You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by my...@apache.org on 2013/03/18 17:21:18 UTC
svn commit: r1457845 - in /sling/trunk/bundles:
api/src/main/java/org/apache/sling/api/resource/ resourceaccesssecurity/
resourceaccesssecurity/src/ resourceaccesssecurity/src/main/
resourceaccesssecurity/src/main/java/ resourceaccesssecurity/src/main/...
Author: mykee
Date: Mon Mar 18 16:21:17 2013
New Revision: 1457845
URL: http://svn.apache.org/r1457845
Log:
SLING-2698 - resource access security service for resource providers without backing ACLs
Added:
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java
- copied, changed from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java
sling/trunk/bundles/resourceaccesssecurity/ (with props)
sling/trunk/bundles/resourceaccesssecurity/README.txt
sling/trunk/bundles/resourceaccesssecurity/pom.xml
sling/trunk/bundles/resourceaccesssecurity/src/
sling/trunk/bundles/resourceaccesssecurity/src/main/
sling/trunk/bundles/resourceaccesssecurity/src/main/java/
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
- copied, changed from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
- copied, changed from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
- copied, changed from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
- copied, changed from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
Removed:
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/
Copied: sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java (from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java?p2=sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java&p1=sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java (original)
+++ sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java Mon Mar 18 16:21:17 2013
@@ -18,12 +18,13 @@
*/
package org.apache.sling.api.resource;
+
/**
* Exception thrown by
* <code>{@link ResourceAccessGate#sanitizeQuery(String, String, org.apache.sling.auth.core.spi.AuthenticationInfo)}</code>
* if the query is not allowed or illegal.
*/
-public class AccessGateException extends Exception {
+public class AccessSecurityException extends Exception {
private static final long serialVersionUID = -8388988380137140280L;
@@ -31,7 +32,7 @@ public class AccessGateException extends
* Constructs a new instance of this class with <code>null</code> as its
* detail message.
*/
- public AccessGateException() {
+ public AccessSecurityException() {
super();
}
@@ -42,7 +43,7 @@ public class AccessGateException extends
* @param message the detail message. The detail message is saved for later
* retrieval by the {@link #getMessage()} method.
*/
- public AccessGateException(String message) {
+ public AccessSecurityException(String message) {
super(message);
}
@@ -54,7 +55,7 @@ public class AccessGateException extends
* retrieval by the {@link #getMessage()} method.
* @param rootCause root failure cause
*/
- public AccessGateException(String message, Throwable rootCause) {
+ public AccessSecurityException(String message, Throwable rootCause) {
super(message, rootCause);
}
@@ -63,7 +64,7 @@ public class AccessGateException extends
*
* @param rootCause root failure cause
*/
- public AccessGateException(Throwable rootCause) {
+ public AccessSecurityException(Throwable rootCause) {
super(rootCause);
}
}
Added: sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java (added)
+++ sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java Mon Mar 18 16:21:17 2013
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.api.resource;
+
+
+/**
+ * The <code>ResourceAccessSecurity</code> defines a service API which might
+ * be used in implementations of resource providers where the underlaying
+ * persistence layer does not have any ACLs. The service should it make
+ * easy to implement a lightweight access control in such sort of providers.
+ *
+ * - Expected to only be implemented once in the framework/application
+ * (much like the OSGi LogService or Configuration Admin Service)
+ * - ResourceProvider implementations are encouraged to use
+ * this service for access control unless the underlying
+ * storage already has it.
+ *
+ */
+
+public interface ResourceAccessSecurity {
+
+ public Resource checkReadPermission( Resource resource );
+ public boolean canCreate( String absPathName, String user );
+ public boolean canUpdate( Resource resource );
+ public boolean canDelete( Resource resource );
+ public boolean canExecute( Resource resource );
+
+ public boolean canReadValue( Resource resource, String valueName );
+ public boolean canCreateValue( Resource resource, String valueName );
+ public boolean canUpdateValue( Resource resource, String valueName );
+ public boolean canDeleteValue( Resource resource, String valueName );
+
+ public String sanitizeQuery( String query, String language, String user ) throws AccessSecurityException;
+
+}
Propchange: sling/trunk/bundles/resourceaccesssecurity/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Mar 18 16:21:17 2013
@@ -0,0 +1 @@
+target
Added: sling/trunk/bundles/resourceaccesssecurity/README.txt
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/README.txt?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/README.txt (added)
+++ sling/trunk/bundles/resourceaccesssecurity/README.txt Mon Mar 18 16:21:17 2013
@@ -0,0 +1,27 @@
+Apache Sling Resource Access Security
+
+This bundle provides in implementation of the ResourceAccessSecurity
+
+Getting Started
+===============
+
+This component uses a Maven 3 (http://maven.apache.org/) build
+environment. It requires a Java 5 JDK (or higher) and Maven (http://maven.apache.org/)
+3.0.3 or later. We recommend to use the latest Maven version.
