You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by my...@apache.org on 2013/03/18 17:21:18 UTC

svn commit: r1457845 - in /sling/trunk/bundles: api/src/main/java/org/apache/sling/api/resource/ resourceaccesssecurity/ resourceaccesssecurity/src/ resourceaccesssecurity/src/main/ resourceaccesssecurity/src/main/java/ resourceaccesssecurity/src/main/...

Author: mykee
Date: Mon Mar 18 16:21:17 2013
New Revision: 1457845

URL: http://svn.apache.org/r1457845
Log:
SLING-2698 - resource access security service for resource providers without backing ACLs

Added:
    sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java
      - copied, changed from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
    sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java
    sling/trunk/bundles/resourceaccesssecurity/   (with props)
    sling/trunk/bundles/resourceaccesssecurity/README.txt
    sling/trunk/bundles/resourceaccesssecurity/pom.xml
    sling/trunk/bundles/resourceaccesssecurity/src/
    sling/trunk/bundles/resourceaccesssecurity/src/main/
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
      - copied, changed from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
      - copied, changed from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
      - copied, changed from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
      - copied, changed from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
Removed:
    sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
    sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/

Copied: sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java (from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java?p2=sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java&p1=sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java (original)
+++ sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessSecurityException.java Mon Mar 18 16:21:17 2013
@@ -18,12 +18,13 @@
  */
 package org.apache.sling.api.resource;
 
+
 /**
  * Exception thrown by
  * <code>{@link ResourceAccessGate#sanitizeQuery(String, String, org.apache.sling.auth.core.spi.AuthenticationInfo)}</code>
  * if the query is not allowed or illegal.
  */
-public class AccessGateException extends Exception {
+public class AccessSecurityException extends Exception {
 
     private static final long serialVersionUID = -8388988380137140280L;
 
@@ -31,7 +32,7 @@ public class AccessGateException extends
      * Constructs a new instance of this class with <code>null</code> as its
      * detail message.
      */
-    public AccessGateException() {
+    public AccessSecurityException() {
         super();
     }
 
@@ -42,7 +43,7 @@ public class AccessGateException extends
      * @param message the detail message. The detail message is saved for later
      *            retrieval by the {@link #getMessage()} method.
      */
-    public AccessGateException(String message) {
+    public AccessSecurityException(String message) {
         super(message);
     }
 
@@ -54,7 +55,7 @@ public class AccessGateException extends
      *            retrieval by the {@link #getMessage()} method.
      * @param rootCause root failure cause
      */
-    public AccessGateException(String message, Throwable rootCause) {
+    public AccessSecurityException(String message, Throwable rootCause) {
         super(message, rootCause);
     }
 
@@ -63,7 +64,7 @@ public class AccessGateException extends
      *
      * @param rootCause root failure cause
      */
-    public AccessGateException(Throwable rootCause) {
+    public AccessSecurityException(Throwable rootCause) {
         super(rootCause);
     }
 }

Added: sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java (added)
+++ sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessSecurity.java Mon Mar 18 16:21:17 2013
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.api.resource;
+
+
+/**
+ * The <code>ResourceAccessSecurity</code> defines a service API which might 
+ * be used in implementations of resource providers where the underlaying 
+ * persistence layer does not have any ACLs. The service should it make
+ * easy to implement a lightweight access control in such sort of providers.
+ *
+ * - Expected to only be implemented once in the framework/application
+ *   (much like the OSGi LogService or Configuration Admin Service)
+ * - ResourceProvider implementations are encouraged to use 
+ *   this service for access control unless the underlying
+ *   storage already has it.
+ *
+ */
+
+public interface ResourceAccessSecurity {
+    
+    public Resource checkReadPermission( Resource resource );
+    public boolean canCreate( String absPathName, String user );
+    public boolean canUpdate( Resource resource );
+    public boolean canDelete( Resource resource );
+    public boolean canExecute( Resource resource );
+
+    public boolean canReadValue( Resource resource, String valueName );
+    public boolean canCreateValue( Resource resource, String valueName );
+    public boolean canUpdateValue( Resource resource, String valueName );
+    public boolean canDeleteValue( Resource resource, String valueName );
+
+    public String sanitizeQuery( String query, String language, String user ) throws AccessSecurityException;
+
+}

