You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:58:03 UTC
[sling-org-apache-sling-resourceaccesssecurity] annotated tag
org.apache.sling.resourceaccesssecurity-1.0.0 created (now c1689a3)
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a change to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git.
at c1689a3 (tag)
tagging c46c9a4c9b25cc6b5c2cb9015f9fbb0720777f01 (commit)
by Mike Müller
on Wed Sep 17 12:01:24 2014 +0000
- Log -----------------------------------------------------------------
org.apache.sling.resourceaccesssecurity-1.0.0
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new 54558b4 SLING-3435 - ResourceAccessSecurity does not secure access for update operations
new 596c123 SLING-3458 - Restrictions imposed by ProviderResourceAccessSecurity should not be discarded by ApplicationResourceAccessSecurity, SLING-3462 - Make ResourceAccessSecurity provider context and application context behave the same way
new 07b8157 Update svn:ignore
new a2ac5e3 Update to parent pom v19
new 99c367e Updated to parent version 20
new f5cad96 SLING-3918 - If a resource does not have a path a NPE occurrs
new 8e3ceb6 SLING-3917 - Add transformQuery support to the ResourceAccessSecurity Implementation
new 61ab9b4 SLING-3929 - Methods ResourceAccessGate#has<opt>Restrictions are not used by ResourceAccessSecurity
new b928543 SLING-3930 - Service rankings from ResourceAccessGates are not properly handled
new 7e03a46 [maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
new 32b55ed revert changes from not released release...
new 97a7c98 [maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
new c46c9a4 [maven-release-plugin] copy for tag org.apache.sling.resourceaccesssecurity-1.0.0
The 13 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
--
To stop receiving notification emails like this one, please contact
['"commits@sling.apache.org" <co...@sling.apache.org>'].
[sling-org-apache-sling-resourceaccesssecurity] 02/13: SLING-3458 -
Restrictions imposed by ProviderResourceAccessSecurity should not be
discarded by ApplicationResourceAccessSecurity,
SLING-3462 - Make ResourceAccessSecurity provider context and application
context behave the same way
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 596c123bd3e4e83c1d5d52701bc5f268ebc3a30d
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Mar 19 12:40:59 2014 +0000
SLING-3458 - Restrictions imposed by ProviderResourceAccessSecurity should not be discarded by ApplicationResourceAccessSecurity,
SLING-3462 - Make ResourceAccessSecurity provider context and application context behave the same way
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1579213 13f79535-47bb-0310-9956-ffa450edef68
---
.../AllowingResourceAccessGate.java | 18 +++---
.../resourceaccesssecurity/ResourceAccessGate.java | 2 +-
.../ApplicationResourceAccessSecurityImpl.java | 2 +-
.../impl/ResourceAccessSecurityImpl.java | 72 ++++++++++++++--------
4 files changed, 59 insertions(+), 35 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
index 1e7d8c7..2570f81 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
@@ -32,48 +32,48 @@ public abstract class AllowingResourceAccessGate implements ResourceAccessGate {
@Override
public GateResult canRead(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canCreate(final String absPathName,
final ResourceResolver resourceResolver) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canUpdate(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canDelete(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canExecute(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canReadValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canCreateValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canUpdateValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canDeleteValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
index 4b096e8..6ee4e2b 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -123,7 +123,7 @@ public interface ResourceAccessGate {
* </ul>
*/
public enum GateResult {
- GRANTED, DENIED, DONTCARE
+ GRANTED, DENIED, CANT_DECIDE
};
public enum Operation {
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
index e784236..d4ac38e 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
@@ -37,6 +37,6 @@ import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
public ApplicationResourceAccessSecurityImpl() {
- super(true);
+ super(false);
}
}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index 72279e5..cd1f200 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -36,10 +36,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
- private final boolean defaultAllow;
+ private final boolean defaultAllowIfNoGateMatches;
- public ResourceAccessSecurityImpl(final boolean defaultAllow) {
- this.defaultAllow = defaultAllow;
+ public ResourceAccessSecurityImpl(final boolean defaultAllowIfNoGateMatches) {
+ this.defaultAllowIfNoGateMatches = defaultAllowIfNoGateMatches;
}
/**
@@ -101,7 +101,7 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
@Override
public Resource getReadableResource(final Resource resource) {
- Resource returnValue = (this.defaultAllow ? resource : null);
+ Resource returnValue = null;
final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.READ);
@@ -113,7 +113,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
if ( accessGateHandlers != null ) {
+ boolean noGateMatched = true;
+
while ( accessGateHandlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
@@ -130,23 +133,24 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
}
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
// stop checking if the operation is final and the result not GateResult.DONTCARE
- if (gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
+ if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
break;
}
}
// return null if access is denied or no ResourceAccessGate is present
- if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
+ if (finalGateResult == GateResult.DENIED) {
returnValue = null;
- } else if (finalGateResult == GateResult.DONTCARE) {
- returnValue = (this.defaultAllow ? resource : null);
} else if (finalGateResult == GateResult.GRANTED ) {
returnValue = resource;
+ } else if (noGateMatched && this.defaultAllowIfNoGateMatches)
+ {
+ returnValue = resource;
}
}
@@ -169,20 +173,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
final ResourceResolver resolver) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
path, ResourceAccessGate.Operation.CREATE);
- boolean result = this.defaultAllow;
+ boolean result = false;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
break;
}
@@ -192,6 +198,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -201,20 +210,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canUpdate(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.UPDATE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
break;
}
@@ -224,6 +235,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -233,20 +247,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canDelete(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.DELETE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
break;
}
@@ -256,6 +272,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -265,20 +284,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canExecute(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
