This is an automated email from the ASF dual-hosted git repository. olli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-karaf-configs.git
commit 508c32085546cc0d64ac90e95432100668eab4da Author: Oliver Lietz <[email protected]> AuthorDate: Thu Dec 3 11:13:44 2020 +0100 SLING-9786 Use pre-authentication for system users --- ...pping.impl.ServiceUserMapperImpl.amended~sling_caconfig.config | 2 +- ...ermapping.impl.ServiceUserMapperImpl.amended~sling_clam.config | 4 ++-- ...ping.impl.ServiceUserMapperImpl.amended~sling_discovery.config | 6 +++--- ...rmapping.impl.ServiceUserMapperImpl.amended~sling_event.config | 4 ++-- ...ermapping.impl.ServiceUserMapperImpl.amended~sling_i18n.config | 2 +- ....impl.ServiceUserMapperImpl.amended~sling_installer_jcr.config | 2 +- ...l.ServiceUserMapperImpl.amended~sling_jcr_contentloader.config | 2 +- ...g.impl.ServiceUserMapperImpl.amended~sling_jcr_resource.config | 4 ++-- ...l.ServiceUserMapperImpl.amended~sling_resource_presence.config | 2 +- ...pl.ServiceUserMapperImpl.amended~sling_resourceresolver.config | 8 ++++---- ...pping.impl.ServiceUserMapperImpl.amended~sling_rewriter.config | 2 +- ...ping.impl.ServiceUserMapperImpl.amended~sling_scripting.config | 2 +- ....impl.ServiceUserMapperImpl.amended~sling_scripting_htl.config | 2 +- ...ServiceUserMapperImpl.amended~sling_scripting_thymeleaf.config | 2 +- ...pping.impl.ServiceUserMapperImpl.amended~sling_servlets.config | 4 ++-- ...ing.impl.ServiceUserMapperImpl.amended~sling_validation.config | 2 +- ...sermapping.impl.ServiceUserMapperImpl.amended~sling_xss.config | 2 +- src/main/resources/sling-clam.txt | 4 ++-- src/main/resources/sling-discovery.txt | 7 +++---- src/main/resources/sling-event.txt | 4 ++-- src/main/resources/sling-i18n.txt | 4 ++-- src/main/resources/sling-installer-jcr.txt | 4 ++-- src/main/resources/sling-jcr-contentloader.txt | 4 ++-- src/main/resources/sling-mapping.txt | 4 ++-- src/main/resources/sling-readall.txt | 4 ++-- src/main/resources/sling-scripting.txt | 7 ++----- src/main/resources/sling-validation.txt | 7 ++----- src/main/resources/sling-xss.txt | 4 ++-- 28 files changed, 49 insertions(+), 56 deletions(-) diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_caconfig.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_caconfig.config index a38b9fc..3f79f89 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_caconfig.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_caconfig.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.caconfig.impl\=sling-readall"\ + "org.apache.sling.caconfig.impl\=[sling-readall]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_clam.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_clam.config index 2685c0d..51f505c 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_clam.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_clam.config @@ -1,4 +1,4 @@ user.mapping=[\ - "org.apache.sling.clam\=sling-clam",\ - "org.apache.sling.clam:result-writer\=sling-clam"\ + "org.apache.sling.clam\=[sling-clam]",\ + "org.apache.sling.clam:result-writer\=[sling-clam]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_discovery.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_discovery.config index 076fc1f..a04b491 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_discovery.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_discovery.config @@ -1,5 +1,5 @@ user.mapping=[\ - "org.apache.sling.discovery.commons\=sling-discovery",\ - "org.apache.sling.discovery.base\=sling-discovery",\ - "org.apache.sling.discovery.oak\=sling-discovery"\ + "org.apache.sling.discovery.commons\=[sling-discovery]",\ + "org.apache.sling.discovery.base\=[sling-discovery]",\ + "org.apache.sling.discovery.oak\=[sling-discovery]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_event.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_event.config index ebeda2e..fafe578 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_event.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_event.config @@ -1,4 +1,4 @@ user.mapping=[\ - "org.apache.sling.event\=sling-event",\ - "org.apache.sling.event.dea\=sling-event"\ + "org.apache.sling.event\=[sling-event]",\ + "org.apache.sling.event.dea\=[sling-event]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_i18n.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_i18n.config index be23cff..1cef8c0 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_i18n.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_i18n.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.i18n\=sling-i18n"\ + "org.apache.sling.i18n\=[sling-i18n]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_installer_jcr.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_installer_jcr.config index b3055d4..e6416b7 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_installer_jcr.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_installer_jcr.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.installer.provider.jcr\=sling-installer-jcr"\ + "org.apache.sling.installer.provider.jcr\=[sling-installer-jcr]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_contentloader.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_contentloader.config index 242a857..b03c2f0 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_contentloader.