Author: bdelacretaz
Date: Fri Jan 22 18:18:22 2016
New Revision: 1726268
URL: http://svn.apache.org/viewvc?rev=1726268&view=rev
Log:
SLING-5449 - remove AclSetup component and adapt integration tests
Added:
sling/trunk/contrib/extensions/repoinit/it/src/test/resources/repoinit.txt
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/AclUtil.java
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/ServiceUserUtil.java
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/package-info.java
Removed:
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/AclUtil.java
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/ServiceUserUtil.java
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/AclSetup.java
Modified:
sling/trunk/contrib/extensions/repoinit/it/pom.xml
sling/trunk/contrib/extensions/repoinit/it/src/main/provisioning/model.txt
sling/trunk/contrib/extensions/repoinit/it/src/test/java/org/apache/sling/repoinit/it/ProvisionedAclIT.java
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/AclOperationVisitor.java
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/test/java/org/apache/sling/repoinit/jcr/TestUtil.java
Modified: sling/trunk/contrib/extensions/repoinit/it/pom.xml
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/it/pom.xml?rev=1726268&r1=1726267&r2=1726268&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/repoinit/it/pom.xml (original)
+++ sling/trunk/contrib/extensions/repoinit/it/pom.xml Fri Jan 22 18:18:22 2016
@@ -190,6 +190,12 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.junit.teleporter</artifactId>
<version>1.0.4</version>
Modified:
sling/trunk/contrib/extensions/repoinit/it/src/main/provisioning/model.txt
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/it/src/main/provisioning/model.txt?rev=1726268&r1=1726267&r2=1726268&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/repoinit/it/src/main/provisioning/model.txt
(original)
+++ sling/trunk/contrib/extensions/repoinit/it/src/main/provisioning/model.txt
Fri Jan 22 18:18:22 2016
@@ -27,32 +27,4 @@
org.apache.sling/org.apache.sling.repoinit.parser/0.0.1-SNAPSHOT
[settings]
- org.apache.sling.commons.log.julenabled=true
-
-[configurations]
-org.apache.sling.repoinit.jcr.AclSetup-one
- #
- repoinit.text.1="create service user fredWilma"
- #
- # multiline repoinit statement
- repoinit.text.2="
- set ACL for fredWilma
- allow jcr:all on /acltest
- deny jcr:write on /acltest/A
- end"
- #
- # single line with backslash n works as well
- repoinit.text.backs="set ACL for fredWilma \n allow jcr:write on
/acltest/A/B \n end"
-
-# try some repoinit in a separate config
-org.apache.sling.repoinit.jcr.AclSetup-two
- # this user will be created from code, to validate the async ACL setting
- # and using the path-oriented notation, to test that
- repoinit.text.another="
- set ACL on /acltest
- allow jcr:all for anotherUser
- end
- set ACL on /acltest/A/B
- deny jcr:write for anotherUser
- end
- "
\ No newline at end of file
+ org.apache.sling.commons.log.julenabled=true
\ No newline at end of file
Modified:
sling/trunk/contrib/extensions/repoinit/it/src/test/java/org/apache/sling/repoinit/it/ProvisionedAclIT.java
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/it/src/test/java/org/apache/sling/repoinit/it/ProvisionedAclIT.java?rev=1726268&r1=1726267&r2=1726268&view=diff
==============================================================================
---
sling/trunk/contrib/extensions/repoinit/it/src/test/java/org/apache/sling/repoinit/it/ProvisionedAclIT.java
(original)
+++
sling/trunk/contrib/extensions/repoinit/it/src/test/java/org/apache/sling/repoinit/it/ProvisionedAclIT.java
Fri Jan 22 18:18:22 2016
@@ -17,8 +17,11 @@
package org.apache.sling.repoinit.it;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import java.io.InputStream;
+import java.io.InputStreamReader;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.UUID;
@@ -35,6 +38,10 @@ import org.apache.jackrabbit.api.Jackrab
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.junit.rules.TeleporterRule;
+import org.apache.sling.repoinit.jcr.AclOperationVisitor;
+import org.apache.sling.repoinit.parser.AclDefinitionsParser;
+import org.apache.sling.repoinit.parser.operations.Operation;
+import org.apache.sling.repoinit.parser.operations.OperationVisitor;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
@@ -42,29 +49,46 @@ import org.junit.Test;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
-/** Test service users and ACLs set from
- * our provisioning model.
