Author: radu
Date: Mon Oct 17 16:58:30 2016
New Revision: 1765343

URL: http://svn.apache.org/viewvc?rev=1765343&view=rev
Log:
SLING-5234 - Remove getAdministrativeResourceResolver() usage from 
org.apache.sling.xss

* switched to using a newly defined service user (sling-xss) that has read-only 
access for
{/libs,/apps}/sling/xss

Modified:
    
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
    sling/trunk/launchpad/builder/src/main/provisioning/repoinit.txt
    sling/trunk/launchpad/builder/src/main/provisioning/sling.txt

Modified: 
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java?rev=1765343&r1=1765342&r2=1765343&view=diff
==============================================================================
--- 
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
 (original)
+++ 
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
 Mon Oct 17 16:58:30 2016
@@ -19,6 +19,7 @@ package org.apache.sling.xss.impl;
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
@@ -71,6 +72,7 @@ public class XSSFilterImpl implements XS
 
     public static final String DEFAULT_POLICY_PATH = "sling/xss/config.xml";
     private static final String EMBEDDED_POLICY_PATH = 
"SLING-INF/content/config.xml";
+    private static final String SLING_XSS_USER = "sling-xss";
     private static final int DEFAULT_POLICY_CACHE_SIZE = 128;
     private PolicyHandler defaultHandler;
     private Attribute hrefAttribute;
@@ -119,10 +121,13 @@ public class XSSFilterImpl implements XS
 
     private synchronized void updateDefaultHandler() {
         this.defaultHandler = null;
-        ResourceResolver adminResolver = null;
+        ResourceResolver xssResourceResolver = null;
         try {
-            adminResolver = 
resourceResolverFactory.getAdministrativeResourceResolver(null);
-            Resource policyResource = 
adminResolver.getResource(DEFAULT_POLICY_PATH);
+            Map<String, Object> authenticationInfo = new HashMap<String, 
Object>() {{
+                put(ResourceResolverFactory.SUBSERVICE, SLING_XSS_USER);
+            }};
+            xssResourceResolver = 
resourceResolverFactory.getServiceResourceResolver(authenticationInfo);
+            Resource policyResource = 
xssResourceResolver.getResource(DEFAULT_POLICY_PATH);
             if (policyResource != null) {
                 try (InputStream policyStream = 
policyResource.adaptTo(InputStream.class)) {
                     setDefaultHandler(new PolicyHandler(policyStream));
@@ -159,8 +164,8 @@ public class XSSFilterImpl implements XS
         } catch (LoginException e) {
             LOGGER.error("Unable to load the default policy file.", e);
         } finally {
-            if (adminResolver != null) {
-                adminResolver.close();
+            if (xssResourceResolver != null) {
+                xssResourceResolver.close();
             }
         }
     }

Modified: sling/trunk/launchpad/builder/src/main/provisioning/repoinit.txt
URL: 
http://svn.apache.org/viewvc/sling/trunk/launchpad/builder/src/main/provisioning/repoinit.txt?rev=1765343&r1=1765342&r2=1765343&view=diff
==============================================================================
--- sling/trunk/launchpad/builder/src/main/provisioning/repoinit.txt (original)
+++ sling/trunk/launchpad/builder/src/main/provisioning/repoinit.txt Mon Oct 17 
16:58:30 2016
@@ -22,3 +22,12 @@
   org.apache.sling/org.apache.sling.repoinit.parser/1.0.4
   org.apache.sling/org.apache.sling.jcr.repoinit/1.0.2
   org.apache.sling/org.apache.sling.provisioning.model/1.4.4
+
+[:repoinit]
+    create path (sling:Folder) /libs/sling/xss
+    create path (sling:Folder) /apps/sling/xss
+    create service user sling-xss
+    set ACL for sling-xss
+        deny    jcr:all     on /
+        allow   jcr:read    on /libs/sling/xss,/apps/sling/xss
+    end

Modified: sling/trunk/launchpad/builder/src/main/provisioning/sling.txt
URL: 
http://svn.apache.org/viewvc/sling/trunk/launchpad/builder/src/main/provisioning/sling.txt?rev=1765343&r1=1765342&r2=1765343&view=diff
==============================================================================
--- sling/trunk/launchpad/builder/src/main/provisioning/sling.txt (original)
+++ sling/trunk/launchpad/builder/src/main/provisioning/sling.txt Mon Oct 17 
16:58:30 2016
@@ -160,3 +160,8 @@
 
   org.apache.sling.resourceresolver.impl.observation.OsgiObservationBridge
       enabled=B"true"
+
+  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-xss
+    user.mapping=[
+      "org.apache.sling.xss\=sling-xss"
+    ]


Reply via email to