[jira] [Commented] (SLING-8020) AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
[
https://issues.apache.org/jira/browse/SLING-8020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16651115#comment-16651115
]
ASF GitHub Bot commented on SLING-8020:
---
cziegeler closed pull request #10: SLING-8020 - AttachFeaturesMojo should allow
user to set title, description, vendor and license fields to the attached
Feature, taking data from the POM
URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/10
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> AttachFeaturesMojo should allow user to set title, description, vendor and
> license fields to the attached Feature, taking data from the POM
> ---
>
> Key: SLING-8020
> URL: https://issues.apache.org/jira/browse/SLING-8020
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Minor
>
> As per subject, it would be useful if the {{AttachFeaturesMojo}} could expose
> a flag that, if enabled, ({{false}} by default) would set {{title}},
> {{description}}, {{vendor}} and {{license}} fields taking related values from
> the POM.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[GitHub] cziegeler closed pull request #10: SLING-8020 - AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
cziegeler closed pull request #10: SLING-8020 - AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/10 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] justinedelson commented on issue #6: SLING-7586 - using weak references as cache values to avoid memory leak
justinedelson commented on issue #6: SLING-7586 - using weak references as cache values to avoid memory leak URL: https://github.com/apache/sling-org-apache-sling-models-impl/pull/6#issuecomment-430058122 @paul-bjorkstrand I have no disagreement with any of this. I'm not in a position to drive these changes as my role has changed, but perhaps another Sling committer will be able to review/update/apply this patch. @karlpauls I believe you were looking into this at some point. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[RESULT][VOTE] Release Apache Sling Installer Vault Package Install Hook 1.0.2
P.S. With correct subject On 2018-10-15 19:35, Georg Henzler wrote: Hi, the vote has passed with the following result: +1 (binding): Konrad Windszus, Robert Munteanu, Georg Henzler I will copy this release to the Sling dist directory and promote the artifacts to the central Maven repository. Thanks for voting! -Georg
Re: [VOTE] Release Apache Sling Installer Vault Package Install Hook 1.0.2
Hi, the vote has passed with the following result: +1 (binding): Konrad Windszus, Robert Munteanu, Georg Henzler I will copy this release to the Sling dist directory and promote the artifacts to the central Maven repository. Thanks for voting! -Georg
[GitHub] paul-bjorkstrand edited a comment on issue #6: SLING-7586 - using weak references as cache values to avoid memory leak
paul-bjorkstrand edited a comment on issue #6: SLING-7586 - using weak references as cache values to avoid memory leak URL: https://github.com/apache/sling-org-apache-sling-models-impl/pull/6#issuecomment-391569488 Not sure if this is the best approach. If the leak is related to the `adaptableCache`'s keys (classes) being strongly referenced, then the `adaptableCache` items (the values of the outer map, or `adapterCache`) should be [WeakHashMaps](https://docs.oracle.com/javase/8/docs/api/java/util/WeakHashMap.html), rather than having the result of the adaptation be kept in [WeakReferences](https://docs.oracle.com/javase/8/docs/api/java/lang/ref/WeakReference.html). Actually, thinking about how Felix (and any OSGi container) loads classes, that is probably the way to do it. If a class is collected, because its bundle was reloaded/reinstalled, then the old class (before the reload) is not capable of being collected by the GC, because they are strongly referenced by being the keys in the inner map. ~~~This PR has two issues, as far as I can see:~~~ ~~~1. It does not resolve the memory leak issue, since the keys of the inner maps (the adaptableCache) are still strongly referenced by the map itself.~~~ ~~~2. it adds an odd behavior/performance regression: the adaptableCache maps will have keys for given classes, but will have no values, as the model instances may have been (and likely will have been) collected by the GC, since they are weakly referenced, due to being put inside WeakReferences.~~~ The field should still be typed as ``` Map, Object>> adapterCache; ``` and initialized by ``` adapterCache = Collections.synchronizedMap(new WeakHashMap<>()); ``` The values of the `adapterCache` should by typed as ``` Map, Object> adaptableCache; ``` and initialized by ``` adaptableCache = Collections.synchronizedMap(new WeakHashMap<>(INNER_CACHE_INITIAL_CAPACITY)); ``` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] paul-bjorkstrand commented on issue #6: SLING-7586 - using weak references as cache values to avoid memory leak
paul-bjorkstrand commented on issue #6: SLING-7586 - using weak references as cache values to avoid memory leak URL: https://github.com/apache/sling-org-apache-sling-models-impl/pull/6#issuecomment-430034300 @justinedelson , after seeing https://github.com/Adobe-Marketing-Cloud/asset-share-commons/issues/177 I believe we need a combination of your approach, using `WeakReference` to solve the issue of indirect self referencing, and the addition of using `WeakHashMap` for the inner `Map` instances to completely solve the issue. When I first looked through the code above, I was unable to see the type of issue you were trying to solve. Reading that other ticket on asset-share-commons (and running into the issue in my environment) gave me a clearer understanding of the full issue.. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Commented] (SLING-8020) AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
[
https://issues.apache.org/jira/browse/SLING-8020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650880#comment-16650880
]
ASF GitHub Bot commented on SLING-8020:
---
simonetripodi commented on issue #10: SLING-8020 - AttachFeaturesMojo should
allow user to set title, description, vendor and license fields to the attached
Feature, taking data from the POM
URL:
https://github.com/apache/sling-slingfeature-maven-plugin/pull/10#issuecomment-430033883
@cziegeler as requested, a new guard has been added in order to not override
existing data!
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> AttachFeaturesMojo should allow user to set title, description, vendor and
> license fields to the attached Feature, taking data from the POM
> ---
>
> Key: SLING-8020
> URL: https://issues.apache.org/jira/browse/SLING-8020
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Minor
>
> As per subject, it would be useful if the {{AttachFeaturesMojo}} could expose
> a flag that, if enabled, ({{false}} by default) would set {{title}},
> {{description}}, {{vendor}} and {{license}} fields taking related values from
> the POM.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[GitHub] simonetripodi commented on issue #10: SLING-8020 - AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
simonetripodi commented on issue #10: SLING-8020 - AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/10#issuecomment-430033883 @cziegeler as requested, a new guard has been added in order to not override existing data! This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Commented] (SLING-8020) AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
[
https://issues.apache.org/jira/browse/SLING-8020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650870#comment-16650870
]
Simone Tripodi commented on SLING-8020:
---
Thanks for reviewing [~cziegeler], I'll add the requested fix in the PR! :)
> AttachFeaturesMojo should allow user to set title, description, vendor and
> license fields to the attached Feature, taking data from the POM
> ---
>
> Key: SLING-8020
> URL: https://issues.apache.org/jira/browse/SLING-8020
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Minor
>
> As per subject, it would be useful if the {{AttachFeaturesMojo}} could expose
> a flag that, if enabled, ({{false}} by default) would set {{title}},
> {{description}}, {{vendor}} and {{license}} fields taking related values from
> the POM.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-8020) AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
[
https://issues.apache.org/jira/browse/SLING-8020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650830#comment-16650830
]
Carsten Ziegeler commented on SLING-8020:
-
[~simone.tripodi] looks basically good, but I think the code should check
whether the feature already has a title, desc etc and only use the info from
the pom if it is empty in the feature
> AttachFeaturesMojo should allow user to set title, description, vendor and
> license fields to the attached Feature, taking data from the POM
> ---
>
> Key: SLING-8020
> URL: https://issues.apache.org/jira/browse/SLING-8020
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Minor
>
> As per subject, it would be useful if the {{AttachFeaturesMojo}} could expose
> a flag that, if enabled, ({{false}} by default) would set {{title}},
> {{description}}, {{vendor}} and {{license}} fields taking related values from
> the POM.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Resolved] (SLING-8023) Scheduler should inline quartz
[ https://issues.apache.org/jira/browse/SLING-8023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls resolved SLING-8023. --- Resolution: Fixed done in a3d4190..58f629c > Scheduler should inline quartz > -- > > Key: SLING-8023 > URL: https://issues.apache.org/jira/browse/SLING-8023 > Project: Sling > Issue Type: Improvement > Components: Commons >Affects Versions: Commons Scheduler 2.7.2 >Reporter: Karl Pauls >Assignee: Karl Pauls >Priority: Minor > Fix For: Commons Scheduler 2.7.4 > > > The scheduler should inline quartz in order to avoid having it extracted at > runtime. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8023) Scheduler should inline quartz
Karl Pauls created SLING-8023: - Summary: Scheduler should inline quartz Key: SLING-8023 URL: https://issues.apache.org/jira/browse/SLING-8023 Project: Sling Issue Type: Improvement Components: Commons Affects Versions: Commons Scheduler 2.7.2 Reporter: Karl Pauls Assignee: Karl Pauls Fix For: Commons Scheduler 2.7.4 The scheduler should inline quartz in order to avoid having it extracted at runtime. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8022) Compiler should inline ecj
[ https://issues.apache.org/jira/browse/SLING-8022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls resolved SLING-8022. --- Resolution: Fixed done in e3df6f2..acae4e3 > Compiler should inline ecj > --- > > Key: SLING-8022 > URL: https://issues.apache.org/jira/browse/SLING-8022 > Project: Sling > Issue Type: Improvement > Components: Commons >Affects Versions: Commons Compiler 2.3.6 >Reporter: Karl Pauls >Assignee: Karl Pauls >Priority: Minor > Fix For: Commons Compiler 2.3.8 > > > The compiler should inline the ecj dependency to avoid having it extracted at > runtime. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8022) Compiler should inline ecj
Karl Pauls created SLING-8022: - Summary: Compiler should inline ecj Key: SLING-8022 URL: https://issues.apache.org/jira/browse/SLING-8022 Project: Sling Issue Type: Improvement Components: Commons Affects Versions: Commons Compiler 2.3.6 Reporter: Karl Pauls Assignee: Karl Pauls Fix For: Commons Compiler 2.3.8 The compiler should inline the ecj dependency to avoid having it extracted at runtime. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8021) Scheduler Health Check Service should not be immediate
[ https://issues.apache.org/jira/browse/SLING-8021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls resolved SLING-8021. --- Resolution: Fixed > Scheduler Health Check Service should not be immediate > -- > > Key: SLING-8021 > URL: https://issues.apache.org/jira/browse/SLING-8021 > Project: Sling > Issue Type: Improvement > Components: Commons >Affects Versions: Commons Scheduler 2.7.2 >Reporter: Karl Pauls >Assignee: Karl Pauls >Priority: Minor > Fix For: Commons Scheduler 2.7.4 > > > The SchedulerHealthCheck component shouldn't be immediate so that it doesn't > activate when health checks are not around (the import is optional). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8021) Scheduler Health Check Service should not be immediate
Karl Pauls created SLING-8021: - Summary: Scheduler Health Check Service should not be immediate Key: SLING-8021 URL: https://issues.apache.org/jira/browse/SLING-8021 Project: Sling Issue Type: Improvement Components: Commons Affects Versions: Commons Scheduler 2.7.2 Reporter: Karl Pauls Assignee: Karl Pauls Fix For: Commons Scheduler 2.7.4 The SchedulerHealthCheck component shouldn't be immediate so that it doesn't activate when health checks are not around (the import is optional). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-7618) Multiple exclusion for the same entity ids but with different version should be supported
[
https://issues.apache.org/jira/browse/SLING-7618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus resolved SLING-7618.
