You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by mp...@apache.org on 2015/02/04 13:20:22 UTC
svn commit: r1657138 - in
/sling/trunk/contrib/extensions/distribution/core/src:
main/java/org/apache/sling/distribution/agent/impl/
test/java/org/apache/sling/distribution/agent/impl/
Author: mpetria
Date: Wed Feb 4 12:20:22 2015
New Revision: 1657138
URL: http://svn.apache.org/r1657138
Log:
SLING-4393: permit path restrictions for agents via allowed.root property
Modified:
sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ForwardDistributionAgentFactory.java
sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/QueueDistributionAgentFactory.java
sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ReverseDistributionAgentFactory.java
sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgent.java
sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentFactory.java
sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SyncDistributionAgentFactory.java
sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentTest.java
Modified: sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ForwardDistributionAgentFactory.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ForwardDistributionAgentFactory.java?rev=1657138&r1=1657137&r2=1657138&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ForwardDistributionAgentFactory.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ForwardDistributionAgentFactory.java Wed Feb 4 12:20:22 2015
@@ -98,6 +98,10 @@ public class ForwardDistributionAgentFac
public static final String LOG_LEVEL = AbstractDistributionAgentFactory.LOG_LEVEL;
+ @Property(label = "Allowed root", description = "If set the agent will allow only distribution requests under the specified root.")
+ private static final String ALLOWED_ROOT = "allowed.root";
+
+
@Property(boolValue = true, label = "Queue Processing Enabled", description = "Whether or not the distribution agent should process packages in the queues.")
public static final String QUEUE_PROCESSING_ENABLED = "queue.processing.enabled";
@@ -175,6 +179,8 @@ public class ForwardDistributionAgentFac
@Override
protected SimpleDistributionAgent createAgent(String agentName, BundleContext context, Map<String, Object> config, DefaultDistributionLog distributionLog) {
String serviceName = PropertiesUtil.toString(config.get(SERVICE_NAME), null);
+ String allowedRoot = PropertiesUtil.toString(config.get(ALLOWED_ROOT), null);
+
boolean queueProcessingEnabled = PropertiesUtil.toBoolean(config.get(QUEUE_PROCESSING_ENABLED), true);
@@ -202,7 +208,7 @@ public class ForwardDistributionAgentFac
return new SimpleDistributionAgent(agentName, queueProcessingEnabled, serviceName,
packageImporter, packageExporter, requestAuthorizationStrategy,
- queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests);
+ queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests, allowedRoot);
}
Modified: sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/QueueDistributionAgentFactory.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/QueueDistributionAgentFactory.java?rev=1657138&r1=1657137&r2=1657138&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/QueueDistributionAgentFactory.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/QueueDistributionAgentFactory.java Wed Feb 4 12:20:22 2015
@@ -92,6 +92,11 @@ public class QueueDistributionAgentFacto
public static final String LOG_LEVEL = AbstractDistributionAgentFactory.LOG_LEVEL;
+
+ @Property(label = "Allowed root", description = "If set the agent will allow only distribution requests under the specified root.")
+ private static final String ALLOWED_ROOT = "allowed.root";
+
+
@Property(name = "requestAuthorizationStrategy.target", label = "Request Authorization Strategy", description = "The target reference for the DistributionRequestAuthorizationStrategy used to authorize the access to distribution process," +
"e.g. use target=(name=...) to bind to services by name.")
