Author: cziegeler
Date: Mon Dec 16 00:04:00 2013
New Revision: 1551088
URL: http://svn.apache.org/r1551088
Log:
SLING-3287 : Provide an abstract ResourceAccessGate
In addition: cleaned up pom and implementation, added package info
Added:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
(with props)
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
(with props)
Modified:
sling/trunk/bundles/resourceaccesssecurity/ (props changed)
sling/trunk/bundles/resourceaccesssecurity/pom.xml
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
Propchange: sling/trunk/bundles/resourceaccesssecurity/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Dec 16 00:04:00 2013
@@ -1 +1,7 @@
target
+
+.settings
+
+.classpath
+
+.project
Modified: sling/trunk/bundles/resourceaccesssecurity/pom.xml
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/pom.xml?rev=1551088&r1=1551087&r2=1551088&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/pom.xml (original)
+++ sling/trunk/bundles/resourceaccesssecurity/pom.xml Mon Dec 16 00:04:00 2013
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>16</version>
+ <version>18</version>
<relativePath>../../parent/pom.xml</relativePath>
</parent>
@@ -77,15 +77,6 @@
<extensions>true</extensions>
<configuration>
<instructions>
- <Import-Package>
- javax.annotation;resolution:=optional,
- org.apache.sling.api.resource;provide:=true,
- org.apache.sling.commons.osgi;version="$(@)",
- *
- </Import-Package>
- <Private-Package>
- org.apache.sling.resourceaccesssecurity.impl.*
- </Private-Package>
</instructions>
</configuration>
</plugin>
@@ -94,10 +85,6 @@
<dependencies>
<dependency>
- <groupId>org.apache.felix</groupId>
- <artifactId>org.apache.felix.scr.annotations</artifactId>
- </dependency>
- <dependency>
<groupId>javax.jcr</groupId>
<artifactId>jcr</artifactId>
<version>2.0</version>
Added:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java?rev=1551088&view=auto
==============================================================================
---
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
(added)
+++
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
Mon Dec 16 00:04:00 2013
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+
+/**
+ * This abstract implementation of the <code>ResourceAccessGate</code> can be
+ * used to implement own resource access gates.
+ * This implementation simply allows operations, restricting implementations
+ * just need to overwrite the operations they want to restrict.
+ */
+public abstract class AllowingResourceAccessGate implements ResourceAccessGate
{
+
+ @Override
+ public GateResult canRead(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canCreate(final String absPathName,
+ final ResourceResolver resourceResolver) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canUpdate(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canDelete(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canExecute(final Resource resource) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canReadValue(final Resource resource, final String
valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canCreateValue(final Resource resource, final String
valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canUpdateValue(final Resource resource, final String
valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public GateResult canDeleteValue(final Resource resource, final String
valueName) {
+ return GateResult.DONTCARE;
+ }
+
+ @Override
+ public String transformQuery(final String query, final String language,
+ final ResourceResolver resourceResolver) throws
AccessSecurityException {
+ return query;
+ }
+
+ @Override
+ public boolean hasReadRestrictions(final ResourceResolver
resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasCreateRestrictions(final ResourceResolver
resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasUpdateRestrictions(final ResourceResolver
resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasDeleteRestrictions(final ResourceResolver
resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean hasExecuteRestrictions(final ResourceResolver
resourceResolver) {
+ return false;
+ }
+
+ @Override
+ public boolean canReadAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canCreateAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canUpdateAllValues(final Resource resource) {
+ return true;
+ }
+
+ @Override
+ public boolean canDeleteAllValues(final Resource resource) {
+ return true;
+ }
+}
Propchange:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
------------------------------------------------------------------------------
svn:keywords = author date id revision rev url
Propchange:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java?rev=1551088&r1=1551087&r2=1551088&view=diff
==============================================================================
---
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
(original)
+++
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
Mon Dec 16 00:04:00 2013
@@ -22,17 +22,19 @@ import org.apache.sling.api.resource.Res
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.security.AccessSecurityException;
+import aQute.bnd.annotation.ConsumerType;
+
/**
* The <code>ResourceAccessGate</code> defines a service API which might be
used
* to make some restrictions to accessing resources.