Resolution: Fixed
Fixed with
https://github.com/apache/sling-org-apache-sling-installer-hc/commit/4c3d75ed0829e2204b9e69ad8e656931e2a65815.
> Multiple exclusion for the same entity ids but with different version should
> be supported
> -
>
> Key: SLING-7618
> URL: https://issues.apache.org/jira/browse/SLING-7618
> Project: Sling
> Issue Type: Bug
> Components: Installer
>Affects Versions: Installer Health Checks 2.0.0
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Installer Health Checks 2.0.2
>
>
> If multiple exclusions for {{skipEntityIds}} are maintained with the same
> entity id but different versions, only the last entry is currently kept in
> the internal HashMap (as the entity id is used as key).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[GitHub] simonetripodi opened a new pull request #10: SLING-8020 - AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from t
simonetripodi opened a new pull request #10: SLING-8020 - AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/10 initial checkin IT included This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Commented] (SLING-8020) AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
[
https://issues.apache.org/jira/browse/SLING-8020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650558#comment-16650558
]
ASF GitHub Bot commented on SLING-8020:
---
simonetripodi opened a new pull request #10: SLING-8020 - AttachFeaturesMojo
should allow user to set title, description, vendor and license fields to the
attached Feature, taking data from the POM
URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/10
initial checkin
IT included
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> AttachFeaturesMojo should allow user to set title, description, vendor and
> license fields to the attached Feature, taking data from the POM
> ---
>
> Key: SLING-8020
> URL: https://issues.apache.org/jira/browse/SLING-8020
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Minor
>
> As per subject, it would be useful if the {{AttachFeaturesMojo}} could expose
> a flag that, if enabled, ({{false}} by default) would set {{title}},
> {{description}}, {{vendor}} and {{license}} fields taking related values from
> the POM.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Re: Failing with internal release for packageinit
Hi Robert, I had the feeling that it’s related to dirctly invoking javadoc:jar If you crosscheck the javadoc of your release does it actually contain the license information? Cheers Dominik Robert Munteanu schrieb am Mo. 15. Okt. 2018 um 15:37: > Hi Dominik, > > On Wed, 2018-10-10 at 15:06 +0200, Dominik Süß wrote: > > Hi everyone, > > > > Karl somehow managed to get > > https://github.com/apache/sling-org-apache-sling-jcr-packageinit/ up > > and > > running and added the codebase from whiteboard. > > But when I tried to create an internal release I failed with > > > > [ERROR] Failed to execute goal > > org.codehaus.mojo:ianal-maven-plugin:1.0-alpha-1:verify-legal-files > > (verify-legal-files) on project org.apache.sling.jcr.packageinit: > > Artifact > > does not contain any legal files: > > org.apache.sling.jcr.packageinit-0.0.1-T20181010134901-51674eb- > > javadoc.jar > > > > The problem is that the META-INF directory in the javadoc.jar in > > contrast > > to the jar and sources.jar doesn't contain > > the maven-shared-archive-resources (which also contain the LICENSE > > file). > > > > Does anyone have an idea what's going on? I have nothing javadoc > > specific > > in and have no clue how to fix this. > > I have tried to run > > mvn clean install -Papache-release > > which works just fine for me. I have no idea where your problem is > coming from, sorry. > > Robert > >
[jira] [Created] (SLING-8020) AttachFeaturesMojo should allow user to set title, description, vendor and license fields to the attached Feature, taking data from the POM
Simone Tripodi created SLING-8020:
-
Summary: AttachFeaturesMojo should allow user to set title,
description, vendor and license fields to the attached Feature, taking data
from the POM
Key: SLING-8020
URL: https://issues.apache.org/jira/browse/SLING-8020
Project: Sling
Issue Type: Improvement
Components: Feature Model, Maven Plugins and Archetypes
Reporter: Simone Tripodi
Assignee: David Bosschaert
As per subject, it would be useful if the {{AttachFeaturesMojo}} could expose a
flag that, if enabled, ({{false}} by default) would set {{title}},
{{description}}, {{vendor}} and {{license}} fields taking related values from
the POM.
PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7950) Fix ITs with Oak 1.8
[
https://issues.apache.org/jira/browse/SLING-7950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650530#comment-16650530
]
Jason E Bailey commented on SLING-7950:
---
[~rombert] I pushed a fix for the null pointer exception that was occurring
after the session information was written out. That may resolve this
> Fix ITs with Oak 1.8
>
>
> Key: SLING-7950
> URL: https://issues.apache.org/jira/browse/SLING-7950
> Project: Sling
> Issue Type: Sub-task
> Components: Launchpad, Oak, Testing
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Starter 11
>
>
> Updating to Oak 1.8.7 results in the following failures:
> {noformat}[ERROR] Failures:
> [ERROR] AnonymousAccessTest.testAnonymousContent:99->assertContent:85
> Expected status 200 for
> http://localhost:41000/ANON_CAN_READ/AnonymousAccessTest/789235c4-d3b2-43b3-a163-aadb95cdd56b/test_text_789235c4_d.txt
> (content=) expected:<200> but was:<401>
> [ERROR] AnonymousAccessTest.testAnonymousContent:101 Expecting status 404
> when testing outside of anonymous access subtree expected:<404> but was:<401>
> [ERROR]
> AuthRequestLoginTest.testForcedLogin:40->HttpTestBase.getContent:419->HttpTestBase.getContent:424->HttpTestBase.getContent:432->HttpTestBase.getContent:457
> Expected status 200 for
> http://localhost:41000/system/sling/info.sessionInfo.json (content=)
> expected:<200> but was:<401>
> [ERROR] RedirectOnLogoutTest.testRedirectToResourceAfterLogout:70 Expected
> redirect expected:<302> but was:<401>
> [ERROR] Errors:
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [INFO]
> [ERROR] Tests run: 655, Failures: 4, Errors: 4, Skipped: 1{noformat}
> The changes that support this are at
> https://github.com/apache/sling-org-apache-sling-starter/tree/feature/oak-1.8
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7950) Fix ITs with Oak 1.8
[
https://issues.apache.org/jira/browse/SLING-7950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650460#comment-16650460
]
Robert Munteanu commented on SLING-7950:
... but I get the feeling that these are caused by recent changes to the
servlets.get bundle
{noformat}[ERROR]
testNtUnstructured(org.apache.sling.launchpad.webapp.integrationtest.NodeTypeBasedRenderingTest)
Time elapsed: 0.048 s <<< FAILURE!
junit.framework.AssertionFailedError:
Content does not contain 'dumped by HtmlRendererServlet' (content=
http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd;>
http://www.w3.org/1999/xhtml; xml:lang="en">
Resource dumped by HtmlRenderer
Resource path: /testing/NodeTypeBasedRenderingTest/test_7
Resource metadata: {sling.modificationTime=-1,
sling.characterEncoding=null, sling.parameterMap={}, sling.contentType=null,
sling.creationTime=-1, sling.contentLength=-1,
sling.resolutionPath=/testing/NodeTypeBasedRenderingTest/test_7,
sling.resolutionPathInfo=.html}
Resource type: nt:unstructured
Resource super type: -
Resource properties
jcr:primaryType: nt:unstructured
)
at
org.apache.sling.launchpad.webapp.integrationtest.NodeTypeBasedRenderingTest.testSpecificNodeType(NodeTypeBasedRenderingTest.java:68)
at
org.apache.sling.launchpad.webapp.integrationtest.NodeTypeBasedRenderingTest.testNtUnstructured(NodeTypeBasedRenderingTest.java:89)
{noformat}
The test is looking for _dumped by HtmlRenderer*Servlet*_ but the output
contains _dumped by HtmlRenderer_. Might be a case of an overspecifying test.
[~jebailey] - does this change in behaviour sound familiar to you?
> Fix ITs with Oak 1.8
>
>
> Key: SLING-7950
> URL: https://issues.apache.org/jira/browse/SLING-7950
> Project: Sling
> Issue Type: Sub-task
> Components: Launchpad, Oak, Testing
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Starter 11
>
>
> Updating to Oak 1.8.7 results in the following failures:
> {noformat}[ERROR] Failures:
> [ERROR] AnonymousAccessTest.testAnonymousContent:99->assertContent:85
> Expected status 200 for
> http://localhost:41000/ANON_CAN_READ/AnonymousAccessTest/789235c4-d3b2-43b3-a163-aadb95cdd56b/test_text_789235c4_d.txt
> (content=) expected:<200> but was:<401>
> [ERROR] AnonymousAccessTest.testAnonymousContent:101 Expecting status 404
> when testing outside of anonymous access subtree expected:<404> but was:<401>
> [ERROR]
> AuthRequestLoginTest.testForcedLogin:40->HttpTestBase.getContent:419->HttpTestBase.getContent:424->HttpTestBase.getContent:432->HttpTestBase.getContent:457
> Expected status 200 for
> http://localhost:41000/system/sling/info.sessionInfo.json (content=)
> expected:<200> but was:<401>
> [ERROR] RedirectOnLogoutTest.testRedirectToResourceAfterLogout:70 Expected
> redirect expected:<302> but was:<401>
> [ERROR] Errors:
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [INFO]
> [ERROR] Tests run: 655, Failures: 4, Errors: 4, Skipped: 1{noformat}
> The changes that support this are at
> https://github.com/apache/sling-org-apache-sling-starter/tree/feature/oak-1.8
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7950) Fix ITs with Oak 1.8
[
https://issues.apache.org/jira/browse/SLING-7950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650456#comment-16650456
]
Robert Munteanu commented on SLING-7950:
[~olli] - I am running the tests in the following manner:
* {{mvn clean install}} from
https://github.com/apache/sling-org-apache-sling-starter/tree/feature/oak-1.8
* {{mvn clean verify}} from
https://github.com/apache/sling-org-apache-sling-launchpad-testing
I managed to solve the _DavEx_ issues by upgrading the dependency to
jackrabbit-jcr2dav in org.apache.sling.launchpad.integration-tests .
{noformat}diff --git a/pom.xml b/pom.xml
index 3e90be1..8f3f0e6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,7 +177,7 @@
org.apache.jackrabbit
jackrabbit-jcr2dav
- 2.7.1
+ 2.16.3
compile
{noformat}
However, I still get lots of failures related to rendering that I can't make
any sense of.