Propchange: sling/trunk/bundles/resourceaccesssecurity/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Mar 18 16:21:17 2013
@@ -0,0 +1 @@
+target

Added: sling/trunk/bundles/resourceaccesssecurity/README.txt
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/README.txt?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/README.txt (added)
+++ sling/trunk/bundles/resourceaccesssecurity/README.txt Mon Mar 18 16:21:17 2013
@@ -0,0 +1,27 @@
+Apache Sling Resource Access Security
+
+This bundle provides in implementation of the ResourceAccessSecurity
+
+Getting Started
+===============
+
+This component uses a Maven 3 (http://maven.apache.org/) build
+environment. It requires a Java 5 JDK (or higher) and Maven (http://maven.apache.org/)
+3.0.3 or later. We recommend to use the latest Maven version.
+
+If you have Maven 3 installed, you can compile and
+package the jar using the following command:
+
+    mvn package
+
+See the Maven 3 documentation for other build features.
+
+The latest source code for this component is available in the
+Subversion (http://subversion.apache.org/) source repository of
+the Apache Software Foundation. If you have Subversion installed,
+you can checkout the latest source using the following command:
+
+    svn checkout http://svn.apache.org/repos/asf/sling/trunk/resourceresolver
+
+See the Subversion documentation for other source control features.
+

Added: sling/trunk/bundles/resourceaccesssecurity/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/pom.xml?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/pom.xml (added)
+++ sling/trunk/bundles/resourceaccesssecurity/pom.xml Mon Mar 18 16:21:17 2013
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.sling</groupId>
+        <artifactId>sling</artifactId>
+        <version>15</version>
+        <relativePath>../../parent/pom.xml</relativePath>
+    </parent>
+
+    <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>bundle</packaging>
+
+    <name>Apache Sling Resource Access Security</name>
+    <description>
+        This bundle provides in implementation of the ResourceAccessSecurity service
+    </description>
+
+    <scm>
+        <connection>
+            scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity
+        </connection>
+        <developerConnection>
+            scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity
+        </developerConnection>
+        <url>
+            http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity
+        </url>
+    </scm>
+
+    <properties>
+        <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.sling</groupId>
+                <artifactId>maven-sling-plugin</artifactId>
+                <version>2.1.0</version>
+                <executions>
+                    <execution>
+                        <id>generate-adapter-metadata</id>
+                        <phase>process-classes</phase>
+                        <goals>
+                            <goal>generate-adapter-metadata</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Import-Package>
+                            javax.annotation;resolution:=optional,
+                            org.apache.sling.api.resource;provide:=true,
+                            org.apache.sling.commons.osgi;version="$(@)",
+                            *
+                        </Import-Package>
+                        <Private-Package>
+                            org.apache.sling.resourceaccesssecurity.impl.*
+                        </Private-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.apache.felix.scr.annotations</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.jcr</groupId>
+            <artifactId>jcr</artifactId>
+            <version>2.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.compendium</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.api</artifactId>
+            <version>2.3.1-SNAPSHOT</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.commons.osgi</artifactId>
+            <version>2.2.1-SNAPSHOT</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+           <groupId>commons-collections</groupId>
+           <artifactId>commons-collections</artifactId>
+           <version>3.2.1</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>adapter-annotations</artifactId>
+            <version>1.0.0</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Testing -->
+     </dependencies>
+</project>

Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java (from r1452322, sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java&p1=sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java Mon Mar 18 16:21:17 2013
@@ -16,7 +16,10 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.sling.api.resource;
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.AccessSecurityException;
+import org.apache.sling.api.resource.Resource;
 
 
 /**
@@ -128,7 +131,7 @@ public interface ResourceAccessGate {
     public GateResult canUpdateValue( Resource resource, String valueName, String user );
     public GateResult canDeleteValue( Resource resource, String valueName, String user );
 
-    public String sanitizeQuery( String query, String language, String user ) throws AccessGateException;
+    public String sanitizeQuery( String query, String language, String user ) throws AccessSecurityException;
 
     /* for convenience (and performance) */
     public boolean hasReadRestrictions( String user );

Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java (from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java&p1=sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java Mon Mar 18 16:21:17 2013
@@ -16,13 +16,13 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.sling.resourceresolver.accessgate.impl;
+package org.apache.sling.resourceaccesssecurity.impl;
 
 import java.util.List;
 
 import org.apache.sling.api.resource.Resource;
-import org.apache.sling.api.resource.ResourceAccessGate;
 import org.apache.sling.api.resource.ResourceWrapper;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
 
 /**
  * The <code>AccessGateResourceWrapper</code> wraps a <code>Resource</code> and 

Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java (from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java&p1=sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java Mon Mar 18 16:21:17 2013
@@ -15,15 +15,15 @@
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
- */package org.apache.sling.resourceresolver.accessgate;
+ */package org.apache.sling.resourceaccesssecurity.impl;
 
 import java.util.ArrayList;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.sling.api.resource.ResourceAccessGate;
 import org.apache.sling.commons.osgi.PropertiesUtil;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
 import org.osgi.framework.ServiceReference;
 
 public class ResourceAccessGateHandler {

Copied: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java (from r1452322, sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java?p2=sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java&p1=sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java&r1=1452322&r2=1457845&rev=1457845&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java (original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java Mon Mar 18 16:21:17 2013
@@ -16,28 +16,23 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.sling.resourceresolver.accessgate.impl;
+package org.apache.sling.resourceaccesssecurity.impl;
 
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import org.apache.sling.api.resource.ResourceAccessGate;
 import org.apache.sling.api.resource.ResourceDecorator;
 import org.apache.sling.commons.osgi.SortingServiceTracker;
-import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateHandler;
-import org.apache.sling.resourceresolver.impl.ResourceResolverImpl;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.ServiceReference;
 import org.osgi.framework.ServiceRegistration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 public class ResourceAccessGateTracker extends SortingServiceTracker<ResourceAccessGate> {
     
     private List<ResourceAccessGateHandler> resourceAccessGateHandlers = null;
     private ServiceRegistration decoratorRegistration = null;
-    private ResourceAccessGateManagerTracker resAccessGateManagerTracker = null;
     
     /**
      * Constructor
@@ -53,7 +48,6 @@ public class ResourceAccessGateTracker e
     public void removedService(ServiceReference reference, Object service) {
         super.removedService(reference, service);
         resourceAccessGateHandlers = null;
-        registerAccessGateResourceDecorator( reference.getBundle().getBundleContext(), size() );
     }
 
     /**
@@ -72,7 +66,6 @@ public class ResourceAccessGateTracker e
     public Object addingService(ServiceReference reference) {
         Object returnValue = super.addingService(reference);
         resourceAccessGateHandlers = null;
-        registerAccessGateResourceDecorator( reference.getBundle().getBundleContext(), size() + 1 );
         return returnValue;
     }
     
@@ -91,24 +84,5 @@ public class ResourceAccessGateTracker e
         
         return returnValue;
     }
-    
-    private void registerAccessGateResourceDecorator ( BundleContext bundleContext, int nrOfServices ) {
-        if ( decoratorRegistration == null && nrOfServices > 0 ) {
-            synchronized( this ) {
-                resAccessGateManagerTracker = new ResourceAccessGateManagerTracker( bundleContext );
-                resAccessGateManagerTracker.open();
-                decoratorRegistration = bundleContext.registerService( ResourceDecorator.class.getName(), 
-                        new AccessGateResourceDecorator( resAccessGateManagerTracker ), null);
-            }
-        }
-        else if ( decoratorRegistration != null && nrOfServices == 0 )
-        {
-            synchronized( this ) {
-                decoratorRegistration.unregister();
-                resAccessGateManagerTracker.close();
-            }
-            decoratorRegistration = null;
-        }
-    }
-    
+        
 }