- *
+ *
* Implementations of this service interface must be registered like
* ResourceProvider with a path (like provider.roots). If different
* ResourceAccessGateService services match a path, not only the
* ResourceAccessGateService with the longest path should be called, but all of
* them, that's in contrast to the ResourceProvider, but in this case more
* logical (and secure!).
- *
+ *
* service properties:
* <ul>
* <li><b>path</b>: regexp to define on which paths the service should be
called
@@ -42,8 +44,9 @@ import org.apache.sling.api.security.Acc
* <li><b>finaloperations</b>: set of operations on which the service answer is
* final an no other service should be called (default none of them)</li>
* </ul>
- *
+ *
*/
+@ConsumerType
public interface ResourceAccessGate {
/**
@@ -141,10 +144,10 @@ public interface ResourceAccessGate {
* Allows to transform the query based on the current user's credentials.
* Can be used to narrow down queries to omit results that the current user
* is not allowed to see anyway, speeding up downstream access control.
- *
+ *
* Query transformations are not critical with respect to access control as
* results are checked using the canRead.. methods anyway.
- *
+ *
* @param query
* the query
* @param language
Modified:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java?rev=1551088&r1=1551087&r2=1551088&view=diff
==============================================================================
---
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
(original)
+++
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateTracker.java
Mon Dec 16 00:04:00 2013
@@ -22,18 +22,15 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import org.apache.sling.api.resource.ResourceDecorator;
import org.apache.sling.commons.osgi.SortingServiceTracker;
import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
-import org.osgi.framework.ServiceRegistration;
public class ResourceAccessGateTracker extends
SortingServiceTracker<ResourceAccessGate> {
- private List<ResourceAccessGateHandler> resourceAccessGateHandlers = null;
- private ServiceRegistration decoratorRegistration = null;
+ private List<ResourceAccessGateHandler> resourceAccessGateHandlers;
/**
* Constructor
Modified:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1551088&r1=1551087&r2=1551088&view=diff
==============================================================================
---
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
(original)
+++
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
Mon Dec 16 00:04:00 2013
@@ -24,24 +24,21 @@ import java.util.List;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
-import org.apache.sling.api.security.AccessSecurityException;
import org.apache.sling.api.resource.NonExistingResource;
import org.apache.sling.api.resource.Resource;
-import org.apache.sling.api.security.ResourceAccessSecurity;
import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+import org.apache.sling.api.security.ResourceAccessSecurity;
import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
import org.osgi.framework.Constants;
import org.osgi.service.component.ComponentContext;
-@Component(name = "org.apache.sling.api.security.ResourceAccessSecurity",
immediate = true)
+@Component(name = "org.apache.sling.api.security.ResourceAccessSecurity")
@Service(value = { ResourceAccessSecurity.class })
-@Properties({
- @Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling
ResourceAccessSecurity"),
- @Property(name = Constants.SERVICE_VENDOR, value = "The Apache
Software Foundation") })
+@Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling
ResourceAccessSecurity")
public class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
private ResourceAccessGateTracker resourceAccessGateTracker;
@@ -67,10 +64,10 @@ public class ResourceAccessSecurityImpl
private List<ResourceAccessGateHandler>
getMatchingResourceAccessGateHandlers(
String path, ResourceAccessGate.Operation operation) {
- /*
- * TODO: maybe caching some frequent paths with read operation would be
- * a good idea
- */
+ //
+ // TODO: maybe caching some frequent paths with read operation would be
+ // a good idea
+ //
List<ResourceAccessGateHandler> returnValue = resourceAccessGateTracker
.getResourceAccessGateHandlers();
Added:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java?rev=1551088&view=auto
==============================================================================
---
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
(added)
+++
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
Mon Dec 16 00:04:00 2013
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+@Version("1.0.0")
+package org.apache.sling.resourceaccesssecurity;
+
+import aQute.bnd.annotation.Version;
+
Propchange:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
------------------------------------------------------------------------------
svn:keywords = author date id revision rev url
Propchange:
sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
