You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by js...@apache.org on 2016/11/10 12:35:28 UTC
svn commit: r1769105 - in /sling/trunk:
bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/
bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/
bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/
bundles/jcr/base/src/test/jav...
Author: jsedding
Date: Thu Nov 10 12:35:27 2016
New Revision: 1769105
URL: http://svn.apache.org/viewvc?rev=1769105&view=rev
Log:
SLING-5135 - Whitelist legit usages of loginAdministrative and administrative ResourceResolver
- move LoginAdminWhitelist from o.a.s.jcr.base to o.a.s.jcr.oak-server and do NOT export it
Added:
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelist.java (with props)
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistConfiguration.java (with props)
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/internal/
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistTest.java (contents, props changed)
- copied, changed from r1769104, sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java
Removed:
sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/LoginAdminWhitelist.java
sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/DefaultWhitelist.java
sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImpl.java
sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockLoginAdminWhitelist.java
sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java
Modified:
sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java
sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java
sling/trunk/bundles/jcr/oak-server/pom.xml
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java
sling/trunk/contrib/scripting/org.apache.sling.scripting.thymeleaf/src/test/java/org/apache/sling/scripting/thymeleaf/it/tests/ThymeleafTestSupport.java
sling/trunk/karaf/org.apache.sling.karaf-configs/pom.xml
sling/trunk/karaf/org.apache.sling.karaf-distribution/pom.xml
sling/trunk/karaf/org.apache.sling.karaf-features/src/main/feature/feature.xml
sling/trunk/launchpad/testing-war/src/main/provisioning/model.txt
sling/trunk/launchpad/testing/src/main/provisioning/model.txt
Modified: sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java (original)
+++ sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java Thu Nov 10 12:35:27 2016
@@ -20,8 +20,11 @@ package org.apache.sling.jcr.base;
import static org.junit.Assert.fail;
+import java.util.Arrays;
import java.util.Dictionary;
+import java.util.HashSet;
import java.util.Hashtable;
+import java.util.Set;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
@@ -33,20 +36,25 @@ import org.osgi.framework.BundleContext;
/** Minimal AbstractSlingRepositoryManager used for testing */
public class MockSlingRepositoryManager extends AbstractSlingRepositoryManager {
- private final Repository repository;
+ public static final String WHITELIST_ALL = "*";
+
+ public static final String WHITELIST_NONE = "";
- private LoginAdminWhitelist loginAdminWhitelist;
+ private final Repository repository;
private boolean loginAdminDisabled;
+ private Set<String> loginAdminWhitelist;
+
public MockSlingRepositoryManager(Repository repository) {
- this(repository, false, new MockLoginAdminWhitelist(true));
+ this(repository, false, WHITELIST_ALL);
}
- public MockSlingRepositoryManager(Repository repository, boolean loginAdminDisabled, LoginAdminWhitelist loginAdminWhitelist) {
+ public MockSlingRepositoryManager(Repository repository, boolean loginAdminDisabled, String... loginAdminWhitelist) {
this.repository = repository;
this.loginAdminDisabled = loginAdminDisabled;
- this.loginAdminWhitelist = loginAdminWhitelist;
+ this.loginAdminWhitelist = new HashSet<>(Arrays.asList(loginAdminWhitelist));
+ this.loginAdminWhitelist.remove(WHITELIST_NONE);
}
@Override
@@ -86,7 +94,7 @@ public class MockSlingRepositoryManager
@Override
protected boolean allowLoginAdministrativeForBundle(final Bundle bundle) {
- return loginAdminWhitelist.allowLoginAdministrative(bundle);
+ return loginAdminWhitelist.contains("*") || loginAdminWhitelist.contains(bundle.getSymbolicName());
}
public void activate(BundleContext context) {
Modified: sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java (original)
+++ sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java Thu Nov 10 12:35:27 2016
@@ -18,6 +18,8 @@
*/
package org.apache.sling.jcr.base.internal;
+import static org.apache.sling.jcr.base.MockSlingRepositoryManager.WHITELIST_ALL;
