This is an automated email from the ASF dual-hosted git repository.
kwin pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/sling-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new c974043 Service Authentication with principal based mapping
c974043 is described below
commit c97404380b7aa82c93d1df35b2e0871cf00831b1
Author: Konrad Windszus <[email protected]>
AuthorDate: Wed Dec 12 10:10:06 2018 +0100
Service Authentication with principal based mapping
---
.../the-sling-engine/service-authentication.html | 15 ++++++++-------
downloads.html | 12 ++++++------
releases.html | 4 +++-
3 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/documentation/the-sling-engine/service-authentication.html
b/documentation/the-sling-engine/service-authentication.html
index cb8c6a8..5f91121 100644
--- a/documentation/the-sling-engine/service-authentication.html
+++ b/documentation/the-sling-engine/service-authentication.html
@@ -130,17 +130,17 @@
<h2><a href="#implementation" name="implementation">Implementation</a></h2>
<p>The implementation in Sling of the <em>Service Authentication</em> concept
described above consists of three parts:</p>
<h3><a href="#serviceusermapper"
name="serviceusermapper">ServiceUserMapper</a></h3>
-<p>The first part is a new OSGi Service <code>ServiceUserMapper</code>. The
<code>ServiceUserMapper</code> service allows for mapping <em>Service IDs</em>
comprised of the <em>Service Names</em> defined by the providing bundles and
optional <em>Subservice Name</em> to ResourceResolver and/or JCR Repository
user IDs. This mapping is configurable such that system administrators are in
full control of assigning users to services.</p>
+<p>The first part is a new OSGi Service <code>ServiceUserMapper</code>. The
<code>ServiceUserMapper</code> service allows for mapping <em>Service IDs</em>
comprised of the <em>Service Names</em> defined by the providing bundles and
optional <em>Subservice Name</em> to ResourceResolver and/or JCR Repository
user IDs or principals (<a
href="https://issues.apache.org/jira/browse/SLING-6963";>SLING-6939</a>). This
mapping is configurable such that system administrators are in full control of
[...]
<p>The <code>ServiceUserMapper</code> defines the following API:</p>
<pre><code><!-- TODO syntax marker (#!java) disabled -->String
getServiceUserID(Bundle bundle, String subServiceName);
</code></pre>
<p>The implementation uses two fallbacks in case no mapping can be found for
the given subServiceName</p>
<ol>
- <li>Use user mapping for the serviceName only (not considering
subServiceName)</li>
+ <li>Use user/principal mapping for the serviceName only (not considering
subServiceName)</li>
<li>Use default user (if one is configured in the OSGi configuration for PID
<code>org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl</code>).</li>
<li>Use default mapping (if it is enabled in the OSGi configuration for PID
<code>org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl</code>)
which looks up a user with id
<code>serviceuser--<bundleId>[--<subservice-name>]</code> (since
Service User Mapper 1.3.0, <a
href="https://issues.apache.org/jira/browse/SLING-6772";>SLING-6227</a>).</li>
</ol>
-<p>In addition a service named <code>ServiceUserMapped</code> is registered
for each bundle and subservice name for which a service user mapping is
explicitly configured (<a
href="https://issues.apache.org/jira/browse/SLING-4312";>SLING-4312</a>). By
explicitly defining a (static) reference towards <code>ServiceUserMapped</code>
one can defer starting the service until that service user mapping is
available. Please note, that the two last default mappings are not represented
as a ServiceU [...]
+<p>In addition a service named <code>ServiceUserMapped</code> is registered
for each bundle and subservice name for which a service user mapping is
explicitly configured (<a
href="https://issues.apache.org/jira/browse/SLING-4312";>SLING-4312</a>). By
explicitly defining a (static) reference towards <code>ServiceUserMapped</code>
one can defer starting the service until that service user mapping is
available. Please note, that the two last default mappings are not represented
as a ServiceU [...]
<h3><a href="#resourceresolverfactory"
name="resourceresolverfactory">ResourceResolverFactory</a></h3>
<p>The second part is support for service access to the Resource Tree. To this
avail, the <code>ResourceResolverFactory</code> service is enhanced with a new
factory method</p>
<pre><code><!-- TODO syntax marker (#!java) disabled -->ResourceResolver
getServiceResourceResolver(Map<String, Object> authenticationInfo)
@@ -157,10 +157,11 @@
<p>This method allows for access to the JCR Repository for services where the
service bundle is the bundle actually using the <code>SlingRepository</code>
service. The additional Subservice Name may be provided with the
<code>subServiceName</code> parameter.</p>
<h2><a href="#configuration" name="configuration">Configuration</a></h2>
<h3><a href="#service-user-mappings" name="service-user-mappings">Service User
Mappings</a></h3>
-<p>For each service/subservice name combination an according mapping needs to
be provided. The mapping binds a service name/subservice name to a JCR system
user. This is configured through an OSGi configuration for the factory
configuration with PID
<code>org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended</code>
(added in <a
href="https://issues.apache.org/jira/browse/SLING-3578";>SLING-3578</a>). There
you can set one configuration property named <code>user.mapping</c [...]