- * TODO test /var ACLs and use @Retry rule
- */
+/** Test service users and ACLs set from a text file. */
public class ProvisionedAclIT {
private Session session;
- private static final String FRED_WILMA = "fredWilma";
- private static final String ANOTHER = "anotherUser";
+ private static final String FRED_WILMA = "fredWilmaService";
+ private static final String ANOTHER = "anotherService";
+
+ public static final String REPO_INIT_FILE = "/repoinit.txt";
@Rule
- public TeleporterRule teleporter = TeleporterRule.forClass(getClass(),
"IT");
+ public TeleporterRule teleporter = TeleporterRule
+ .forClass(getClass(), "IT")
+ .withResources(REPO_INIT_FILE);
@Before
- public void setup() throws LoginException, RepositoryException {
- WaitFor.services(teleporter, SlingRepository.class,
ConfigurationAdmin.class);
+ public void setup() throws Exception {
+ WaitFor.services(teleporter, SlingRepository.class,
AclDefinitionsParser.class);
session =
teleporter.getService(SlingRepository.class).loginAdministrative(null);
+ // TODO this should be done by the repoinit language
try {
session.getRootNode().addNode("acltest").addNode("A").addNode("B").save();;
} catch(RepositoryException ignore) {
}
assertTrue("Expecting test nodes to be created",
session.itemExists("/acltest/A/B"));
+
+ // Execute some repoinit statements
+ final InputStream is = getClass().getResourceAsStream(REPO_INIT_FILE);
+ assertNotNull("Expecting " + REPO_INIT_FILE, is);
+ try {
+ final AclDefinitionsParser parser =
teleporter.getService(AclDefinitionsParser.class);
+ final OperationVisitor v = new AclOperationVisitor(session);
+ for(Operation op : parser.parse(new InputStreamReader(is,
"UTF-8"))) {
+ op.accept(v);
+ }
+ session.save();
+ } finally {
+ is.close();
+ }
+
}
@After
@@ -128,16 +152,6 @@ public class ProvisionedAclIT {
@Test
public void anotherUserAcl() throws Exception {
- // Verify that user creation causes its ACL
- // to be set. Use a config to create the user,
- // to also test that mechanism.
- final ConfigurationAdmin ca =
teleporter.getService(ConfigurationAdmin.class);
- final Configuration cfg =
ca.createFactoryConfiguration("org.apache.sling.repoinit.jcr.AclSetup");
- final Dictionary<String, Object> props = new Hashtable<String,
Object>();
- props.put("repoinit.text.1", "create service user " + ANOTHER);
- cfg.setBundleLocation(null);
- cfg.update(props);
-
new Retry() {
@Override
public Void call() throws Exception {
Added:
sling/trunk/contrib/extensions/repoinit/it/src/test/resources/repoinit.txt
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/it/src/test/resources/repoinit.txt?rev=1726268&view=auto
==============================================================================
--- sling/trunk/contrib/extensions/repoinit/it/src/test/resources/repoinit.txt
(added)
+++ sling/trunk/contrib/extensions/repoinit/it/src/test/resources/repoinit.txt
Fri Jan 22 18:18:22 2016
@@ -0,0 +1,40 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# Service users and ACLs for our integration tests
+
+create service user fredWilmaService
+create service user anotherService
+
+set ACL for fredWilmaService
+ allow jcr:all on /acltest
+ deny jcr:write on /acltest/A
+end
+
+set ACL for fredWilmaService
+ allow jcr:write on /acltest/A/B
+end
+
+set ACL on /acltest
+ allow jcr:all for anotherService
+end
+
+set ACL on /acltest/A/B
+ deny jcr:write for anotherService
+end
Modified:
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/AclOperationVisitor.java
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/AclOperationVisitor.java?rev=1726268&r1=1726267&r2=1726268&view=diff
==============================================================================
---
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/AclOperationVisitor.java
(original)
+++
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/AclOperationVisitor.java
Fri Jan 22 18:18:22 2016
@@ -24,6 +24,8 @@ import java.util.List;
import javax.jcr.Session;
+import org.apache.sling.repoinit.jcr.impl.AclUtil;
+import org.apache.sling.repoinit.jcr.impl.ServiceUserUtil;
import org.apache.sling.repoinit.parser.operations.AclLine;
import org.apache.sling.repoinit.parser.operations.CreateServiceUser;
import org.apache.sling.repoinit.parser.operations.DeleteServiceUser;
Added:
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/AclUtil.java
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/AclUtil.java?rev=1726268&view=auto
==============================================================================
---
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/AclUtil.java
(added)
+++
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/AclUtil.java
Fri Jan 22 18:18:22 2016
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.repoinit.jcr.impl;
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+
+/** Utilities for ACL management */
+public class AclUtil {
+
+ public static JackrabbitAccessControlManager getJACM(Session s) throws
