This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.usermanager-2.0.2-incubator in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git
commit 854533dccdb1e5a87f014716f594dbb8d9ec68fb Author: Juan Vazquez <[email protected]> AuthorDate: Thu Mar 19 20:53:24 2009 +0000 SLING-875: New Bundle for a ResourceProvider and Sling Post Operations for interacting with the jackrabbit UserManager https://issues.apache.org/jira/browse/SLING-875 git-svn-id: https://svn.apache.org/repos/asf/incubator/sling/trunk/bundles/jcr/jackrabbit-usermanager@756191 13f79535-47bb-0310-9956-ffa450edef68 --- ...n.java => AbstractAuthorizablePostServlet.java} | 411 +++++++++++++-------- .../usermanager/post/AbstractGroupPostServlet.java | 95 +++++ .../usermanager/post/AbstractUserPostServlet.java | 81 ++++ ...eration.java => ChangeUserPasswordServlet.java} | 22 +- ...GroupOperation.java => CreateGroupServlet.java} | 33 +- ...teUserOperation.java => CreateUserServlet.java} | 30 +- .../post/DeleteAuthorizableOperation.java | 73 ---- .../post/DeleteAuthorizableServlet.java | 159 ++++++++ ...zableOperation.java => UpdateGroupServlet.java} | 24 +- ...izableOperation.java => UpdateUserServlet.java} | 30 +- 10 files changed, 662 insertions(+), 296 deletions(-) diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractAuthorizableOperation.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractAuthorizablePostServlet.java similarity index 65% rename from src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractAuthorizableOperation.java rename to src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractAuthorizablePostServlet.java index 06f6577..ab1d5cf 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractAuthorizableOperation.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractAuthorizablePostServlet.java @@ -16,15 +16,14 @@ */ package org.apache.sling.jackrabbit.usermanager.post; -import java.io.UnsupportedEncodingException; -import java.security.NoSuchAlgorithmException; +import java.io.IOException; +import java.util.ArrayList; import java.util.Calendar; import java.util.Dictionary; +import java.util.Enumeration; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.NoSuchElementException; import javax.jcr.PropertyType; import javax.jcr.RepositoryException; @@ -32,30 +31,39 @@ import javax.jcr.Session; import javax.jcr.Value; import javax.jcr.ValueFactory; import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.apache.jackrabbit.api.security.user.Authorizable; -import org.apache.jackrabbit.api.security.user.Group; -import org.apache.jackrabbit.util.Text; import org.apache.sling.api.SlingHttpServletRequest; +import org.apache.sling.api.SlingHttpServletResponse; import org.apache.sling.api.request.RequestParameter; -import org.apache.sling.api.resource.Resource; -import org.apache.sling.api.resource.ResourceResolver; +import org.apache.sling.api.resource.ResourceNotFoundException; +import org.apache.sling.api.resource.ResourceUtil; import org.apache.sling.api.servlets.HtmlResponse; +import org.apache.sling.api.servlets.SlingAllMethodsServlet; +import org.apache.sling.api.wrappers.SlingRequestPaths; import org.apache.sling.commons.osgi.OsgiUtil; import org.apache.sling.jackrabbit.usermanager.post.impl.DateParser; import org.apache.sling.jackrabbit.usermanager.post.impl.RequestProperty; import org.apache.sling.jackrabbit.usermanager.resource.AuthorizableResourceProvider; -import org.apache.sling.servlets.post.AbstractSlingPostOperation; import org.apache.sling.servlets.post.Modification; import org.apache.sling.servlets.post.SlingPostConstants; import org.osgi.service.component.ComponentContext; - +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** - * Base class for operations that do work on authorizable resources + * Base class for all the POST servlets for the UserManager operations */ -public abstract class AbstractAuthorizableOperation extends AbstractSlingPostOperation { - +public abstract class AbstractAuthorizablePostServlet extends SlingAllMethodsServlet { + private static final long serialVersionUID = -5918670409789895333L; + + /** + * default log + */ + private final Logger log = LoggerFactory.getLogger(getClass()); + /** * @scr.property values.0="EEE MMM dd yyyy HH:mm:ss 'GMT'Z" * values.1="yyyy-MM-dd'T'HH:mm:ss.SSSZ" @@ -65,17 +73,7 @@ public abstract class AbstractAuthorizableOperation extends AbstractSlingPostOpe private static final String PROP_DATE_FORMAT = "servlet.post.dateFormats"; private DateParser dateParser; - - - /** - * To be used for the encryption. E.g. for passwords in - * {@link javax.jcr.SimpleCredentials#getPassword()} SimpleCredentials} - * @scr.property valueRef="DEFAULT_PASSWORD_DIGEST_ALGORITHM" - */ - private static final String PROP_PASSWORD_DIGEST_ALGORITHM = "password.digest.algorithm"; - private static final String DEFAULT_PASSWORD_DIGEST_ALGORITHM = "sha1"; - private String passwordDigestAlgoritm = null; - + // ---------- SCR Integration ---------------------------------------------- protected void activate(ComponentContext context) { @@ -86,90 +84,178 @@ public abstract class AbstractAuthorizableOperation extends AbstractSlingPostOpe for (String dateFormat : dateFormats) { dateParser.register(dateFormat); } - Object propValue = props.get(PROP_PASSWORD_DIGEST_ALGORITHM); - if (propValue instanceof String) { - passwordDigestAlgoritm = (String)propValue; - } else { - passwordDigestAlgoritm = DEFAULT_PASSWORD_DIGEST_ALGORITHM; - } } protected void deactivate(ComponentContext context) { dateParser = null; - passwordDigestAlgoritm = null; } - protected String digestPassword(String pwd) throws IllegalArgumentException { + + /* (non-Javadoc) + * @see org.apache.sling.api.servlets.SlingAllMethodsServlet#doPost(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.SlingHttpServletResponse) + */ + @Override + protected void