+import static org.apache.sling.jcr.base.MockSlingRepositoryManager.WHITELIST_NONE;
import static org.junit.Assert.assertEquals;
import java.util.ArrayList;
@@ -30,15 +32,10 @@ import javax.jcr.Session;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.AbstractSlingRepository2;
-import org.apache.sling.jcr.base.LoginAdminWhitelist;
-import org.apache.sling.jcr.base.MockLoginAdminWhitelist;
import org.apache.sling.jcr.base.MockSlingRepositoryManager;
import org.apache.sling.testing.mock.jcr.MockJcr;
import org.apache.sling.testing.mock.osgi.MockOsgi;
-import org.apache.sling.testing.mock.sling.ResourceResolverType;
-import org.apache.sling.testing.mock.sling.junit.SlingContext;
import org.junit.Before;
-import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -80,7 +77,7 @@ public class WhitelistWiringTest {
BundleContext bundleContext = MockOsgi.newBundleContext();
Bundle bundle = bundleContext.getBundle();
- LoginAdminWhitelist whitelist = new MockLoginAdminWhitelist(whitelistAllowsLoginAdmin);
+ String whitelist = whitelistAllowsLoginAdmin ? WHITELIST_ALL : WHITELIST_NONE;
final MockSlingRepositoryManager repoMgr =
new MockSlingRepositoryManager(MockJcr.newRepository(), !managerAllowsLoginAdmin, whitelist);
Modified: sling/trunk/bundles/jcr/oak-server/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/pom.xml?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/pom.xml (original)
+++ sling/trunk/bundles/jcr/oak-server/pom.xml Thu Nov 10 12:35:27 2016
@@ -88,6 +88,7 @@
</execution>
</executions>
<configuration>
+ <redirectTestOutputToFile>true</redirectTestOutputToFile>
<systemProperties>
<property>
<name>bundle.filename</name>
@@ -249,6 +250,17 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.10.19</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.osgi</groupId>
<artifactId>org.osgi.service.cm</artifactId>
<version>1.5.0</version>
Added: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelist.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelist.java?rev=1769105&view=auto
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelist.java (added)
+++ sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelist.java Thu Nov 10 12:35:27 2016
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.jcr.oak.server.internal;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.regex.Pattern;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.jcr.api.SlingRepository;
+import org.osgi.framework.Bundle;
+import org.osgi.framework.Constants;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.metatype.annotations.Designate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Whitelist that defines which bundles can use the
+ * {@link SlingRepository#loginAdministrative} method.
+ *
+ * The default configuration lets a few trusted Sling bundles
+ * use the loginAdministrative method.
+ */
+@org.osgi.service.component.annotations.Component(
+ service = LoginAdminWhitelist.class,
+ property = {
+ Constants.SERVICE_DESCRIPTION + "=Apache Sling Login Admin Whitelist",
+ Constants.SERVICE_VENDOR + "=The Apache Software Foundation"
+ }
+)
+@Designate(
+ ocd = LoginAdminWhitelistConfiguration.class
+)
+public class LoginAdminWhitelist {
+
+ private final Logger log = LoggerFactory.getLogger(getClass());
+
+ private boolean bypassWhitelist;
+
+ private Pattern whitelistRegexp;
+
+ private Set<String> whitelistedBsn;
+
+ @Activate
+ void activate(LoginAdminWhitelistConfiguration config) {
+ whitelistedBsn = new TreeSet<String>();
+
+ if (config.whitelist_bundles_default() != null) {
+ whitelistedBsn.addAll(Arrays.asList(config.whitelist_bundles_default()));
+ }
+ if (config.whitelist_bundles_additional() != null) { // null check due to FELIX-5404
+ whitelistedBsn.addAll(Arrays.asList(config.whitelist_bundles_additional()));
+ }
+
+ final String regexp = config.whitelist_bundles_regexp();
+ if(regexp.trim().length() > 0) {
+ whitelistRegexp = Pattern.compile(regexp);
+ log.warn("A whitelist.bundles.regexp is configured, this is NOT RECOMMENDED for production: {}", whitelistRegexp);
+ } else {
+ whitelistRegexp = null;
+ }
+
+ bypassWhitelist = config.whitelist_bypass();
+ if(bypassWhitelist) {
+ log.info("bypassWhitelist=true, whitelisted BSNs=<ALL>");
+ log.warn(
+ "All bundles are allowed to use loginAdministrative due to the 'bypass whitelist' configuration"
+ + " of this service. This is NOT RECOMMENDED, for security reasons."