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_contentloader.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.jcr.contentloader\=sling-jcr-contentloader"\ + "org.apache.sling.jcr.contentloader\=[sling-jcr-contentloader]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_resource.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_resource.config index 6661435..f4bfb2c 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_resource.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_jcr_resource.config @@ -1,4 +1,4 @@ user.mapping=[\ - "org.apache.sling.jcr.resource:observation\=sling-readall",\ - "org.apache.sling.jcr.resource:validation\=sling-readall"\ + "org.apache.sling.jcr.resource:observation\=[sling-readall]",\ + "org.apache.sling.jcr.resource:validation\=[sling-readall]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resource_presence.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resource_presence.config index fd25105..13f5344 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resource_presence.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resource_presence.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.resource.presence\=sling-readall"\ + "org.apache.sling.resource.presence\=[sling-readall]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resourceresolver.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resourceresolver.config index 053cb29..b116cf6 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resourceresolver.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_resourceresolver.config @@ -1,6 +1,6 @@ user.mapping=[\ - "org.apache.sling.resourceresolver:mapping\=sling-mapping",\ - "org.apache.sling.resourceresolver:hierarchy\=sling-readall",\ - "org.apache.sling.resourceresolver:observation\=sling-readall",\ - "org.apache.sling.resourceresolver:console\=sling-readall"\ + "org.apache.sling.resourceresolver:mapping\=[sling-mapping]",\ + "org.apache.sling.resourceresolver:hierarchy\=[sling-readall]",\ + "org.apache.sling.resourceresolver:observation\=[sling-readall]",\ + "org.apache.sling.resourceresolver:console\=[sling-readall]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_rewriter.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_rewriter.config index fd18caa..6d05b9e 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_rewriter.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_rewriter.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.rewriter\=sling-readall"\ + "org.apache.sling.rewriter\=[sling-readall]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting.config index 7654b49..93624b8 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.scripting.core\=sling-scripting"\ + "org.apache.sling.scripting.core\=[sling-scripting]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_htl.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_htl.config index be235a8..2baa1ef 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_htl.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_htl.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.scripting.sightly.js.provider\=sling-scripting"\ + "org.apache.sling.scripting.sightly.js.provider\=[sling-scripting]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_thymeleaf.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_thymeleaf.config index 9ff93ff..78a3826 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_thymeleaf.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_scripting_thymeleaf.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.scripting.thymeleaf\=sling-scripting"\ + "org.apache.sling.scripting.thymeleaf\=[sling-scripting]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_servlets.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_servlets.config index 2290301..3630253 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_servlets.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_servlets.config @@ -1,4 +1,4 @@ user.mapping=[\ - "org.apache.sling.servlets.resolver:console\=sling-readall",\ - "org.apache.sling.servlets.resolver:scripts\=sling-scripting"\ + "org.apache.sling.servlets.resolver:console\=[sling-readall]",\ + "org.apache.sling.servlets.resolver:scripts\=[sling-scripting]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_validation.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_validation.config index a392f8b..43463dc 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_validation.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_validation.