You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by pa...@apache.org on 2021/01/29 04:55:32 UTC
[sling-org-apache-sling-jcr-repoinit] 01/01: SLING-9857: implement
forced path with simple recreate
This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch issues/SLING-9857
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit dc891b2b193c46d08e76af53c18186e90fbf97d0
Author: Karl Pauls <ka...@gmail.com>
AuthorDate: Fri Jan 29 05:55:14 2021 +0100
SLING-9857: implement forced path with simple recreate
---
.../sling/jcr/repoinit/impl/UserVisitor.java | 96 +++++++++++++++++++++-
.../sling/jcr/repoinit/CreateGroupsTest.java | 22 +++++
.../sling/jcr/repoinit/CreateServiceUsersTest.java | 26 ++++++
.../apache/sling/jcr/repoinit/CreateUsersTest.java | 33 ++++++++
4 files changed, 173 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
index bb0877c..1abb51a 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
@@ -17,8 +17,8 @@
package org.apache.sling.jcr.repoinit.impl;
import java.security.Principal;
-
import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.repoinit.parser.operations.CreateGroup;
@@ -53,7 +53,32 @@ class UserVisitor extends DoNothingVisitor {
log.info("Creating service user {}", username);
UserUtil.createServiceUser(session, username, s.getPath());
} else if (UserUtil.isServiceUser(session, username)) {
- log.info("Service user {} already exists, no changes made.", username);
+ if (s.isForcedPath()) {
+ Authorizable authorizable = UserUtil.getAuthorizable(session, username);
+ String path;
+ try {
+ path = authorizable.getPath();
+ } catch (UnsupportedRepositoryOperationException ex) {
+ path = null;
+ }
+ if (path != null) {
+ String requiredIntermediate = s.getPath() + "/";
+ if (!path.contains(requiredIntermediate)) {
+ log.info("Recreating service user {} to move path from {} to {}", username, path, s.getPath());
+ if (UserUtil.deleteAuthorizable(session, username)) {
+ UserUtil.createServiceUser(session, username, s.getPath());
+ } else {
+ log.info("Group {} already exists and could not be recreated to match path, no changes made.", username);
+ }
+ } else {
+ log.info("Service user {} already exists, no changes made.", username);
+ }
+ } else {
+ log.error("Service user {} already exists but no path can be determined, no changes made.", username);
+ }
+ } else {
+ log.info("Service user {} already exists, no changes made.", username);
+ }
} else {
final String message = String.format("Existing user %s is not a service user.", username);
throw new RuntimeException(message);
@@ -91,7 +116,35 @@ class UserVisitor extends DoNothingVisitor {
}, g.getPath());
}
} else {
- log.info("Group {} already exists, no changes made", groupname);
+ if (g.isForcedPath()) {
+ String path;
+ try {
+ path = group.getPath();
+ } catch (UnsupportedRepositoryOperationException ex) {
+ path = null;
+ }
+ if (path != null) {
+ String requiredIntermediate = g.getPath() + "/";
+ if (!path.contains(requiredIntermediate)) {
+ log.info("Recreating group {} to move path from {} to {}", groupname, path, g.getPath());
+ if (UserUtil.deleteAuthorizable(session, groupname)) {
+ UserUtil.getUserManager(session).createGroup(new Principal() {
+ public String getName() {
+ return groupname;
+ }
+ }, g.getPath());
+ } else {
+ log.info("Group {} already exists and could not be recreated to match path, no changes made.", groupname);
+ }
+ } else {
+ log.info("Group {} already exists, no changes made.", groupname);
+ }
+ } else {
+ log.error("Group {} already exists but no path can be determined, no changes made.", groupname);
+ }
+ } else {
+ log.info("Group {} already exists, no changes made", groupname);
+ }
}
} catch (Exception e) {
report(e, "Unable to create group [" + groupname + "]:" + e);
@@ -128,7 +181,42 @@ class UserVisitor extends DoNothingVisitor {
}
UserUtil.createUser(session, username, pwd, u.getPath());
} else {
- log.info("User {} already exists, no changes made", username);
+ if (u.isForcedPath()) {
+ Authorizable authorizable = UserUtil.getAuthorizable(session, username);
+ String path;
+ try {
+ path = authorizable.getPath();
+ } catch (UnsupportedRepositoryOperationException ex) {
+ path = null;
+ }
+ if (path != null) {
+ String requiredIntermediate = u.getPath() + "/";
+ if (!path.contains(requiredIntermediate)) {
+ log.info("Recreating user {} to move path from {} to {}", username, path, u.getPath());
+ if (UserUtil.deleteAuthorizable(session, username)) {
+ final String pwd = u.getPassword();
+ if (pwd != null) {
+ // TODO we might revise this warning once we're able
+ // to create users by providing their encoded password
+ // using u.getPasswordEncoding - for now I think only cleartext works
+ log.warn("Creating user {} with cleartext password - should NOT be used on production systems",
+ username);
+ } else {
+ log.info("Creating user {}", username);
+ }
+ UserUtil.createUser(session, username, pwd, u.getPath());
+ } else {
+ log.info("User {} already exists and could not be recreated to match path, no changes made.", username);
+ }
+ } else {
+ log.info("User {} already exists, no changes made.", username);
+ }
+ } else {
+ log.error("User {} already exists but no path can be determined, no changes made.", username);
+ }
+ } else {
+ log.info("User {} already exists, no changes made.", username);
+ }
}
} catch (Exception e) {
report(e, "Unable to create user [" + username + "]:" + e);
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java