+ );
+ } else {
+ log.info("bypassWhitelist=false, whitelisted BSNs({})={}", whitelistedBsn.size(), whitelistedBsn);
+ }
+ }
+
+ boolean allowLoginAdministrative(Bundle b) {
+ if(bypassWhitelist) {
+ log.debug("Whitelist is bypassed, all bundles allowed to use loginAdministrative");
+ return true;
+ }
+
+ final String bsn = b.getSymbolicName();
+ if(whitelistRegexp != null && whitelistRegexp.matcher(bsn).matches()) {
+ log.debug("{} is whitelisted to use loginAdministrative, by regexp", bsn);
+ return true;
+ } else if(whitelistedBsn.contains(bsn)) {
+ log.debug("{} is whitelisted to use loginAdministrative, by explicit whitelist", bsn);
+ return true;
+ }
+ log.debug("{} is not whitelisted to use loginAdministrative", bsn);
+ return false;
+ }
+}
Propchange: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelist.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistConfiguration.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistConfiguration.java?rev=1769105&view=auto
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistConfiguration.java (added)
+++ sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistConfiguration.java Thu Nov 10 12:35:27 2016
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.jcr.oak.server.internal;
+
+import org.osgi.service.metatype.annotations.AttributeDefinition;
+import org.osgi.service.metatype.annotations.ObjectClassDefinition;
+
+@ObjectClassDefinition(
+ name = "Apache Sling Login Admin Whitelist",
+ description = "Defines which bundles can use SlingRepository.loginAdministrative()"
+)
+@interface LoginAdminWhitelistConfiguration {
+
+ /** Need to allow for bypassing the whitelist, for backwards
+ * compatibility with previous Sling versions which didn't
+ * implement it. Setting this to true is not recommended
+ * and logged as a warning.
+ */
+ @AttributeDefinition(
+ name = "Bypass the whitelist",
+ description = "Allow all bundles to use loginAdministrative(). Should ONLY be used " +
+ "for backwards compatibility reasons and if you are aware of " +
+ "the related security risks."
+ )
+ boolean whitelist_bypass() default false;
+
+ @AttributeDefinition(
+ name = "Whitelist regexp",
+ description = "Regular expression for bundle symbolic names for which loginAdministrative() " +
+ "is allowed. NOT recommended for production use, but useful for testing with " +
+ "generated bundles."
+ )
+ String whitelist_bundles_regexp() default "";
+
+ @AttributeDefinition(
+ name = "Default whitelisted BSNs",
+ description = "Default list of bundle symbolic names for which loginAdministrative() is allowed."
+ )
+ String[] whitelist_bundles_default() default {
+ // TODO: remove bundles as their dependency on admin login is fixed, see SLING-5355 for linked issues
+ "org.apache.sling.discovery.commons",
+ "org.apache.sling.discovery.base",
+ "org.apache.sling.discovery.oak",
+ "org.apache.sling.extensions.webconsolesecurityprovider",
+ "org.apache.sling.i18n",
+ "org.apache.sling.installer.provider.jcr",
+ "org.apache.sling.jcr.base",
+ "org.apache.sling.jcr.contentloader",
+ "org.apache.sling.jcr.davex",
+ "org.apache.sling.jcr.jackrabbit.usermanager",
+ "org.apache.sling.jcr.oak.server",
+ "org.apache.sling.jcr.repoinit",
+ "org.apache.sling.jcr.resource",
+ "org.apache.sling.jcr.webconsole",
+ "org.apache.sling.resourceresolver",
+ "org.apache.sling.servlets.post", // remove when 2.3.16 is released
+ "org.apache.sling.servlets.resolver"
+ };
+
+ @AttributeDefinition(
+ name = "Additional whitelisted BSNs",
+ description = "Additional list of bundle symbolic names for which loginAdministrative() is allowed."