+
+If you have Maven 3 installed, you can compile and
+package the jar using the following command:
+
+ mvn package
+
+See the Maven 3 documentation for other build features.
+
+The latest source code for this component is available in the
+Subversion (http://subversion.apache.org/) source repository of
+the Apache Software Foundation. If you have Subversion installed,
+you can checkout the latest source using the following command:
+
+ svn checkout http://svn.apache.org/repos/asf/sling/trunk/resourceresolver
+
+See the Subversion documentation for other source control features.
+
Added: sling/trunk/bundles/resourceaccesssecurity/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/pom.xml?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/pom.xml (added)
+++ sling/trunk/bundles/resourceaccesssecurity/pom.xml Mon Mar 18 16:21:17 2013
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>15</version>
+ <relativePath>../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.1.0</version>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Import-Package>
+ javax.annotation;resolution:=optional,
+ org.apache.sling.api.resource;provide:=true,
+ org.apache.sling.commons.osgi;version="$(@)",
+ *
+ </Import-Package>
+ <Private-Package>
+ org.apache.sling.resourceaccesssecurity.impl.*
+ </Private-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.scr.annotations</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.3.1-SNAPSHOT</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.1-SNAPSHOT</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ </dependencies>
+</project>
Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java (from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java&p1=sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java Mon Mar 18 16:21:17 2013
@@ -16,7 +16,10 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.sling.api.resource;
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.AccessSecurityException;
+import org.apache.sling.api.resource.Resource;
/**
@@ -128,7 +131,7 @@ public interface ResourceAccessGate {
public GateResult canUpdateValue( Resource resource, String valueName, String user );
public GateResult canDeleteValue( Resource resource, String valueName, String user );
- public String sanitizeQuery( String query, String language, String user ) throws AccessGateException;
+ public String sanitizeQuery( String query, String language, String user ) throws AccessSecurityException;
/* for convenience (and performance) */
public boolean hasReadRestrictions( String user );
Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java (from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java&p1=sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java Mon Mar 18 16:21:17 2013
@@ -16,13 +16,13 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.sling.resourceresolver.accessgate.impl;
+package org.apache.sling.resourceaccesssecurity.impl;
import java.util.List;
import org.apache.sling.api.resource.Resource;
-import org.apache.sling.api.resource.ResourceAccessGate;
import org.apache.sling.api.resource.ResourceWrapper;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
/**
* The <code>AccessGateResourceWrapper</code> wraps a <code>Resource</code> and
Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java (from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java&p1=sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java Mon Mar 18 16:21:17 2013
@@ -15,15 +15,15 @@
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
- */package org.apache.sling.resourceresolver.accessgate;
+ */package org.apache.sling.resourceaccesssecurity.impl;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import org.apache.sling.api.resource.ResourceAccessGate;
import org.apache.sling.commons.osgi.PropertiesUtil;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
import org.osgi.framework.ServiceReference;
public class ResourceAccessGateHandler {
Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java (from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java&p1=sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java Mon Mar 18 16:21:17 2013
@@ -16,28 +16,23 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.sling.resourceresolver.accessgate.impl;
+package org.apache.sling.resourceaccesssecurity.impl;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import org.apache.sling.api.resource.ResourceAccessGate;
import org.apache.sling.api.resource.ResourceDecorator;
import org.apache.sling.commons.osgi.SortingServiceTracker;
-import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateHandler;
-import org.apache.sling.resourceresolver.impl.ResourceResolverImpl;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
public class ResourceAccessGateTracker extends SortingServiceTracker<ResourceAccessGate> {
private List<ResourceAccessGateHandler> resourceAccessGateHandlers = null;
private ServiceRegistration decoratorRegistration = null;
- private ResourceAccessGateManagerTracker resAccessGateManagerTracker = null;
/**
* Constructor
@@ -53,7 +48,6 @@ public class ResourceAccessGateTracker e
public void removedService(ServiceReference reference, Object service) {
super.removedService(reference, service);
resourceAccessGateHandlers = null;
- registerAccessGateResourceDecorator( reference.getBundle().getBundleContext(), size() );
}
/**
@@ -72,7 +66,6 @@ public class ResourceAccessGateTracker e
public Object addingService(ServiceReference reference) {
Object returnValue = super.addingService(reference);
resourceAccessGateHandlers = null;
- registerAccessGateResourceDecorator( reference.getBundle().getBundleContext(), size() + 1 );
return returnValue;
}
@@ -91,24 +84,5 @@ public class ResourceAccessGateTracker e
return returnValue;
}
-