UnsupportedRepositoryOperationException, RepositoryException {
+ final AccessControlManager acm = s.getAccessControlManager();
+ if(!(acm instanceof JackrabbitAccessControlManager)) {
+ throw new IllegalStateException(
+ "AccessControlManager is not a
JackrabbitAccessControlManager:"
+ + acm.getClass().getName());
+ }
+ return (JackrabbitAccessControlManager) acm;
+ }
+
+ public static void setAcl(Session s, List<String> principals, List<String>
paths, List<String> privileges, boolean isAllow)
+ throws UnsupportedRepositoryOperationException,
RepositoryException {
+
+ final String [] privArray = privileges.toArray(new
String[privileges.size()]);
+ final Privilege[] jcrPriv = AccessControlUtils.privilegesFromNames(s,
privArray);
+
+
+ for(String path : paths) {
+ if(!s.nodeExists(path)) {
+ throw new PathNotFoundException("Cannot set ACL on
non-existent path " + path);
+ }
+ JackrabbitAccessControlList acl =
AccessControlUtils.getAccessControlList(s, path);
+ for(String principal : principals) {
+ final Authorizable a = ServiceUserUtil.getAuthorizable(s,
principal);
+ if(a == null) {
+ throw new IllegalStateException("Principal not found:" +
principal);
+ }
+ final Principal p = a.getPrincipal();
+ acl.addEntry(p, jcrPriv, isAllow);
+ }
+ getJACM(s).setPolicy(path, acl);
+ }
+ }
+}
Added:
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/ServiceUserUtil.java
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/ServiceUserUtil.java?rev=1726268&view=auto
==============================================================================
---
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/ServiceUserUtil.java
(added)
+++
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/impl/ServiceUserUtil.java
Fri Jan 22 18:18:22 2016
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.repoinit.jcr.impl;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+
+/** Utilities for Service Users management */
+public class ServiceUserUtil {
+
+ public static UserManager getUserManager(Session session) throws
RepositoryException {
+ if(!(session instanceof JackrabbitSession)) {
+ throw new IllegalArgumentException("Session is not a
JackrabbitSession");
+ }
+ return ((JackrabbitSession)session).getUserManager();
+ }
+
+ public static Authorizable getAuthorizable(Session session, String
username) throws RepositoryException {
+ return getUserManager(session).getAuthorizable(username);
+ }
+
+ /** Create a service user - fails if it already exists */
+ public static void createServiceUser(Session s, String username) throws
RepositoryException {
+ getUserManager(s).createSystemUser(username, null);
+ }
+
+ /** True if specified service user exists */
+ public static boolean serviceUserExists(Session session, String username)
throws RepositoryException {
+ boolean result = false;
+ final Authorizable a = getAuthorizable(session, username);
+ if(a != null) {
+ final User u = (User)a;
+ result = u.isSystemUser();
+ }
+ return result;
+ }
+
+ public static void deleteServiceUser(Session s, String username) throws
RepositoryException {
+ final Authorizable a = getUserManager(s).getAuthorizable(username);
+ if(a == null) {
+ throw new IllegalStateException("Authorizable not found:" +
username);
+ }
+ a.remove();
+ }
+
+}
Added:
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/package-info.java
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/package-info.java?rev=1726268&view=auto
==============================================================================
---
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/package-info.java
(added)
+++
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/main/java/org/apache/sling/repoinit/jcr/package-info.java
Fri Jan 22 18:18:22 2016
@@ -0,0 +1,21 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+
******************************************************************************/
+
+@Version("1.0.0")
+package org.apache.sling.repoinit.jcr;
+
+import aQute.bnd.annotation.Version;
Modified:
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/test/java/org/apache/sling/repoinit/jcr/TestUtil.java
URL:
http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/repoinit/oak-jcr/src/test/java/org/apache/sling/repoinit/jcr/TestUtil.java?rev=1726268&r1=1726267&r2=1726268&view=diff
==============================================================================
---
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/test/java/org/apache/sling/repoinit/jcr/TestUtil.java
(original)
+++
sling/trunk/contrib/extensions/repoinit/oak-jcr/src/test/java/org/apache/sling/repoinit/jcr/TestUtil.java
Fri Jan 22 18:18:22 2016
@@ -31,6 +31,7 @@ import javax.jcr.SimpleCredentials;
import org.apache.commons.io.IOUtils;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.sling.repoinit.jcr.impl.ServiceUserUtil;
import org.apache.sling.repoinit.parser.AclParsingException;
import org.apache.sling.repoinit.parser.impl.ACLDefinitionsParserService;
import org.apache.sling.repoinit.parser.operations.Operation;