break;
}
}
@@ -287,6 +308,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -295,19 +319,19 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
@Override
public boolean canReadValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
public boolean canSetValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
public boolean canDeleteValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 12/13:
[maven-release-plugin] prepare release
org.apache.sling.resourceaccesssecurity-1.0.0
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 97a7c9806b741bad298807eb48e8637871350d02
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 11:59:44 2014 +0000
[maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1625532 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 282 ++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 141 insertions(+), 141 deletions(-)
diff --git a/pom.xml b/pom.xml
index 666fffd..5aff0d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,141 +1,141 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sling</groupId>
- <artifactId>sling</artifactId>
- <version>20</version>
- <relativePath>../../../parent/pom.xml</relativePath>
- </parent>
-
- <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <packaging>bundle</packaging>
-
- <name>Apache Sling Resource Access Security</name>
- <description>
- This bundle provides in implementation of the ResourceAccessSecurity service
- </description>
-
- <scm>
- <connection>
- scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </connection>
- <developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </developerConnection>
- <url>
- http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
- </url>
- </scm>
-
- <properties>
- <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
- <sling.java.version>6</sling.java.version>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- </plugin>
- <plugin>
- <groupId>org.apache.sling</groupId>
- <artifactId>maven-sling-plugin</artifactId>
- <executions>
- <execution>
- <id>generate-adapter-metadata</id>
- <phase>process-classes</phase>
- <goals>
- <goal>generate-adapter-metadata</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.api</artifactId>
- <version>2.5.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.osgi</artifactId>
- <version>2.2.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>adapter-annotations</artifactId>
- <version>1.0.0</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Testing -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.9.5</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>20</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>1.0.0</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 08/13: SLING-3929 -
Methods ResourceAccessGate#hasRestrictions are not used by
ResourceAccessSecurity
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 61ab9b4ef3386557e4b671c104154f0069ce18c2
Author: Mike Müller <my...@apache.org>
AuthorDate: Sat Sep 13 18:57:41 2014 +0000
SLING-3929 - Methods ResourceAccessGate#has<opt>Restrictions are not used by ResourceAccessSecurity
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1624774 13f79535-47bb-0310-9956-ffa450edef68
---
.../impl/ResourceAccessSecurityImpl.java | 27 +++++++++++++++++-----
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index 53adb79..4504cc1 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -119,7 +119,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasReadRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canRead(resource);
if (!canReadAllValues && gateResult == GateResult.GRANTED) {
if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
canReadAllValues = true;
@@ -136,7 +139,7 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- // stop checking if the operation is final and the result not GateResult.DONTCARE
+ // stop checking if the operation is final and the result not GateResult.CANT_DECIDE
if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
break;
}
@@ -182,7 +185,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasCreateRestrictions(resolver) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canCreate(path, resolver);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
@@ -219,7 +225,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasUpdateRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canUpdate(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
@@ -256,7 +265,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasDeleteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canDelete(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
@@ -293,7 +305,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
- final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
+ final GateResult gateResult = !resourceAccessGateHandler
+ .getResourceAccessGate().hasExecuteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED
+ : resourceAccessGateHandler.getResourceAccessGate()
+ .canExecute(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 05/13: Updated to
parent version 20
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 99c367e76d695904f48e15188ea680210c4ad7d6
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Fri Aug 1 19:16:26 2014 +0000
Updated to parent version 20
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1615208 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a6472b6..666fffd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>19</version>
+ <version>20</version>
<relativePath>../../../parent/pom.xml</relativePath>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 10/13:
[maven-release-plugin] prepare release
org.apache.sling.resourceaccesssecurity-1.0.0
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 7e03a46dc4edb9a27172ff91e3061c8bf8727be7
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 11:49:09 2014 +0000
[maven-release-plugin] prepare release org.apache.sling.resourceaccesssecurity-1.0.0
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1625529 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 282 ++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 141 insertions(+), 141 deletions(-)
diff --git a/pom.xml b/pom.xml
index 666fffd..5aff0d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,141 +1,141 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sling</groupId>
- <artifactId>sling</artifactId>
- <version>20</version>
- <relativePath>../../../parent/pom.xml</relativePath>
- </parent>
-
- <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <packaging>bundle</packaging>
-
- <name>Apache Sling Resource Access Security</name>
- <description>
- This bundle provides in implementation of the ResourceAccessSecurity service
- </description>
-
- <scm>
- <connection>
- scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </connection>
- <developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
- </developerConnection>
- <url>
- http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
- </url>
- </scm>
-
- <properties>
- <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
- <sling.java.version>6</sling.java.version>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- </plugin>
- <plugin>
- <groupId>org.apache.sling</groupId>
- <artifactId>maven-sling-plugin</artifactId>
- <executions>