> Fix ITs with Oak 1.8
>
>
> Key: SLING-7950
> URL: https://issues.apache.org/jira/browse/SLING-7950
> Project: Sling
> Issue Type: Sub-task
> Components: Launchpad, Oak, Testing
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Starter 11
>
>
> Updating to Oak 1.8.7 results in the following failures:
> {noformat}[ERROR] Failures:
> [ERROR] AnonymousAccessTest.testAnonymousContent:99->assertContent:85
> Expected status 200 for
> http://localhost:41000/ANON_CAN_READ/AnonymousAccessTest/789235c4-d3b2-43b3-a163-aadb95cdd56b/test_text_789235c4_d.txt
> (content=) expected:<200> but was:<401>
> [ERROR] AnonymousAccessTest.testAnonymousContent:101 Expecting status 404
> when testing outside of anonymous access subtree expected:<404> but was:<401>
> [ERROR]
> AuthRequestLoginTest.testForcedLogin:40->HttpTestBase.getContent:419->HttpTestBase.getContent:424->HttpTestBase.getContent:432->HttpTestBase.getContent:457
> Expected status 200 for
> http://localhost:41000/system/sling/info.sessionInfo.json (content=)
> expected:<200> but was:<401>
> [ERROR] RedirectOnLogoutTest.testRedirectToResourceAfterLogout:70 Expected
> redirect expected:<302> but was:<401>
> [ERROR] Errors:
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [INFO]
> [ERROR] Tests run: 655, Failures: 4, Errors: 4, Skipped: 1{noformat}
> The changes that support this are at
> https://github.com/apache/sling-org-apache-sling-starter/tree/feature/oak-1.8
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Assigned] (SLING-7950) Fix ITs with Oak 1.8
[
https://issues.apache.org/jira/browse/SLING-7950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu reassigned SLING-7950:
--
Assignee: Robert Munteanu
> Fix ITs with Oak 1.8
>
>
> Key: SLING-7950
> URL: https://issues.apache.org/jira/browse/SLING-7950
> Project: Sling
> Issue Type: Sub-task
> Components: Launchpad, Oak, Testing
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Starter 11
>
>
> Updating to Oak 1.8.7 results in the following failures:
> {noformat}[ERROR] Failures:
> [ERROR] AnonymousAccessTest.testAnonymousContent:99->assertContent:85
> Expected status 200 for
> http://localhost:41000/ANON_CAN_READ/AnonymousAccessTest/789235c4-d3b2-43b3-a163-aadb95cdd56b/test_text_789235c4_d.txt
> (content=) expected:<200> but was:<401>
> [ERROR] AnonymousAccessTest.testAnonymousContent:101 Expecting status 404
> when testing outside of anonymous access subtree expected:<404> but was:<401>
> [ERROR]
> AuthRequestLoginTest.testForcedLogin:40->HttpTestBase.getContent:419->HttpTestBase.getContent:424->HttpTestBase.getContent:432->HttpTestBase.getContent:457
> Expected status 200 for
> http://localhost:41000/system/sling/info.sessionInfo.json (content=)
> expected:<200> but was:<401>
> [ERROR] RedirectOnLogoutTest.testRedirectToResourceAfterLogout:70 Expected
> redirect expected:<302> but was:<401>
> [ERROR] Errors:
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExDisabledAnonAccessTest>DavExIntegrationTest.setUp:47 »
> NoClassDefFound or...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [ERROR] DavExIntegrationTest.setUp:47 » NoClassDefFound
> org/apache/jackrabbit/webdav/c...
> [INFO]
> [ERROR] Tests run: 655, Failures: 4, Errors: 4, Skipped: 1{noformat}
> The changes that support this are at
> https://github.com/apache/sling-org-apache-sling-starter/tree/feature/oak-1.8
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (SLING-8019) Use XSS API
Carsten Ziegeler created SLING-8019: --- Summary: Use XSS API Key: SLING-8019 URL: https://issues.apache.org/jira/browse/SLING-8019 Project: Sling Issue Type: Improvement Components: Scripting Reporter: Carsten Ziegeler Fix For: Scripting JSP Taglib 2.3.2 For XSS support, the jsp taglib currently embeds its own copy of an xss library. Instead it should rather use the xss api to avoid a copy In addition, we should move the package org.apache.sling.scripting.jsp.taglib.helpers to a separate bundle to free the taglib bundle completely from that stuff -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7378) Update Login Form Look and Feel
[ https://issues.apache.org/jira/browse/SLING-7378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7378. --- Closed with the release of [Form Based Authentication 1.0.10|https://issues.apache.org/jira/projects/SLING/versions/12333863] > Update Login Form Look and Feel > --- > > Key: SLING-7378 > URL: https://issues.apache.org/jira/browse/SLING-7378 > Project: Sling > Issue Type: Improvement > Components: Launchpad >Affects Versions: Form Based Authentication 1.0.8, Launchpad Content 2.0.12 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > Fix For: Form Based Authentication 1.0.10, Launchpad Content > 2.0.14 > > > The new Sling launchpad look and feel is great, but the login form looks > really plain & dated. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7671) Switch Form Based Authentication to OSGi annotation
[ https://issues.apache.org/jira/browse/SLING-7671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7671. --- Closed with the release of [Form Based Authentication 1.0.10|https://issues.apache.org/jira/projects/SLING/versions/12333863] > Switch Form Based Authentication to OSGi annotation > > > Key: SLING-7671 > URL: https://issues.apache.org/jira/browse/SLING-7671 > Project: Sling > Issue Type: Task > Components: Authentication >Affects Versions: Form Based Authentication 1.0.8 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Minor > Fix For: Form Based Authentication 1.0.10 > > > Switch to official OSGi annotations and resolve SLING-7157 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-5636) Form Authentication handler does not redirect to login form with non ROOT context
[ https://issues.apache.org/jira/browse/SLING-5636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-5636. --- Closed with the release of [Form Based Authentication 1.0.10|https://issues.apache.org/jira/projects/SLING/versions/12333863] > Form Authentication handler does not redirect to login form with non ROOT > context > - > > Key: SLING-5636 > URL: https://issues.apache.org/jira/browse/SLING-5636 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Form Based Authentication 1.0.8 >Reporter: Guillaume Lucazeau >Assignee: Carsten Ziegeler >Priority: Major > Fix For: Form Based Authentication 1.0.10 > > > When using the form authentication bundle with a servlet context path != > ROOT, accessing content requiring authentication redirects you to Sling home > page instead of your form because the redirection doesn't contain the context > path: > *INFO* [qtp1841606468-42] org.apache.sling.auth.core.impl.SlingAuthenticator > getAnonymousResolver: Anonymous access not allowed by configuration - > requesting credentials > *WARN* [qtp1841606468-42] org.apache.sling.auth.core.AuthUtil > isRedirectValid: Redirect target '/apps/opal/loginNode.html' does not start > with servlet context path '/dev' > Changing the redirection in FormAuthenticationHandler:413 with this worked > for me: > AuthUtil.sendRedirect(request, response, request.getContextPath() + > loginForm, params); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7448) New Sling Tags for Retrieving Resource Parents
[ https://issues.apache.org/jira/browse/SLING-7448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7448. --- Closed with the release of [Sling JSP Taglib 2.3.0|https://issues.apache.org/jira/projects/SLING/versions/12342671] > New Sling Tags for Retrieving Resource Parents > -- > > Key: SLING-7448 > URL: https://issues.apache.org/jira/browse/SLING-7448 > Project: Sling > Issue Type: Improvement >Affects Versions: Scripting JSP Taglib 2.2.6 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > Fix For: Scripting JSP Taglib 2.3.0 > > > Currently, it's difficult to work with parent Resources via JSP tags. Two > useful tags / EL Functions would be: > * GetParents - get the parents of a resource in depth order optionally > starting at a certain depth > * GetParent - gets the parent of a resource at a specified depth -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7458) Index Out of Bounds in sling:getParents Tag / Function
[ https://issues.apache.org/jira/browse/SLING-7458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7458. --- Closed with the release of [Sling JSP Taglib 2.3.0|https://issues.apache.org/jira/projects/SLING/versions/12342671] > Index Out of Bounds in sling:getParents Tag / Function > -- > > Key: SLING-7458 > URL: https://issues.apache.org/jira/browse/SLING-7458 > Project: Sling > Issue Type: Bug >Affects Versions: Scripting JSP-Taglib 2.2.6 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Minor > Fix For: Scripting JSP Taglib 2.3.0 > > > If the user specifies a depth greater than the depth of the resource used for > the child note, the sling:getParents Tag and Function will throw an Index > Out of Bounds exception. The less-error prone behavior would be to return an > empty iterator of parent resources. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7642) Adapt To Tag / Function Logging too Verbose
[ https://issues.apache.org/jira/browse/SLING-7642?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7642. --- Closed with the release of [Sling JSP Taglib 2.3.0|https://issues.apache.org/jira/projects/SLING/versions/12342671] > Adapt To Tag / Function Logging too Verbose > --- > > Key: SLING-7642 > URL: https://issues.apache.org/jira/browse/SLING-7642 > Project: Sling > Issue Type: Improvement > Components: Scripting >Affects Versions: Scripting JSP Taglib 2.2.6 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > Fix For: Scripting JSP Taglib 2.3.0 > > > Currently, the adaptTo tag and function log at WARNING if the supplied > adaptor is null. This can cause excessive logs for an expected and handled > case. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7643) Add Support for Context Aware Configuration Resources
[ https://issues.apache.org/jira/browse/SLING-7643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7643. --- Closed with the release of [Sling JSP Taglib 2.3.0|https://issues.apache.org/jira/projects/SLING/versions/12342671] > Add Support for Context Aware Configuration Resources > - > > Key: SLING-7643 > URL: https://issues.apache.org/jira/browse/SLING-7643 > Project: Sling > Issue Type: Improvement > Components: Scripting >Affects Versions: Scripting JSP Taglib 2.2.6 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > Fix For: Scripting JSP Taglib 2.3.0 > > > Currently, it is not possible to interact with Context Aware configuations > via JSP, at minimum, there should be tags and functions to retrieve CA Config > resources and resource collections. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7641) Use Default if Value is Blank on sling:encode Tag