+ )
+ String[] whitelist_bundles_additional() default {};
+}
Propchange: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistConfiguration.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java (original)
+++ sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java Thu Nov 10 12:35:27 2016
@@ -59,7 +59,6 @@ import org.apache.sling.commons.threads.
import org.apache.sling.commons.threads.ThreadPoolManager;
import org.apache.sling.jcr.base.AbstractSlingRepository2;
import org.apache.sling.jcr.base.AbstractSlingRepositoryManager;
-import org.apache.sling.jcr.base.LoginAdminWhitelist;
import org.apache.sling.serviceusermapping.ServiceUserMapper;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
Copied: sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistTest.java (from r1769104, sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistTest.java?p2=sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistTest.java&p1=sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java&r1=1769104&r2=1769105&rev=1769105&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java (original)
+++ sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistTest.java Thu Nov 10 12:35:27 2016
@@ -16,15 +16,14 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.sling.jcr.base.internal;
+package org.apache.sling.jcr.oak.server.internal;
import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.when;
+import java.lang.annotation.Annotation;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import java.util.UUID;
import org.junit.Before;
@@ -32,15 +31,15 @@ import org.junit.Test;
import org.mockito.Mockito;
import org.osgi.framework.Bundle;
-public class LoginAdminWhitelistImplTest {
- private LoginAdminWhitelistImpl whitelist;
- private Map<String, Object> config;
+public class LoginAdminWhitelistTest {
+
private static final String TYPICAL_DEFAULT_ALLOWED_BSN = "org.apache.sling.jcr.base";
-
+
+ private LoginAdminWhitelist whitelist;
+
@Before
public void setup() {
- whitelist = new LoginAdminWhitelistImpl();
- config = new HashMap<String, Object>();
+ whitelist = new LoginAdminWhitelist();
}
private void assertAdminLogin(final String bundleSymbolicName, boolean expected) {
@@ -60,9 +59,10 @@ public class LoginAdminWhitelistImplTest
@Test
public void testDefaultConfig() {
+ final LoginAdminWhitelistConfiguration config = config(null, null, null, null);
whitelist.activate(config);
-
- for(String bsn : DefaultWhitelist.WHITELISTED_BSN) {
+
+ for(String bsn : config.whitelist_bundles_default()) {
assertAdminLogin(bsn, true);
}
@@ -72,11 +72,10 @@ public class LoginAdminWhitelistImplTest
assertAdminLogin(bsn, false);
}
}
-
+
@Test
public void testBypassWhitelist() {
- config.put(LoginAdminWhitelistImpl.PROP_BYPASS_WHITELIST, true);
- whitelist.activate(config);
+ whitelist.activate(config(true, null, null, null));
for(String bsn : randomBsn()) {
assertAdminLogin(bsn, true);
@@ -88,8 +87,7 @@ public class LoginAdminWhitelistImplTest
final String [] allowed = {
"bundle1", "bundle2"
};
- config.put(LoginAdminWhitelistImpl.PROP_DEFAULT_WHITELISTED_BSN, allowed);
- whitelist.activate(config);
+ whitelist.activate(config(null, null, allowed, null));
assertAdminLogin("bundle1", true);
assertAdminLogin("bundle2", true);
@@ -106,14 +104,15 @@ public class LoginAdminWhitelistImplTest
final String [] allowed = {
"bundle5", "bundle6"
};
- config.put(LoginAdminWhitelistImpl.PROP_ADDITIONAL_WHITELISTED_BSN, allowed);
+ final LoginAdminWhitelistConfiguration config = config(null, null, null, allowed);
whitelist.activate(config);
assertAdminLogin("bundle5", true);
assertAdminLogin("bundle6", true);
assertAdminLogin("foo.1.bar", false);
+ assertAdminLogin(TYPICAL_DEFAULT_ALLOWED_BSN, true);
- for(String bsn : DefaultWhitelist.WHITELISTED_BSN) {
+ for(String bsn : config.whitelist_bundles_default()) {
assertAdminLogin(bsn, true);
}
@@ -124,9 +123,7 @@ public class LoginAdminWhitelistImplTest
@Test
public void testDefaultAndAdditionalConfig() {
- config.put(LoginAdminWhitelistImpl.PROP_DEFAULT_WHITELISTED_BSN, new String [] { "defB"});