- <execution>
- <id>generate-adapter-metadata</id>
- <phase>process-classes</phase>
- <goals>
- <goal>generate-adapter-metadata</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.api</artifactId>
- <version>2.5.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.osgi</artifactId>
- <version>2.2.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>adapter-annotations</artifactId>
- <version>1.0.0</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Testing -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.9.5</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>20</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>1.0.0</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 07/13: SLING-3917 -
Add transformQuery support to the ResourceAccessSecurity Implementation
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 8e3ceb691f1bc7c3cec06afc847ccfd543f304a0
Author: Mike Müller <my...@apache.org>
AuthorDate: Tue Sep 9 06:49:02 2014 +0000
SLING-3917 - Add transformQuery support to the ResourceAccessSecurity Implementation
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1623676 13f79535-47bb-0310-9956-ffa450edef68
---
.../sling/resourceaccesssecurity/ResourceAccessGate.java | 3 ++-
.../impl/ResourceAccessSecurityImpl.java | 15 ++++++++++++++-
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
index 6ee4e2b..dd7ce7a 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -187,7 +187,8 @@ public interface ResourceAccessGate {
* the language in which the query is expressed
* @param resourceResolver
* the resource resolver which resolves the query
- * @return the transformed query
+ * @return the transformed query or the original query if no tranformation
+ * took place. This method should never return <code>null</code>
* @throws AccessSecurityException
*/
public String transformQuery(String query, String language,
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index cd1f200..53adb79 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -339,7 +339,20 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
final String language,
final ResourceResolver resourceResolver)
throws AccessSecurityException {
- return query;
+ String returnValue = query;
+
+ for (ResourceAccessGateHandler handler : allHandlers) {
+ returnValue = handler.getResourceAccessGate().transformQuery(
+ returnValue, language, resourceResolver);
+ if (returnValue == null) {
+ throw new AccessSecurityException(
+ "Method transformQuery in ResourceAccessGate "
+ + handler.getResourceAccessGate().getClass()
+ .getName() + " returned null.");
+ }
+ }
+
+ return returnValue;
}
/**
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 13/13:
[maven-release-plugin] copy for tag
org.apache.sling.resourceaccesssecurity-1.0.0
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit c46c9a4c9b25cc6b5c2cb9015f9fbb0720777f01
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 12:01:24 2014 +0000
[maven-release-plugin] copy for tag org.apache.sling.resourceaccesssecurity-1.0.0
git-svn-id: https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0@1625534 13f79535-47bb-0310-9956-ffa450edef68
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 09/13: SLING-3930 -
Service rankings from ResourceAccessGates are not properly handled
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit b9285430cea4020828cd87b114213ad517ba63de
Author: Mike Müller <my...@apache.org>
AuthorDate: Sun Sep 14 10:02:54 2014 +0000
SLING-3930 - Service rankings from ResourceAccessGates are not properly handled
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1624823 13f79535-47bb-0310-9956-ffa450edef68
---
.../sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
index b064910..daa25bb 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
@@ -110,7 +110,8 @@ public class ResourceAccessGateHandler implements Comparable<ResourceAccessGateH
@Override
public int compareTo(final ResourceAccessGateHandler o) {
- return this.reference.compareTo(o.reference);
+ // services with higher service ranking should be the first in a list
+ return -this.reference.compareTo(o.reference);
}
@Override
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 03/13: Update
svn:ignore
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 07b81571e4a8108effbc9a583eda3a1456e1e9e1
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Thu Mar 27 07:49:25 2014 +0000
Update svn:ignore
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1582209 13f79535-47bb-0310-9956-ffa450edef68
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 04/13: Update to
parent pom v19
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit a2ac5e378d2f798fbf6944beae5e81bb75e46d86
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Mon Mar 31 14:39:20 2014 +0000
Update to parent pom v19
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1583337 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 2bafb55..a6472b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>18</version>
+ <version>19</version>
<relativePath>../../../parent/pom.xml</relativePath>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 01/13: SLING-3435 -
ResourceAccessSecurity does not secure access for update operations
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 54558b42c559e8a3be3ff3e04712c1ae96443e87
Author: Mike Müller <my...@apache.org>
AuthorDate: Sun Mar 16 19:17:41 2014 +0000
SLING-3435 - ResourceAccessSecurity does not secure access for update operations
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1578141 13f79535-47bb-0310-9956-ffa450edef68
---
README.txt | 27 ++
pom.xml | 141 +++++++++
.../AllowingResourceAccessGate.java | 129 ++++++++
.../resourceaccesssecurity/ResourceAccessGate.java | 215 +++++++++++++
.../impl/AccessGateResourceWrapper.java | 87 ++++++
.../ApplicationResourceAccessSecurityImpl.java | 42 +++
.../impl/ProviderResourceAccessSecurityImpl.java | 42 +++
.../impl/ReadOnlyValueMapWrapper.java | 63 ++++
.../impl/ResourceAccessGateHandler.java | 122 ++++++++
.../impl/ResourceAccessSecurityImpl.java | 347 +++++++++++++++++++++
.../sling/resourceaccesssecurity/package-info.java | 24 ++
.../impl/ResourceAccessSecurityImplTests.java | 189 +++++++++++
12 files changed, 1428 insertions(+)
diff --git a/README.txt b/README.txt
new file mode 100644
index 0000000..948b6c2
--- /dev/null
+++ b/README.txt
@@ -0,0 +1,27 @@
+Apache Sling Resource Access Security
+
+This bundle provides in implementation of the ResourceAccessSecurity
+
+Getting Started
+===============
+
+This component uses a Maven 3 (http://maven.apache.org/) build
+environment. It requires a Java 5 JDK (or higher) and Maven (http://maven.apache.org/)
+3.0.3 or later. We recommend to use the latest Maven version.
+
+If you have Maven 3 installed, you can compile and
+package the jar using the following command:
+
+ mvn package
+
+See the Maven 3 documentation for other build features.
+
+The latest source code for this component is available in the
+Subversion (http://subversion.apache.org/) source repository of
+the Apache Software Foundation. If you have Subversion installed,
+you can checkout the latest source using the following command:
+
+ svn checkout http://svn.apache.org/repos/asf/sling/trunk/resourceresolver/core
+
+See the Subversion documentation for other source control features.