index 328d4ab..5b07d8c 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java
@@ -77,6 +77,28 @@ public class CreateGroupsTest {
}
@Test
+ public void createGroupWithForcedRelativePathTest() throws Exception {
+ final String groupId = namePrefix + "_cgwpt";
+ final String path = "testgroup/folder_for_" + groupId;
+ final String forcedPath = "testgroup/folder_for_" + groupId + "_forced";
+ U.parseAndExecute("create group " + groupId + " with path " + path);
+ U.assertGroup("after creating group " + groupId, groupId, true, path);
+ U.parseAndExecute("create group " + groupId + " with forced path " + forcedPath);
+ U.assertGroup("after creating group " + groupId, groupId, true, forcedPath);
+ }
+
+ @Test
+ public void createGroupWithForcedAbsolutePathTest() throws Exception {
+ final String groupId = namePrefix + "_cgwpt";
+ final String path = "/rep:security/rep:authorizables/rep:groups/testgroup/folder_for_" + groupId;
+ final String forcedPath = "/rep:security/rep:authorizables/rep:groups/testgroup/folder_for_" + groupId + "_forced";
+ U.parseAndExecute("create group " + groupId + " with path " + path);
+ U.assertGroup("after creating group " + groupId, groupId, true, path);
+ U.parseAndExecute("create group " + groupId + " with forced path " + forcedPath);
+ U.assertGroup("after creating group " + groupId, groupId, true, forcedPath);
+ }
+
+ @Test
public void createGroupMultipleTimes() throws Exception {
final String groupname = namePrefix + "_cgm";
U.assertGroup("before test", groupname, false);
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java
index 8642ec0..1c3d7db 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java
@@ -135,6 +135,20 @@ public class CreateServiceUsersTest {
}
@Test
+ public void createServiceUserWithForcedRelativePathTest() throws Exception {
+ final String userId = namePrefix + "_cdst";
+ // Oak requires system/ prefix for service users
+ final String path = "system/forServiceUser/test";
+ final String pathForced = "system/forServiceUser/test2";
+ U.assertServiceUser("at start of test", userId, false);
+ U.parseAndExecute("create service user " + userId + " with path " + path);
+ U.assertServiceUser("after creating user", userId, true, path);
+
+ U.parseAndExecute("create service user " + userId + " with forced path " + pathForced);
+ U.assertServiceUser("after forcing creating user", userId, true, pathForced);
+ }
+
+ @Test
public void createServiceUserWithAbsPathTest() throws Exception {
final String userId = namePrefix + "_cdst";
final String path = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test";
@@ -142,4 +156,16 @@ public class CreateServiceUsersTest {
U.parseAndExecute("create service user " + userId + " with path " + path);
U.assertServiceUser("after creating user", userId, true, path);
}
+
+ @Test
+ public void createServiceUserWithForcedAbsPathTest() throws Exception {
+ final String userId = namePrefix + "_cdst";
+ final String path = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test1";
+ final String pathForced = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test2";
+ U.assertServiceUser("at start of test", userId, false);
+ U.parseAndExecute("create service user " + userId + " with path " + path);
+ U.assertServiceUser("after creating user", userId, true, path);
+ U.parseAndExecute("create service user " + userId + " with forced path " + pathForced);
+ U.assertServiceUser("after forcing creating user", userId, true, pathForced);
+ }
}
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java
index 492dbc5..93198bb 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java
@@ -87,6 +87,39 @@ public class CreateUsersTest {
U.assertUser("after creating user " + userId, userId, true, path);
}
+ @Test
+ public void createUserWithForcedRelativePathTest() throws Exception {
+ final String userId = namePrefix + "_cuwpt";
+ final String path = "testusers/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + path);
+ U.assertUser("after creating user " + userId, userId, true, path);
+ final String forcedPath = "testusers/folder_for_" + userId + "_forec";
+ U.parseAndExecute("create user " + userId + " with forced path " + forcedPath);
+ U.assertUser("after creating user " + userId, userId, true, forcedPath);
+ }
+
+ @Test
+ public void createUserWithForcedAbsolutePathTest() throws Exception {
+ final String userId = namePrefix + "_cuwpt";
+ final String path = "/rep:security/rep:authorizables/rep:users/testusers/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + path);
+ U.assertUser("after creating user " + userId, userId, true, path);
+ final String forcedPath = "/rep:security/rep:authorizables/rep:users/testusers/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + forcedPath);
+ U.assertUser("after creating user " + userId, userId, true, forcedPath);
+ }
+
+ @Test
+ public void createUserWithForcedPathAndPasswordTest() throws Exception {
+ final String userId = namePrefix + "_cuwpt";
+ final String path = "testuserwithpassword/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with path " + path + " with password asdf");
+ U.assertUser("after creating user " + userId, userId, true, path);
+ final String forcedPath = "testuserwithpassword/folder_for_" + userId;
+ U.parseAndExecute("create user " + userId + " with forced path " + forcedPath + " with password asdf");
+ U.assertUser("after creating user " + userId, userId, true, forcedPath);
+ }
+
private String user(int index) {
return namePrefix + "_" + index;
}