Added: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1457845&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java Mon Mar 18 16:21:17 2013
@@ -0,0 +1,198 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Properties;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.resource.AccessSecurityException;
+import org.apache.sling.api.resource.NonExistingResource;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceAccessSecurity;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
+import org.osgi.framework.Constants;
+import org.osgi.service.component.ComponentContext;
+
+@Component(
+        name = "org.apache.sling.api.resource.ResourceAccessSecurity",
+        immediate = true )
+@Service( value={ResourceAccessSecurity.class})
+   @Properties({
+       @Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling ResourceAccessSecurity"),
+       @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation")
+   })
+public class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
+    
+    private ResourceAccessGateTracker resourceAccessGateTracker;
+
+    // ---------- SCR Integration ---------------------------------------------
+
+    /** Activates this component, called by SCR before registering as a service */
+    @Activate
+    protected void activate(final ComponentContext componentContext) {
+        resourceAccessGateTracker = new ResourceAccessGateTracker( componentContext.getBundleContext() );
+        resourceAccessGateTracker.open();
+        
+    }
+
+    /**
+     * Deativates this component (called by SCR to take out of service)
+     */
+    @Deactivate
+    protected void deactivate() {
+        resourceAccessGateTracker.close();
+    }
+    
+    private List<ResourceAccessGateHandler> getMatchingResourceAccessGateHandlers ( String path, ResourceAccessGate.Operation operation ) {
+        /* TODO: maybe caching some frequent paths with read operation would be a good idea */
+        List<ResourceAccessGateHandler> returnValue = resourceAccessGateTracker.getResourceAccessGateHandlers();
+        
+        if ( returnValue.size() > 0 ) {
+            returnValue = new ArrayList<ResourceAccessGateHandler>();
+            
+            for (ResourceAccessGateHandler resourceAccessGateHandler : resourceAccessGateTracker.getResourceAccessGateHandlers() ) {
+                if ( resourceAccessGateHandler.matches(path, operation) ) {
+                    returnValue.add(resourceAccessGateHandler);
+                }
+            }
+        }
+        
+        return returnValue;
+    }
+    
+    public boolean areResourceAccessGatesRegistered () {
+        return (resourceAccessGateTracker.size() > 0 );
+    }
+
+    @Override
+    public Resource checkReadPermission(Resource resource) {
+        Resource returnValue = resource;
+        ResourceResolver resResolver = resource.getResourceResolver();
+        String user = resResolver.getUserID();
+        
+        List<ResourceAccessGateHandler> accessGateHandlers =
+                getMatchingResourceAccessGateHandlers( resource.getPath(), ResourceAccessGate.Operation.READ );
+        
+        GateResult finalGateResult = null;
+        boolean canReadAllValues = false;
+        List<ResourceAccessGate> accessGatesForValues = null;
+        
+        for (ResourceAccessGateHandler resourceAccessGateHandler : accessGateHandlers) {
+            GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource, user);
+            if ( !canReadAllValues && gateResult == GateResult.GRANTED ) {
+                if ( resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource, user) ) {
+                    canReadAllValues = true;
+                    accessGatesForValues = null;
+                }
+                else {
+                    if ( accessGatesForValues == null ) {
+                        accessGatesForValues = new ArrayList<ResourceAccessGate>();
+                    }
+                    accessGatesForValues.add( resourceAccessGateHandler.getResourceAccessGate() );
+                }
+            }
+            if ( finalGateResult == null ) {
+                finalGateResult = gateResult;
+            }
+            else if ( finalGateResult == GateResult.DENIED ){
+                finalGateResult = gateResult;
+            }
+            if ( resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ) ) {
+                break;
+            }
+        }
+        
+        // return NonExistingResource if access is denied or no ResourceAccessGate is present
+        if ( finalGateResult == null || finalGateResult == GateResult.DENIED ) {
+            returnValue = new NonExistingResource( resResolver, resource.getPath() );
+        }
+        else if ( finalGateResult == GateResult.DONTCARE ) {
+            returnValue = resource;
+        }
+        // wrap Resource if read access is not or partly (values) not granted 
+        else if ( !canReadAllValues ) {
+            returnValue = new AccessGateResourceWrapper( resource, accessGatesForValues );
+        }
+        
+        return returnValue;
+    }
+
+    @Override
+    public boolean canCreate(String absPathName, String user) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canUpdate(Resource resource) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canDelete(Resource resource) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canExecute(Resource resource) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canReadValue(Resource resource, String valueName) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canCreateValue(Resource resource, String valueName) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canUpdateValue(Resource resource, String valueName) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canDeleteValue(Resource resource, String valueName) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public String sanitizeQuery(String query, String language, String user)
+            throws AccessSecurityException {
+        return query;
+    }
+
+}