- config.put(LoginAdminWhitelistImpl.PROP_ADDITIONAL_WHITELISTED_BSN, new String [] { "addB"});
- whitelist.activate(config);
+ whitelist.activate(config(null, null, new String [] { "defB"}, new String [] { "addB"}));
assertAdminLogin("defB", true);
assertAdminLogin("addB", true);
@@ -143,9 +140,7 @@ public class LoginAdminWhitelistImplTest
final String [] allowed = {
"bundle3", "bundle4"
};
- config.put(LoginAdminWhitelistImpl.PROP_DEFAULT_WHITELISTED_BSN, allowed);
- config.put(LoginAdminWhitelistImpl.PROP_WHITELIST_REGEXP, "foo.*bar");
- whitelist.activate(config);
+ whitelist.activate(config(null, "foo.*bar", allowed, null));
assertAdminLogin("bundle3", true);
assertAdminLogin("bundle4", true);
@@ -157,4 +152,45 @@ public class LoginAdminWhitelistImplTest
assertAdminLogin(bsn, false);
}
}
+
+
+ private LoginAdminWhitelistConfiguration config(final Boolean bypass, final String regexp, final String[] defaultBSNs, final String[] additionalBSNs) {
+ return new LoginAdminWhitelistConfiguration() {
+ @Override
+ public boolean whitelist_bypass() {
+ return defaultIfNull(bypass, "whitelist_bypass");
+ }
+
+ @Override
+ public String whitelist_bundles_regexp() {
+ return defaultIfNull(regexp, "whitelist_bundles_regexp");
+ }
+
+ @Override
+ public String[] whitelist_bundles_default() {
+ return defaultIfNull(defaultBSNs, "whitelist_bundles_default");
+ }
+
+ @Override
+ public String[] whitelist_bundles_additional() {
+ return defaultIfNull(additionalBSNs, "whitelist_bundles_additional");
+ }
+
+ @Override
+ public Class<? extends Annotation> annotationType() {
+ return LoginAdminWhitelistConfiguration.class;
+ }
+
+ private <T> T defaultIfNull(final T value, final String methodName) {
+ if (value != null) {
+ return value;
+ }
+ try {
+ return (T)this.annotationType().getMethod(methodName).getDefaultValue();
+ } catch (NoSuchMethodException e) {
+ return null;
+ }
+ }
+ };
+ }
}
\ No newline at end of file
Propchange: sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/internal/LoginAdminWhitelistTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java (original)
+++ sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java Thu Nov 10 12:35:27 2016
@@ -202,7 +202,7 @@ public abstract class OakServerTestSuppo
}
protected Option getWhitelistRegexpOption() {
- return newConfiguration("org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl")
+ return newConfiguration("org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist")
.put("whitelist.bundles.regexp", "PAXEXAM-PROBE-.*")
.asOption();
}
Modified: sling/trunk/contrib/scripting/org.apache.sling.scripting.thymeleaf/src/test/java/org/apache/sling/scripting/thymeleaf/it/tests/ThymeleafTestSupport.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/scripting/org.apache.sling.scripting.thymeleaf/src/test/java/org/apache/sling/scripting/thymeleaf/it/tests/ThymeleafTestSupport.java?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/contrib/scripting/org.apache.sling.scripting.thymeleaf/src/test/java/org/apache/sling/scripting/thymeleaf/it/tests/ThymeleafTestSupport.java (original)
+++ sling/trunk/contrib/scripting/org.apache.sling.scripting.thymeleaf/src/test/java/org/apache/sling/scripting/thymeleaf/it/tests/ThymeleafTestSupport.java Thu Nov 10 12:35:27 2016
@@ -124,7 +124,7 @@ public abstract class ThymeleafTestSuppo
factoryConfiguration("org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended")
.put("user.mapping", "org.apache.sling.scripting.thymeleaf=sling-scripting")
.asOption(),
- newConfiguration("org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl")
+ newConfiguration("org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist")
.put("whitelist.bundles.regexp", "org.apache.sling.*")
.asOption()
);
Modified: sling/trunk/karaf/org.apache.sling.karaf-configs/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/karaf/org.apache.sling.karaf-configs/pom.xml?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/karaf/org.apache.sling.karaf-configs/pom.xml (original)
