This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.repoinit-1.1.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit 0456e0d79064c9b88b67db1459b10c2ae5cdf645 Author: Carsten Ziegeler <[email protected]> AuthorDate: Mon Nov 7 15:28:33 2016 +0000 SLING-6219 : Allow to create users with repoinit git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/repoinit@1768534 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/sling/jcr/repoinit/impl/AclVisitor.java | 107 +++++++++++++++++++++ .../impl/{ServiceUserUtil.java => UserUtil.java} | 37 +++++-- .../sling/jcr/repoinit/impl/UserVisitor.java | 35 ++++++- .../apache/sling/jcr/repoinit/impl/TestUtil.java | 2 +- 4 files changed, 170 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java new file mode 100644 index 0000000..c184995 --- /dev/null +++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sling.jcr.repoinit.impl; + +import static org.apache.sling.repoinit.parser.operations.AclLine.PROP_PATHS; +import static org.apache.sling.repoinit.parser.operations.AclLine.PROP_PRINCIPALS; +import static org.apache.sling.repoinit.parser.operations.AclLine.PROP_PRIVILEGES; + +import java.util.List; + +import javax.jcr.Node; +import javax.jcr.Session; + +import org.apache.sling.repoinit.parser.operations.AclLine; +import org.apache.sling.repoinit.parser.operations.CreatePath; +import org.apache.sling.repoinit.parser.operations.PathSegmentDefinition; +import org.apache.sling.repoinit.parser.operations.SetAclPaths; +import org.apache.sling.repoinit.parser.operations.SetAclPrincipals; + +/** OperationVisitor which processes only operations related to ACLs. + * Having several such specialized visitors + * makes it easy to control the execution order. + */ +class AclVisitor extends DoNothingVisitor { + + /** Create a visitor using the supplied JCR Session. + * @param s must have sufficient rights to create users + * and set ACLs. + */ + public AclVisitor(Session s) { + super(s); + } + + private List<String> require(AclLine line, String propertyName) { + final List<String> result = line.getProperty(propertyName); + if(result == null) { + throw new IllegalStateException("Missing property " + propertyName + " on " + line); + } + return result; + } + + private void setAcl(AclLine line, Session s, List<String> principals, List<String> paths, List<String> privileges, boolean isAllow) { + try { + log.info("Adding ACL '{}' entry '{}' for {} on {}", isAllow ? "allow" : "deny", privileges, principals, paths); + AclUtil.setAcl(s, principals, paths, privileges, isAllow); + } catch(Exception e) { + throw new RuntimeException("Failed to set ACL (" + e.toString() + ") " + line, e); + } + } + + @Override + public void visitSetAclPrincipal(SetAclPrincipals s) { + final List<String> principals = s.getPrincipals(); + for(AclLine line : s.getLines()) { + final boolean isAllow = line.getAction().equals(AclLine.Action.ALLOW); + setAcl(line, session, principals, require(line, PROP_PATHS), require(line, PROP_PRIVILEGES), isAllow); + } + } + + @Override + public void visitSetAclPaths(SetAclPaths s) { + final List<String> paths = s.getPaths(); + for(AclLine line : s.getLines()) { + final boolean isAllow = line.getAction().equals(AclLine.Action.ALLOW); + setAcl(line, session, require(line, PROP_PRINCIPALS), paths, require(line, PROP_PRIVILEGES), isAllow); + } + } + + @Override + public void visitCreatePath(CreatePath cp) { + String parentPath = ""; + for(PathSegmentDefinition psd : cp.getDefinitions()) { + final String fullPath = parentPath + "/" + psd.getSegment(); + try { + if(session.itemExists(fullPath)) { + log.info("Path already exists, nothing to do (and not checking its primary type for now): {}", fullPath); + } else { + final Node n = parentPath.equals("") ? session.getRootNode() : session.getNode(parentPath); + log.info("Creating node {} with primary type {}", fullPath, psd.getPrimaryType()); + n.addNode(psd.getSegment(), psd.getPrimaryType()); + } + } catch(Exception e) { + throw new RuntimeException("CreatePath execution failed at " + psd + ": " + e, e); + } + parentPath += "/" + psd.getSegment(); + } + try { + session.save(); + } catch(Exception e) { + throw new RuntimeException("Session.save failed: "+ e, e); + } + } +} diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java similarity index 71% rename from src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java rename to src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java index 203b069..168ffd7 100644 --- a/src/main/java/org/apache/sling/jcr/repoinit/impl/ServiceUserUtil.java +++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserUtil.java @@ -24,8 +24,8 @@ import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; -/** Utilities for Service Users management */ -public class ServiceUserUtil { +/** Utilities for (Service) Users management */ +public class UserUtil { public static UserManager getUserManager(Session session) throws RepositoryException { if(!