+
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..2bafb55
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>18</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
new file mode 100644
index 0000000..1e7d8c7
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+
+/**
+ * This abstract implementation of the <code>ResourceAccessGate</code> can be
+ * used to implement own resource access gates.
+ * This implementation simply allows operations, restricting implementations
+ * just need to overwrite the operations they want to restrict.
+ */
+public abstract class AllowingResourceAccessGate implements ResourceAccessGate {
+
+ @Override
+ public GateResult canRead(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canCreate(final String absPathName,
+ final ResourceResolver resourceResolver) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canUpdate(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canDelete(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canExecute(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canReadValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canCreateValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canUpdateValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canDeleteValue(final Resource resource, final String valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public String transformQuery(final String query, final String language,
+ final ResourceResolver resourceResolver) throws AccessSecurityException {
+ return query;
+ }
+
+ @Override
+ public boolean hasReadRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasCreateRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasUpdateRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasDeleteRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasExecuteRestrictions(final ResourceResolver resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean canReadAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canCreateAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canUpdateAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canDeleteAllValues(final Resource resource) {
+ return true;
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
new file mode 100644
index 0000000..4b096e8
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -0,0 +1,215 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+
+import aQute.bnd.annotation.ConsumerType;
+
+/**
+ * The <code>ResourceAccessGate</code> defines a service API which might be used
+ * to make some restrictions to accessing resources.
+ *
+ * Implementations of this service interface must be registered like
+ * ResourceProvider with a path (like provider.roots). If different
+ * ResourceAccessGateService services match a path, not only the
+ * ResourceAccessGateService with the longest path will be called, but all of
+ * them, that's in contrast to the ResourceProvider, but in this case more
+ * logical (and secure!). The gates will be called in the order of the
+ * service ranking.
+ * If one of the gates grants access for a given operation access will be granted.
+ *
+ * service properties:
+ * <ul>
+ * <li><b>path</b>: regexp to define on which paths the service should be called
+ * (default .*)</li>
+ * <li><b>operations</b>: set of operations on which the service should be
+ * called ("read,create,update,delete,execute", default all of them)</li>
+ * <li><b>finaloperations</b>: set of operations on which the service answer is
+ * final and no further service should be called (default none of them), except
+ * the GateResult is {@link GateResult.DONTCARE}</li>
+ * </ul>
+ *
+ * The resource access gate can either have the context {@link #PROVIDER_CONTEXT},
+ * in this case the gate is only applied to resource providers requesting the
+ * security checks. Or the context can be {@link #APPLICATION_CONTEXT}. In this
+ * case the access gate is invoked for the whole resource tree.
+ * This is indicated by the required service property {@link #CONTEXT}. If the
+ * property is missing or invalid, the service is ignored.
+ */
+@ConsumerType
+public interface ResourceAccessGate {
+
+ /**
+ * The service name to use when registering implementations of this
+ * interface as services (value is
+ * "org.apache.sling.api.resource.ResourceAccessGate").
+ */
+ String SERVICE_NAME = ResourceAccessGate.class.getName();
+
+ /**
+ * The name of the service registration property containing the context
+ * of this service. Allowed values are {@link #APPLICATION_CONTEXT} and
+ * {@link #PROVIDER_CONTEXT}.
+ * This property is required and has no default value.
+ * (value is "access.context")
+ */
+ String CONTEXT = "access.context";
+
+ /**
+ * Allowed value for the {@link #CONTEXT} service registration property.
+ * Services marked with this context are applied to all resources.
+ */
+ String APPLICATION_CONTEXT = "application";
+
+ /**
+ * Allowed value for the {@link #CONTEXT} service registration property.
+ * Services marked with this context are only applied to resource
+ * providers which indicate the additional checks with the
+ * {@link org.apache.sling.api.resource.ResourceProvider#USE_RESOURCE_ACCESS_SECURITY}
+ * property.
+ */
+ String PROVIDER_CONTEXT = "provider";
+
+ /**
+ * The name of the service registration property containing the path as a
+ * regular expression for which the service should be called (value is
+ * "path").
+ */
+ String PATH = "path";
+
+ /**
+ * The name of the service registration property containing the operations
+ * for which the service should be called, defaults to all the operations
+ * (value is "operations").
+ */
+ String OPERATIONS = "operations";
+
+ /**
+ * The name of the service registration property containing the operations
+ * for which the service should be called and no further service should be
+ * called after this, except the services returns DONTCARE as result,
+ * default is empty (non of them are final) (value is "finaloperations").
+ */
+ String FINALOPERATIONS = "finaloperations";
+
+ /**
+ * <code>GateResult</code> defines 3 possible states which can be returned
+ * by the different canXXX methods of this interface.
+ * <ul>
+ * <li>GRANTED: means no restrictions</li>
+ * <li>DENIED: means no permission for the requested action</li>
+ * <li>DONTCARE: means that the implementation of the service has no
+ * information or can't decide and therefore neither can't grant or deny
+ * access</li>
+ * </ul>
+ */
+ public enum GateResult {
+ GRANTED, DENIED, DONTCARE
+ };
+
+ public enum Operation {
+ READ("read"), CREATE("create"), UPDATE("update"), DELETE("delete"), EXECUTE(
+ "execute");
+
+ private String text;
+
+ Operation(String text) {
+ this.text = text;
+ }
+
+ public static Operation fromString(String opAsString) {
+ Operation returnValue = null;
+
+ for (Operation op : Operation.values()) {
+ if (opAsString.equals(op.getText())) {
+ returnValue = op;
+ break;
+ }
+ }
+
+ return returnValue;
+ }
+
+ public String getText() {
+ return this.text;
+ }
+ }
+
+ public GateResult canRead(Resource resource);
+
+ public GateResult canCreate(String absPathName,
+ ResourceResolver resourceResolver);
+
+ public GateResult canUpdate(Resource resource);
+
+ public GateResult canDelete(Resource resource);
+
+ public GateResult canExecute(Resource resource);
+
+ public GateResult canReadValue(Resource resource, String valueName);
+
+ public GateResult canCreateValue(Resource resource, String valueName);
+
+ public GateResult canUpdateValue(Resource resource, String valueName);
+
+ public GateResult canDeleteValue(Resource resource, String valueName);
+
+ /**
+ * Allows to transform the query based on the current user's credentials.