doPost(SlingHttpServletRequest request, + SlingHttpServletResponse httpResponse) throws ServletException, + IOException { + // prepare the response + HtmlResponse htmlResponse = new HtmlResponse(); + htmlResponse.setReferer(request.getHeader("referer")); + + // calculate the paths + String path = getItemPath(request); + htmlResponse.setPath(path); + + // location + htmlResponse.setLocation(externalizePath(request, path)); + + // parent location + path = ResourceUtil.getParent(path); + if (path != null) { + htmlResponse.setParentLocation(externalizePath(request, path)); + } + + Session session = request.getResourceResolver().adaptTo(Session.class); + + final List<Modification> changes = new ArrayList<Modification>(); + try { - StringBuffer password = new StringBuffer(); - password.append("{").append(passwordDigestAlgoritm).append("}"); - password.append(Text.digest(passwordDigestAlgoritm, pwd.getBytes("UTF-8"))); - return password.toString(); - } catch (NoSuchAlgorithmException e) { - throw new IllegalArgumentException(e.toString()); - } catch (UnsupportedEncodingException e) { - throw new IllegalArgumentException(e.toString()); + handleOperation(request, htmlResponse, changes); + + //TODO: maybe handle SlingAuthorizablePostProcessor handlers here + + // set changes on html response + for(Modification change : changes) { + switch ( change.getType() ) { + case MODIFY : htmlResponse.onModified(change.getSource()); break; + case DELETE : htmlResponse.onDeleted(change.getSource()); break; + case MOVE : htmlResponse.onMoved(change.getSource(), change.getDestination()); break; + case COPY : htmlResponse.onCopied(change.getSource(), change.getDestination()); break; + case CREATE : htmlResponse.onCreated(change.getSource()); break; + case ORDER : htmlResponse.onChange("ordered", change.getSource(), change.getDestination()); break; + } + } + + if (session.hasPendingChanges()) { + session.save(); + } + } catch (ResourceNotFoundException rnfe) { + htmlResponse.setStatus(HttpServletResponse.SC_NOT_FOUND, + rnfe.getMessage()); + } catch (Throwable throwable) { + log.debug("Exception while handling POST " + + request.getResource().getPath() + " with " + + getClass().getName(), throwable); + htmlResponse.setError(throwable); + } finally { + try { + if (session.hasPendingChanges()) { + session.refresh(false); + } + } catch (RepositoryException e) { + log.warn("RepositoryException in finally block: {}", + e.getMessage(), e); + } } - } - + + // check for redirect URL if processing succeeded + if (htmlResponse.isSuccessful()) { + String redirect = getRedirectUrl(request, htmlResponse); + if (redirect != null) { + httpResponse.sendRedirect(redirect); + return; + } + } + + // create a html response and send if unsuccessful or no redirect + htmlResponse.send(httpResponse, isSetStatus(request)); + } + /** + * Extending Servlet should implement this operation to do the work + * + * @param request the sling http request to process + * @param htmlResponse the response + * @param changes + */ + abstract protected void handleOperation(SlingHttpServletRequest request, + HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException; + + /** - * Update the group membership based on the ":member" request - * parameters. If the ":member" value ends with @Delete it is removed - * from the group membership, otherwise it is added to the group membership. - * - * @param request - * @param authorizable - * @throws RepositoryException + * compute redirect URL (SLING-126) + * + * @param ctx the post processor + * @return the redirect location or <code>null</code> */ - protected void updateGroupMembership(SlingHttpServletRequest request, - Authorizable authorizable, List<Modification> changes) throws RepositoryException { - if (authorizable.isGroup()) { - Group group = ((Group)authorizable); - String groupPath = AuthorizableResourceProvider.SYSTEM_USER_MANAGER_GROUP_PREFIX + group.getID(); - - ResourceResolver resolver = request.getResourceResolver(); - Resource baseResource = request.getResource(); - boolean changed = false; - - //first remove any members posted as ":member@Delete" - String[] membersToDelete = request.getParameterValues(SlingPostConstants.RP_PREFIX + "member" + SlingPostConstants.SUFFIX_DELETE); - if (membersToDelete != null) { - for (String member : membersToDelete) { - Resource res = resolver.getResource(baseResource, member); - if (res != null) { - Authorizable memberAuthorizable = res.adaptTo(Authorizable.class); - if (memberAuthorizable != null) { - group.removeMember(memberAuthorizable); - changed = true; - } - } - - } - } - - //second add any members posted as ":member" - String[] membersToAdd = request.getParameterValues(SlingPostConstants.RP_PREFIX + "member"); - if (membersToAdd != null) { - for (String member : membersToAdd) { - Resource res = resolver.getResource(baseResource, member); - if (res != null) { - Authorizable memberAuthorizable = res.adaptTo(Authorizable.class); - if (memberAuthorizable != null) { - group.addMember(memberAuthorizable); - changed = true; - } - } - } - } - - if (changed) { - //add an entry to the changes list to record the membership change - changes.add(Modification.onModified(groupPath + "/members")); - } - } - } - + protected String getRedirectUrl(HttpServletRequest request, HtmlResponse ctx) { + // redirect param has priority (but see below, magic star) + String result = request.getParameter(SlingPostConstants.RP_REDIRECT_TO); + if (result != null && ctx.getPath() != null) { + + // redirect to created/modified Resource + int star = result.indexOf('*'); + if (star >= 0) { + StringBuffer buf = new StringBuffer(); + + // anything before the star + if (star > 0) { + buf.append(result.substring(0, star)); + } + + // append the name of the manipulated node + buf.append(ResourceUtil.getName(ctx.getPath())); + + // anything after the star + if (star < result.length() - 1) { + buf.append(result.substring(star + 1)); + } + + // use the created path as the redirect result + result = buf.toString(); + + } else if (result.endsWith(SlingPostConstants.DEFAULT_CREATE_SUFFIX)) { + // if the redirect has a trailing slash, append modified node + // name + result = result.concat(ResourceUtil.getName(ctx.getPath())); + } + + if (log.isDebugEnabled()) { + log.debug("Will redirect to " + result); + } + } + return result; + } + + protected boolean isSetStatus(SlingHttpServletRequest request) { + String statusParam = request.getParameter(SlingPostConstants.RP_STATUS); + if (statusParam == null) { + log.debug( + "getStatusMode: Parameter {} not set, assuming standard status code", + SlingPostConstants.RP_STATUS); + return true; + } + + if (SlingPostConstants.STATUS_VALUE_BROWSER.equals(statusParam)) { + log.debug( + "getStatusMode: Parameter {} asks for user-friendly status code", + SlingPostConstants.RP_STATUS); + return false; + } + + if (SlingPostConstants.STATUS_VALUE_STANDARD.equals(statusParam)) { + log.debug( + "getStatusMode: Parameter {} asks for standard status code", + SlingPostConstants.RP_STATUS); + return true; + } + + log.debug( + "getStatusMode: Parameter {} set to unknown value {}, assuming standard status code", + SlingPostConstants.RP_STATUS); + return true; + } + // ------ The methods below are based on the private methods from the ModifyOperation class ----- @@ -553,82 +639,79 @@ public abstract class AbstractAuthorizableOperation extends AbstractSlingPostOpe } + // ------ These methods were copied from AbstractSlingPostOperation ------ + /** - * Returns an iterator on <code>Resource</code> instances addressed in the - * {@link SlingPostConstants#RP_APPLY_TO} request parameter. If the request - * parameter is not set, <code>null</code> is returned. If the parameter - * is set with valid resources an empty iterator is returned. Any resources - * addressed in the {@link SlingPostConstants#RP_APPLY_TO} parameter is - * ignored. - * - * @param request The <code>SlingHttpServletRequest</code> object used to - * get the {@link SlingPostConstants#RP_APPLY_TO} parameter. - * @return The iterator of resources listed in the parameter or - * <code>null</code> if the parameter is not set in the request. + * Returns the path of the resource of the request as the item path. + * <p> + * This method may be overwritten by extension if the operation has + * different requirements on path processing. */ - protected Iterator<Resource> getApplyToResources( - SlingHttpServletRequest request) { - - String[] applyTo = request.getParameterValues(SlingPostConstants.RP_APPLY_TO); - if (applyTo == null) { - return null; - } - - return new ApplyToIterator(request, applyTo); + protected String getItemPath(SlingHttpServletRequest request) { + return request.getResource().getPath(); } - private static class ApplyToIterator implements Iterator<Resource> { - - private final ResourceResolver resolver; - private final Resource baseResource; - private final String[] paths; - - private int pathIndex; - - private Resource nextResource; - - ApplyToIterator(SlingHttpServletRequest request, String[] paths) { - this.resolver = request.getResourceResolver(); - this.baseResource = request.getResource(); - this.paths = paths; - this.pathIndex = 0; - - nextResource = seek(); - } - - public boolean hasNext() { - return nextResource != null; - } - - public Resource next() { - if (!hasNext()) { - throw new NoSuchElementException(); + /** + * Returns an external form of the given path prepending the context path + * and appending a display extension. + * + * @param path the path to externalize + * @return the url + */ + protected final String externalizePath(SlingHttpServletRequest request, + String path) { + StringBuffer ret = new StringBuffer(); + ret.append(SlingRequestPaths.getContextPath(request)); + ret.append(request.getResourceResolver().map(path)); + + // append optional extension + String ext = request.getParameter(SlingPostConstants.RP_DISPLAY_EXTENSION); + if (ext != null && ext.length() > 0) { + if (ext.charAt(0) != '.') { + ret.append('.'); } - - Resource result = nextResource; - nextResource = seek(); - - return result; - } - - public void remove() { - throw new UnsupportedOperationException(); + ret.append(ext); } - private Resource seek() { - while (pathIndex < paths.length) { - String path = paths[pathIndex]; - pathIndex++; + return ret.toString(); + } + + /** + * Returns <code>true</code> if the <code>name</code> starts with either + * of the prefixes + * {@link SlingPostConstants#ITEM_PREFIX_RELATIVE_CURRENT <code>./</code>}, + * {@link SlingPostConstants#ITEM_PREFIX_RELATIVE_PARENT <code>../</code>} + * and {@link SlingPostConstants#ITEM_PREFIX_ABSOLUTE <code>/</code>}. + */ + protected boolean hasItemPathPrefix(String name) { + return name.startsWith(SlingPostConstants.ITEM_PREFIX_ABSOLUTE) + || name.startsWith(SlingPostConstants.ITEM_PREFIX_RELATIVE_CURRENT) + || name.startsWith(SlingPostConstants.ITEM_PREFIX_RELATIVE_PARENT); + } + + /** + * Returns true if any of the request parameters starts with + * {@link SlingPostConstants#ITEM_PREFIX_RELATIVE_CURRENT <code>./</code>}. + * In this case only parameters starting with either of the prefixes + * {@link SlingPostConstants#ITEM_PREFIX_RELATIVE_CURRENT <code>./</code>}, + * {@link SlingPostConstants#ITEM_PREFIX_RELATIVE_PARENT <code>../</code>} + * and {@link SlingPostConstants#ITEM_PREFIX_ABSOLUTE <code>/</code>} are + * considered as providing content to be stored. Otherwise all parameters + * not starting with the command prefix <code>:</code> are considered as + * parameters to be stored. + */ + protected final boolean requireItemPathPrefix( + SlingHttpServletRequest request) { - Resource res = resolver.getResource(baseResource, path); - if (res != null) { - return res; - } - } + boolean requirePrefix = false; - // no more elements in the array - return null; + Enumeration<?