(session instanceof JackrabbitSession)) { @@ -33,16 +33,16 @@ public class ServiceUserUtil { } return ((JackrabbitSession)session).getUserManager(); } - + public static Authorizable getAuthorizable(Session session, String username) throws RepositoryException { return getUserManager(session).getAuthorizable(username); } - + /** Create a service user - fails if it already exists */ public static void createServiceUser(Session s, String username) throws RepositoryException { getUserManager(s).createSystemUser(username, null); } - + /** True if specified service user exists */ public static boolean serviceUserExists(Session session, String username) throws RepositoryException { boolean result = false; @@ -53,7 +53,31 @@ public class ServiceUserUtil { } return result; } - + + public static void deleteUser(Session s, String username) throws RepositoryException { + final Authorizable a = getUserManager(s).getAuthorizable(username); + if(a == null) { + throw new IllegalStateException("Authorizable not found:" + username); + } + a.remove(); + } + + /** Create a service user - fails if it already exists */ + public static void createUser(Session s, String username, String password) throws RepositoryException { + getUserManager(s).createUser(username, password); + } + + /** True if specified user exists */ + public static boolean serviceExists(Session session, String username) throws RepositoryException { + boolean result = false; + final Authorizable a = getAuthorizable(session, username); + if (a != null) { + final User u = (User)a; + result = !u.isSystemUser(); + } + return result; + } + public static void deleteServiceUser(Session s, String username) throws RepositoryException { final Authorizable a = getUserManager(s).getAuthorizable(username); if(a == null) { @@ -61,5 +85,4 @@ public class ServiceUserUtil { } a.remove(); } - } diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java index 494803d..28ad210 100644 --- a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java +++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java @@ -19,7 +19,9 @@ package org.apache.sling.jcr.repoinit.impl; import javax.jcr.Session; import org.apache.sling.repoinit.parser.operations.CreateServiceUser; +import org.apache.sling.repoinit.parser.operations.CreateUser; import org.apache.sling.repoinit.parser.operations.DeleteServiceUser; +import org.apache.sling.repoinit.parser.operations.DeleteUser; /** OperationVisitor which processes only operations related to * service users and ACLs. Having several such specialized visitors @@ -39,9 +41,9 @@ class UserVisitor extends DoNothingVisitor { public void visitCreateServiceUser(CreateServiceUser s) { final String id = s.getUsername(); try { - if(!ServiceUserUtil.serviceUserExists(session, id)) { + if(!UserUtil.serviceUserExists(session, id)) { log.info("Creating service user {}", id); - ServiceUserUtil.createServiceUser(session, id); + UserUtil.createServiceUser(session, id); } else { log.info("Service user {} already exists, no changes made", id); } @@ -55,9 +57,36 @@ class UserVisitor extends DoNothingVisitor { final String id = s.getUsername(); log.info("Deleting service user {}", id); try { - ServiceUserUtil.deleteServiceUser(session, id); + UserUtil.deleteServiceUser(session, id); } catch(Exception e) { report(e, "Unable to delete service user [" + id + "]:" + e); } } + + @Override + public void visitCreateUser(CreateUser u) { + final String id = u.getUsername(); + try { + if(!UserUtil.serviceExists(session, id)) { + log.info("Creating user {}", id); + UserUtil.createUser(session, id, u.getPassword()); + } else { + log.info("User {} already exists, no changes made", id); + } + } catch(Exception e) { + report(e, "Unable to create user [" + id + "]:" + e); + } + } + + @Override + public void visitDeleteUser(DeleteUser u) { + final String id = u.getUsername(); + log.info("Deleting user {}", id); + try { + UserUtil.deleteUser(session, id); + } catch(Exception e) { + report(e, "Unable to delete user [" + id + "]:" + e); + } + } + } diff --git a/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java b/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java index 615e5db..7ad7b82 100644 --- a/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java +++ b/src/test/java/org/apache/sling/jcr/repoinit/impl/TestUtil.java @@ -62,7 +62,7 @@ public class TestUtil { } public void assertServiceUser(String info, String id, boolean expectToExist) throws RepositoryException { - final Authorizable a = ServiceUserUtil.getUserManager(adminSession).getAuthorizable(id); + final Authorizable a = UserUtil.getUserManager(adminSession).getAuthorizable(id); if(!expectToExist) { assertNull(info + ", expecting Principal to be absent:" + id, a); } else { -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