+ * Can be used to narrow down queries to omit results that the current user
+ * is not allowed to see anyway, speeding up downstream access control.
+ *
+ * Query transformations are not critical with respect to access control as
+ * results are checked using the canRead.. methods anyway.
+ *
+ * @param query
+ * the query
+ * @param language
+ * the language in which the query is expressed
+ * @param resourceResolver
+ * the resource resolver which resolves the query
+ * @return the transformed query
+ * @throws AccessSecurityException
+ */
+ public String transformQuery(String query, String language,
+ ResourceResolver resourceResolver) throws AccessSecurityException;
+
+ /* for convenience (and performance) */
+ public boolean hasReadRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasCreateRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasUpdateRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasDeleteRestrictions(ResourceResolver resourceResolver);
+
+ public boolean hasExecuteRestrictions(ResourceResolver resourceResolver);
+
+ public boolean canReadAllValues(Resource resource);
+
+ public boolean canCreateAllValues(Resource resource);
+
+ public boolean canUpdateAllValues(Resource resource);
+
+ public boolean canDeleteAllValues(Resource resource);
+
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
new file mode 100644
index 0000000..fd93b2f
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.sling.api.resource.ModifiableValueMap;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceWrapper;
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+/**
+ * The <code>AccessGateResourceWrapper</code> wraps a <code>Resource</code> and
+ * intercepts calls to adaptTo to wrap the adapted <code>ValueMap</code> or
+ * also a <code>ModifiableValueMap</code> to enforce access rules defined
+ * by implementations of <code>ResourceAccessGate</code>
+ *
+ */
+public class AccessGateResourceWrapper extends ResourceWrapper {
+
+ private final List<ResourceAccessGate> accessGatesForReadValues;
+ private final boolean modifiable;
+
+ /**
+ * Creates a new wrapper instance delegating all method calls to the given
+ * <code>resource</code>, but intercepts the calls with checks to the
+ * applied ResourceAccessGate instances for read and/or update values.
+ *
+ * @param resource resource to protect
+ * @param accessGatesForReadForValues list of access gates to ask when reading values. If
+ * the list is <code>null</code> or empty there are no read restrictions
+ * @param modifiable if <code>true</code> the resource can be updated
+ */
+ public AccessGateResourceWrapper(final Resource resource,
+ final List<ResourceAccessGate> accessGatesForReadForValues,
+ final boolean modifiable ) {
+ super( resource );
+ this.accessGatesForReadValues = accessGatesForReadForValues;
+ this.modifiable = modifiable;
+ }
+
+ /**
+ * Returns the value of calling <code>adaptTo</code> on the
+ * {@link #getResource() wrapped resource}.
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public <AdapterType> AdapterType adaptTo(Class<AdapterType> type) {
+ // we do not support the deprecated PersistableValueMap
+ AdapterType adapter = getResource().adaptTo(type);
+
+ if (adapter != null && !modifiable) {
+ if (type == ModifiableValueMap.class) {
+ adapter = null;
+ }
+ else if (type == Map.class || type == ValueMap.class) {
+ // protect also against accidental modifications when changes are done in an adapted map
+ adapter = (AdapterType) new ReadOnlyValueMapWrapper((Map) adapter);
+ }
+ }
+
+
+ return adapter;
+
+
+ }
+
+
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
new file mode 100644
index 0000000..e784236
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+@Component
+@Service(value=ResourceAccessSecurity.class)
+@Property(name=ResourceAccessSecurity.CONTEXT, value=ResourceAccessSecurity.APPLICATION_CONTEXT)
+@Reference(name="ResourceAccessGate", referenceInterface=ResourceAccessGate.class,
+ cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
+ policy=ReferencePolicy.DYNAMIC,
+ target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.APPLICATION_CONTEXT + ")")
+public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+
+ public ApplicationResourceAccessSecurityImpl() {
+ super(true);
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
new file mode 100644
index 0000000..80fd43e
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+@Component
+@Service(value=ResourceAccessSecurity.class)
+@Property(name=ResourceAccessSecurity.CONTEXT, value=ResourceAccessSecurity.PROVIDER_CONTEXT)
+@Reference(name="ResourceAccessGate", referenceInterface=ResourceAccessGate.class,
+ cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
+ policy=ReferencePolicy.DYNAMIC,
+ target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.PROVIDER_CONTEXT + ")")
+public class ProviderResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+
+ public ProviderResourceAccessSecurityImpl() {
+ super(false);
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java
new file mode 100644
index 0000000..43ac8db
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.Map;
+
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.api.wrappers.ValueMapDecorator;
+
+/**
+ * Wrapper class that does protect the underlying map from modifications.
+ */
+public class ReadOnlyValueMapWrapper extends ValueMapDecorator
+ implements ValueMap {
+
+ /**
+ * Creates a new wrapper around a given map.