[ https://issues.apache.org/jira/browse/SLING-7641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7641. --- Closed with the release of [Sling JSP Taglib 2.3.0|https://issues.apache.org/jira/projects/SLING/versions/12342671] > Use Default if Value is Blank on sling:encode Tag > - > > Key: SLING-7641 > URL: https://issues.apache.org/jira/browse/SLING-7641 > Project: Sling > Issue Type: Bug > Components: Scripting >Affects Versions: Scripting JSP Taglib 2.2.6 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > Fix For: Scripting JSP Taglib 2.3.0 > > > According to the description in the TLD, the blank value is: > "The default value to be used if the value is either null or an empty > string." > However, the Encode Tag only uses a null check to decide to use the default > value. This should instead check if the string is null or empty. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7953) Switch from legacy commons lang 2 to commons lang 3
[ https://issues.apache.org/jira/browse/SLING-7953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco updated SLING-7953: Fix Version/s: (was: Scripting JSP Taglib 2.3.0) Scripting JSP Taglib 2.3.2 > Switch from legacy commons lang 2 to commons lang 3 > --- > > Key: SLING-7953 > URL: https://issues.apache.org/jira/browse/SLING-7953 > Project: Sling > Issue Type: Improvement >Reporter: Carsten Ziegeler >Priority: Major > Fix For: XSS Protection API 2.1.0, Scripting JSP Taglib 2.3.2 > > > The following bundles still use the legacy commons lang 2 version > They should be updated to use commons lang 3 > org.apache.sling.auth.form (/) > org.apache.sling.installer.hc (/) > org.apache.sling.scripting.jsp.taglib > org.apache.sling.xss > org.apache.tika.parsers -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7954) Switch from legacy commons collections 3 to commons collections 4
[ https://issues.apache.org/jira/browse/SLING-7954?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco updated SLING-7954: Fix Version/s: (was: Scripting JSP Taglib 2.3.0) Scripting JSP Taglib 2.3.2 > Switch from legacy commons collections 3 to commons collections 4 > - > > Key: SLING-7954 > URL: https://issues.apache.org/jira/browse/SLING-7954 > Project: Sling > Issue Type: Improvement >Reporter: Carsten Ziegeler >Priority: Major > Fix For: XSS Protection API 2.1.0, Sling Models Jackson Exporter > 1.0.10, File System Resource Provider 2.1.16, Context-Aware Configuration > Impl 1.4.16, Scripting JavaScript 3.0.6, Scripting JSP Taglib 2.3.2 > > > The following bundles still use the legacy commons collections 3 version > They should be updated to use commons collections 4 > com.composum.core.commons > org.apache.jackrabbit.jackrabbit-spi-commons > org.apache.jackrabbit.vault > org.apache.sling.caconfig.impl > org.apache.sling.fsresource > org.apache.sling.models.jacksonexporter > org.apache.sling.scripting.javascript > org.apache.sling.scripting.jsp.taglib > org.apache.sling.xss -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8018) Form login page styling broken when using a context path
[ https://issues.apache.org/jira/browse/SLING-8018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-8018. Resolution: Fixed Fixed in [sling-org-apache-sling-auth-form commit 1f4c9a4|https://github.com/apache/sling-org-apache-sling-auth-form/commit/1f4c9a4]. > Form login page styling broken when using a context path > > > Key: SLING-8018 > URL: https://issues.apache.org/jira/browse/SLING-8018 > Project: Sling > Issue Type: Bug > Components: Authentication >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: Form Based Authentication 1.0.12 > > > Similar to SLING-8016, just this time it's the login page. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7809) File Optimization Operation Not Working
[ https://issues.apache.org/jira/browse/SLING-7809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7809. --- Closed with the release of [File Optimization 0.9.2|https://issues.apache.org/jira/projects/SLING/versions/12343855] > File Optimization Operation Not Working > --- > > Key: SLING-7809 > URL: https://issues.apache.org/jira/browse/SLING-7809 > Project: Sling > Issue Type: Bug >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > Fix For: File Optimization 0.9.2 > > > The Optimize File Operation does not update the image correctly as the > original and optimized image are flipped. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8018) Form login page styling broken when using a context path
Robert Munteanu created SLING-8018: -- Summary: Form login page styling broken when using a context path Key: SLING-8018 URL: https://issues.apache.org/jira/browse/SLING-8018 Project: Sling Issue Type: Bug Components: Authentication Reporter: Robert Munteanu Assignee: Robert Munteanu Fix For: Form Based Authentication 1.0.12 Similar to SLING-8016, just this time it's the login page. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8016) Sling Starter content links are broken when running under a context path
[
https://issues.apache.org/jira/browse/SLING-8016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu resolved SLING-8016.
Resolution: Fixed
Fixed in [sling-org-apache-sling-starter-content commit
d934474|https://github.com/apache/sling-org-apache-sling-starter-content/commit/d934474].
> Sling Starter content links are broken when running under a context path
>
>
> Key: SLING-8016
> URL: https://issues.apache.org/jira/browse/SLING-8016
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Starter Content 1.0.2
>
>
> Most of the links on the front page ( Login, Browse Content, System Console )
> and also the links to the static assets are broken when running under a
> context path
> {{java -jar target/org.apache.sling.starter-11-SNAPSHOT.jar -r sling}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SLING-7953) Switch from legacy commons lang 2 to commons lang 3
[ https://issues.apache.org/jira/browse/SLING-7953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konrad Windszus updated SLING-7953: --- Fix Version/s: (was: Installer Health Checks 2.0.2) > Switch from legacy commons lang 2 to commons lang 3 > --- > > Key: SLING-7953 > URL: https://issues.apache.org/jira/browse/SLING-7953 > Project: Sling > Issue Type: Improvement >Reporter: Carsten Ziegeler >Priority: Major > Fix For: XSS Protection API 2.1.0, Scripting JSP Taglib 2.3.0 > > > The following bundles still use the legacy commons lang 2 version > They should be updated to use commons lang 3 > org.apache.sling.auth.form > org.apache.sling.installer.hc > org.apache.sling.scripting.jsp.taglib > org.apache.sling.xss > org.apache.tika.parsers -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8017) Switch Installer HC to Commons Lang 3
[ https://issues.apache.org/jira/browse/SLING-8017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konrad Windszus resolved SLING-8017. Resolution: Fixed Fixed with https://github.com/apache/sling-org-apache-sling-installer-hc/commit/1e54465a2d3a37b841e97bfe63fd481bec9b5b96. > Switch Installer HC to Commons Lang 3 > - > > Key: SLING-8017 > URL: https://issues.apache.org/jira/browse/SLING-8017 > Project: Sling > Issue Type: Sub-task > Components: Health Check, Installer >Affects Versions: Installer Health Checks 2.0.0 >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > Fix For: Installer Health Checks 2.0.2 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7953) Switch from legacy commons lang 2 to commons lang 3
[ https://issues.apache.org/jira/browse/SLING-7953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konrad Windszus updated SLING-7953: --- Description: The following bundles still use the legacy commons lang 2 version They should be updated to use commons lang 3 org.apache.sling.auth.form (/) org.apache.sling.installer.hc (/) org.apache.sling.scripting.jsp.taglib org.apache.sling.xss org.apache.tika.parsers was: The following bundles still use the legacy commons lang 2 version They should be updated to use commons lang 3 org.apache.sling.auth.form org.apache.sling.installer.hc org.apache.sling.scripting.jsp.taglib org.apache.sling.xss org.apache.tika.parsers > Switch from legacy commons lang 2 to commons lang 3 > --- > > Key: SLING-7953 > URL: https://issues.apache.org/jira/browse/SLING-7953 > Project: Sling > Issue Type: Improvement >Reporter: Carsten Ziegeler >Priority: Major > Fix For: XSS Protection API 2.1.0, Scripting JSP Taglib 2.3.0 > > > The following bundles still use the legacy commons lang 2 version > They should be updated to use commons lang 3 > org.apache.sling.auth.form (/) > org.apache.sling.installer.hc (/) > org.apache.sling.scripting.jsp.taglib > org.apache.sling.xss > org.apache.tika.parsers -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8017) Switch Installer HC to Commons Lang 3
Konrad Windszus created SLING-8017: -- Summary: Switch Installer HC to Commons Lang 3 Key: SLING-8017 URL: https://issues.apache.org/jira/browse/SLING-8017 Project: Sling Issue Type: Sub-task Components: Health Check, Installer Affects Versions: Installer Health Checks 2.0.0 Reporter: Konrad Windszus Assignee: Konrad Windszus Fix For: Installer Health Checks 2.0.2 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7560) Logging in still shows the 'Login' link on the start page
[ https://issues.apache.org/jira/browse/SLING-7560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7560. --- Closed with the release of [Sling Starter Content 1.0.0](https://issues.apache.org/jira/projects/SLING/versions/12342990) > Logging in still shows the 'Login' link on the start page > - > > Key: SLING-7560 > URL: https://issues.apache.org/jira/browse/SLING-7560 > Project: Sling > Issue Type: Bug > Components: Starter >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: Starter Content 1.0.0 > > > This is due to a now broken link to 'system/sling.js'. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7649) Sling Pages Do Not Display Full Height in Firefox
[ https://issues.apache.org/jira/browse/SLING-7649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco closed SLING-7649. --- Closed with the release of [Sling Starter Content 1.0.0|https://issues.apache.org/jira/projects/SLING/versions/12342990] > Sling Pages Do Not Display Full Height in Firefox > - > > Key: SLING-7649 > URL: https://issues.apache.org/jira/browse/SLING-7649 > Project: Sling > Issue Type: Bug >Affects Versions: Launchpad Content 2.0.12, Starter Startup 1.0.4 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Minor > Fix For: Starter Content 1.0.0, Starter Startup 1.0.6 > > Attachments: Screen Shot 2018-05-03 at 3.45.30 PM.png > > > The Login, Loading and other screens do not display at full height when using > Firefox due to the Style sheet not setting the height to 100%. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7484) Move content from JCR root to /content
[
https://issues.apache.org/jira/browse/SLING-7484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dan Klco closed SLING-7484.
---
Closed with the release of [Sling Starter Content
1.0.0](https://issues.apache.org/jira/projects/SLING/versions/12342990)
> Move content from JCR root to /content
> --
>
> Key: SLING-7484
> URL: https://issues.apache.org/jira/browse/SLING-7484
> Project: Sling
> Issue Type: Improvement
> Components: Launchpad
>Reporter: Oliver Lietz
>Assignee: Dan Klco
>Priority: Major
> Labels: Sling-11-ReleaseNotes
> Fix For: Starter Content 1.0.0
>
>
> Content (HTML, CSS and images) should be placed in {{/content}} instead of
> JCR root ({{/}}).