@Reference(name = "requestAuthorizationStrategy")
@@ -145,6 +150,7 @@ public class QueueDistributionAgentFacto
protected SimpleDistributionAgent createAgent(String agentName, BundleContext context, Map<String, Object> config, DefaultDistributionLog distributionLog) {
String serviceName = PropertiesUtil.toString(config.get(SERVICE_NAME), null);
+ String allowedRoot = PropertiesUtil.toString(config.get(ALLOWED_ROOT), null);
DistributionQueueProvider queueProvider = new JobHandlingDistributionQueueProvider(agentName, jobManager, context);
DistributionQueueDispatchingStrategy dispatchingStrategy = new SingleQueueDispatchingStrategy();
DistributionPackageExporter packageExporter = new LocalDistributionPackageExporter(packageBuilder);
@@ -153,6 +159,6 @@ public class QueueDistributionAgentFacto
return new SimpleDistributionAgent(agentName, false, serviceName,
null, packageExporter, requestAuthorizationStrategy,
- queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests);
+ queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests, allowedRoot);
}
}
Modified: sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ReverseDistributionAgentFactory.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ReverseDistributionAgentFactory.java?rev=1657138&r1=1657137&r2=1657138&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ReverseDistributionAgentFactory.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/ReverseDistributionAgentFactory.java Wed Feb 4 12:20:22 2015
@@ -191,7 +191,7 @@ public class ReverseDistributionAgentFac
return new SimpleDistributionAgent(agentName, queueProcessingEnabled, serviceName,
packageImporter, packageExporter, requestAuthorizationStrategy,
- queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests);
+ queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests, null);
}
Modified: sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgent.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgent.java?rev=1657138&r1=1657137&r2=1657138&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgent.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgent.java Wed Feb 4 12:20:22 2015
@@ -89,6 +89,7 @@ public class SimpleDistributionAgent imp
private boolean active = false;
private final DefaultDistributionLog log;
private final DistributionRequestType[] allowedRequests;
+ private final String allowedRoot;
public SimpleDistributionAgent(String name,
boolean queueProcessingEnabled,
@@ -101,9 +102,11 @@ public class SimpleDistributionAgent imp
DistributionEventFactory distributionEventFactory,
ResourceResolverFactory resourceResolverFactory,
DefaultDistributionLog log,
- DistributionRequestType[] allowedRequests) {
+ DistributionRequestType[] allowedRequests,
+ String allowedRoot) {
this.log = log;
this.allowedRequests = allowedRequests;
+ this.allowedRoot = allowedRoot;
// check configuration is valid
if (name == null
@@ -153,6 +156,11 @@ public class SimpleDistributionAgent imp
return new SimpleDistributionResponse(DistributionRequestState.DROPPED, "Request type not accepted");
}
+ if (!isAcceptedRequestRoot(distributionRequest)) {
+ log.debug("request paths not accepted {}", Arrays.toString(distributionRequest.getPaths()));
+ return new SimpleDistributionResponse(DistributionRequestState.DROPPED, "Request paths not accepted");
+ }
+
boolean silent = DistributionRequestType.PULL.equals(distributionRequest.getRequestType());
log.info(silent, "starting request {}", distributionRequest);
@@ -430,6 +438,24 @@ public class SimpleDistributionAgent imp
return false;
}
+ boolean isAcceptedRequestRoot(DistributionRequest request) {
+ if (allowedRoot == null || !allowedRoot.startsWith("/")) {
+ return true;
+ }
+
+ if (!DistributionRequestType.ADD.equals(request.getRequestType()) && !DistributionRequestType.DELETE.equals(request.getRequestType())) {
+ return true;
+ }
+
+ for (String path : request.getPaths()) {
+ if(!path.startsWith(allowedRoot)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
class PackageQueueProcessor implements DistributionQueueProcessor {
public boolean process(@Nonnull String queueName, @Nonnull DistributionQueueItem queueItem) {
try {
Modified: sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentFactory.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentFactory.java?rev=1657138&r1=1657137&r2=1657138&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentFactory.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentFactory.java Wed Feb 4 12:20:22 2015
@@ -160,7 +160,7 @@ public class SimpleDistributionAgentFact
