I think using OSGi subsystems would bring at least some points of isolation
and control - it's clearly not designed for security but leveraging it is a
step closer to the goal.
Carsten
2014/1/14 Chetan Mehrotra chetan.mehro...@gmail.com
1a and 1b would enable us to sandbox scripts and would
[
https://issues.apache.org/jira/browse/SLING-3315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870529#comment-13870529
]
Marius Petria commented on SLING-3315:
--
[~bdelacretaz] another potential issue with
[
https://issues.apache.org/jira/browse/SLING-3315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870540#comment-13870540
]
Carsten Ziegeler commented on SLING-3315:
-
We can't use the configurations stored
Hi Betrand,
I took your approach using SlingRemoteTestRunner and maven-failsafe-plugin,
and I got pretty far. The problem is now, that I SlingTestBase forks a new
server-process which runs the server-side tests. But on my side I have an
already running Sling instance (CQ) and I want to leverage
Hi Jörg,
On Tue, Jan 14, 2014 at 10:13 AM, Jörg Hoh jhoh...@googlemail.com wrote:
...I took your approach using SlingRemoteTestRunner and maven-failsafe-plugin,
and I got pretty far. The problem is now, that I SlingTestBase forks a new
server-process which runs the server-side tests. But on
[
https://issues.apache.org/jira/browse/SLING-3315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870620#comment-13870620
]
Bertrand Delacretaz commented on SLING-3315:
My suggestion was indeed to
[
https://issues.apache.org/jira/browse/SLING-3315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870624#comment-13870624
]
Carsten Ziegeler commented on SLING-3315:
-
We have the resource access gate and an
Hi Bertrand,
yes, the initialisation of the JarExecutor fails. But I figured out howto
workaround it. You need to provide these statements as configuration to
your maven-failsafe-plugin:
systemPropertyVariables
test.server.urlhttp://localhost:8080/test.server.url
Stefan Egli created SLING-3316:
--
Summary: Add auto-stop behavior to topology connector if pinging
self
Key: SLING-3316
URL: https://issues.apache.org/jira/browse/SLING-3316
Project: Sling
Hi,
Based on his ongoing and valuable contributions, the Apache Sling
Project Management Committee (PMC) has voted to invite Tommaso as a
Sling committer, and he has accepted the invitation.
According to http://people.apache.org/committer-index.html that makes
him a committer in *eleven* Apache
Answering my own question, I think its good if we always return the elapsed
time, but return null for getFinishedDate.
I'll do the change
Carsten
2014/1/10 Carsten Ziegeler cziege...@apache.org
I'Ve done the suggested changes:
- moved jmx stuff into the core
- changed the signature to
[
https://issues.apache.org/jira/browse/SLING-3278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870750#comment-13870750
]
Carsten Ziegeler commented on SLING-3278:
-
As discussed in the mailing list, we
Hi,
I think we're pending a new Sling API release (followed by various
implementation releases).
If no one objects I'll cut the release in the next days.
Regards
Carsten
--
Carsten Ziegeler
cziege...@apache.org
[
https://issues.apache.org/jira/browse/SLING-2944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-2944.
-
Resolution: Fixed
Replace administrative login by service-based login
Thanks a lot to the whole Sling PMC for your trust, I look forward to keep
working and having fun in Sling.
Regards,
Tommaso
2014/1/14 Bertrand Delacretaz bdelacre...@apache.org
Hi,
Based on his ongoing and valuable contributions, the Apache Sling
Project Management Committee (PMC) has
Hmm, that doesn't look right to me - in that case I would need to compare
the date with an (arbitrary) fixed value.
I see the point for the null check
So what about adding a boolean method, hasTimedOut() instead and always
return a correct date?
Carsten
2014/1/14 Bertrand Delacretaz
[
https://issues.apache.org/jira/browse/SLING-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tommaso Teofili resolved SLING-3310.