> This issue is related to SLING-6130 (open 2nd point in the list).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Assigned] (SLING-8016) Sling Starter content links are broken when running under a context path
[
https://issues.apache.org/jira/browse/SLING-8016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu reassigned SLING-8016:
--
Assignee: Robert Munteanu
> Sling Starter content links are broken when running under a context path
>
>
> Key: SLING-8016
> URL: https://issues.apache.org/jira/browse/SLING-8016
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Starter Content 1.0.2
>
>
> Most of the links on the front page ( Login, Browse Content, System Console )
> and also the links to the static assets are broken when running under a
> context path
> {{java -jar target/org.apache.sling.starter-11-SNAPSHOT.jar -r sling}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (SLING-8016) Sling Starter content links are broken when running under a context path
Robert Munteanu created SLING-8016:
--
Summary: Sling Starter content links are broken when running under
a context path
Key: SLING-8016
URL: https://issues.apache.org/jira/browse/SLING-8016
Project: Sling
Issue Type: Bug
Components: Starter
Reporter: Robert Munteanu
Fix For: Starter Content 1.0.2
Most of the links on the front page ( Login, Browse Content, System Console )
and also the links to the static assets are broken when running under a context
path
{{java -jar target/org.apache.sling.starter-11-SNAPSHOT.jar -r sling}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Resolved] (SLING-8013) Repository goal should allow to select specific features and embed extra artifacts
[ https://issues.apache.org/jira/browse/SLING-8013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls resolved SLING-8013. --- Resolution: Fixed Got the +1 from Carsten oob. Merged. > Repository goal should allow to select specific features and embed extra > artifacts > -- > > Key: SLING-8013 > URL: https://issues.apache.org/jira/browse/SLING-8013 > Project: Sling > Issue Type: Improvement > Components: Feature Model >Reporter: Karl Pauls >Assignee: Karl Pauls >Priority: Major > Fix For: slingfeature-maven-plugin 1.0.0 > > > The repository goal of the slingfeature maven plugin should have a way to > select the features that should be taken into account (in order to create > different assemblies for different feature sets). Furthermore, it would be > nice if it allowed to add additional artifacts (like the framework and the > launcher.api) so that one can create a complete assembly in one go. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-8013) Repository goal should allow to select specific features and embed extra artifacts
[ https://issues.apache.org/jira/browse/SLING-8013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650332#comment-16650332 ] ASF GitHub Bot commented on SLING-8013: --- karlpauls closed pull request #9: SLING-8013: Take all features into account when building repositories… URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/9 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Repository goal should allow to select specific features and embed extra > artifacts > -- > > Key: SLING-8013 > URL: https://issues.apache.org/jira/browse/SLING-8013 > Project: Sling > Issue Type: Improvement > Components: Feature Model >Reporter: Karl Pauls >Assignee: Karl Pauls >Priority: Major > Fix For: slingfeature-maven-plugin 1.0.0 > > > The repository goal of the slingfeature maven plugin should have a way to > select the features that should be taken into account (in order to create > different assemblies for different feature sets). Furthermore, it would be > nice if it allowed to add additional artifacts (like the framework and the > launcher.api) so that one can create a complete assembly in one go. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[GitHub] karlpauls closed pull request #9: SLING-8013: Take all features into account when building repositories…
karlpauls closed pull request #9: SLING-8013: Take all features into account when building repositories… URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/9 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Updated] (SLING-8013) Repository goal should allow to select specific features and embed extra artifacts
[ https://issues.apache.org/jira/browse/SLING-8013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-8013: -- Summary: Repository goal should allow to select specific features and embed extra artifacts (was: Repository goal should take all features into account and allow to select specific features) > Repository goal should allow to select specific features and embed extra > artifacts > -- > > Key: SLING-8013 > URL: https://issues.apache.org/jira/browse/SLING-8013 > Project: Sling > Issue Type: Improvement > Components: Feature Model >Reporter: Karl Pauls >Assignee: Karl Pauls >Priority: Major > Fix For: slingfeature-maven-plugin 1.0.0 > > > The repository goal of the slingfeature maven plugin currently assembles all > required artifacts for all assembled features of a project. It would be nice > if it would by default assemble all artifacts for all features (assembled or > not). Furthermore, there should be a way to select the features that should > be taken into account (in order to create different assemblies for different > feature sets). Ultimately, it would be nice if it allowed to add additional > artifacts (like the framework and the launcher.api) so that one can create a > complete assembly in one go. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8015) SmokeIT should use preemptive Basic Auth
[
https://issues.apache.org/jira/browse/SLING-8015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu resolved SLING-8015.
Resolution: Fixed
Fixed in [sling-org-apache-sling-starter commit
f476bd1|https://github.com/apache/sling-org-apache-sling-starter/commit/f476bd1].
> SmokeIT should use preemptive Basic Auth
>
>
> Key: SLING-8015
> URL: https://issues.apache.org/jira/browse/SLING-8015
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Starter 11
>
>
> With the web console security provider 1.1.0 or newer a login form is
> presented when accessing {{/system/console}} without being logged in.
> This breaks the SmokeIT as it does not send basic auth credentials
> preemptively.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (SLING-8015) SmokeIT should use preemptive Basic Auth
Robert Munteanu created SLING-8015:
--
Summary: SmokeIT should use preemptive Basic Auth
Key: SLING-8015
URL: https://issues.apache.org/jira/browse/SLING-8015
Project: Sling
Issue Type: Bug
Components: Starter
Reporter: Robert Munteanu
Assignee: Robert Munteanu
Fix For: Starter 11
With the web console security provider 1.1.0 or newer a login form is presented
when accessing {{/system/console}} without being logged in.
This breaks the SmokeIT as it does not send basic auth credentials preemptively.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SLING-8014) Switch auth form to use commons lang 3
[ https://issues.apache.org/jira/browse/SLING-8014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-8014: --- Component/s: Authentication > Switch auth form to use commons lang 3 > -- > > Key: SLING-8014 > URL: https://issues.apache.org/jira/browse/SLING-8014 > Project: Sling > Issue Type: Sub-task > Components: Authentication >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: Form Based Authentication 1.0.12 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7938) Add an option to prefer sending the reason_code as a request parameter over the reason text when redirecting to the login page
[ https://issues.apache.org/jira/browse/SLING-7938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-7938: --- Component/s: Authentication > Add an option to prefer sending the reason_code as a request parameter over > the reason text when redirecting to the login page > -- > > Key: SLING-7938 > URL: https://issues.apache.org/jira/browse/SLING-7938 > Project: Sling > Issue Type: Improvement > Components: Authentication >Affects Versions: Form Based Authentication 1.0.10 >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: Form Based Authentication 1.0.12 > > > Add a config option to the form authentication handler to prefer sending the > reason_code as a request parameter instead of the reason text when > redirecting to the login page. > Sending the reason code as a request parameter should be safer, especially if > your custom login page was echoing the reason text to the screen. The custom > login page script can then calculate the reason text to show in the UI by > matching the reason codes against the well-known failure reason codes and > fallback to some default reason text for anything invalid. > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
[
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-7414:
---
Component/s: (was: Extensions)
Authentication
> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> --
>
> Key: SLING-7414
> URL: https://issues.apache.org/jira/browse/SLING-7414
> Project: Sling
> Issue Type: Bug
> Components: Authentication
>Affects Versions: Form Based Authentication 1.0.10
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}}
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole,
> but then redirects to http://localhost:8080/system/console/j_security_check .
> Re-accessing {{/system/console}} brings up the login form again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Resolved] (SLING-8014) Switch auth form to use commons lang 3
[ https://issues.apache.org/jira/browse/SLING-8014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-8014. Resolution: Fixed Fixed in [sling-org-apache-sling-auth-form commit 708270a|https://github.com/apache/sling-org-apache-sling-auth-form/commit/708270a] > Switch auth form to use commons lang 3 > -- > > Key: SLING-8014 > URL: https://issues.apache.org/jira/browse/SLING-8014 > Project: Sling > Issue Type: Sub-task >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: Form Based Authentication 1.0.12 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7953) Switch from legacy commons lang 2 to commons lang 3
[ https://issues.apache.org/jira/browse/SLING-7953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-7953: --- Fix Version/s: (was: Form Based Authentication 1.0.12) > Switch from legacy commons lang 2 to commons lang 3 > --- > > Key: SLING-7953 > URL: https://issues.apache.org/jira/browse/SLING-7953 > Project: Sling > Issue Type: Improvement >Reporter: Carsten Ziegeler >Priority: Major > Fix For: XSS Protection API 2.1.0, Scripting JSP Taglib 2.3.0, > Installer Health Checks 2.0.2 > > > The following bundles still use the legacy commons lang 2 version > They should be updated to use commons lang 3 > org.apache.sling.auth.form > org.apache.sling.installer.hc > org.apache.sling.scripting.jsp.taglib > org.apache.sling.xss > org.apache.tika.parsers -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
[
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu resolved SLING-7414.
Resolution: Fixed
Fixed in [sling-org-apache-sling-auth-form commit
156d2c2|https://github.com/apache/sling-org-apache-sling-auth-form/commit/156d2c2]
> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> --
>
> Key: SLING-7414
> URL: https://issues.apache.org/jira/browse/SLING-7414
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Form Based Authentication 1.0.10
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}}
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole,
> but then redirects to http://localhost:8080/system/console/j_security_check .
> Re-accessing {{/system/console}} brings up the login form again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
[
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650289#comment-16650289
]
Robert Munteanu edited comment on SLING-7414 at 10/15/18 2:26 PM:
--
As far as I can tell, the problem is that the default login page uses an action
URL of {{${requestContextPath}/j_security_check}} . When the url is
{{/system/console}}, the form is POST-ed to
{{/system/console/j_security_check}}. In that scenario, the username and
password request parameters are not available to the {{SlingAuthenticator}}. A
simple fix is to POST the request to a different URL, for instance
{{${contextPath}/j_security_check.}}
was (Author: rombert):
As far as I can tell, the problem is that the default login page uses an action
URL of {{${requestContextPath}/j_security_check}} . When the url is
{{/system/console}}, the form is POST-ed to
{{/system/console/j_security_check}}. In that scenario, the username and
password request parameters are not available to the {{SlingAuthenticator}}. A
simple fix is to POST the request to a different URL, for instance
${contextPath}/j_security_check.
> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> --
>
> Key: SLING-7414
> URL: https://issues.apache.org/jira/browse/SLING-7414
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Form Based Authentication 1.0.10
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}}
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole,
> but then redirects to http://localhost:8080/system/console/j_security_check .
> Re-accessing {{/system/console}} brings up the login form again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
[
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650289#comment-16650289
]
Robert Munteanu edited comment on SLING-7414 at 10/15/18 2:26 PM:
--
As far as I can tell, the problem is that the default login page uses an action
URL of {{${requestContextPath}/j_security_check}} . When the url is
{{/system/console}}, the form is POST-ed to
{{/system/console/j_security_check}}. In that scenario, the username and
password request parameters are not available to the {{SlingAuthenticator}}. A
simple fix is to POST the request to a different URL, for instance
${contextPath}/j_security_check.
was (Author: rombert):
As far as I can tell, the problem is that the default login page uses an action
URL of {{${${requestContextPath}/j_security_check}}} . When the url is
{{/system/console}}, the form is POST-ed to
{{/system/console/j_security_check}}. In that scenario, the username and
password request parameters are not available to the {{SlingAuthenticator}}. A
simple fix is to POST the request to a different URL, for instance
${contextPath}/j_security_check.
> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> --
>
> Key: SLING-7414
> URL: https://issues.apache.org/jira/browse/SLING-7414
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Form Based Authentication 1.0.10
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}}
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole,
> but then redirects to http://localhost:8080/system/console/j_security_check .
> Re-accessing {{/system/console}} brings up the login form again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
[
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650289#comment-16650289
]
Robert Munteanu commented on SLING-7414:
As far as I can tell, the problem is that the default login page uses an action
URL of {{${${requestContextPath}/j_security_check}}} . When the url is
{{/system/console}}, the form is POST-ed to
{{/system/console/j_security_check}}. In that scenario, the username and
password request parameters are not available to the {{SlingAuthenticator}}. A
simple fix is to POST the request to a different URL, for instance
${contextPath}/j_security_check.
> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> --
>
> Key: SLING-7414
> URL: https://issues.apache.org/jira/browse/SLING-7414
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Form Based Authentication 1.0.10
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}}
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole,
> but then redirects to http://localhost:8080/system/console/j_security_check .
> Re-accessing {{/system/console}} brings up the login form again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
[
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-7414:
---
Affects Version/s: (was: Web Console Security Provider 1.1.0)
Form Based Authentication 1.0.10
> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> --
>
> Key: SLING-7414
> URL: https://issues.apache.org/jira/browse/SLING-7414
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Form Based Authentication 1.0.10
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}}
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole,
> but then redirects to http://localhost:8080/system/console/j_security_check .
> Re-accessing {{/system/console}} brings up the login form again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
[
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-7414:
---
Fix Version/s: (was: Web Console Security Provider 1.2.2)
Form Based Authentication 1.0.12
> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> --
>
> Key: SLING-7414
> URL: https://issues.apache.org/jira/browse/SLING-7414
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Form Based Authentication 1.0.10
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}}
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole,
> but then redirects to http://localhost:8080/system/console/j_security_check .
> Re-accessing {{/system/console}} brings up the login form again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-8013) Repository goal should take all features into account and allow to select specific features
[
https://issues.apache.org/jira/browse/SLING-8013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650274#comment-16650274
]
Karl Pauls commented on SLING-8013:
---
[~cziegeler], PTAL at
https://github.com/apache/sling-slingfeature-maven-plugin/pull/9 - I think this
makes some sense. Would look something like:
{noformat}
create-repository-min
repository
prepare-package
artifacts-min
org.apache.sling
foo
0.1.0-SNAPSHOT
slingfeaturemin
org.apache.sling
bar
0.1.0-SNAPSHOT
slingfeature
min
org.apache.felix
org.apache.felix.framework
6.0.1
{noformat}
> Repository goal should take all features into account and allow to select
> specific features
> ---
>
> Key: SLING-8013
> URL: https://issues.apache.org/jira/browse/SLING-8013
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model
>Reporter: Karl Pauls
>Assignee: Karl Pauls
>Priority: Major
> Fix For: slingfeature-maven-plugin 1.0.0
>
>
> The repository goal of the slingfeature maven plugin currently assembles all
> required artifacts for all assembled features of a project. It would be nice
> if it would by default assemble all artifacts for all features (assembled or
> not). Furthermore, there should be a way to select the features that should
> be taken into account (in order to create different assemblies for different
> feature sets). Ultimately, it would be nice if it allowed to add additional
> artifacts (like the framework and the launcher.api) so that one can create a
> complete assembly in one go.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-8013) Repository goal should take all features into account and allow to select specific features
[ https://issues.apache.org/jira/browse/SLING-8013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650269#comment-16650269 ] ASF GitHub Bot commented on SLING-8013: --- karlpauls opened a new pull request #9: SLING-8013: Take all features into account when building repositories… URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/9 … and allow to pick specific features plus extra artifacts. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Repository goal should take all features into account and allow to select > specific features > --- > > Key: SLING-8013 > URL: https://issues.apache.org/jira/browse/SLING-8013 > Project: Sling > Issue Type: Improvement > Components: Feature Model >Reporter: Karl Pauls >Assignee: Karl Pauls >Priority: Major > Fix For: slingfeature-maven-plugin 1.0.0 > > > The repository goal of the slingfeature maven plugin currently assembles all > required artifacts for all assembled features of a project. It would be nice > if it would by default assemble all artifacts for all features (assembled or > not). Furthermore, there should be a way to select the features that should > be taken into account (in order to create different assemblies for different > feature sets). Ultimately, it would be nice if it allowed to add additional > artifacts (like the framework and the launcher.api) so that one can create a > complete assembly in one go. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[GitHub] karlpauls opened a new pull request #9: SLING-8013: Take all features into account when building repositories…
karlpauls opened a new pull request #9: SLING-8013: Take all features into account when building repositories… URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/9 … and allow to pick specific features plus extra artifacts. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Created] (SLING-8013) Repository goal should take all features into account and allow to select specific features
Karl Pauls created SLING-8013: - Summary: Repository goal should take all features into account and allow to select specific features Key: SLING-8013 URL: https://issues.apache.org/jira/browse/SLING-8013 Project: Sling Issue Type: Improvement Components: Feature Model Reporter: Karl Pauls Assignee: Karl Pauls Fix For: slingfeature-maven-plugin 1.0.0 The repository goal of the slingfeature maven plugin currently assembles all required artifacts for all assembled features of a project. It would be nice if it would by default assemble all artifacts for all features (assembled or not). Furthermore, there should be a way to select the features that should be taken into account (in order to create different assemblies for different feature sets). Ultimately, it would be nice if it allowed to add additional artifacts (like the framework and the launcher.api) so that one can create a complete assembly in one go. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Failing with internal release for packageinit
Hi Dominik, On Wed, 2018-10-10 at 15:06 +0200, Dominik Süß wrote: > Hi everyone, > > Karl somehow managed to get > https://github.com/apache/sling-org-apache-sling-jcr-packageinit/ up > and > running and added the codebase from whiteboard. > But when I tried to create an internal release I failed with > > [ERROR] Failed to execute goal > org.codehaus.mojo:ianal-maven-plugin:1.0-alpha-1:verify-legal-files > (verify-legal-files) on project org.apache.sling.jcr.packageinit: > Artifact > does not contain any legal files: > org.apache.sling.jcr.packageinit-0.0.1-T20181010134901-51674eb- > javadoc.jar > > The problem is that the META-INF directory in the javadoc.jar in > contrast > to the jar and sources.jar doesn't contain > the maven-shared-archive-resources (which also contain the LICENSE > file). > > Does anyone have an idea what's going on? I have nothing javadoc > specific > in and have no clue how to fix this. I have tried to run mvn clean install -Papache-release which works just fine for me. I have no idea where your problem is coming from, sorry. Robert
Re: [VOTE] Release Apache Sling Installer Vault Package Install Hook 1.0.2
On Fri, 2018-10-12 at 01:52 +0200, Georg Henzler wrote: >[ ] +1 Approve the release +1 Robert signature.asc Description: This is a digitally signed message part
[jira] [Commented] (SLING-7815) CLONE - ResourceResolver.clone(null) should not share the same JCR session
[
https://issues.apache.org/jira/browse/SLING-7815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650205#comment-16650205
]
Robert Munteanu commented on SLING-7815:
[~kwin], [~Csaba Varga] - I this is out of my area of expertise, I only noticed
it breaks some things so I reverted it :-)
If the changes look go to Konrad and the unit tests + Sling ITs pass, I'm +1 on
merging this.
> CLONE - ResourceResolver.clone(null) should not share the same JCR session
> --
>
> Key: SLING-7815
> URL: https://issues.apache.org/jira/browse/SLING-7815
> Project: Sling
> Issue Type: Improvement
> Components: API, JCR, ResourceResolver
>Affects Versions: JCR Resource 3.0.14
>Reporter: Alexander Klimetschek
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: JCR Resource 3.0.18
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> {{ResourceResolver.clone()}} will reuse the same JCR session in case it was
> created by passing an existing session using
> {{JcrResourceConstants.AUTHENTICATION_INFO_SESSION}}. If you need a clone of
> the resource resolver to pass into a new, separate thread, and use
> {{ResourceResolver.clone(null)}}, you will actually share the session, but
> this is not obvious. The problem is that a JCR session cannot be shared
> across threads.
> The javadocs of clone() say "the same credential data is used as was used to
> create this instance".
> There are a few problems with this:
> - seeing the session object itself as "credential data" is unintuitive
> - in my code, I have no idea what the original credential data was, so I
> don't know what kind of credential data it was to make the right decision
> - since sharing a JCR session is to be avoided at all times, the resource
> resolver should prevent one from this
> A solution would be if a plain {{ResourceResolver.clone(null)}} would return
> a session that impersonated itself, abstracting this from the resource
> resolver user. Additionally, it might be worth looking that clone always
> returns a new session, unless specifically stated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-8003) Interpolate Maven variables using the Maven Filtering APIs rather that iterate string replacing operations
[
https://issues.apache.org/jira/browse/SLING-8003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650168#comment-16650168
]
ASF GitHub Bot commented on SLING-8003:
---
simonetripodi commented on issue #7: SLING-8003 - Interpolate Maven variables
using the Maven Filtering APIs rather that iterate string replacing operations
URL:
https://github.com/apache/sling-slingfeature-maven-plugin/pull/7#issuecomment-429844637
Hi again @bosschaert
as requested, I included an Integration Test that aggregates features and
produces a single JSON output; given one feature in the form:
```
{
"id":
"${project.groupId}:${project.artifactId}:slingfeature:slingtest:${project.version}",
"title": "${project.name}",
"description": "${project.description}",
"vendor": "${project.organization.name}",
"variables": {
"interpolated_variable": "${interpolated_variable}"
},
"framework-properties": {
"sling.framework.install.incremental":
"${sling.framework.install.incremental}",
"sling.framework.install.startlevel":
"${sling.framework.install.startlevel}",
"sling.ignoreSystemProperties": "${sling.ignoreSystemProperties}"
},
"bundles":[
{
"id":"org.osgi:org.osgi.framework:${osgi.framework.version}",
"start-level":"20"
}
]
}
```
where POM descriptor is configured as
```
4.0.0
org.apache.sling
slingfeature-maven-plugin-test
jar
1.0.0-SNAPSHOT
Apache Sling Features Maven plugin test
This is just an Apache Sling Features Maven plugin test to
verify variables interpolation
The Apache Software Foundation
https://www.apache.org/
Apache License, Version 2.0
https://www.apache.org/licenses/LICENSE-2.0.txt
repo
true
1.9.0
true
1
true
```
the resulting output is
```
{
"id":"org.apache.sling:slingfeature-maven-plugin-test:slingfeature:slingtest:1.0.0-SNAPSHOT",
"title":"Apache Sling Features Maven plugin test",
"description":"This is just an Apache Sling Features Maven plugin test to
verify variables interpolation",
"vendor":"The Apache Software Foundation",
"variables":{
"interpolated_variable":"true"
},
"bundles":[
{
"id":"org.osgi:org.osgi.framework:1.9.0",
"start-level":"20"
}
],
"framework-properties":{
"sling.framework.install.incremental":"true",
"sling.framework.install.startlevel":"1",
"sling.ignoreSystemProperties":"true"
}
}
```
once you run `mvn clean install` you can find the resulting JSON Feature
under `target/it/variables-interpolator/target/slingtest.json`
PS you'll may notice a wrong interpolation for the `licenses/license` item,
but it doesn't break the backward compatibility - and I am investigating about
it with the Maven team.