DistributionQueueDispatchingStrategy dispatchingStrategy = new SingleQueueDispatchingStrategy();
return new SimpleDistributionAgent(agentName, queueProcessingEnabled, serviceName,
packageImporter, packageExporter, requestAuthorizationStrategy,
- queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, null);
+ queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, null, null);
}
}
Modified: sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SyncDistributionAgentFactory.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SyncDistributionAgentFactory.java?rev=1657138&r1=1657137&r2=1657138&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SyncDistributionAgentFactory.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/SyncDistributionAgentFactory.java Wed Feb 4 12:20:22 2015
@@ -211,7 +211,7 @@ public class SyncDistributionAgentFactor
return new SimpleDistributionAgent(agentName, queueProcessingEnabled, serviceName,
packageImporter, packageExporter, requestAuthorizationStrategy,
- queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests);
+ queueProvider, dispatchingStrategy, distributionEventFactory, resourceResolverFactory, distributionLog, allowedRequests, null);
}
}
Modified: sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentTest.java?rev=1657138&r1=1657137&r2=1657138&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentTest.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/SimpleDistributionAgentTest.java Wed Feb 4 12:20:22 2015
@@ -41,9 +41,12 @@ import org.apache.sling.distribution.que
import org.junit.Test;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyBoolean;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -69,7 +72,7 @@ public class SimpleDistributionAgentTest
false, "serviceName", packageImporter,
packageExporter, packageExporterStrategy,
queueProvider, distributionHandler,
- distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null);
+ distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, null);
DistributionRequest request = new SimpleDistributionRequest(DistributionRequestType.ADD, "/");
DistributionPackage distributionPackage = mock(DistributionPackage.class);
ResourceResolver resourceResolver = mock(ResourceResolver.class);
@@ -99,7 +102,7 @@ public class SimpleDistributionAgentTest
false, "subServiceName", packageImporter,
packageExporter, packageExporterStrategy,
queueProvider,
- distributionHandler, distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null);
+ distributionHandler, distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, null);
DistributionRequest request = new SimpleDistributionRequest(DistributionRequestType.ADD, "/");
DistributionPackage distributionPackage = mock(DistributionPackage.class);
ResourceResolver resourceResolver = mock(ResourceResolver.class);
@@ -133,7 +136,7 @@ public class SimpleDistributionAgentTest
false, "serviceName", packageImporter,
packageExporter, packageExporterStrategy,
queueProvider, distributionHandler,
- distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null);
+ distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, null);
DistributionRequest request = new SimpleDistributionRequest(DistributionRequestType.ADD, "/");
DistributionPackage distributionPackage = mock(DistributionPackage.class);
DistributionPackageInfo packageInfo = new DistributionPackageInfo();
@@ -163,7 +166,7 @@ public class SimpleDistributionAgentTest
false, "serviceName", packageImporter,
packageExporter, packageExporterStrategy,
queueProvider, distributionHandler,
- distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null);
+ distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, null);
DistributionQueue queue = mock(DistributionQueue.class);
when(queueProvider.getQueue(DistributionQueueDispatchingStrategy.DEFAULT_QUEUE_NAME))
.thenReturn(queue);
@@ -186,7 +189,7 @@ public class SimpleDistributionAgentTest
false, "serviceName", packageImporter,
packageExporter, packageExporterStrategy,
queueProvider, distributionHandler,
- distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null);
+ distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, null);
DistributionQueue queue = mock(DistributionQueue.class);
when(queueProvider.getQueue("priority")).thenReturn(queue);
assertNotNull(agent.getQueue("priority"));
@@ -208,9 +211,89 @@ public class SimpleDistributionAgentTest
false, "serviceName", packageImporter,
packageExporter, packageExporterStrategy,
queueProvider, distributionHandler,
- distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null);
+ distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, null);
DistributionQueue queue = mock(DistributionQueue.class);
when(queueProvider.getQueue("priority")).thenReturn(queue);
assertNull(agent.getQueue("weird"));
}
+
+
+
+ @Test
+ public void testDistributionWithAllowedRoot() throws Exception {
+ String name = "sample-agent";
+ DistributionPackageImporter packageImporter = mock(DistributionPackageImporter.class);
+ DistributionPackageExporter packageExporter = mock(DistributionPackageExporter.class);
+ DistributionRequestAuthorizationStrategy packageExporterStrategy = mock(DistributionRequestAuthorizationStrategy.class);
+ DistributionQueueProvider queueProvider = mock(DistributionQueueProvider.class);
+ DistributionQueueDispatchingStrategy queueDistributionStrategy = mock(DistributionQueueDispatchingStrategy.class);
+ DistributionEventFactory distributionEventFactory = mock(DistributionEventFactory.class);
+ ResourceResolverFactory resolverFactory = mock(ResourceResolverFactory.class);
+
+
+ when(queueDistributionStrategy.add(any(DistributionPackage.class), any(DistributionQueueProvider.class))).thenReturn(Arrays.asList(
+ new DistributionQueueItemStatus(DistributionQueueItemStatus.ItemState.QUEUED, "default")
+ ));
+
+ SimpleDistributionAgent agent = new SimpleDistributionAgent(name,
+ false, "serviceName", packageImporter,
+ packageExporter, packageExporterStrategy,
+ queueProvider, queueDistributionStrategy,
+ distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, "/content");
+
+ DistributionRequest request = new SimpleDistributionRequest(DistributionRequestType.ADD, "/content");
+ DistributionPackage distributionPackage = mock(DistributionPackage.class);
+ DistributionPackageInfo packageInfo = new DistributionPackageInfo();
+ when(distributionPackage.getInfo()).thenReturn(packageInfo);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+
+ queueDistributionStrategy.add(distributionPackage, queueProvider);
+
+ when(packageExporter.exportPackages(any(ResourceResolver.class), any(DistributionRequest.class))).thenReturn(Arrays.asList(distributionPackage));
+ when(queueProvider.getQueue(DistributionQueueDispatchingStrategy.DEFAULT_QUEUE_NAME)).thenReturn(
+ new SimpleDistributionQueue(name, "name"));
+
+ DistributionResponse response = agent.execute(resourceResolver, request);
+
+ assertTrue(response.isSuccessful());
+ }
+
+ @Test
+ public void testDistributionWithDisallowedRoot() throws Exception {
+ String name = "sample-agent";
+ DistributionPackageImporter packageImporter = mock(DistributionPackageImporter.class);
+ DistributionPackageExporter packageExporter = mock(DistributionPackageExporter.class);
+ DistributionRequestAuthorizationStrategy packageExporterStrategy = mock(DistributionRequestAuthorizationStrategy.class);
+ DistributionQueueProvider queueProvider = mock(DistributionQueueProvider.class);
+ DistributionQueueDispatchingStrategy queueDistributionStrategy = mock(DistributionQueueDispatchingStrategy.class);
+ DistributionEventFactory distributionEventFactory = mock(DistributionEventFactory.class);
+ ResourceResolverFactory resolverFactory = mock(ResourceResolverFactory.class);
+
+
+ when(queueDistributionStrategy.add(any(DistributionPackage.class), any(DistributionQueueProvider.class))).thenReturn(Arrays.asList(
+ new DistributionQueueItemStatus(DistributionQueueItemStatus.ItemState.QUEUED, "default")
+ ));
+
+ SimpleDistributionAgent agent = new SimpleDistributionAgent(name,
+ false, "serviceName", packageImporter,
+ packageExporter, packageExporterStrategy,
+ queueProvider, queueDistributionStrategy,
+ distributionEventFactory, resolverFactory, mock(DefaultDistributionLog.class), null, "/content");
+
+ DistributionRequest request = new SimpleDistributionRequest(DistributionRequestType.ADD, "/home");
+ DistributionPackage distributionPackage = mock(DistributionPackage.class);
+ DistributionPackageInfo packageInfo = new DistributionPackageInfo();
+ when(distributionPackage.getInfo()).thenReturn(packageInfo);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+
+ queueDistributionStrategy.add(distributionPackage, queueProvider);
+
+ when(packageExporter.exportPackages(any(ResourceResolver.class), any(DistributionRequest.class))).thenReturn(Arrays.asList(distributionPackage));
+ when(queueProvider.getQueue(DistributionQueueDispatchingStrategy.DEFAULT_QUEUE_NAME)).thenReturn(
+ new SimpleDistributionQueue(name, "name"));
+
+ DistributionResponse response = agent.execute(resourceResolver, request);
+
+ assertFalse(response.isSuccessful());
+ }
}