-<pre><code><service-name>[:<subservice-name>]=<authorizable id
of a JCR system user>
+<p>For each service/subservice name combination an according mapping needs to
be provided. The mapping binds a service name/subservice name to a JCR system
user or a principal (since version 1.3.4, see <a
href="https://issues.apache.org/jira/browse/SLING-6963";>SLING-6939</a>). This
is configured through an OSGi configuration for the factory configuration with
PID
<code>org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended</code>
(added in <a href="https://issues.apache.o [...]
+<pre><code><service-name>[:<subservice-name>]=<authorizable id
of a JCR system user>|"["<principal
name>{","<principal name>}"]"
</code></pre>
-<p>The according user must exist at the point in time where
<code>ResourceResolverFactory.getServiceResourceResolver(...)</code> or
<code>SlingRepository.loginService(...)</code> is called. If you rely on one of
those methods in your <code>activate</code> method of an OSGi component you
should make sure that you defer starting your OSGi component until the
according service user mapping is in place. For that you can reference the OSGi
service <code>ServiceUserMapped</code> (see Section < [...]
+<p>The principal based mapping (enclosed in square brackets) is in general
faster than the authorizable id based one. Also it allows to directly reference
multiple principals which are all considered to calculate the access rights for
the configured service session/resource resolver. The principal based mapping
does not consider group memberships of the underlying users, though.</p>
+<p>The according user/principal must exist at the point in time where
<code>ResourceResolverFactory.getServiceResourceResolver(...)</code> or
<code>SlingRepository.loginService(...)</code> is called. If you rely on one of
those methods in your <code>activate</code> method of an OSGi component you
should make sure that you defer starting your OSGi component until the
according service user mapping is in place. For that you can reference the OSGi
service <code>ServiceUserMapped</code> (see [...]
<p>Example OSGi DS Component</p>
<pre><code><!-- TODO syntax marker (::java) disabled -->@Component(
reference = {
@@ -251,7 +252,7 @@ whitelist.bundles.regexp="^PAXEXAM.*$"
</table></section></div></div>
<div class="footer">
<div class="revisionInfo">
- Last modified by <span class="author">Thomas
Wolfart</span> on <span class="comment">Wed Jul 18 09:27:08 2018 +0200</span>
+ Last modified by <span class="author">Konrad
Windszus</span> on <span class="comment">Wed Dec 12 10:07:41 2018 +0100</span>
</div> <p>
Apache Sling, Sling, Apache, the Apache feather logo, and
the Apache Sling project logo are trademarks of The Apache Software Foundation.
All other marks mentioned may be trademarks or registered trademarks of their
respective owners.
</p><p>
diff --git a/downloads.html b/downloads.html
index 1b99bf8..2a36c30 100644
--- a/downloads.html
+++ b/downloads.html
@@ -642,9 +642,9 @@
</td></tr><tr><td>Servlet
Helpers</td><td>1.1.8</td><td><a
href="https://github.com/apache/sling-org-apache-sling-servlet-helpers";>GitHub</a>
</td><td><a
href="[preferred]sling/org.apache.sling.servlet-helpers-1.1.8.jar">Bundle</a>
(<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlet-helpers-1.1.8.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlet-helpers-1.1.8.jar.sha1";>sha1</a>)
</td><td><a
href="[preferred]sling/org.apache.sling.servlet-helpers-1.1.8-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlet-helpers-1.1.8-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlet-helpers-1.1.8-source-release.zip.sha1";>sha1</a>)
- </td></tr><tr><td>Servlets
Get</td><td>2.1.38</td><td><a
href="https://github.com/apache/sling-org-apache-sling-servlets-get";>GitHub</a>
- </td><td><a
href="[preferred]sling/org.apache.sling.servlets.get-2.1.38.jar">Bundle</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.38.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.38.jar.sha1";>sha1</a>)
- </td><td><a
href="[preferred]sling/org.apache.sling.servlets.get-2.1.38-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.38-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.38-source-release.zip.sha1";>sha1</a>)
+ </td></tr><tr><td>Servlets
Get</td><td>2.1.40</td><td><a
href="https://github.com/apache/sling-org-apache-sling-servlets-get";>GitHub</a>
+ </td><td><a
href="[preferred]sling/org.apache.sling.servlets.get-2.1.40.jar">Bundle</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.40.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.40.jar.sha1";>sha1</a>)
+ </td><td><a
href="[preferred]sling/org.apache.sling.servlets.get-2.1.40-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.40-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.get-2.1.40-source-release.zip.sha1";>sha1</a>)