I hope you'll like that contribution! :)
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Interpolate Maven variables using the Maven Filtering APIs rather that
> iterate string replacing operations
> --
>
> Key: SLING-8003
> URL: https://issues.apache.org/jira/browse/SLING-8003
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Major
>
> Currently, the {{Substitution}} class iterates over all variables and replace
> them one by one in the whole input string.
> We can improve performances - and avoid writing custom variables interpolator
> - by replacing its use with the {{MavenReaderFilter}} API.
> It will helpful also to avoid reading the Feature file and storing it in a
> String, but keep working with {{Reader}} APIs.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[GitHub] simonetripodi commented on issue #7: SLING-8003 - Interpolate Maven variables using the Maven Filtering APIs rather that iterate string replacing operations
simonetripodi commented on issue #7: SLING-8003 - Interpolate Maven variables
using the Maven Filtering APIs rather that iterate string replacing operations
URL:
https://github.com/apache/sling-slingfeature-maven-plugin/pull/7#issuecomment-429844637
Hi again @bosschaert
as requested, I included an Integration Test that aggregates features and
produces a single JSON output; given one feature in the form:
```
{
"id":
"${project.groupId}:${project.artifactId}:slingfeature:slingtest:${project.version}",
"title": "${project.name}",
"description": "${project.description}",
"vendor": "${project.organization.name}",
"variables": {
"interpolated_variable": "${interpolated_variable}"
},
"framework-properties": {
"sling.framework.install.incremental":
"${sling.framework.install.incremental}",
"sling.framework.install.startlevel":
"${sling.framework.install.startlevel}",
"sling.ignoreSystemProperties": "${sling.ignoreSystemProperties}"
},
"bundles":[
{
"id":"org.osgi:org.osgi.framework:${osgi.framework.version}",
"start-level":"20"
}
]
}
```
where POM descriptor is configured as
```
4.0.0
org.apache.sling
slingfeature-maven-plugin-test
jar
1.0.0-SNAPSHOT
Apache Sling Features Maven plugin test
This is just an Apache Sling Features Maven plugin test to
verify variables interpolation
The Apache Software Foundation
https://www.apache.org/
Apache License, Version 2.0
https://www.apache.org/licenses/LICENSE-2.0.txt
repo
true
1.9.0
true
1
true
```
the resulting output is
```
{
"id":"org.apache.sling:slingfeature-maven-plugin-test:slingfeature:slingtest:1.0.0-SNAPSHOT",
"title":"Apache Sling Features Maven plugin test",
"description":"This is just an Apache Sling Features Maven plugin test to
verify variables interpolation",
"vendor":"The Apache Software Foundation",
"variables":{
"interpolated_variable":"true"
},
"bundles":[
{
"id":"org.osgi:org.osgi.framework:1.9.0",
"start-level":"20"
}
],
"framework-properties":{
"sling.framework.install.incremental":"true",
"sling.framework.install.startlevel":"1",
"sling.ignoreSystemProperties":"true"
}
}
```
once you run `mvn clean install` you can find the resulting JSON Feature
under `target/it/variables-interpolator/target/slingtest.json`
PS you'll may notice a wrong interpolation for the `licenses/license` item,
but it doesn't break the backward compatibility - and I am investigating about
it with the Maven team.
I hope you'll like that contribution! :)
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[jira] [Resolved] (SLING-7754) Implement passive DistributionQueue in the repository
[ https://issues.apache.org/jira/browse/SLING-7754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marius Petria resolved SLING-7754. -- Resolution: Fixed Fix Version/s: Content Distribution Core 0.3.6 Thanks [~marett] for the review, I added some more tests and commited in [1]. The implementation details you mentioned can be safely postponed. [1] https://github.com/apache/sling-org-apache-sling-distribution-core/commit/6a3670c1cfe1779aff3f9fe9e1b4df04b4e112cd > Implement passive DistributionQueue in the repository > - > > Key: SLING-7754 > URL: https://issues.apache.org/jira/browse/SLING-7754 > Project: Sling > Issue Type: Improvement > Components: Content Distribution >Reporter: Marius Petria >Assignee: Marius Petria >Priority: Major > Fix For: Content Distribution Core 0.3.6 > > Time Spent: 40m > Remaining Estimate: 0h > > In order to minimize dependency on Sling Jobs and improve performance we > should offer an implementation passive queues in JCR. > Passive queues are distribution queues [1] for which no queue processor is > defined. They are only used to store items and do not need rebalancing > between instances. They just need to be stored and fetched (FIFO semantics) > and this can easily be implemented in JCR with a simpler implementation that > does not use querying (querying for jobs is problematic like OAK-7495 shows). > [1] > https://github.com/apache/sling-org-apache-sling-distribution-core/blob/master/src/main/java/org/apache/sling/distribution/queue/spi/DistributionQueue.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8012) Extract an HTL runtime bundle from the existing HTL modules
Radu Cotescu created SLING-8012: --- Summary: Extract an HTL runtime bundle from the existing HTL modules Key: SLING-8012 URL: https://issues.apache.org/jira/browse/SLING-8012 Project: Sling Issue Type: Improvement Components: Scripting Reporter: Radu Cotescu Assignee: Radu Cotescu An HTL runtime bundle would facilitate deployments where all scripts are already precompiled, reducing the number of modules that need to be available on the platform. The compilation phase should become optional and the HTL engine should be able to work without the front-end and back-end compilers. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7820) Scheduler's WhiteboardHandler impl not in sync with Scheduler's Javadoc
[
https://issues.apache.org/jira/browse/SLING-7820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-7820:
Fix Version/s: (was: Commons Scheduler 2.7.2)
Commons Scheduler 2.7.4
> Scheduler's WhiteboardHandler impl not in sync with Scheduler's Javadoc
> ---
>
> Key: SLING-7820
> URL: https://issues.apache.org/jira/browse/SLING-7820
> Project: Sling
> Issue Type: Bug
> Components: Commons
>Affects Versions: Commons Scheduler 2.7.2
>Reporter: Ashish Chopra
>Priority: Major
> Fix For: Commons Scheduler 2.7.4
>
>
> [Sling Commons Scheduler's
> Javadoc|https://github.com/apache/sling-org-apache-sling-commons-scheduler/blob/d954255a750113c024a9323ed0d5d85d1ee69a5a/src/main/java/org/apache/sling/commons/scheduler/Scheduler.java#L26-L48]
> asserts that:
> {quote} A job can be scheduled either by creating a {{ScheduleOptions}}
> instance through one of the scheduler methods and then calling
> {{schedule(Object, ScheduleOptions)}} or by using the whiteboard pattern and
> registering a Runnable service with either the
> {{PROPERTY_SCHEDULER_EXPRESSION}} or {{PROPERTY_SCHEDULER_PERIOD}} property.
> *If both properties are specified, only {{PROPERTY_SCHEDULER_PERIOD}} is
> considered for scheduling.*{quote}
> The part in *bold* above suggests that {{PROPERTY_SCHEDULER_PERIOD}} has a
> higher precedence than {{PROPERTY_SCHEDULER_EXPRESSION}} in case both are
> present for a component.
> However, the implementation in
> [{{WhiteboardHandler#register}}|https://github.com/apache/sling-org-apache-sling-commons-scheduler/blame/d954255a750113c024a9323ed0d5d85d1ee69a5a/src/main/java/org/apache/sling/commons/scheduler/impl/WhiteboardHandler.java#L189]
> does the opposite. It gives {{PROPERTY_SCHEDULER_EXPRESSION}} a higher
> precedence by evaluating it first.
> Either the Javadoc, or the implementation must be modified to keep both in
> sync.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Re: [sling:resourceType] protected execution
Yes, I think that covers it, with the addition that 1. should also cover sling:resourceSuperType And the solution should not have a negative impact on the runtime performance of request executions. Regards Carsten Am 15.10.2018 um 11:10 schrieb Radu Cotescu: Hi Carsten, So then the requirements should be: 1. Protect the creation of the sling:resourceType property 2. Provide granular permissions for which resource type / selector & extension / HTTP method we allow the execution of a script / servlet and code to enforce them in either the servlet resolution phase or servlet execution 3. Make sure that restrictions can work within the resource type hierarchy Did I miss something? Thanks, Radu On 7 Oct 2018, at 10:16, Carsten Ziegeler wrote: I agree with Eric here, independent of the how we protect the execution, we should also tackle the initial problem that everyone with write access can set any resource type. It seems strange that we invite everyone with weapons into our house and then try to prevent them from using it. We should keep them out in the first place. I also think that a mechanism purely working resource types is not exactly what we need. Think about you have a "view" and an "execute" script for a resource type (potentially attached to selectors). Users may be able to use the "view" script but "execute" is more protected. Then we have the resource type hierarchy, so if I'm able to set a resource type I can also set a resource super type. We need to make sure that this does not open something we wanted to close. I think the current proposals cover this, but it should be verified. So all in all, I think this problem is more complex than just adding a service with a single method and pretend that everything else are implementation details. Regards Carsten Eric Norman wrote 1. Users can freely define sling:resourceType properties Is there some reason why this must be so? In JCR land, the jcr:nodeTypeManagement privilege must be granted for the user to have permission to add and remove mixin node types and change the primary node type of a node. I would expect that a similar elevated privilege could protect against unwanted modifications of the sling:resourceType values by the wrong users. For #2 and #3, perhaps what you are really describing is a mechanism for defining and checking what I would call "functional privileges"? In other words, not the same as permissions on the data, but permissions on the action. Would it be necessary to associate those "functional privileges" to a resource type? I can imagine you may want to define a "functional privilege" that could be checked by some servlet/filter/component/osgi_service/model/other that works for many different resource types or no specific resource type at all. For example, 1. Imagine a resource defined at "/etc/functional_privileges/yourapp/usage_report" whose "jcr:read" permissions determines if the user can perform the "usage_report" servlet action. 2. Then the "usage_report" servlet simply has to has to check if the "yourapp/usage_report" resource at #1 exists for the current user (or some higher level API that does the same) to know if the servlet should proceed or return an error code. 3. For scripts, perhaps a sling:functionalPrivilege property on the resource could define what is required and block the script processing generically when those conditions are not satisfied. That's my 2 cents.. Regards, -Eric On Fri, Oct 5, 2018 at 2:40 AM Radu Cotescu wrote: Hi, Since this thread exploded so quickly it’s going to be difficult to respond to all of your questions / concerns individually. We eagerly started discussing implementation details (of which I’m to blame too) and I think we didn’t read between the lines of this thread or the previous [0] to check what the perceived problems are. Both threads identified several issues: 1. Users can freely define sling:resourceType properties 2. Through 1, users can therefore trigger code execution which is not always appropriate (depends on how Servlets / scripts are written and the potential they have to DoS a system or to expose sensible information to users which shouldn’t have the ability to perform those operations) 3. For some operations (servlet execution, tasks, etc.) we might want to provide a set of permissions to check beforehand in order to decide if a user is allowed to perform said operation or not. In this thread I proposed an idea to fix issue no. 2 (which IMO is easier to accomplish) - and by fix I mean provide a way to define who can execute what - so that we don’t care about issue no. 1 any more. Let’s try to figure out if indeed these are some serious problems that need to be addressed or not. We can discuss implementation details afterwards. Cheers, Radu -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
[jira] [Commented] (SLING-8007) Enable output colors on AnalyseFeaturesMojo
[ https://issues.apache.org/jira/browse/SLING-8007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650072#comment-16650072 ] ASF GitHub Bot commented on SLING-8007: --- simonetripodi commented on issue #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/8#issuecomment-429806070 Great, thanks a lot! :) This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Enable output colors on AnalyseFeaturesMojo > --- > > Key: SLING-8007 > URL: https://issues.apache.org/jira/browse/SLING-8007 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Reporter: Simone Tripodi >Assignee: David Bosschaert >Priority: Minor > > With a very little effort, when `-X` option is enabled, colours can simplify > logging reading. > PS is coming! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-8003) Interpolate Maven variables using the Maven Filtering APIs rather that iterate string replacing operations
[
https://issues.apache.org/jira/browse/SLING-8003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650070#comment-16650070
]
ASF GitHub Bot commented on SLING-8003:
---
simonetripodi commented on issue #7: SLING-8003 - Interpolate Maven variables
using the Maven Filtering APIs rather that iterate string replacing operations
URL:
https://github.com/apache/sling-slingfeature-maven-plugin/pull/7#issuecomment-429805880
Excellent, thanks @bosschaert I am preparing a typical Maven IT to
demonstrate variables interpolation! :)
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Interpolate Maven variables using the Maven Filtering APIs rather that
> iterate string replacing operations
> --
>
> Key: SLING-8003
> URL: https://issues.apache.org/jira/browse/SLING-8003
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Major
>
> Currently, the {{Substitution}} class iterates over all variables and replace
> them one by one in the whole input string.