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.validation.core\=sling-validation"\ + "org.apache.sling.validation.core\=[sling-validation]"\ ] diff --git a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_xss.config b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_xss.config index 0131c0f..151c013 100644 --- a/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_xss.config +++ b/src/main/resources/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended~sling_xss.config @@ -1,3 +1,3 @@ user.mapping=[\ - "org.apache.sling.xss\=sling-xss"\ + "org.apache.sling.xss\=[sling-xss]"\ ] diff --git a/src/main/resources/sling-clam.txt b/src/main/resources/sling-clam.txt index 4561317..c0def2a 100644 --- a/src/main/resources/sling-clam.txt +++ b/src/main/resources/sling-clam.txt @@ -1,8 +1,8 @@ -create service user sling-clam +create service user sling-clam with path system/sling create path (sling:Folder) /var/clam/results(sling:OrderedFolder) -set ACL for sling-clam +set principal ACL for sling-clam allow jcr:read on / allow rep:write on /var/clam end diff --git a/src/main/resources/sling-discovery.txt b/src/main/resources/sling-discovery.txt index cf086b4..6c12d58 100644 --- a/src/main/resources/sling-discovery.txt +++ b/src/main/resources/sling-discovery.txt @@ -1,9 +1,8 @@ -create service user sling-discovery +create service user sling-discovery with path system/sling create path (sling:Folder) /var/discovery create path (sling:Folder) /var/discovery/oak -set ACL for sling-discovery - allow jcr:read on /var/discovery - allow rep:write on /var/discovery +set principal ACL for sling-discovery + allow jcr:read,rep:write on /var/discovery end diff --git a/src/main/resources/sling-event.txt b/src/main/resources/sling-event.txt index efe2b30..39a6fd5 100644 --- a/src/main/resources/sling-event.txt +++ b/src/main/resources/sling-event.txt @@ -1,7 +1,7 @@ -create service user sling-event +create service user sling-event with path system/sling create path (sling:Folder) /var/eventing -set ACL for sling-event +set principal ACL for sling-event allow jcr:all on /var/eventing end diff --git a/src/main/resources/sling-i18n.txt b/src/main/resources/sling-i18n.txt index 81112af..3d04dc6 100644 --- a/src/main/resources/sling-i18n.txt +++ b/src/main/resources/sling-i18n.txt @@ -1,5 +1,5 @@ -create service user sling-i18n +create service user sling-i18n with path system/sling -set ACL for sling-i18n +set principal ACL for sling-i18n allow jcr:read on / end diff --git a/src/main/resources/sling-installer-jcr.txt b/src/main/resources/sling-installer-jcr.txt index 39758b6..306203a 100644 --- a/src/main/resources/sling-installer-jcr.txt +++ b/src/main/resources/sling-installer-jcr.txt @@ -1,8 +1,8 @@ -create service user sling-installer-jcr +create service user sling-installer-jcr with path system/sling create path (sling:Folder) /apps/sling/install -set ACL for sling-installer-jcr +set principal ACL for sling-installer-jcr allow jcr:read on / allow rep:write on /apps/sling/install end diff --git a/src/main/resources/sling-jcr-contentloader.txt b/src/main/resources/sling-jcr-contentloader.txt index ba2dd17..f7b11d0 100644 --- a/src/main/resources/sling-jcr-contentloader.txt +++ b/src/main/resources/sling-jcr-contentloader.txt @@ -1,5 +1,5 @@ -create service user sling-jcr-contentloader +create service user sling-jcr-contentloader with path system/sling -set ACL for sling-jcr-contentloader +set principal ACL for sling-jcr-contentloader allow jcr:all on / end diff --git a/src/main/resources/sling-mapping.txt b/src/main/resources/sling-mapping.txt index d17ca13..6cf2c1c 100644 --- a/src/main/resources/sling-mapping.txt +++ b/src/main/resources/sling-mapping.txt @@ -1,5 +1,5 @@ -create service user sling-mapping +create service user sling-mapping with path system/sling -set ACL for sling-mapping +set principal ACL for sling-mapping allow jcr:read on / end diff --git a/src/main/resources/sling-readall.txt b/src/main/resources/sling-readall.txt index 13cd474..e6f2925 100644 --- a/src/main/resources/sling-readall.txt +++ b/src/main/resources/sling-readall.txt @@ -1,5 +1,5 @@ -create service user sling-readall +create service user sling-readall with path system/sling -set ACL for sling-readall +set principal ACL for sling-readall allow jcr:read on / end diff --git a/src/main/resources/sling-scripting.txt b/src/main/resources/sling-scripting.txt index 014bdf9..f0141a2 100644 --- a/src/main/resources/sling-scripting.txt +++ b/src/main/resources/sling-scripting.txt @@ -1,9 +1,6 @@ -create service user sling-scripting +create service user sling-scripting with path system/sling -create path (sling:Folder) /apps -create path (sling:Folder) /libs - -set ACL for sling-scripting +set principal ACL for sling-scripting allow jcr:read on /apps allow jcr:read on /libs end diff --git a/src/main/resources/sling-validation.txt b/src/main/resources/sling-validation.txt index 9faa1d6..a4f25f5 100644 --- a/src/main/resources/sling-validation.txt +++ b/src/main/resources/sling-validation.txt @@ -1,9 +1,6 @@ -create service user sling-validation +create service user sling-validation with path system/sling -create path (sling:Folder) /apps -create path (sling:Folder) /libs - -set ACL for sling-validation +set principal ACL for sling-validation allow jcr:read on /apps allow jcr:read on /libs end diff --git a/src/main/resources/sling-xss.txt b/src/main/resources/sling-xss.txt index 1d79114..945e0b9 100644 --- a/src/main/resources/sling-xss.txt +++ b/src/main/resources/sling-xss.txt @@ -1,9 +1,9 @@ -create service user sling-xss +create service user sling-xss with path system/sling create path (sling:Folder) /apps/sling/xss create path (sling:Folder) /libs/sling/xss -set ACL for sling-xss +set principal ACL for sling-xss allow jcr:read on /apps/sling/xss allow jcr:read on /libs/sling/xss end