+ *
+ * @param base wrapped object
+ */
+ public ReadOnlyValueMapWrapper(Map<String, Object> base) {
+ super(base);
+ }
+
+ @Override
+ public Object put(String key, Object value) {
+ // TODO we probably should log this as a warning
+ return null;
+ }
+
+ @Override
+ public Object remove(Object key) {
+ // TODO we probably should log this as a warning
+ return null;
+ }
+
+ @Override
+ public void putAll(Map<? extends String, ?> t) {
+ // TODO we probably should log this as a warning
+ }
+
+ @Override
+ public void clear() {
+ // TODO we probably should log this as a warning
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
new file mode 100644
index 0000000..7cb94d6
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
@@ -0,0 +1,122 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.sling.commons.osgi.PropertiesUtil;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.osgi.framework.ServiceReference;
+
+public class ResourceAccessGateHandler implements Comparable<ResourceAccessGateHandler> {
+
+ private final ResourceAccessGate resourceAccessGate;
+
+ private final ServiceReference reference;
+
+ private final Pattern pathPattern;
+ private final Set<ResourceAccessGate.Operation> operations = new HashSet<ResourceAccessGate.Operation>();
+ private final Set<ResourceAccessGate.Operation> finalOperations = new HashSet<ResourceAccessGate.Operation>();
+
+ /**
+ * constructor
+ */
+ public ResourceAccessGateHandler ( final ServiceReference resourceAccessGateRef ) {
+ this.reference = resourceAccessGateRef;
+
+ resourceAccessGate = (ResourceAccessGate) resourceAccessGateRef.getBundle().
+ getBundleContext().getService(resourceAccessGateRef);
+ // extract the service property "path"
+ final String path = (String) resourceAccessGateRef.getProperty(ResourceAccessGate.PATH);
+ if ( path != null ) {
+ pathPattern = Pattern.compile(path);
+ } else {
+ pathPattern = Pattern.compile(".*");
+ }
+
+ // extract the service property "operations"
+ final String ops = PropertiesUtil.toString( resourceAccessGateRef.getProperty(ResourceAccessGate.OPERATIONS), null );
+ if ( ops != null && ops.length() > 0 ) {
+ final String[] opsArray = ops.split( "," );
+ for (final String opAsString : opsArray) {
+ final ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+ if ( operation != null ) {
+ operations.add(operation);
+ }
+ }
+ } else {
+ for (final ResourceAccessGate.Operation op : ResourceAccessGate.Operation.values() ) {
+ operations.add(op);
+ }
+ }
+
+ // extract the service property "finaloperations"
+ final String finalOps = PropertiesUtil.toString(resourceAccessGateRef.getProperty(ResourceAccessGate.FINALOPERATIONS), null );
+ if ( finalOps != null && finalOps.length() > 0 ) {
+ final String[] finOpsArray = finalOps.split( "," );
+ for (final String opAsString : finOpsArray) {
+ final ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+ if ( operation != null ) {
+ finalOperations.add(operation);
+ }
+ }
+ }
+
+ }
+
+ public boolean matches ( final String path, final ResourceAccessGate.Operation operation ) {
+ boolean returnValue = false;
+
+ if ( operations.contains( operation ) ) {
+ final Matcher match = pathPattern.matcher(path);
+ returnValue = match.matches();
+ }
+
+ return returnValue;
+ }
+
+ public boolean isFinalOperation( final ResourceAccessGate.Operation operation ) {
+ return finalOperations.contains(operation);
+ }
+
+ public ResourceAccessGate getResourceAccessGate () {
+ return resourceAccessGate;
+ }
+
+ @Override
+ public int compareTo(final ResourceAccessGateHandler o) {
+ return this.reference.compareTo(o.reference);
+ }
+
+ @Override
+ public boolean equals(final Object obj) {
+ if ( obj instanceof ResourceAccessGateHandler ) {
+ return ((ResourceAccessGateHandler)obj).reference.equals(this.reference);
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode() {
+ return this.reference.hashCode();
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
new file mode 100644
index 0000000..72279e5
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -0,0 +1,347 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
+import org.osgi.framework.ServiceReference;
+
+public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
+
+ private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
+
+ private final boolean defaultAllow;
+
+ public ResourceAccessSecurityImpl(final boolean defaultAllow) {
+ this.defaultAllow = defaultAllow;
+ }
+
+ /**
+ * This method returns either an iterator delivering the matching handlers
+ * or <code>null</code>.