> names = request.getParameterNames(); + while (names.hasMoreElements() && !requirePrefix) { + String name = (String) names.nextElement(); + requirePrefix = name.startsWith(SlingPostConstants.ITEM_PREFIX_RELATIVE_CURRENT); } + + return requirePrefix; } - + } diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractGroupPostServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractGroupPostServlet.java new file mode 100644 index 0000000..675aeb8 --- /dev/null +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractGroupPostServlet.java @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sling.jackrabbit.usermanager.post; + +import java.util.List; + +import javax.jcr.RepositoryException; + +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.Group; +import org.apache.sling.api.SlingHttpServletRequest; +import org.apache.sling.api.resource.Resource; +import org.apache.sling.api.resource.ResourceResolver; +import org.apache.sling.jackrabbit.usermanager.resource.AuthorizableResourceProvider; +import org.apache.sling.servlets.post.Modification; +import org.apache.sling.servlets.post.SlingPostConstants; + +/** + * Base class for servlets manipulating groups + */ +public abstract class AbstractGroupPostServlet extends AbstractAuthorizablePostServlet { + private static final long serialVersionUID = 1159063041816944076L; + + /** + * Update the group membership based on the ":member" request + * parameters. If the ":member" value ends with @Delete it is removed + * from the group membership, otherwise it is added to the group membership. + * + * @param request + * @param authorizable + * @throws RepositoryException + */ + protected void updateGroupMembership(SlingHttpServletRequest request, + Authorizable authorizable, List<Modification> changes) throws RepositoryException { + if (authorizable.isGroup()) { + Group group = ((Group)authorizable); + String groupPath = AuthorizableResourceProvider.SYSTEM_USER_MANAGER_GROUP_PREFIX + group.getID(); + + ResourceResolver resolver = request.getResourceResolver(); + Resource baseResource = request.getResource(); + boolean changed = false; + + //first remove any members posted as ":member@Delete" + String[] membersToDelete = request.getParameterValues(SlingPostConstants.RP_PREFIX + "member" + SlingPostConstants.SUFFIX_DELETE); + if (membersToDelete != null) { + for (String member : membersToDelete) { + Resource res = resolver.getResource(baseResource, member); + if (res != null) { + Authorizable memberAuthorizable = res.adaptTo(Authorizable.class); + if (memberAuthorizable != null) { + group.removeMember(memberAuthorizable); + changed = true; + } + } + + } + } + + //second add any members posted as ":member" + String[] membersToAdd = request.getParameterValues(SlingPostConstants.RP_PREFIX + "member"); + if (membersToAdd != null) { + for (String member : membersToAdd) { + Resource res = resolver.getResource(baseResource, member); + if (res != null) { + Authorizable memberAuthorizable = res.adaptTo(Authorizable.class); + if (memberAuthorizable != null) { + group.addMember(memberAuthorizable); + changed = true; + } + } + } + } + + if (changed) { + //add an entry to the changes list to record the membership change + changes.add(Modification.onModified(groupPath + "/members")); + } + } + } + +} diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractUserPostServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractUserPostServlet.java new file mode 100644 index 0000000..8e32ae9 --- /dev/null +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/AbstractUserPostServlet.java @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sling.jackrabbit.usermanager.post; + +import java.io.UnsupportedEncodingException; +import java.security.NoSuchAlgorithmException; +import java.util.Dictionary; + +import org.apache.jackrabbit.util.Text; +import org.osgi.service.component.ComponentContext; + +/** + * Base class for servlets manipulating users + */ +public abstract class AbstractUserPostServlet extends AbstractAuthorizablePostServlet { + private static final long serialVersionUID = -8401210711297654453L; + + /** + * To be used for the encryption. E.g. for passwords in + * {@link javax.jcr.SimpleCredentials#getPassword()} SimpleCredentials} + * @scr.property valueRef="DEFAULT_PASSWORD_DIGEST_ALGORITHM" + */ + private static final String PROP_PASSWORD_DIGEST_ALGORITHM = "password.digest.algorithm"; + private static final String DEFAULT_PASSWORD_DIGEST_ALGORITHM = "sha1"; + private String passwordDigestAlgoritm = null; + + // ---------- SCR Integration ---------------------------------------------- + + protected void activate(ComponentContext context) { + super.activate(context); + + Dictionary<?, ?> props = context.getProperties(); + + Object propValue = props.get(PROP_PASSWORD_DIGEST_ALGORITHM); + if (propValue instanceof String) { + passwordDigestAlgoritm = (String)propValue; + } else { + passwordDigestAlgoritm = DEFAULT_PASSWORD_DIGEST_ALGORITHM; + } + } + + protected void deactivate(ComponentContext context) { + super.deactivate(context); + passwordDigestAlgoritm = null; + } + + /** + * Digest the given password using the configured digest algorithm + * + * @param pwd the value to digest + * @return the digested value + * @throws IllegalArgumentException + */ + protected String digestPassword(String pwd) throws IllegalArgumentException { + try { + StringBuffer password = new StringBuffer(); + password.append("{").append(passwordDigestAlgoritm).append("}"); + password.append(Text.digest(passwordDigestAlgoritm, pwd.getBytes("UTF-8"))); + return password.toString(); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException(e.toString()); + } catch (UnsupportedEncodingException e) { + throw new IllegalArgumentException(e.toString()); + } + } + +} diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/ChangePasswordOperation.