This is an automated email from the ASF dual-hosted git repository. enorman pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git
The following commit(s) were added to refs/heads/master by this push: new bfa57e7 SLING-12185 AuthorizableResourceProvider matches wrong prefix (#22) bfa57e7 is described below commit bfa57e790ccd2c47440223e6482b5da46090f148 Author: Eric Norman <enor...@apache.org> AuthorDate: Thu Dec 7 11:04:26 2023 -0800 SLING-12185 AuthorizableResourceProvider matches wrong prefix (#22) check the type of the found Authorizable to ensure that the object type matches the expected resource path prefix --- .../impl/resource/AuthorizableResourceProvider.java | 9 ++++++++- .../it/resource/AuthorizableResourceProviderIT.java | 15 +++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java index 6c959f8..13207ae 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java @@ -30,6 +30,8 @@ import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.Group; +import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.sling.api.SlingException; import org.apache.sling.api.resource.Resource; @@ -228,10 +230,13 @@ public class AuthorizableResourceProvider extends ResourceProvider<Object> imple T result = null; // the principalId should be the first segment after the prefix String suffix = null; + Class<? extends Authorizable> expectedAuthorizableClass = null; if (path.startsWith(systemUserManagerUserPrefix)) { suffix = path.substring(systemUserManagerUserPrefix.length()); + expectedAuthorizableClass = User.class; } else if (path.startsWith(systemUserManagerGroupPrefix)) { suffix = path.substring(systemUserManagerGroupPrefix.length()); + expectedAuthorizableClass = Group.class; } if (suffix != null) { @@ -252,7 +257,9 @@ public class AuthorizableResourceProvider extends ResourceProvider<Object> imple if (userManager != null) { Authorizable authorizable = userManager.getAuthorizable(pid); if (authorizable != null) { - result = authorizableWorker.doWork(authorizable, relPath); + if (expectedAuthorizableClass.isInstance(authorizable)) { // SLING-12185 + result = authorizableWorker.doWork(authorizable, relPath); + } } else if (principalWorker != null && relPath == null){ // SLING-11098 check for a principal that is not an authorizable like the everyone group PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session); diff --git a/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java b/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java index 28607c6..1f8d5ad 100644 --- a/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java +++ b/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java @@ -338,4 +338,19 @@ public class AuthorizableResourceProviderIT extends BaseAuthorizableResourcesIT } } + /** + * Test to verify the fix for SLING-12185 + */ + @Test + public void getResourceWithWrongPathPrefix() throws LoginException, RepositoryException { + createResourcesForAdaptTo(); + + try (ResourceResolver resourceResolver = resourceResolverFactory.getResourceResolver(Collections.singletonMap(JcrResourceConstants.AUTHENTICATION_INFO_SESSION, adminSession))) { + Resource groupResource = resourceResolver.getResource(String.format("%s%s", userManagerPaths.getUserPrefix(), group1.getID())); + assertNull(groupResource); + + Resource userResource = resourceResolver.getResource(String.format("%s%s", userManagerPaths.getGroupPrefix(), user1.getID())); + assertNull(userResource); + } + } }