(sling-org-apache-sling-jcr-jackrabbit-usermanager) branch master updated: SLING-12185 AuthorizableResourceProvider matches wrong prefix (#22)

Thu, 07 Dec 2023 11:04:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

enorman pushed a commit to branch master
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git


The following commit(s) were added to refs/heads/master by this push:
     new bfa57e7  SLING-12185 AuthorizableResourceProvider matches wrong prefix 
(#22)
bfa57e7 is described below

commit bfa57e790ccd2c47440223e6482b5da46090f148
Author: Eric Norman <enor...@apache.org>
AuthorDate: Thu Dec 7 11:04:26 2023 -0800

    SLING-12185 AuthorizableResourceProvider matches wrong prefix (#22)
    
    check the type of the found Authorizable to ensure that the object type
    matches the expected resource path prefix
---
 .../impl/resource/AuthorizableResourceProvider.java       |  9 ++++++++-
 .../it/resource/AuthorizableResourceProviderIT.java       | 15 +++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git 
a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java
 
b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java
index 6c959f8..13207ae 100644
--- 
a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java
+++ 
b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableResourceProvider.java
@@ -30,6 +30,8 @@ import 
org.apache.jackrabbit.api.security.principal.GroupPrincipal;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.sling.api.SlingException;
 import org.apache.sling.api.resource.Resource;
@@ -228,10 +230,13 @@ public class AuthorizableResourceProvider extends 
ResourceProvider<Object> imple
         T result = null;
         // the principalId should be the first segment after the prefix
         String suffix = null;
+        Class<? extends Authorizable> expectedAuthorizableClass = null;
         if (path.startsWith(systemUserManagerUserPrefix)) {
             suffix = path.substring(systemUserManagerUserPrefix.length());
+            expectedAuthorizableClass = User.class;
         } else if (path.startsWith(systemUserManagerGroupPrefix)) {
             suffix = path.substring(systemUserManagerGroupPrefix.length());
+            expectedAuthorizableClass = Group.class;
         }
 
         if (suffix != null) {
@@ -252,7 +257,9 @@ public class AuthorizableResourceProvider extends 
ResourceProvider<Object> imple
                     if (userManager != null) {
                         Authorizable authorizable = 
userManager.getAuthorizable(pid);
                         if (authorizable != null) {
-                            result = authorizableWorker.doWork(authorizable, 
relPath);
+                            if 
(expectedAuthorizableClass.isInstance(authorizable)) { // SLING-12185
+                                result = 
authorizableWorker.doWork(authorizable, relPath);
+                            }
                         } else if (principalWorker != null && relPath == null){
                             // SLING-11098 check for a principal that is not 
an authorizable like the everyone group
                             PrincipalManager principalManager = 
AccessControlUtil.getPrincipalManager(session);
diff --git 
a/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java
 
b/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java
index 28607c6..1f8d5ad 100644
--- 
a/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java
+++ 
b/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/resource/AuthorizableResourceProviderIT.java
@@ -338,4 +338,19 @@ public class AuthorizableResourceProviderIT extends 
BaseAuthorizableResourcesIT
         }
     }
 
+    /**
+     * Test to verify the fix for SLING-12185
+     */
+    @Test
+    public void getResourceWithWrongPathPrefix() throws LoginException, 
RepositoryException {
+        createResourcesForAdaptTo();
+
+        try (ResourceResolver resourceResolver = 
resourceResolverFactory.getResourceResolver(Collections.singletonMap(JcrResourceConstants.AUTHENTICATION_INFO_SESSION,
 adminSession))) {
+            Resource groupResource = 
resourceResolver.getResource(String.format("%s%s", 
userManagerPaths.getUserPrefix(), group1.getID()));
+            assertNull(groupResource);
+
+            Resource userResource = 
resourceResolver.getResource(String.format("%s%s", 
userManagerPaths.getGroupPrefix(), user1.getID()));
+            assertNull(userResource);
+        }
+    }
 }

Reply via email to