You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by js...@apache.org on 2016/11/10 12:34:40 UTC
svn commit: r1769101 - in /sling/trunk/bundles/jcr:
base/src/main/java/org/apache/sling/jcr/base/
base/src/main/java/org/apache/sling/jcr/base/internal/
base/src/test/java/org/apache/sling/jcr/base/
base/src/test/java/org/apache/sling/jcr/base/internal...
Author: jsedding
Date: Thu Nov 10 12:34:40 2016
New Revision: 1769101
URL: http://svn.apache.org/viewvc?rev=1769101&view=rev
Log:
SLING-5135 - Whitelist legit usages of loginAdministrative and administrative ResourceResolver
- refactor for minimal dependencies to LoginAdminWhitelist support
- cleanup imports and related tests
Modified:
sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepository2.java
sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepositoryManager.java
sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/DefaultWhitelist.java
sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockLoginAdminWhitelist.java
sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java
sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
Modified: sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepository2.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepository2.java?rev=1769101&r1=1769100&r2=1769101&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepository2.java (original)
+++ sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepository2.java Thu Nov 10 12:34:40 2016
@@ -370,7 +370,7 @@ public abstract class AbstractSlingRepos
*/
@Override
public final Session loginAdministrative(final String workspace) throws RepositoryException {
- final boolean whitelisted = getSlingRepositoryManager().getLoginAdminWhitelist().allowLoginAdministrative(usingBundle);
+ final boolean whitelisted = getSlingRepositoryManager().allowLoginAdministrativeForBundle(usingBundle);
if(!whitelisted) {
logger.error("Bundle {} is NOT whitelisted to use SlingRepository.loginAdministrative", usingBundle.getSymbolicName());
Modified: sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepositoryManager.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepositoryManager.java?rev=1769101&r1=1769100&r2=1769101&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepositoryManager.java (original)
+++ sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepositoryManager.java Thu Nov 10 12:34:40 2016
@@ -143,11 +143,15 @@ public abstract class AbstractSlingRepos
*/
protected abstract ServiceUserMapper getServiceUserMapper();
- /** Returns the {@code LoginAdminWhitelist} service used to decide whether
- * to allow bundles to use the {@code loginAdministrative} method.
- * @return the non-null {@code LoginAdminWhitelist} service
+ /**
+ * Returns whether or not the provided bundle is allowed to use
+ * {@link SlingRepository#loginAdministrative(String)}.
+ *
+ * @param bundle The bundle requiring access to {@code loginAdministrative}
+ * @return A boolean value indicating whether or not the bundle is allowed
+ * to use {@code loginAdministrative}.
*/
- protected abstract LoginAdminWhitelist getLoginAdminWhitelist();
+ protected abstract boolean allowLoginAdministrativeForBundle(final Bundle bundle);
/**
* Creates the backing JCR repository instances. It is expected for this
Modified: sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/DefaultWhitelist.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/DefaultWhitelist.java?rev=1769101&r1=1769100&r2=1769101&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/DefaultWhitelist.java (original)
+++ sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/DefaultWhitelist.java Thu Nov 10 12:34:40 2016
@@ -18,22 +18,6 @@
*/
package org.apache.sling.jcr.base.internal;
-import java.util.Arrays;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
-import java.util.regex.Pattern;
-
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Property;
-import org.apache.felix.scr.annotations.Service;
-import org.apache.sling.commons.osgi.PropertiesUtil;
-import org.apache.sling.jcr.api.SlingRepository;
-import org.apache.sling.jcr.base.LoginAdminWhitelist;
-import org.osgi.framework.Bundle;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
/**
* Define the default whitelist in its own class to better
* keep track of it. The goal is to reduce it to the bare
Modified: sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockLoginAdminWhitelist.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockLoginAdminWhitelist.java?rev=1769101&r1=1769100&r2=1769101&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockLoginAdminWhitelist.java (original)
+++ sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockLoginAdminWhitelist.java Thu Nov 10 12:34:40 2016
@@ -21,10 +21,17 @@ package org.apache.sling.jcr.base;
import org.osgi.framework.Bundle;
/** Mock LoginAdminWhitelist */
-class MockLoginAdminWhitelist implements LoginAdminWhitelist {
+public class MockLoginAdminWhitelist implements LoginAdminWhitelist {
+
+ private boolean allowAll;
+
+ public MockLoginAdminWhitelist(final boolean allowAll) {
+ this.allowAll = allowAll;
+ }
+
@Override
public boolean allowLoginAdministrative(Bundle b) {
- return true;
+ return allowAll;
}
}
\ No newline at end of file
Modified: sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java?rev=1769101&r1=1769100&r2=1769101&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java (original)
+++ sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/MockSlingRepositoryManager.java Thu Nov 10 12:34:40 2016