+++ sling/trunk/karaf/org.apache.sling.karaf-configs/pom.xml Thu Nov 10 12:35:27 2016
@@ -118,8 +118,8 @@
<type>config</type>
</artifact>
<artifact>
- <classifier>org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl</classifier>
- <file>src/main/resources/org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl.config</file>
+ <classifier>org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist</classifier>
+ <file>src/main/resources/org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist.config</file>
<type>config</type>
</artifact>
<artifact>
Modified: sling/trunk/karaf/org.apache.sling.karaf-distribution/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/karaf/org.apache.sling.karaf-distribution/pom.xml?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/karaf/org.apache.sling.karaf-distribution/pom.xml (original)
+++ sling/trunk/karaf/org.apache.sling.karaf-distribution/pom.xml Thu Nov 10 12:35:27 2016
@@ -168,7 +168,7 @@
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.karaf-configs</artifactId>
<version>${project.version}</version>
- <classifier>org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl</classifier>
+ <classifier>org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist</classifier>
<type>config</type>
<scope>runtime</scope>
</dependency>
Modified: sling/trunk/karaf/org.apache.sling.karaf-features/src/main/feature/feature.xml
URL: http://svn.apache.org/viewvc/sling/trunk/karaf/org.apache.sling.karaf-features/src/main/feature/feature.xml?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/karaf/org.apache.sling.karaf-features/src/main/feature/feature.xml (original)
+++ sling/trunk/karaf/org.apache.sling.karaf-features/src/main/feature/feature.xml Thu Nov 10 12:35:27 2016
@@ -296,7 +296,7 @@
</feature>
<!-- Apache Sling JCR -->
<feature name="sling-jcr" version="${feature.version}">
- <configfile finalname="/etc/org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl.config">mvn:org.apache.sling/org.apache.sling.karaf-configs/${project.version}/config/org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl</configfile>
+ <configfile finalname="/etc/org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist.config">mvn:org.apache.sling/org.apache.sling.karaf-configs/${project.version}/config/org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist</configfile>
<bundle>mvn:org.apache.sling/org.apache.sling.jcr.api/2.4.0</bundle>
<bundle>mvn:org.apache.sling/org.apache.sling.jcr.base/2.4.1-SNAPSHOT</bundle>
<bundle>mvn:org.apache.sling/org.apache.sling.jcr.classloader/3.2.2</bundle>
Modified: sling/trunk/launchpad/testing-war/src/main/provisioning/model.txt
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/testing-war/src/main/provisioning/model.txt?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/launchpad/testing-war/src/main/provisioning/model.txt (original)
+++ sling/trunk/launchpad/testing-war/src/main/provisioning/model.txt Thu Nov 10 12:35:27 2016
@@ -31,7 +31,7 @@
# Set the servlet resolver's cache size to zero for testing
servletresolver.cacheSize=I"0"
- org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl
+ org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist
whitelist.bundles.regexp="org.apache.sling.(launchpad|junit).*"
# Test repository initialization from provisioning model
Modified: sling/trunk/launchpad/testing/src/main/provisioning/model.txt
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/testing/src/main/provisioning/model.txt?rev=1769105&r1=1769104&r2=1769105&view=diff
==============================================================================
--- sling/trunk/launchpad/testing/src/main/provisioning/model.txt (original)
+++ sling/trunk/launchpad/testing/src/main/provisioning/model.txt Thu Nov 10 12:35:27 2016
@@ -32,7 +32,7 @@
# Set the servlet resolver's cache size to zero for testing
servletresolver.cacheSize=I"0"
- org.apache.sling.jcr.base.internal.LoginAdminWhitelistImpl
+ org.apache.sling.jcr.oak.server.internal.LoginAdminWhitelist
whitelist.bundles.regexp="org.apache.sling.(launchpad|junit).*"
[settings]