Resolution: Fixed
fixed in r1558045
Use a released parent POM in Sling Replication
On Tue, Jan 14, 2014 at 3:34 PM, Carsten Ziegeler cziege...@apache.org wrote:
...what about adding a boolean method, hasTimedOut() instead and always
return a correct date?...
why not but then hasTimedOut() really means no result available so
isn't the NO_RESULT status that we discussed earlier
Adding a value to the enum would be a change in the api, which I would like
to avoid.
And if you're just interested if execution is successful, returning a warn
looks like a good idea to me.
Carsten
2014/1/14 Bertrand Delacretaz bdelacre...@apache.org
On Tue, Jan 14, 2014 at 3:34 PM, Carsten
[
https://issues.apache.org/jira/browse/SLING-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870812#comment-13870812
]
Mark Baker commented on SLING-1158:
---
Hi Felix. That's all true, but it does cause harm,
Welcome Tommaso!!
Chetan Mehrotra
On Tue, Jan 14, 2014 at 7:56 PM, Tommaso Teofili
tommaso.teof...@gmail.com wrote:
Thanks a lot to the whole Sling PMC for your trust, I look forward to keep
working and having fun in Sling.
Regards,
Tommaso
2014/1/14 Bertrand Delacretaz
On Tue, Jan 14, 2014 at 3:49 PM, Carsten Ziegeler cziege...@apache.org wrote:
Adding a value to the enum would be a change in the api, which I would like
to avoid.
ok, let's stay with boolean hasTimedOut() as is now.
-Bertrand
[
https://issues.apache.org/jira/browse/SLING-3315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870816#comment-13870816
]
Marius Petria commented on SLING-3315:
--
[~bdelacretaz] the current implementation
[
https://issues.apache.org/jira/browse/SLING-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870820#comment-13870820
]
Bertrand Delacretaz commented on SLING-1158:
This is similar to requesting
[
https://issues.apache.org/jira/browse/SLING-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870820#comment-13870820
]
Bertrand Delacretaz edited comment on SLING-1158 at 1/14/14 3:37 PM:
+1
On Jan 14, 2014, at 4:24 PM, Chetan Mehrotra chetan.mehro...@gmail.com wrote:
Welcome Tommaso!!
Chetan Mehrotra
On Tue, Jan 14, 2014 at 7:56 PM, Tommaso Teofili
tommaso.teof...@gmail.com wrote:
Thanks a lot to the whole Sling PMC for your trust, I look forward to keep
working and
[
https://issues.apache.org/jira/browse/SLING-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13870866#comment-13870866
]
Justin Edelson commented on SLING-1158:
---
And such a filter already exists:
Hi Brenn,
I'd suggest starting a new thread with your question.
Regards,
Justin
On Mon, Jan 13, 2014 at 4:58 PM, Brenn Hill brenn.h...@omnigon.com wrote:
Hi guys,
From past projects I've seen Sling used as more of a front controller (with
lots of perks) and then the resource as the
Congratulations, welcome and keep up the good work Tommaso !
Regards
Felix
Am 14.01.2014 um 07:26 schrieb Tommaso Teofili tommaso.teof...@gmail.com:
Thanks a lot to the whole Sling PMC for your trust, I look forward to keep
working and having fun in Sling.
Regards,
Tommaso
2014/1/14
Hi
Am 14.01.2014 um 00:27 schrieb Carsten Ziegeler cziege...@apache.org:
Ok, so let's seprate the two things for the sake of th discussion - as soon
as someone wants to have a resource access gate applied to all resource
providers (for whatever reason), this really becomes tedious, especially
Hi
Another thing: Currently ParameterSupport is an internal part of the Sling
Engine.