> We can improve performances - and avoid writing custom variables interpolator
> - by replacing its use with the {{MavenReaderFilter}} API.
> It will helpful also to avoid reading the Feature file and storing it in a
> String, but keep working with {{Reader}} APIs.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[GitHub] simonetripodi commented on issue #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo
simonetripodi commented on issue #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/8#issuecomment-429806070 Great, thanks a lot! :) This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] simonetripodi commented on issue #7: SLING-8003 - Interpolate Maven variables using the Maven Filtering APIs rather that iterate string replacing operations
simonetripodi commented on issue #7: SLING-8003 - Interpolate Maven variables using the Maven Filtering APIs rather that iterate string replacing operations URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/7#issuecomment-429805880 Excellent, thanks @bosschaert I am preparing a typical Maven IT to demonstrate variables interpolation! :) This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Resolved] (SLING-8007) Enable output colors on AnalyseFeaturesMojo
[ https://issues.apache.org/jira/browse/SLING-8007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Bosschaert resolved SLING-8007. - Resolution: Fixed > Enable output colors on AnalyseFeaturesMojo > --- > > Key: SLING-8007 > URL: https://issues.apache.org/jira/browse/SLING-8007 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Reporter: Simone Tripodi >Assignee: David Bosschaert >Priority: Minor > > With a very little effort, when `-X` option is enabled, colours can simplify > logging reading. > PS is coming! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-8007) Enable output colors on AnalyseFeaturesMojo
[ https://issues.apache.org/jira/browse/SLING-8007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650040#comment-16650040 ] ASF GitHub Bot commented on SLING-8007: --- bosschaert closed pull request #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/8 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Enable output colors on AnalyseFeaturesMojo > --- > > Key: SLING-8007 > URL: https://issues.apache.org/jira/browse/SLING-8007 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Reporter: Simone Tripodi >Assignee: David Bosschaert >Priority: Minor > > With a very little effort, when `-X` option is enabled, colours can simplify > logging reading. > PS is coming! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-8007) Enable output colors on AnalyseFeaturesMojo
[ https://issues.apache.org/jira/browse/SLING-8007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650041#comment-16650041 ] ASF GitHub Bot commented on SLING-8007: --- bosschaert commented on issue #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/8#issuecomment-429795991 Thanks for the pull request @simonetripodi - it's merged! This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Enable output colors on AnalyseFeaturesMojo > --- > > Key: SLING-8007 > URL: https://issues.apache.org/jira/browse/SLING-8007 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Reporter: Simone Tripodi >Assignee: David Bosschaert >Priority: Minor > > With a very little effort, when `-X` option is enabled, colours can simplify > logging reading. > PS is coming! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[GitHub] bosschaert closed pull request #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo
bosschaert closed pull request #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/8 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] bosschaert commented on issue #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo
bosschaert commented on issue #8: SLING-8007 - Enable output colors on AnalyseFeaturesMojo URL: https://github.com/apache/sling-slingfeature-maven-plugin/pull/8#issuecomment-429795991 Thanks for the pull request @simonetripodi - it's merged! This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Commented] (SLING-8003) Interpolate Maven variables using the Maven Filtering APIs rather that iterate string replacing operations
[
https://issues.apache.org/jira/browse/SLING-8003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16650036#comment-16650036
]
ASF GitHub Bot commented on SLING-8003:
---
bosschaert commented on issue #7: SLING-8003 - Interpolate Maven variables
using the Maven Filtering APIs rather that iterate string replacing operations
URL:
https://github.com/apache/sling-slingfeature-maven-plugin/pull/7#issuecomment-429794471
Hi @simonetripodi a typical use case would be that the version number of a
bundle or parts of the id of a feature are expressed as variables from the pom
(e.g. ${something.version} or ${projectId}).
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Interpolate Maven variables using the Maven Filtering APIs rather that
> iterate string replacing operations
> --
>
> Key: SLING-8003
> URL: https://issues.apache.org/jira/browse/SLING-8003
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Reporter: Simone Tripodi
>Assignee: David Bosschaert
>Priority: Major
>
> Currently, the {{Substitution}} class iterates over all variables and replace
> them one by one in the whole input string.
> We can improve performances - and avoid writing custom variables interpolator
> - by replacing its use with the {{MavenReaderFilter}} API.
> It will helpful also to avoid reading the Feature file and storing it in a
> String, but keep working with {{Reader}} APIs.
> PR is coming
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[GitHub] bosschaert commented on issue #7: SLING-8003 - Interpolate Maven variables using the Maven Filtering APIs rather that iterate string replacing operations
bosschaert commented on issue #7: SLING-8003 - Interpolate Maven variables
using the Maven Filtering APIs rather that iterate string replacing operations
URL:
https://github.com/apache/sling-slingfeature-maven-plugin/pull/7#issuecomment-429794471
Hi @simonetripodi a typical use case would be that the version number of a
bundle or parts of the id of a feature are expressed as variables from the pom
(e.g. ${something.version} or ${projectId}).
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
Re: [sling:resourceType] protected execution
Hi Carsten, So then the requirements should be: 1. Protect the creation of the sling:resourceType property 2. Provide granular permissions for which resource type / selector & extension / HTTP method we allow the execution of a script / servlet and code to enforce them in either the servlet resolution phase or servlet execution 3. Make sure that restrictions can work within the resource type hierarchy Did I miss something? Thanks, Radu > On 7 Oct 2018, at 10:16, Carsten Ziegeler wrote: > > I agree with Eric here, independent of the how we protect the execution, > we should also tackle the initial problem that everyone with write > access can set any resource type. It seems strange that we invite > everyone with weapons into our house and then try to prevent them from > using it. We should keep them out in the first place. > > I also think that a mechanism purely working resource types is not > exactly what we need. Think about you have a "view" and an "execute" > script for a resource type (potentially attached to selectors). Users > may be able to use the "view" script but "execute" is more protected. > > Then we have the resource type hierarchy, so if I'm able to set a > resource type I can also set a resource super type. We need to make sure > that this does not open something we wanted to close. I think the > current proposals cover this, but it should be verified. > > So all in all, I think this problem is more complex than just adding a > service with a single method and pretend that everything else are > implementation details. > > Regards > > Carsten > > > Eric Norman wrote >>> >>> 1. Users can freely define sling:resourceType properties >> >> >> Is there some reason why this must be so? In JCR land, the >> jcr:nodeTypeManagement privilege must be granted for the user to have >> permission to add and remove mixin node types and change the primary node >> type of a node. I would expect that a similar elevated privilege could >> protect against unwanted modifications of the sling:resourceType values by >> the wrong users. >> >> >> For #2 and #3, perhaps what you are really describing is a mechanism for >> defining and checking what I would call "functional privileges"? In other >> words, not the same as permissions on the data, but permissions on the >> action. Would it be necessary to associate those "functional privileges" >> to a resource type? I can imagine you may want to define a "functional >> privilege" that could be checked by some >> servlet/filter/component/osgi_service/model/other that works for many >> different resource types or no specific resource type at all. >> >> For example, >> 1. Imagine a resource defined at >> "/etc/functional_privileges/yourapp/usage_report" whose "jcr:read" >> permissions determines if the user can perform the "usage_report" servlet >> action. >> 2. Then the "usage_report" servlet simply has to has to check if the >> "yourapp/usage_report" resource at #1 exists for the current user (or some >> higher level API that does the same) to know if the servlet should proceed >> or return an error code. >> 3. For scripts, perhaps a sling:functionalPrivilege property on the >> resource could define what is required and block the script processing >> generically when those conditions are not satisfied. >> >> That's my 2 cents.. >> >> Regards, >> -Eric >> >> >> On Fri, Oct 5, 2018 at 2:40 AM Radu Cotescu wrote: >> >>> Hi, >>> >>> Since this thread exploded so quickly it’s going to be difficult to >>> respond to all of your questions / concerns individually. We eagerly >>> started discussing implementation details (of which I’m to blame too) and I >>> think we didn’t read between the lines of this thread or the previous [0] >>> to check what the perceived problems are. >>> >>> Both threads identified several issues: >>> 1. Users can freely define sling:resourceType properties >>> 2. Through 1, users can therefore trigger code execution which is not >>> always appropriate (depends on how Servlets / scripts are written and the >>> potential they have to DoS a system or to expose sensible information to >>> users which shouldn’t have the ability to perform those operations) >>> 3. For some operations (servlet execution, tasks, etc.) we might want to >>> provide a set of permissions to check beforehand in order to decide if a >>> user is allowed to perform said operation or not. >>> >>> In this thread I proposed an idea to fix issue no. 2 (which IMO is easier >>> to accomplish) - and by fix I mean provide a way to define who can execute >>> what - so that we don’t care about issue no. 1 any more. >>> >>> Let’s try to figure out if indeed these are some serious problems that >>> need to be addressed or not. We can discuss implementation details >>> afterwards. >>> >>> Cheers, >>> Radu >>> >>> >>> >> > -- > Carsten Ziegeler > Adobe Research Switzerland > cziege...@apache.org