+ */
+ private Iterator<ResourceAccessGateHandler> getMatchingResourceAccessGateHandlerIterator(
+ final String path, final ResourceAccessGate.Operation operation) {
+ //
+ // TODO: maybe caching some frequent paths with read operation would be
+ // a good idea
+ //
+ final List<ResourceAccessGateHandler> handlers = allHandlers;
+ if (handlers.size() > 0) {
+
+ final Iterator<ResourceAccessGateHandler> iter = handlers.iterator();
+ return new Iterator<ResourceAccessGateHandler>() {
+
+ private ResourceAccessGateHandler next;
+
+ {
+ peek();
+ }
+
+ private void peek() {
+ this.next = null;
+ while ( iter.hasNext() && next == null ) {
+ final ResourceAccessGateHandler handler = iter.next();
+ if (handler.matches(path, operation)) {
+ next = handler;
+ }
+ }
+ }
+
+ @Override
+ public boolean hasNext() {
+ return next != null;
+ }
+
+ @Override
+ public ResourceAccessGateHandler next() {
+ if ( next == null ) {
+ throw new NoSuchElementException();
+ }
+ final ResourceAccessGateHandler handler = this.next;
+ peek();
+ return handler;
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+ };
+ }
+
+ return null;
+ }
+
+ @Override
+ public Resource getReadableResource(final Resource resource) {
+ Resource returnValue = (this.defaultAllow ? resource : null);
+
+ final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.READ);
+
+ GateResult finalGateResult = null;
+ List<ResourceAccessGate> accessGatesForReadValues = null;
+ boolean canReadAllValues = false;
+
+
+ if ( accessGateHandlers != null ) {
+
+ while ( accessGateHandlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
+ if (!canReadAllValues && gateResult == GateResult.GRANTED) {
+ if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
+ canReadAllValues = true;
+ accessGatesForReadValues = null;
+ } else {
+ if (accessGatesForReadValues == null) {
+ accessGatesForReadValues = new ArrayList<ResourceAccessGate>();
+ }
+ accessGatesForReadValues.add(resourceAccessGateHandler.getResourceAccessGate());
+ }
+ }
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ // stop checking if the operation is final and the result not GateResult.DONTCARE
+ if (gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
+ break;
+ }
+ }
+
+
+ // return null if access is denied or no ResourceAccessGate is present
+ if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
+ returnValue = null;
+ } else if (finalGateResult == GateResult.DONTCARE) {
+ returnValue = (this.defaultAllow ? resource : null);
+ } else if (finalGateResult == GateResult.GRANTED ) {
+ returnValue = resource;
+ }
+ }
+
+ boolean canUpdateResource = canUpdate(resource);
+
+ // wrap Resource if read access is not or partly (values) not granted
+ if (returnValue != null) {
+ if( !canReadAllValues || !canUpdateResource ) {
+ returnValue = new AccessGateResourceWrapper(returnValue,
+ accessGatesForReadValues,
+ canUpdateResource);
+ }
+ }
+
+ return returnValue;
+ }
+
+ @Override
+ public boolean canCreate(final String path,
+ final ResourceResolver resolver) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ path, ResourceAccessGate.Operation.CREATE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canUpdate(final Resource resource) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.UPDATE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canDelete(final Resource resource) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.DELETE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canExecute(final Resource resource) {
+ final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+ resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
+ boolean result = this.defaultAllow;
+ if ( handlers != null ) {
+ GateResult finalGateResult = null;
+
+ while ( handlers.hasNext() ) {
+ final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
+
+ final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
+ if (finalGateResult == null) {
+ finalGateResult = gateResult;
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ finalGateResult = gateResult;
+ }
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
+ break;
+ }
+ }
+
+ if ( finalGateResult == GateResult.GRANTED ) {
+ result = true;
+ } else if ( finalGateResult == GateResult.DENIED ) {
+ result = false;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public boolean canReadValue(final Resource resource, final String valueName) {
+ // TODO Auto-generated method stub
+ return this.defaultAllow;
+ }
+
+ @Override
+ public boolean canSetValue(final Resource resource, final String valueName) {
+ // TODO Auto-generated method stub
+ return this.defaultAllow;
+ }
+
+ @Override
+ public boolean canDeleteValue(final Resource resource, final String valueName) {
+ // TODO Auto-generated method stub
+ return this.defaultAllow;
+ }
+
+ @Override
+ public String transformQuery(final String query,
+ final String language,
+ final ResourceResolver resourceResolver)
+ throws AccessSecurityException {
+ return query;
+ }
+
+ /**
+ * Add a new resource access gate
+ */
+ protected void bindResourceAccessGate(final ServiceReference ref) {
+ synchronized ( this ) {
+ final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);
+
+ final ResourceAccessGateHandler h = new ResourceAccessGateHandler(ref);
+ newList.add(h);
+ Collections.sort(newList);
+ this.allHandlers = newList;
+ }
+ }
+
+ /**
+ * Remove a resource access gate
+ */
+ protected void unbindResourceAccessGate(final ServiceReference ref) {
+ synchronized ( this ) {
+ final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);
+
+ final ResourceAccessGateHandler h = new ResourceAccessGateHandler(ref);
+ newList.remove(h);
+ this.allHandlers = newList;
+ }
+ }
+}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java b/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
new file mode 100644
index 0000000..61145aa
--- /dev/null
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+@Version("1.0.0")
+package org.apache.sling.resourceaccesssecurity;
+
+import aQute.bnd.annotation.Version;
+
diff --git a/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java b/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java
new file mode 100644
index 0000000..c7575a6
--- /dev/null
+++ b/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java
@@ -0,0 +1,189 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+
+import junit.framework.TestCase;
+import org.apache.sling.api.resource.ModifiableValueMap;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.junit.Before;
+import org.junit.Test;
+import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.verify;
+
+import static org.junit.Assert.assertTrue;
+
+public class ResourceAccessSecurityImplTests {
+
+ ServiceReference serviceReference;
+ ResourceAccessSecurity resourceAccessSecurity;
+ ResourceAccessGate resourceAccessGate;
+
+ @Before
+ public void setUp() {
+ resourceAccessSecurity = new ProviderResourceAccessSecurityImpl();
+ }
+
+
+ @Test
+ public void testCanUpdate(){
+ initMocks("/content", new String[] { "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ assertTrue(resourceAccessSecurity.canUpdate(resource));
+ }
+
+ @Test
+ public void testCannotUpdate(){