How about we move the ParameterSupport into a separate bundle and expose the
ParameterSupport class as a utility class. This can then be leveraged by the
Sling Engine itself but also by other pieces not
On 13.01.2014, at 21:17, Felix Meschberger fmesc...@adobe.com wrote:
Having said this, I could imagine taking a hybrid approach:
(1) For url-encoded POST request, check whether InputStream is available
(1a) if available:
- decode query string
- decode input stream
(1b) if not
On 14.01.2014, at 09:59, Felix Meschberger fmesc...@adobe.com wrote:
How about we move the ParameterSupport into a separate bundle and expose the
ParameterSupport class as a utility class. This can then be leveraged by the
Sling Engine itself but also by other pieces not running inside the
On 13.01.2014, at 21:15, Chetan Mehrotra chetan.mehro...@gmail.com wrote:
However the problem with sandboxing untrusted code in any form
requires quite a bit of an effort. Just to start with
a. Disable access to Java reflection API
b. Limit access to OSGi service registry
c. Limit access
[
https://issues.apache.org/jira/browse/SLING-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13871082#comment-13871082
]
Alexander Klimetschek commented on SLING-1158:
--
It should also be possible
[
https://issues.apache.org/jira/browse/SLING-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13871118#comment-13871118
]
Justin Edelson commented on SLING-1158:
---
@alexander.klimetschek not necessarily.
Welcome, Tommaso!
On Tue, Jan 14, 2014 at 7:15 PM, Felix Meschberger fmesc...@adobe.com wrote:
Congratulations, welcome and keep up the good work Tommaso !
Regards
Felix
Am 14.01.2014 um 07:26 schrieb Tommaso Teofili tommaso.teof...@gmail.com:
Thanks a lot to the whole Sling PMC for your
Hi Jörg,
I've created a maven plugin [1] and some common test classes [2]
specifically to make this easier for CQ5. The Granite IT maven plugin is
designed to work with the maven-failsafe-plugin by provided the readiness
check functionality and by exporting HTTP configuration properties using
the
Hi
Am 14.01.2014 um 12:37 schrieb Alexander Klimetschek aklim...@adobe.com:
On 13.01.2014, at 21:17, Felix Meschberger fmesc...@adobe.com wrote:
Having said this, I could imagine taking a hybrid approach:
(1) For url-encoded POST request, check whether InputStream is available
(1a) if
Hi
Am 13.01.2014 um 15:26 schrieb Alexander Klimetschek aklim...@adobe.com:
Right, good analysis! I have further important additions to #1 and #2:
#1 of course is difficult. It should be split up:
-
1a. malicious JSP/script code
Hi
Ok, right, subsystem is one approach.
Another, quite intrusive one, might be a class loader hook: This would allow us
to filter visible classes per bundle
Yet, while this would get us the java.lang.System allowed or not ? But it not
get us prevent System.exit. But it would get us no
I forgot 2 important points ;) (see below for responses to the existing
discussion)
(1)
Just using an ordered map instead of a hash map doesn't solve the problem, as
multi-value parameters still get merged and their invidual position lost. For
example, an URL like this (which is similar to my
Hi
Am 14.01.2014 um 18:44 schrieb Alexander Klimetschek aklim...@adobe.com:
I forgot 2 important points ;) (see below for responses to the existing
discussion)
(1)
Just using an ordered map instead of a hash map doesn't solve the problem, as
multi-value parameters still get merged and
On 14.01.2014, at 18:05, Felix Meschberger fmesc...@adobe.com wrote:
Am 14.01.2014 um 18:44 schrieb Alexander Klimetschek aklim...@adobe.com:
/do?move=10stepsturnLeft=45degmove=20steps
[...]
This could be easily solved by extending Sling's RequestParameterMap [0],
e.g. with a method
2014/1/14 Felix Meschberger fmesc...@adobe.com
Hi
Am 14.01.2014 um 00:27 schrieb Carsten Ziegeler cziege...@apache.org:
Ok, so let's seprate the two things for the sake of th discussion - as
soon
as someone wants to have a resource access gate applied to all resource
providers (for
45 matches
Mail list logo