</td></tr><tr><td>Servlets
Post</td><td>2.3.26</td><td><a
href="https://github.com/apache/sling-org-apache-sling-servlets-post";>GitHub</a>
</td><td><a
href="[preferred]sling/org.apache.sling.servlets.post-2.3.26.jar">Bundle</a>
(<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.post-2.3.26.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.post-2.3.26.jar.sha1";>sha1</a>)
</td><td><a
href="[preferred]sling/org.apache.sling.servlets.post-2.3.26-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.post-2.3.26-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.servlets.post-2.3.26-source-release.zip.sha1";>sha1</a>)
@@ -726,9 +726,9 @@
</td></tr><tr><td>Testing Sling Mock JUnit
5</td><td>2.3.4</td><td><a
href="https://github.com/apache/sling-org-apache-sling-testing-sling-mock";>GitHub</a>
</td><td><a
href="[preferred]sling/org.apache.sling.testing.sling-mock.junit5-2.3.4.jar">Bundle</a>
(<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock.junit5-2.3.4.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock.junit5-2.3.4.jar.sha1";>sha1</a>)
</td><td><a
href="[preferred]sling/org.apache.sling.testing.sling-mock.junit5-2.3.4-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock.junit5-2.3.4-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock.junit5-2.3.4-source-release.zip.sha1";>sha1</a>)
- </td></tr><tr><td>Testing Sling Mock
Oak</td><td>2.1.0</td><td><a
href="https://github.com/apache/sling-org-apache-sling-testing-sling-mock-oak";>GitHub</a>
- </td><td><a
href="[preferred]sling/org.apache.sling.testing.sling-mock-oak-2.1.0.jar">Bundle</a>
(<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.0.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.0.jar.sha1";>sha1</a>)
- </td><td><a
href="[preferred]sling/org.apache.sling.testing.sling-mock-oak-2.1.0-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.0-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.0-source-release.zip.sha1";>sha1</a>)
+ </td></tr><tr><td>Testing Sling Mock
Oak</td><td>2.1.2</td><td><a
href="https://github.com/apache/sling-org-apache-sling-testing-sling-mock-oak";>GitHub</a>
+ </td><td><a
href="[preferred]sling/org.apache.sling.testing.sling-mock-oak-2.1.2.jar">Bundle</a>
(<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.2.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.2.jar.sha1";>sha1</a>)
+ </td><td><a
href="[preferred]sling/org.apache.sling.testing.sling-mock-oak-2.1.2-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.2-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.testing.sling-mock-oak-2.1.2-source-release.zip.sha1";>sha1</a>)
</td></tr><tr><td>Tooling Support
Install</td><td>1.0.4</td><td><a
href="https://github.com/apache/sling-org-apache-sling-tooling-support-install";>GitHub</a>
</td><td><a
href="[preferred]sling/org.apache.sling.tooling.support.install-1.0.4.jar">Bundle</a>
(<a
href="https://www.apache.org/dist/sling/org.apache.sling.tooling.support.install-1.0.4.jar.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.tooling.support.install-1.0.4.jar.sha1";>sha1</a>)
</td><td><a
href="[preferred]sling/org.apache.sling.tooling.support.install-1.0.4-source-release.zip">Source
ZIP</a> (<a
href="https://www.apache.org/dist/sling/org.apache.sling.tooling.support.install-1.0.4-source-release.zip.asc";>asc</a>,
<a
href="https://www.apache.org/dist/sling/org.apache.sling.tooling.support.install-1.0.4-source-release.zip.sha1";>sha1</a>)
diff --git a/releases.html b/releases.html
index 9688f57..f73d57e 100644
--- a/releases.html
+++ b/releases.html
@@ -90,6 +90,8 @@
</h1><div class="row"><div class="small-12 columns"><section
class="wrap"><p>This is a list of all our releases, available from our <a
href="/downloads.cgi">downloads</a> page.</p>
<h2><a href="#december-2018" name="december-2018">December 2018</a></h2>
<ul>
+ <li>Servlet GET 2.1.40 (11th)</li>
+ <li>Testing Sling Mock Oak 2.1.2 (11th)</li>
<li>Distribution Core 0.4.0 (10th)</li>
<li>Commons ClassLoader 1.4.4, JCR ClassLoader 3.2.4 (8th)</li>
<li>Scripting Core 2.0.56 (4th)</li>
@@ -1859,7 +1861,7 @@
</ul></section></div></div>
<div class="footer">
<div class="revisionInfo">
- Last modified by <span class="author">Nicolas
Peltier</span> on <span class="comment">Mon Dec 10 16:56:19 2018 +0100</span>
+ Last modified by <span class="author">Jason E
Bailey</span> on <span class="comment">Tue Dec 11 20:53:22 2018 -0500</span>
</div> <p>
Apache Sling, Sling, Apache, the Apache feather logo, and
the Apache Sling project logo are trademarks of The Apache Software Foundation.
All other marks mentioned may be trademarks or registered trademarks of their
respective owners.
</p><p>