+ initMocks("/content", new String[] { "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ assertFalse(resourceAccessSecurity.canUpdate(resource));
+ }
+
+ @Test
+ public void testCannotUpdateWrongPath(){
+ initMocks("/content", new String[] { "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/wrongcontent");
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ assertFalse(resourceAccessSecurity.canUpdate(resource));
+ }
+
+ @Test
+ public void testCanUpdateUsingReadableResource(){
+ // one needs to have also read rights to obtain the resource
+
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+ ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class);
+
+
+ resultValueMap.put("modified", "value");
+
+ verify(valueMap, times(1)).put("modified", "value");
+ }
+
+
+ @Test
+ public void testCannotUpdateUsingReadableResourceIfCannotRead(){
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+
+ assertNull(readableResource);
+ }
+
+
+ @Test
+ public void testCannotUpdateUsingReadableResourceIfCannotUpdate(){
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+ ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class);
+
+ assertNull(resultValueMap);
+ }
+
+
+ @Test
+ public void testCannotUpdateAccidentallyUsingReadableResourceIfCannotUpdate(){
+ initMocks("/content", new String[] { "read", "update"} );
+
+ Resource resource = mock(Resource.class);
+ when(resource.getPath()).thenReturn("/content");
+
+ ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+ when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+ when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+ when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+ Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+ ValueMap resultValueMap = readableResource.adaptTo(ValueMap.class);
+
+ resultValueMap.put("modified", "value");
+
+ verify(valueMap, times(0)).put("modified", "value");
+ }
+
+ private void initMocks(String path, String[] operations){
+ serviceReference = mock(ServiceReference.class);
+ Bundle bundle = mock(Bundle.class);
+ BundleContext bundleContext = mock(BundleContext.class);
+ resourceAccessGate = mock(ResourceAccessGate.class);
+
+ when(serviceReference.getBundle()).thenReturn(bundle);
+ when(bundle.getBundleContext()).thenReturn(bundleContext);
+ when(bundleContext.getService(serviceReference)).thenReturn(resourceAccessGate);
+
+ when(serviceReference.getProperty(ResourceAccessGate.PATH)).thenReturn(path);
+ when(serviceReference.getProperty(ResourceAccessGate.OPERATIONS)).thenReturn(operations);
+
+ ((ProviderResourceAccessSecurityImpl) resourceAccessSecurity).bindResourceAccessGate(serviceReference);
+ }
+
+
+
+}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 06/13: SLING-3918 -
If a resource does not have a path a NPE occurrs
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit f5cad96a27c39607b6fd50a76ac36907841abd97
Author: Mike Müller <my...@apache.org>
AuthorDate: Tue Sep 9 06:41:16 2014 +0000
SLING-3918 - If a resource does not have a path a NPE occurrs
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1623668 13f79535-47bb-0310-9956-ffa450edef68
---
.../resourceaccesssecurity/impl/ResourceAccessGateHandler.java | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
index 7cb94d6..b064910 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
@@ -87,8 +87,14 @@ public class ResourceAccessGateHandler implements Comparable<ResourceAccessGateH
boolean returnValue = false;
if ( operations.contains( operation ) ) {
- final Matcher match = pathPattern.matcher(path);
- returnValue = match.matches();
+ if (path != null) {
+ final Matcher match = pathPattern.matcher(path);
+ returnValue = match.matches();
+ } else {
+ // if no path is given just add every ResourceAccessGate for
+ // security reason
+ return true;
+ }
}
return returnValue;
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-resourceaccesssecurity] 11/13: revert
changes from not released release...
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 32b55edab144eda9ee7efdcf343e063be8793329
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Sep 17 11:54:10 2014 +0000
revert changes from not released release...
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1625530 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 282 ++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 141 insertions(+), 141 deletions(-)
diff --git a/pom.xml b/pom.xml
index 5aff0d5..666fffd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,141 +1,141 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.sling</groupId>
- <artifactId>sling</artifactId>
- <version>20</version>
- <relativePath>../../../parent/pom.xml</relativePath>
- </parent>
-
- <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
- <version>1.0.0</version>
- <packaging>bundle</packaging>
-
- <name>Apache Sling Resource Access Security</name>
- <description>
- This bundle provides in implementation of the ResourceAccessSecurity service
- </description>
-
- <scm>
- <connection>
- scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
- </connection>
- <developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
- </developerConnection>
- <url>
- http://svn.apache.org/viewvc/sling/tags/org.apache.sling.resourceaccesssecurity-1.0.0
- </url>
- </scm>
-
- <properties>
- <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
- <sling.java.version>6</sling.java.version>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- </plugin>
- <plugin>
- <groupId>org.apache.sling</groupId>
- <artifactId>maven-sling-plugin</artifactId>
- <executions>
- <execution>
- <id>generate-adapter-metadata</id>
- <phase>process-classes</phase>
- <goals>
- <goal>generate-adapter-metadata</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.api</artifactId>
- <version>2.5.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.osgi</artifactId>
- <version>2.2.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.sling</groupId>
- <artifactId>adapter-annotations</artifactId>
- <version>1.0.0</version>
- <scope>provided</scope>
- </dependency>
-
- <!-- Testing -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.9.5</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>20</version>
+ <relativePath>../../../parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <name>Apache Sling Resource Access Security</name>
+ <description>
+ This bundle provides in implementation of the ResourceAccessSecurity service
+ </description>
+
+ <scm>
+ <connection>
+ scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+ </developerConnection>
+ <url>
+ http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
+ </url>
+ </scm>
+
+ <properties>
+ <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+ <sling.java.version>6</sling.java.version>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-adapter-metadata</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>generate-adapter-metadata</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.5.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.2.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>adapter-annotations</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.9.5</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.