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/ChangeUserPasswordServlet.java similarity index 78% rename from src/main/java/org/apache/sling/jackrabbit/usermanager/post/ChangePasswordOperation.java rename to src/main/java/org/apache/sling/jackrabbit/usermanager/post/ChangeUserPasswordServlet.java index 9972ede..9feddec 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/ChangePasswordOperation.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/ChangeUserPasswordServlet.java @@ -26,25 +26,29 @@ import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.User; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.resource.Resource; +import org.apache.sling.api.resource.ResourceNotFoundException; import org.apache.sling.api.servlets.HtmlResponse; import org.apache.sling.servlets.post.Modification; /** - * Sling Post Operation implementation for updating the password of - * a user in the jackrabbit UserManager. + * Sling Post Operation implementation for updating the password of a user in the + * jackrabbit UserManager. * * @scr.component metatype="no" immediate="true" - * @scr.service interface="org.apache.sling.servlets.post.SlingPostOperation" - * @scr.property name="sling.post.operation" value="changePassword" + * @scr.service interface="javax.servlet.Servlet" + * @scr.property name="sling.servlet.resourceTypes" value="sling/user" + * @scr.property name="sling.servlet.methods" value="POST" + * @scr.property name="sling.servlet.selectors" value="changePassword" */ -public class ChangePasswordOperation extends AbstractAuthorizableOperation { +public class ChangeUserPasswordServlet extends AbstractUserPostServlet { + private static final long serialVersionUID = 1923614318474654502L; /* (non-Javadoc) - * @see org.apache.sling.servlets.post.AbstractSlingPostOperation#doRun(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) + * @see org.apache.sling.jackrabbit.usermanager.post.AbstractAuthorizablePostServlet#handleOperation(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) */ @Override - protected void doRun(SlingHttpServletRequest request, - HtmlResponse response, List<Modification> changes) + protected void handleOperation(SlingHttpServletRequest request, + HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException { Authorizable authorizable = null; Resource resource = request.getResource(); @@ -54,7 +58,7 @@ public class ChangePasswordOperation extends AbstractAuthorizableOperation { //check that the user was located. if (authorizable == null || authorizable.isGroup()) { - throw new RepositoryException("User to update could not be determined."); + throw new ResourceNotFoundException("User to update could not be determined."); } if ("anonymous".equals(authorizable.getID())) { diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateGroupOperation.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateGroupServlet.java similarity index 79% rename from src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateGroupOperation.java rename to src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateGroupServlet.java index 08e2456..a7e162b 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateGroupOperation.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateGroupServlet.java @@ -35,33 +35,36 @@ import org.apache.sling.servlets.post.Modification; import org.apache.sling.servlets.post.SlingPostConstants; /** - * Sling Post Operation implementation for creating a group in the jackrabbit + * Sling Post Servlet implementation for creating a group in the jackrabbit * UserManager. - * - * @scr.component metatype="no" immediate="true" - * @scr.service interface="org.apache.sling.servlets.post.SlingPostOperation" - * @scr.property name="sling.post.operation" value="createGroup" + * + * @scr.component immediate="true" + * @scr.service interface="javax.servlet.Servlet" + * @scr.property name="sling.servlet.resourceTypes" value="sling/groups" + * @scr.property name="sling.servlet.methods" value="POST" + * @scr.property name="sling.servlet.selectors" value="create" */ -public class CreateGroupOperation extends AbstractAuthorizableOperation { +public class CreateGroupServlet extends AbstractGroupPostServlet { + private static final long serialVersionUID = -1084915263933901466L; /* (non-Javadoc) - * @see org.apache.sling.servlets.post.AbstractSlingPostOperation#doRun(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) + * @see org.apache.sling.jackrabbit.usermanager.post.AbstractAuthorizablePostServlet#handleOperation(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) */ @Override - protected void doRun(SlingHttpServletRequest request, - HtmlResponse response, List<Modification> changes) - throws RepositoryException { - Session session = request.getResourceResolver().adaptTo(Session.class); - if (session == null) { - throw new RepositoryException("JCR Session not found"); - } + protected void handleOperation(SlingHttpServletRequest request, + HtmlResponse response, List<Modification> changes) throws RepositoryException { //check that the submitted parameter values have valid values. final String principalName = request.getParameter(SlingPostConstants.RP_NODE_NAME); if (principalName == null) { throw new RepositoryException("Group name was not submitted"); } - + + Session session = request.getResourceResolver().adaptTo(Session.class); + if (session == null) { + throw new RepositoryException("JCR Session not found"); + } + try { UserManager userManager = AccessControlUtil.getUserManager(session); Authorizable authorizable = userManager.getAuthorizable(principalName); diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateUserOperation.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateUserServlet.java similarity index 86% rename from src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateUserOperation.java rename to src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateUserServlet.java index c0e385f..c8259dc 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateUserOperation.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/CreateUserServlet.java @@ -35,17 +35,27 @@ import org.apache.sling.jcr.base.util.AccessControlUtil; import org.apache.sling.servlets.post.Modification; import org.apache.sling.servlets.post.SlingPostConstants; import org.osgi.service.component.ComponentContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** - * Sling Post Operation implementation for creating a user in the jackrabbit + * Sling Post Servlet implementation for creating a user in the jackrabbit * UserManager. * * @scr.component immediate="true" label="%createUser.post.operation.name" * description="%createUser.post.operation.description" - * @scr.service interface="org.apache.sling.servlets.post.SlingPostOperation" - * @scr.property name="sling.post.operation" value="createUser" + * @scr.service interface="javax.servlet.Servlet" + * @scr.property name="sling.servlet.resourceTypes" value="sling/users" + * @scr.property name="sling.servlet.methods" value="POST" + * @scr.property name="sling.servlet.selectors" value="create" */ -public class CreateUserOperation extends AbstractAuthorizableOperation { +public class CreateUserServlet extends AbstractUserPostServlet { + private static final long serialVersionUID = 6871481922737658675L; + + /** + * default log + */ + private final Logger log = LoggerFactory.getLogger(getClass()); /** @scr.property label="%self.registration.enabled.name" * description="%self.registration.enabled.description" @@ -87,7 +97,6 @@ public class CreateUserOperation extends AbstractAuthorizableOperation { } } } - // ---------- SCR integration --------------------------------------------- @@ -107,15 +116,15 @@ public class CreateUserOperation extends AbstractAuthorizableOperation { selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED; } } + + /* (non-Javadoc) - * @see org.apache.sling.servlets.post.AbstractSlingPostOperation#doRun(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) + * @see org.apache.sling.jackrabbit.usermanager.post.AbstractAuthorizablePostServlet#handleOperation(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) */ @Override - protected void doRun(SlingHttpServletRequest request, - HtmlResponse response, List<Modification> changes) - throws RepositoryException { - + protected void handleOperation(SlingHttpServletRequest request, + HtmlResponse response, List<Modification> changes) throws RepositoryException { //make sure user self-registration is enabled if (!selfRegistrationEnabled) { throw new RepositoryException("Sorry, registration of new users is not currently enabled. Please try again later."); @@ -155,6 +164,7 @@ public class CreateUserOperation extends AbstractAuthorizableOperation { User user = userManager.createUser(principalName, digestPassword(pwd)); String userPath = AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PREFIX + user.getID(); + response.setPath(userPath); response.setLocation(externalizePath(request, userPath)); response.setParentLocation(externalizePath(request, AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PATH)); diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/DeleteAuthorizableOperation.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/DeleteAuthorizableOperation.java deleted file mode 100644 index 991cee0..0000000 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/DeleteAuthorizableOperation.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sling.jackrabbit.usermanager.post; - -import java.util.Iterator; -import java.util.List; - -import javax.jcr.RepositoryException; -import javax.servlet.http.HttpServletResponse; - -import org.apache.jackrabbit.api.security.user.Authorizable; -import org.apache.sling.api.SlingHttpServletRequest; -import org.apache.sling.api.resource.Resource; -import org.apache.sling.api.resource.ResourceNotFoundException; -import org.apache.sling.api.servlets.HtmlResponse; -import org.apache.sling.servlets.post.Modification; - -/** - * Sling Post Operation implementation for deleting users and/or groups from the - * jackrabbit UserManager. - * - * @scr.component metatype="no" immediate="true" - * @scr.service interface="org.apache.sling.servlets.post.SlingPostOperation" - * @scr.property name="sling.post.operation" value="deleteAuthorizable" - */ -public class DeleteAuthorizableOperation extends AbstractAuthorizableOperation { - - /* (non-Javadoc) - * @see org.apache.sling.servlets.post.AbstractSlingPostOperation#doRun(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) - */ - @Override - protected void doRun(SlingHttpServletRequest request, - HtmlResponse response, List<Modification> changes) - throws RepositoryException { - - Iterator<Resource> res = getApplyToResources(request); - if (res == null) { - Resource resource = request.getResource(); - Authorizable item = resource.adaptTo(Authorizable.class); - if (item == null) { - String msg = "Missing source " + resource.getPath() + " for delete"; - response.setStatus(HttpServletResponse.SC_NOT_FOUND, msg); - throw new ResourceNotFoundException(msg); - } - - item.remove(); - changes.add(Modification.onDeleted(resource.getPath())); - } else { - while (res.hasNext()) { - Resource resource = res.next(); - Authorizable item = resource.adaptTo(Authorizable.class); - if (item != null) { - item.remove(); - changes.add(Modification.onDeleted(resource.getPath())); - } - } - } - } -} diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/DeleteAuthorizableServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/DeleteAuthorizableServlet.java new file mode 100644 index 0000000..39ac672 --- /dev/null +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/DeleteAuthorizableServlet.java @@ -0,0 +1,159 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sling.jackrabbit.usermanager.post; + +import java.util.Iterator; +import java.util.List; +import java.util.NoSuchElementException; + +import javax.jcr.RepositoryException; +import javax.servlet.http.HttpServletResponse; + +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.sling.api.SlingHttpServletRequest; +import org.apache.sling.api.resource.Resource; +import org.apache.sling.api.resource.ResourceNotFoundException; +import org.apache.sling.api.resource.ResourceResolver; +import org.apache.sling.api.servlets.HtmlResponse; +import org.apache.sling.servlets.post.Modification; +import org.apache.sling.servlets.post.SlingPostConstants; + +/** + * Sling Post Operation implementation for deleting one or more users and/or groups from the + * jackrabbit UserManager. + * + * @scr.component metatype="no" immediate="true" + * @scr.service interface="javax.servlet.Servlet" + * @scr.property name="sling.servlet.resourceTypes" values.0="sling/user" values.1="sling/group" values.2="sling/userManager" + * @scr.property name="sling.servlet.methods" value="POST" + * @scr.property name="sling.servlet.selectors" value="delete" + */ +public class DeleteAuthorizableServlet extends AbstractAuthorizablePostServlet { + private static final long serialVersionUID = 5874621724096106496L; + + /* (non-Javadoc) + * @see org.apache.sling.jackrabbit.usermanager.post.AbstractAuthorizablePostServlet#handleOperation(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) + */ + @Override + protected void handleOperation(SlingHttpServletRequest request, + HtmlResponse htmlResponse, List<Modification> changes) + throws RepositoryException { + + Iterator<Resource> res = getApplyToResources(request); + if (res == null) { + Resource resource = request.getResource(); + Authorizable item = resource.adaptTo(Authorizable.class); + if (item == null) { + String msg = "Missing source " + resource.getPath() + " for delete"; + htmlResponse.setStatus(HttpServletResponse.SC_NOT_FOUND, msg); + throw new ResourceNotFoundException(msg); + } + + item.remove(); + changes.add(Modification.onDeleted(resource.getPath())); + } else { + while (res.hasNext()) { + Resource resource = res.next(); + Authorizable item = resource.adaptTo(Authorizable.class); + if (item != null) { + item.remove(); + changes.add(Modification.onDeleted(resource.getPath())); + } + } + } + } + + + /** + * Returns an iterator on <code>Resource</code> instances addressed in the + * {@link SlingPostConstants#RP_APPLY_TO} request parameter. If the request + * parameter is not set, <code>null</code> is returned. If the parameter + * is set with valid resources an empty iterator is returned. Any resources + * addressed in the {@link SlingPostConstants#RP_APPLY_TO} parameter is + * ignored. + * + * @param request The <code>SlingHttpServletRequest</code> object used to + * get the {@link SlingPostConstants#RP_APPLY_TO} parameter. + * @return The iterator of resources listed in the parameter or + * <code>null</code> if the parameter is not set in the request. + */ + protected Iterator<Resource> getApplyToResources( + SlingHttpServletRequest request) { + + String[] applyTo = request.getParameterValues(SlingPostConstants.RP_APPLY_TO); + if (applyTo == null) { + return null; + } + + return new ApplyToIterator(request, applyTo); + } + + private static class ApplyToIterator implements Iterator<Resource> { + + private final ResourceResolver resolver; + private final Resource baseResource; + private final String[] paths; + + private int pathIndex; + + private Resource nextResource; + + ApplyToIterator(SlingHttpServletRequest request, String[] paths) { + this.resolver = request.getResourceResolver(); + this.baseResource = request.getResource(); + this.paths = paths; + this.pathIndex = 0; + + nextResource = seek(); + } + + public boolean hasNext() { + return nextResource != null; + } + + public Resource next() { + if (!hasNext()) { + throw new NoSuchElementException(); + } + + Resource result = nextResource; + nextResource = seek(); + + return result; + } + + public void remove() { + throw new UnsupportedOperationException(); + } + + private Resource seek() { + while (pathIndex < paths.length) { + String path = paths[pathIndex]; + pathIndex++; + + Resource res = resolver.getResource(baseResource, path); + if (res != null) { + return res; + } + } + + // no more elements in the array + return null; + } + } + +} diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateAuthorizableOperation.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateGroupServlet.java similarity index 70% copy from src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateAuthorizableOperation.java copy to src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateGroupServlet.java index c88be1c..4e433a8 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateAuthorizableOperation.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateGroupServlet.java @@ -25,26 +25,30 @@ import javax.jcr.Session; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.resource.Resource; +import org.apache.sling.api.resource.ResourceNotFoundException; import org.apache.sling.api.servlets.HtmlResponse; import org.apache.sling.jackrabbit.usermanager.post.impl.RequestProperty; import org.apache.sling.servlets.post.Modification; /** - * Sling Post Operation implementation for updating a user or group in the + * Sling Post Operation implementation for updating a group in the * jackrabbit UserManager. * * @scr.component metatype="no" immediate="true" - * @scr.service interface="org.apache.sling.servlets.post.SlingPostOperation" - * @scr.property name="sling.post.operation" value="updateAuthorizable" + * @scr.service interface="javax.servlet.Servlet" + * @scr.property