- private void registerAccessGateResourceDecorator ( BundleContext bundleContext, int nrOfServices ) {
- if ( decoratorRegistration == null && nrOfServices > 0 ) {
- synchronized( this ) {
- resAccessGateManagerTracker = new ResourceAccessGateManagerTracker( bundleContext );
- resAccessGateManagerTracker.open();
- decoratorRegistration = bundleContext.registerService( ResourceDecorator.class.getName(),
- new AccessGateResourceDecorator( resAccessGateManagerTracker ), null);
- }
- }
- else if ( decoratorRegistration != null && nrOfServices == 0 )
- {
- synchronized( this ) {
- decoratorRegistration.unregister();
- resAccessGateManagerTracker.close();
- }
- decoratorRegistration = null;
- }
- }
-
+
}
Added: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java Mon Mar 18 16:21:17 2013
@@ -0,0 +1,198 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Properties;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.resource.AccessSecurityException;
+import org.apache.sling.api.resource.NonExistingResource;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceAccessSecurity;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
+import org.osgi.framework.Constants;
+import org.osgi.service.component.ComponentContext;
+
+@Component(
+ name = "org.apache.sling.api.resource.ResourceAccessSecurity",
+ immediate = true )
+@Service( value={ResourceAccessSecurity.class})
+ @Properties({
+ @Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling ResourceAccessSecurity"),
+ @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation")
+ })
+public class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
+
+ private ResourceAccessGateTracker resourceAccessGateTracker;
+
+ // ---------- SCR Integration ---------------------------------------------
+
+ /** Activates this component, called by SCR before registering as a service */
+ @Activate
+ protected void activate(final ComponentContext componentContext) {
+ resourceAccessGateTracker = new ResourceAccessGateTracker( componentContext.getBundleContext() );
+ resourceAccessGateTracker.open();
+
+ }
+
+ /**
+ * Deativates this component (called by SCR to take out of service)
+ */
+ @Deactivate
+ protected void deactivate() {
+ resourceAccessGateTracker.close();
+ }
+
+ private List<ResourceAccessGateHandler> getMatchingResourceAccessGateHandlers ( String path, ResourceAccessGate.Operation operation ) {
+ /* TODO: maybe caching some frequent paths with read operation would be a good idea */
+ List<ResourceAccessGateHandler> returnValue = resourceAccessGateTracker.getResourceAccessGateHandlers();
+
+ if ( returnValue.size() > 0 ) {
+ returnValue = new ArrayList<ResourceAccessGateHandler>();
+
+ for (ResourceAccessGateHandler resourceAccessGateHandler : resourceAccessGateTracker.getResourceAccessGateHandlers() ) {
+ if ( resourceAccessGateHandler.matches(path, operation) ) {
+ returnValue.add(resourceAccessGateHandler);
+ }
+ }
+ }
+
+ return returnValue;
+ }
+
+ public boolean areResourceAccessGatesRegistered () {
+ return (resourceAccessGateTracker.size() > 0 );
+ }
+
+ @Override
+ public Resource checkReadPermission(Resource resource) {
+ Resource returnValue = resource;
+ ResourceResolver resResolver = resource.getResourceResolver();
+ String user = resResolver.getUserID();
+
+ List<ResourceAccessGateHandler> accessGateHandlers =
+ getMatchingResourceAccessGateHandlers( resource.getPath(), ResourceAccessGate.Operation.READ );
+
+ GateResult finalGateResult = null;
+ boolean canReadAllValues = false;
+ List<ResourceAccessGate> accessGatesForValues = null;
+
+ for (ResourceAccessGateHandler resourceAccessGateHandler : accessGateHandlers) {
+ GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource, user);
+ if ( !canReadAllValues && gateResult == GateResult.GRANTED ) {
+ if ( resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource, user) ) {
+ canReadAllValues = true;
+ accessGatesForValues = null;
+ }
+ else {
+ if ( accessGatesForValues == null ) {
+ accessGatesForValues = new ArrayList<ResourceAccessGate>();
+ }
+ accessGatesForValues.add( resourceAccessGateHandler.getResourceAccessGate() );
+ }
+ }
+ if ( finalGateResult == null ) {
+ finalGateResult = gateResult;
+ }
+ else if ( finalGateResult == GateResult.DENIED ){
+ finalGateResult = gateResult;
+ }
+ if ( resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ) ) {
+ break;
+ }
+ }
+
+ // return NonExistingResource if access is denied or no ResourceAccessGate is present
+ if ( finalGateResult == null || finalGateResult == GateResult.DENIED ) {
+ returnValue = new NonExistingResource( resResolver, resource.getPath() );
+ }
+ else if ( finalGateResult == GateResult.DONTCARE ) {
+ returnValue = resource;
+ }
+ // wrap Resource if read access is not or partly (values) not granted
+ else if ( !canReadAllValues ) {
+ returnValue = new AccessGateResourceWrapper( resource, accessGatesForValues );
+ }
+
+ return returnValue;
+ }
+
+ @Override
+ public boolean canCreate(String absPathName, String user) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canUpdate(Resource resource) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canDelete(Resource resource) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canExecute(Resource resource) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canReadValue(Resource resource, String valueName) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canCreateValue(Resource resource, String valueName) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canUpdateValue(Resource resource, String valueName) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canDeleteValue(Resource resource, String valueName) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String sanitizeQuery(String query, String language, String user)
+ throws AccessSecurityException {
+ return query;
+ }
+
+}