Re: Sling demos (Was Re: Ways of launching Sling for the demos)

2014-05-17 Thread Carsten Ziegeler 
+1 and I think someone was working on this already... :)

Carsten


2014-05-17 1:52 GMT+02:00 Ruben Reusser r...@headwire.com:

 Carsten

 It would be a good idea to make the demos available from the root page in
 sling once a demo is deployed. Some short description of the demo and how
 it's supposed to be used would be good too.

 Ruben

  On May 16, 2014, at 4:49 AM, Carsten Ziegeler cziege...@apache.org
 wrote:
 
  Thanks for bringing this up, David!
 
  So what do people think, should we remove some of the demos David
  mentioned? It doesn't make sense to have them around when they are of no
  real value.
 
  Carsten
 
 
  2014-04-07 15:36 GMT+02:00 David Bosschaert david.bosscha...@gmail.com
 :
 
  Hi all,
 
  On 3 April 2014 17:14, David Bosschaert david.bosscha...@gmail.com
  wrote:
  On 3 April 2014 16:15, Bertrand Delacretaz bdelacre...@apache.org
  wrote:
  Note that you might find some quite old stuff under /samples, if you
  have suggestions for things that should be archived or at least marked
  obsolete let's hear them!
 
  I'm planning to take a closer look at their semantics soon - will
  share my thoughts :)
 
  I had a closer look at the demos. Many of the demos weren't really
  broken, but the steps to use them were often wrong (which made you
  feel it was broken) or missing. I updated the documentation for the
  following demos:
  * accessmanager-ui
  * espblog
  * javashell
  * path-based-rtp
  * slingbucks
  * slingshot
  * usermanager-ui
  * webloader (service and ui)
  the patch is in SLING-3489. I think they above demos are definitely
 useful
  :)
 
  The JavaShell demo had two deps that were broken, a fix is attached
  here: SLING-3493.
 
  I wasn't too sure about the following demos
  * simple-demo, I personally find this demo confusing and not 'simple' at
  all.
  * framework-fragment - this demo is broken, but it seems to show how
  to expand the OSGi Framework system packages. Seems to me that the
  Sling project is the wrong place for a demo like this (and in
  addition, you generally don't want to advocate this feature anyway).
  * installing-dependencies, a maven-based demo, is this still relevant?
  When would you use this setup?
  Maybe remove these three?
 
  I wasn't sure whether the following demos worked, at least I didn't
  figure out how to make them change the login form...
  * custom-login-form
  * custom-selector-login-form
  if someone can tell me how to make them do something, let me know and
  I can update their docs...
 
  The post-servlet-ext demo does seem to work, but requires development
  on the user side before you can actually see what it does. (The user
  needs to create a page that does a post with :operation=link to see
  something)
  I would suggest to add some more content to this demo so that you can
  actually see what it does.
 
  There are also a number of demos that aren't listed as submodules of
  the 'samples' pom, so they have less visibility. I would suggest to
  either remove them or make them submodules:
  * inplace-integration-tests: this one is broken, but seems useful. I
  think we should fix it and include as submodule in parent pom.
  * mail-archive: this is the beginning of a more comprehensive example.
  It seems nice but is unfortunately unfinished and doesn't seem to
  currently work. Should we keep it?
  * urlfilter: an example of using Servlet Filters with Sling. There is
  no documentation, but it might be useful to keep (and add some docs :)
  * workspacepicker: another Servlet Filter demo, this time using OSGi
  Services (whereas the urlfilter uses @SlingFilter). Again: without
  docs. Should we keep this?
 
  Thoughts, anyone?
  Cheers,
 
  David
 
 
 
  --
  Carsten Ziegeler
  cziege...@apache.org




-- 
Carsten Ziegeler
cziege...@apache.org

Re: Events, Jobs and admin sessions

2014-05-17 Thread Carsten Ziegeler 
Just to be cristal clear, I'm absolutely not against doing something in
this space and I totally agree that its worth investing , but I doubt that
there is a general out of the box solution which magically works the way
you want without changing the job creator and the consumer. Magic and
security usually doesn't play well with each other. In addition, the job
might be executed on a totally different system.

So far I only see the manual one where both, the creator and the executor
of a job are aware of the problem and do the right thing.
But maybe someone has a clever idea and comes up with a PoC.