name="sling.servlet.resourceTypes" values="sling/group" + * @scr.property name="sling.servlet.methods" value="POST" + * @scr.property name="sling.servlet.selectors" value="update" */ -public class UpdateAuthorizableOperation extends AbstractAuthorizableOperation { +public class UpdateGroupServlet extends AbstractGroupPostServlet { + private static final long serialVersionUID = -8292054361992488797L; /* (non-Javadoc) - * @see org.apache.sling.servlets.post.AbstractSlingPostOperation#doRun(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) + * @see org.apache.sling.jackrabbit.usermanager.post.AbstractAuthorizablePostServlet#handleOperation(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) */ @Override - protected void doRun(SlingHttpServletRequest request, - HtmlResponse response, List<Modification> changes) + protected void handleOperation(SlingHttpServletRequest request, + HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException { Authorizable authorizable = null; Resource resource = request.getResource(); @@ -54,7 +58,7 @@ public class UpdateAuthorizableOperation extends AbstractAuthorizableOperation { //check that the group was located. if (authorizable == null) { - throw new RepositoryException("Authorizable to update could not be determined"); + throw new ResourceNotFoundException("Group to update could not be determined"); } Session session = request.getResourceResolver().adaptTo(Session.class); @@ -62,7 +66,7 @@ public class UpdateAuthorizableOperation extends AbstractAuthorizableOperation { throw new RepositoryException("JCR Session not found"); } - Map<String, RequestProperty> reqProperties = collectContent(request, response); + Map<String, RequestProperty> reqProperties = collectContent(request, htmlResponse); try { // cleanup any old content (@Delete parameters) processDeletes(authorizable, reqProperties, changes); @@ -75,7 +79,7 @@ public class UpdateAuthorizableOperation extends AbstractAuthorizableOperation { updateGroupMembership(request, authorizable, changes); } } catch (RepositoryException re) { - throw new RepositoryException("Failed to update authorizable.", re); + throw new RepositoryException("Failed to update group.", re); } } } diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateAuthorizableOperation.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateUserServlet.java similarity index 68% rename from src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateAuthorizableOperation.java rename to src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateUserServlet.java index c88be1c..d0245c6 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateAuthorizableOperation.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/post/UpdateUserServlet.java @@ -25,26 +25,30 @@ import javax.jcr.Session; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.resource.Resource; +import org.apache.sling.api.resource.ResourceNotFoundException; import org.apache.sling.api.servlets.HtmlResponse; import org.apache.sling.jackrabbit.usermanager.post.impl.RequestProperty; import org.apache.sling.servlets.post.Modification; /** - * Sling Post Operation implementation for updating a user or group in the + * Sling Post Operation implementation for updating a user in the * jackrabbit UserManager. * * @scr.component metatype="no" immediate="true" - * @scr.service interface="org.apache.sling.servlets.post.SlingPostOperation" - * @scr.property name="sling.post.operation" value="updateAuthorizable" + * @scr.service interface="javax.servlet.Servlet" + * @scr.property name="sling.servlet.resourceTypes" value="sling/user" + * @scr.property name="sling.servlet.methods" value="POST" + * @scr.property name="sling.servlet.selectors" value="update" */ -public class UpdateAuthorizableOperation extends AbstractAuthorizableOperation { +public class UpdateUserServlet extends AbstractUserPostServlet { + private static final long serialVersionUID = 5874621724096106496L; /* (non-Javadoc) - * @see org.apache.sling.servlets.post.AbstractSlingPostOperation#doRun(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) + * @see org.apache.sling.jackrabbit.usermanager.post.AbstractAuthorizablePostServlet#handleOperation(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.servlets.HtmlResponse, java.util.List) */ @Override - protected void doRun(SlingHttpServletRequest request, - HtmlResponse response, List<Modification> changes) + protected void handleOperation(SlingHttpServletRequest request, + HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException { Authorizable authorizable = null; Resource resource = request.getResource(); @@ -54,7 +58,7 @@ public class UpdateAuthorizableOperation extends AbstractAuthorizableOperation { //check that the group was located. if (authorizable == null) { - throw new RepositoryException("Authorizable to update could not be determined"); + throw new ResourceNotFoundException("User to update could not be determined"); } Session session = request.getResourceResolver().adaptTo(Session.class); @@ -62,20 +66,16 @@ public class UpdateAuthorizableOperation extends AbstractAuthorizableOperation { throw new RepositoryException("JCR Session not found"); } - Map<String, RequestProperty> reqProperties = collectContent(request, response); + Map<String, RequestProperty> reqProperties = collectContent(request, htmlResponse); try { // cleanup any old content (@Delete parameters) processDeletes(authorizable, reqProperties, changes); // write content from form writeContent(session, authorizable, reqProperties, changes); - - //update the group memberships - if (authorizable.isGroup()) { - updateGroupMembership(request, authorizable, changes); - } + } catch (RepositoryException re) { - throw new RepositoryException("Failed to update authorizable.", re); + throw new RepositoryException("Failed to update user.", re); } } } -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