@@ -28,19 +28,27 @@ import javax.jcr.RepositoryException;
import org.apache.sling.serviceusermapping.ServiceUserMapper;
import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleContext;
/** Minimal AbstractSlingRepositoryManager used for testing */
public class MockSlingRepositoryManager extends AbstractSlingRepositoryManager {
private final Repository repository;
- private LoginAdminWhitelist loginAdminWhitelist;
-
+
+ private LoginAdminWhitelist loginAdminWhitelist;
+
+ private boolean loginAdminDisabled;
public MockSlingRepositoryManager(Repository repository) {
+ this(repository, false, new MockLoginAdminWhitelist(true));
+ }
+
+ public MockSlingRepositoryManager(Repository repository, boolean loginAdminDisabled, LoginAdminWhitelist loginAdminWhitelist) {
this.repository = repository;
- this.loginAdminWhitelist = new MockLoginAdminWhitelist();
+ this.loginAdminDisabled = loginAdminDisabled;
+ this.loginAdminWhitelist = loginAdminWhitelist;
}
-
+
@Override
protected ServiceUserMapper getServiceUserMapper() {
return null;
@@ -77,11 +85,11 @@ public class MockSlingRepositoryManager
}
@Override
- protected LoginAdminWhitelist getLoginAdminWhitelist() {
- return loginAdminWhitelist;
+ protected boolean allowLoginAdministrativeForBundle(final Bundle bundle) {
+ return loginAdminWhitelist.allowLoginAdministrative(bundle);
}
-
- public void setLoginAdminWhitelist(LoginAdminWhitelist w) {
- loginAdminWhitelist = w;
+
+ public void activate(BundleContext context) {
+ start(context, null, loginAdminDisabled);
}
}
\ No newline at end of file
Modified: sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java?rev=1769101&r1=1769100&r2=1769101&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java (original)
+++ sling/trunk/bundles/jcr/base/src/test/java/org/apache/sling/jcr/base/internal/WhitelistWiringTest.java Thu Nov 10 12:34:40 2016
@@ -19,13 +19,10 @@
package org.apache.sling.jcr.base.internal;
import static org.junit.Assert.assertEquals;
-import static org.mockito.Mockito.when;
-import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
-import java.util.UUID;
import javax.jcr.LoginException;
import javax.jcr.RepositoryException;
@@ -33,10 +30,11 @@ import javax.jcr.Session;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.AbstractSlingRepository2;
-import org.apache.sling.jcr.base.AbstractSlingRepositoryManager;
import org.apache.sling.jcr.base.LoginAdminWhitelist;
+import org.apache.sling.jcr.base.MockLoginAdminWhitelist;
import org.apache.sling.jcr.base.MockSlingRepositoryManager;
import org.apache.sling.testing.mock.jcr.MockJcr;
+import org.apache.sling.testing.mock.osgi.MockOsgi;
import org.apache.sling.testing.mock.sling.ResourceResolverType;
import org.apache.sling.testing.mock.sling.junit.SlingContext;
import org.junit.Before;
@@ -47,19 +45,16 @@ import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameters;
import org.mockito.Mockito;
import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleContext;
/** Verify that the AbstractSlingRepository2 uses the login admin whitelist,
* as well as its combination with the global "disable login admin" flag
*/
@RunWith(Parameterized.class)
public class WhitelistWiringTest {
- @Rule
- public final SlingContext context = new SlingContext(ResourceResolverType.JCR_MOCK);
-
- private LoginAdminWhitelist whitelist;
- private Bundle bundle;
- private static final String BSN = "random.bsn." + UUID.randomUUID();
+
private SlingRepository repository;
+
private final boolean managerAllowsLoginAdmin;
private final boolean whitelistAllowsLoginAdmin;
private final boolean loginAdminExpected;
@@ -81,24 +76,18 @@ public class WhitelistWiringTest {
}
@Before
- public void setup() throws NoSuchFieldException, Exception {
- bundle = Mockito.mock(Bundle.class);
- when(bundle.getSymbolicName()).thenReturn(BSN);
-
- whitelist = new LoginAdminWhitelist() {
- @Override
- public boolean allowLoginAdministrative(Bundle b) {
- return whitelistAllowsLoginAdmin;
- }
- };
-
- final MockSlingRepositoryManager arm = new MockSlingRepositoryManager(MockJcr.newRepository());
- arm.setLoginAdminWhitelist(whitelist);
- final Field f = AbstractSlingRepositoryManager.class.getDeclaredField("disableLoginAdministrative");
- f.setAccessible(true);
- f.set(arm, !managerAllowsLoginAdmin);
+ public void setup() throws Exception {
+ BundleContext bundleContext = MockOsgi.newBundleContext();
+ Bundle bundle = bundleContext.getBundle();
+
+ LoginAdminWhitelist whitelist = new MockLoginAdminWhitelist(whitelistAllowsLoginAdmin);
+
+ final MockSlingRepositoryManager repoMgr =
+ new MockSlingRepositoryManager(MockJcr.newRepository(), !managerAllowsLoginAdmin, whitelist);
+
+ repoMgr.activate(bundleContext);
- repository = new AbstractSlingRepository2(arm, bundle) {
+ repository = new AbstractSlingRepository2(repoMgr, bundle) {
@Override
protected Session createAdministrativeSession(String workspace) throws RepositoryException {
return Mockito.mock(Session.class);
Modified: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java?rev=1769101&r1=1769100&r2=1769101&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java (original)
+++ sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java Thu Nov 10 12:34:40 2016
@@ -205,8 +205,8 @@ public class OakSlingRepositoryManager e
}
@Override
- protected LoginAdminWhitelist getLoginAdminWhitelist() {
- return loginAdminWhitelist;
+ protected boolean allowLoginAdministrativeForBundle(final Bundle bundle) {
+ return loginAdminWhitelist.allowLoginAdministrative(bundle);
}
@Activate