You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2016/11/07 15:28:33 UTC
svn commit: r1768534 - in /sling/trunk/bundles/jcr/repoinit/src:
main/java/org/apache/sling/jcr/repoinit/impl/
test/java/org/apache/sling/jcr/repoinit/impl/
Author: cziegeler
Date: Mon Nov 7 15:28:33 2016
New Revision: 1768534
URL: http://svn.apache.org/viewvc?rev=1768534&view=rev
Log:
SLING-6219 : Allow to create users with repoinit
Added:
sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java (with props)
sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java
- copied, changed from r1768533, sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java
Removed:
sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java
Modified:
sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java
Added: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java?rev=1768534&view=auto
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java (added)
+++ sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java Mon Nov 7 15:28:33 2016
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.jcr.repoinit.impl;
+
+import static org.apache.sling.repoinit.parser.operations.AclLine.PROP_PATHS;
+import static org.apache.sling.repoinit.parser.operations.AclLine.PROP_PRINCIPALS;
+import static org.apache.sling.repoinit.parser.operations.AclLine.PROP_PRIVILEGES;
+
+import java.util.List;
+
+import javax.jcr.Node;
+import javax.jcr.Session;
+
+import org.apache.sling.repoinit.parser.operations.AclLine;
+import org.apache.sling.repoinit.parser.operations.CreatePath;
+import org.apache.sling.repoinit.parser.operations.PathSegmentDefinition;
+import org.apache.sling.repoinit.parser.operations.SetAclPaths;
+import org.apache.sling.repoinit.parser.operations.SetAclPrincipals;
+
+/** OperationVisitor which processes only operations related to ACLs.
+ * Having several such specialized visitors
+ * makes it easy to control the execution order.
+ */
+class AclVisitor extends DoNothingVisitor {
+
+ /** Create a visitor using the supplied JCR Session.
+ * @param s must have sufficient rights to create users
+ * and set ACLs.
+ */
+ public AclVisitor(Session s) {
+ super(s);
+ }
+
+ private List<String> require(AclLine line, String propertyName) {
+ final List<String> result = line.getProperty(propertyName);
+ if(result == null) {
+ throw new IllegalStateException("Missing property " + propertyName + " on " + line);
+ }
+ return result;
+ }
+
+ private void setAcl(AclLine line, Session s, List<String> principals, List<String> paths, List<String> privileges, boolean isAllow) {
+ try {
+ log.info("Adding ACL '{}' entry '{}' for {} on {}", isAllow ? "allow" : "deny", privileges, principals, paths);
+ AclUtil.setAcl(s, principals, paths, privileges, isAllow);
+ } catch(Exception e) {
+ throw new RuntimeException("Failed to set ACL (" + e.toString() + ") " + line, e);
+ }
+ }
+
+ @Override
+ public void visitSetAclPrincipal(SetAclPrincipals s) {
+ final List<String> principals = s.getPrincipals();
+ for(AclLine line : s.getLines()) {
+ final boolean isAllow = line.getAction().equals(AclLine.Action.ALLOW);
+ setAcl(line, session, principals, require(line, PROP_PATHS), require(line, PROP_PRIVILEGES), isAllow);
+ }
+ }
+
+ @Override
+ public void visitSetAclPaths(SetAclPaths s) {
+ final List<String> paths = s.getPaths();
+ for(AclLine line : s.getLines()) {
+ final boolean isAllow = line.getAction().equals(AclLine.Action.ALLOW);
+ setAcl(line, session, require(line, PROP_PRINCIPALS), paths, require(line, PROP_PRIVILEGES), isAllow);
+ }
+ }
+
+ @Override
+ public void visitCreatePath(CreatePath cp) {
+ String parentPath = "";
+ for(PathSegmentDefinition psd : cp.getDefinitions()) {
+ final String fullPath = parentPath + "/" + psd.getSegment();
+ try {
+ if(session.itemExists(fullPath)) {
+ log.info("Path already exists, nothing to do (and not checking its primary type for now): {}", fullPath);
+ } else {
+ final Node n = parentPath.equals("") ? session.getRootNode() : session.getNode(parentPath);
+ log.info("Creating node {} with primary type {}", fullPath, psd.getPrimaryType());
+ n.addNode(psd.getSegment(), psd.getPrimaryType());
+ }
+ } catch(Exception e) {
+ throw new RuntimeException("CreatePath execution failed at " + psd + ": " + e, e);
+ }
+ parentPath += "/" + psd.getSegment();
+ }
+ try {
+ session.save();
+ } catch(Exception e) {
+ throw new RuntimeException("Session.save failed: "+ e, e);
+ }
+ }
+}
Propchange: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java
------------------------------------------------------------------------------
svn:keywords = author date id revision rev url
Copied: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java (from r1768533, sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java?p2=sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java&p1=sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java&r1=1768533&r2=1768534&rev=1768534&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java Mon Nov 7 15:28:33 2016