Carsten



2014-05-15 11:25 GMT+02:00 Christian Keller chkel...@adobe.com:

  -Original Message-
  From: Carsten Ziegeler [mailto:cziege...@apache.org]
  Sent: Mittwoch, 14. Mai 2014 19:35
  To: dev@sling.apache.org
  Subject: Re: Events, Jobs and admin sessions
 
  Yes, I think there is no general solution. This has to be done on a job
  by job basis. Usually the code starting a job and consuming the job
  later on are related, so if a job consumer needs to read from the
  resource tree with the user rights this has to be defined within the
  job and the job producer has to add the corresponding information as
  properties to the job. The consumer can then simply fail if this is
  missing.
  In this sense, the subject is treated the same as e.g. the path
  pointing to the data in the resource tree.

 I think it is a valid and general request to wish that a Job is executed
 with the same permissions as the caller.
 Eg. imagine a scheduled Job.
 You could even reason for security reasons a Job MUST be done with the
 same permission.
 Else if I can start a Job that does something I'm not denied it results in
 me being allowed.
 Eg. If there is a System.exit() Job and I'm anonymous.
 I think the general solution is to call the Job-Processor in the
 AccessControlContext of the Job creator.

 A related topic, I have to deal with, is that I like to execute something
 on an org.osgi.*.EventHandler with the Permissions for the Event-Generator.
 Eg. User A added a Resource.
 In this case the EventGenerator and EventHandler are unrelated.
 But still they don't want to exceed the privileges of the original Event.
 Especially in Collaboration Application but genarally in a Everything is
 Conent Repository environment. Imagine a Replication on Modification
 Service, shouldn't the Service that listens to the Modification Event fail
 to Replicate if the one that made the modification does not have
 Replication privilege as default. Allowing and thus extending the privilege
 is a valid case to, but it should be done explicitly and not per default

 For the event case I do not have a solution at hand. It digs into Osgi /
 Felix I'm not firm with.
 But as there is need and often use for it, I would opt to reserve time for
 it if we come to the conclusion it is worth it.

 Regards
 Christian


 
  Regards
  Carsten
 
 
  2014-05-14 15:49 GMT+02:00 Lars Krapf lkr...@adobe.com:
 
   Hello Carsten
  
   Thanks for your reply.
  
   No, I don't see an obvious solution either.
   It's just that while reviewing the loginAdmin() usages, I discovered
   that a lot of the cases are based on this problem, and I was hoping
   for a solution that is as generic as possible.
  
   For the jobs, I could imagine an extension of the JobManager API that
   allows passing the subject. The resource resolver factory could then
   take the event/job as a parameter and return a resolver with the
   privileges of the corresponding subject.
  
   For the events, the situation seems to be even more complicated
   because usualy the event is not created manually, and I'm not sure if
   it is possible to assign a specific subject to an event in many
  cases.
  
   The alternative is to use a service-user in the consumer who has
   access to the respective payload, which somehow looks wrong to me
  from
   a security perspective.
  
   Well.. Ideas very welcome :)
  
   Best greetings
   Lars
  
  
   On 13.05.2014 22:57, Carsten Ziegeler wrote:
Hi Lars,
   
I see your point, I don't see right now how a general approach
  could
look like. However, the creator of a job could add the subject as a
property
   to
the job and the consumer can use this value to create a resource
resolver based on that value. But I think this has to be done on a
job by job
   base.
   
Or do you see a general mechanism which always gets the subject of
the sender?
   
Carsten
   
   
2014-05-13 17:21 GMT+02:00 Lars Krapf lkr...@adobe.com:
   
Hello list
   
When processing events and jobs, the corresponding subject
triggering the event usually gets lost. This lead to event
  handlers
/ job consumers often operating with administrative
sessions/resolvers to do their work, which in turn can lead to
  privilege escalations.
   
A possible solution to this problem could be to add a
  serialization
of the

Silng Models Validation Framework

2014-05-17 Thread Katarzyna Kozlowska 
Hello list,

I was thinking about contributing to Sling and creating Sling Models
Validation Framework. I was inspired by JSR 303 and I want to base my
solution on annotations. I would really appreciate your feedback on my
idea.

Best Regards,
Kasia