9 ++++
...stributionAgentFactory-impersonate-publish.json | 13 +++++
...stributionAgentFactory-impersonate-reverse.json | 13 +++++
...PackageExporterFactory-impersonate-reverse.json | 6 +++
...DistributionPackageExporterFactory-reverse.json | 0
...apperImpl.amended-distributionAgentService.json | 5 ++
.../libs/sling/distribution/services.json | 3 ++
.../libs/sling/distribution/settings.json | 3 ++
10 files changed, 113 insertions(+), 16 deletions(-)
diff --git a/src/main/java/org/apache/sling/distribution/test/Init.java b/src/main/java/org/apache/sling/distribution/test/Init.java
index 409b3b2..9721595 100644
--- a/src/main/java/org/apache/sling/distribution/test/Init.java
+++ b/src/main/java/org/apache/sling/distribution/test/Init.java
@@ -25,8 +25,11 @@ import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.commons.JcrUtils;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
@@ -48,41 +51,66 @@ public class Init {
public void activate() throws Exception {
try {
- final String userName = "testDistributionUser";
+ final String defaultAgentUserName = "distribution-agent-user";
+ final String serviceUserName = "testDistributionUser";
+ final String distributorUserName = "testDistributorUser";
+
Session session = slingRepository.loginAdministrative(null);
JackrabbitSession jackrabittSession = (JackrabbitSession) session;
UserManager userManager = jackrabittSession.getUserManager();
- Authorizable user = userManager.getAuthorizable(userName);
+ Authorizable serviceUser = userManager.getAuthorizable(serviceUserName);
- if (user == null) {
+ if (serviceUser == null) {
try {
- user = userManager.createSystemUser(userName, null);
- log.error("created system user", user);
+ serviceUser = userManager.createSystemUser(serviceUserName, null);
+ log.info("created system user {}", serviceUserName);
} catch (Throwable t) {
- user = userManager.createUser(userName, "123");
- log.error("created regular user", user);
-
+ serviceUser = userManager.createUser(serviceUserName, "123");
+ log.info("created regular user {}", serviceUserName);
}
}
- if (user != null) {
- AccessControlUtils.addAccessControlEntry(session, "/", user.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ if (serviceUser != null) {
+ AccessControlUtils.addAccessControlEntry(session, "/var/sling/distribution/packages", serviceUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, "/content", serviceUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, null, serviceUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
- AccessControlUtils.addAccessControlEntry(session, null, user.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ }
- session.save();
+ Authorizable distributorUser = userManager.getAuthorizable(distributorUserName);
- session.logout();
+ if (distributorUser == null) {
+ distributorUser = userManager.createUser(distributorUserName, "123");
+ log.info("created regular user {}", distributorUserName);
}
- } catch (Throwable t) {
- log.error("cannot create user", t);
- }
+ JcrUtils.getOrCreateByPath("/content", "sling:Folder", session);
+ if (distributorUser != null) {
+ AccessControlUtils.addAccessControlEntry(session, "/var/sling/distribution/packages", distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, "/content", distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, "/libs/sling/distribution", distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, null, distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ }
+
+ Authorizable defaultAgentUser = userManager.getAuthorizable(defaultAgentUserName);
+
+ if (defaultAgentUser == null) {
+ defaultAgentUser = userManager.createUser(defaultAgentUserName, "123");
+ log.info("created regular user {}", defaultAgentUserName);
+ ((User) distributorUser).getImpersonation().grantImpersonation(defaultAgentUser.getPrincipal());
+ ((User) serviceUser).getImpersonation().grantImpersonation(defaultAgentUser.getPrincipal());
+ }
+
+ session.save();
+ session.logout();
+ } catch (Throwable t) {
+ log.error("cannot create user", t);
+ }
}
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.agent.impl.ReverseDistributionAgentFactory-impersonate-publish-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.agent.impl.ReverseDistributionAgentFactory-impersonate-publish-reverse.json
new file mode 100644
index 0000000..2f63e6f
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.agent.impl.ReverseDistributionAgentFactory-impersonate-publish-reverse.json
@@ -0,0 +1,17 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+
+ "name": "impersonate-publish-reverse",
+
+ "requestAuthorizationStrategy.target" : "(name=privilegeRead)",
+
+ "packageBuilder.target": "(name=vlt)",
+
+ "transportSecretProvider.target" : "(name=publishAdmin)",
+
+ "packageExporter.endpoints": [
+ "http://localhost:4503/libs/sling/distribution/services/exporters/impersonate-reverse"
+ ],
+
+ "triggers.target": "(name=impersonate-publish-reverse-scheduled)"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.trigger.impl.ScheduledDistributionTriggerFactory-impersonate-publish-reverse-scheduled.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.trigger.impl.ScheduledDistributionTriggerFactory-impersonate-publish-reverse-scheduled.json
new file mode 100644
index 0000000..042b021
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.trigger.impl.ScheduledDistributionTriggerFactory-impersonate-publish-reverse-scheduled.json
@@ -0,0 +1,9 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+
+ "name": "impersonate-publish-reverse-scheduled",
+ "action": "pull",
+ "seconds": "30",
+
+ "serviceName" : "distributionService"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish/org.apache.sling.distribution.agent.impl.ForwardDistributionAgentFactory-impersonate-publish.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish/org.apache.sling.distribution.agent.impl.ForwardDistributionAgentFactory-impersonate-publish.json
new file mode 100644
index 0000000..cd4201f
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish/org.apache.sling.distribution.agent.impl.ForwardDistributionAgentFactory-impersonate-publish.json
@@ -0,0 +1,13 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+
+ "name": "impersonate-publish",
+
+ "packageBuilder.target": "(name=vlt)",
+
+ "transportSecretProvider.target" : "(name=publishAdmin)",
+
+ "packageImporter.endpoints": [
+ "http://localhost:4503/libs/sling/distribution/services/importers/default"
+ ]
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.agent.impl.QueueDistributionAgentFactory-impersonate-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.agent.impl.QueueDistributionAgentFactory-impersonate-reverse.json
new file mode 100644
index 0000000..07d266d
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.agent.impl.QueueDistributionAgentFactory-impersonate-reverse.json
@@ -0,0 +1,13 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+ "name": "impersonate-reverse",
+
+ "serviceName" : "distributionService",
+
+ "requestAuthorizationStrategy.target" : "(name=privilegeRead)",
+
+ "packageBuilder.target" : "(name=vlt)",
+
+ "triggers.target": "(name=reverse-userGeneratedContent)"
+
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-impersonate-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-impersonate-reverse.json
new file mode 100644
index 0000000..478cc0e
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-impersonate-reverse.json
@@ -0,0 +1,6 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+ "name": "impersonate-reverse",
+
+ "agent.target": "(name=impersonate-reverse)"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json
similarity index 100%
rename from src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json
rename to src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-distributionAgentService.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-distributionAgentService.json
new file mode 100644
index 0000000..b03aab2
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-distributionAgentService.json
@@ -0,0 +1,5 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+ "user.default": "",
+ "user.mapping": "org.apache.sling.distribution.core:defaultAgentService=distribution-agent-user"
+}
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/services.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/services.json
new file mode 100644
index 0000000..68baa9c
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/services.json
@@ -0,0 +1,3 @@
+{
+ "jcr:primaryType": "sling:Folder"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/settings.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/settings.json
new file mode 100644
index 0000000..68baa9c
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/settings.json
@@ -0,0 +1,3 @@
+{
+ "jcr:primaryType": "sling:Folder"
+}
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.