@@ -24,8 +24,8 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
-/** Utilities for Service Users management */
-public class ServiceUserUtil {
+/** Utilities for (Service) Users management */
+public class UserUtil {
public static UserManager getUserManager(Session session) throws RepositoryException {
if(!(session instanceof JackrabbitSession)) {
@@ -33,16 +33,16 @@ public class ServiceUserUtil {
}
return ((JackrabbitSession)session).getUserManager();
}
-
+
public static Authorizable getAuthorizable(Session session, String username) throws RepositoryException {
return getUserManager(session).getAuthorizable(username);
}
-
+
/** Create a service user - fails if it already exists */
public static void createServiceUser(Session s, String username) throws RepositoryException {
getUserManager(s).createSystemUser(username, null);
}
-
+
/** True if specified service user exists */
public static boolean serviceUserExists(Session session, String username) throws RepositoryException {
boolean result = false;
@@ -53,7 +53,31 @@ public class ServiceUserUtil {
}
return result;
}
-
+
+ public static void deleteUser(Session s, String username) throws RepositoryException {
+ final Authorizable a = getUserManager(s).getAuthorizable(username);
+ if(a == null) {
+ throw new IllegalStateException("Authorizable not found:" + username);
+ }
+ a.remove();
+ }
+
+ /** Create a service user - fails if it already exists */
+ public static void createUser(Session s, String username, String password) throws RepositoryException {
+ getUserManager(s).createUser(username, password);
+ }
+
+ /** True if specified user exists */
+ public static boolean serviceExists(Session session, String username) throws RepositoryException {
+ boolean result = false;
+ final Authorizable a = getAuthorizable(session, username);
+ if (a != null) {
+ final User u = (User)a;
+ result = !u.isSystemUser();
+ }
+ return result;
+ }
+
public static void deleteServiceUser(Session s, String username) throws RepositoryException {
final Authorizable a = getUserManager(s).getAuthorizable(username);
if(a == null) {
@@ -61,5 +85,4 @@ public class ServiceUserUtil {
}
a.remove();
}
-
}
Modified: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java?rev=1768534&r1=1768533&r2=1768534&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java Mon Nov 7 15:28:33 2016
@@ -19,7 +19,9 @@ package org.apache.sling.jcr.repoinit.im
import javax.jcr.Session;
import org.apache.sling.repoinit.parser.operations.CreateServiceUser;
+import org.apache.sling.repoinit.parser.operations.CreateUser;
import org.apache.sling.repoinit.parser.operations.DeleteServiceUser;
+import org.apache.sling.repoinit.parser.operations.DeleteUser;
/** OperationVisitor which processes only operations related to
* service users and ACLs. Having several such specialized visitors
@@ -39,9 +41,9 @@ class UserVisitor extends DoNothingVisit
public void visitCreateServiceUser(CreateServiceUser s) {
final String id = s.getUsername();
try {
- if(!ServiceUserUtil.serviceUserExists(session, id)) {
+ if(!UserUtil.serviceUserExists(session, id)) {
log.info("Creating service user {}", id);
- ServiceUserUtil.createServiceUser(session, id);
+ UserUtil.createServiceUser(session, id);
} else {
log.info("Service user {} already exists, no changes made", id);
}
@@ -55,9 +57,36 @@ class UserVisitor extends DoNothingVisit
final String id = s.getUsername();
log.info("Deleting service user {}", id);
try {
- ServiceUserUtil.deleteServiceUser(session, id);
+ UserUtil.deleteServiceUser(session, id);
} catch(Exception e) {
report(e, "Unable to delete service user [" + id + "]:" + e);
}
}
+
+ @Override
+ public void visitCreateUser(CreateUser u) {
+ final String id = u.getUsername();
+ try {
+ if(!UserUtil.serviceExists(session, id)) {
+ log.info("Creating user {}", id);
+ UserUtil.createUser(session, id, u.getPassword());
+ } else {
+ log.info("User {} already exists, no changes made", id);
+ }
+ } catch(Exception e) {
+ report(e, "Unable to create user [" + id + "]:" + e);
+ }
+ }
+
+ @Override
+ public void visitDeleteUser(DeleteUser u) {
+ final String id = u.getUsername();
+ log.info("Deleting user {}", id);
+ try {
+ UserUtil.deleteUser(session, id);
+ } catch(Exception e) {
+ report(e, "Unable to delete user [" + id + "]:" + e);
+ }
+ }
+
}
Modified: sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java?rev=1768534&r1=1768533&r2=1768534&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java Mon Nov 7 15:28:33 2016
@@ -62,7 +62,7 @@ public class TestUtil {
}
public void assertServiceUser(String info, String id, boolean expectToExist) throws RepositoryException {
- final Authorizable a = ServiceUserUtil.getUserManager(adminSession).getAuthorizable(id);
+ final Authorizable a = UserUtil.getUserManager(adminSession).getAuthorizable(id);
if(!expectToExist) {
assertNull(info + ", expecting Principal to be absent:" + id, a);
} else {