This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
The following commit(s) were added to refs/heads/master by this push:
new bf97c89 SLING-9976 : Refactor RepPolicyEntryHandler to allow for
other types of access control lists (#41)
bf97c89 is described below
commit bf97c89f5a594a5332d232ca111354f05956d024
Author: anchela <[email protected]>
AuthorDate: Thu Dec 10 11:06:17 2020 +0100
SLING-9976 : Refactor RepPolicyEntryHandler to allow for other types of
access control lists (#41)
Co-authored-by: angela <[email protected]>
---
.../handlers/AbstractPolicyEntryHandler.java | 89 ++++++++++++
.../cpconverter/handlers/AbstractPolicyParser.java | 103 ++++++++++++++
.../handlers/RepPolicyEntryHandler.java | 156 ++-------------------
3 files changed, 206 insertions(+), 142 deletions(-)
diff --git
a/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyEntryHandler.java
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyEntryHandler.java
new file mode 100644
index 0000000..8b27527
--- /dev/null
+++
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyEntryHandler.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.feature.cpconverter.handlers;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.jackrabbit.vault.fs.io.Archive;
+import org.apache.jackrabbit.vault.util.PlatformNameFormat;
+import
org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter;
+import org.apache.sling.feature.cpconverter.accesscontrol.AclManager;
+import org.apache.sling.feature.cpconverter.shared.RepoPath;
+import org.jetbrains.annotations.NotNull;
+
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.sax.SAXTransformerFactory;
+import javax.xml.transform.sax.TransformerHandler;
+import javax.xml.transform.stream.StreamResult;
+import java.io.InputStream;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.util.regex.Matcher;
+
+abstract class AbstractPolicyEntryHandler extends AbstractRegexEntryHandler {
+
+ private final SAXTransformerFactory saxTransformerFactory =
(SAXTransformerFactory) TransformerFactory.newInstance();
+
+ AbstractPolicyEntryHandler(@NotNull String regex) {
+ super(regex);
+ }
+
+ @Override
+ public void handle(@NotNull String path, @NotNull Archive archive,
@NotNull Archive.Entry entry, @NotNull ContentPackage2FeatureModelConverter
converter)
+ throws Exception {
+ String resourcePath;
+ Matcher matcher = getPattern().matcher(path);
+ // we are pretty sure it matches, here
+ if (matcher.matches()) {
+ resourcePath = matcher.group(1);
+ } else {
+ throw new IllegalStateException("Something went terribly wrong:
pattern '"
+ + getPattern().pattern()
+ + "' should have matched already
with path '"
+ + path
+ + "' but it does not, currently");
+ }
+
+ TransformerHandler handler =
saxTransformerFactory.newTransformerHandler();
+ handler.getTransformer().setOutputProperty(OutputKeys.INDENT, "yes");
+
handler.getTransformer().setOutputProperty("{http://xml.apache.org/xslt}indent-amount";,
"4");
+ handler.getTransformer().setOutputProperty(OutputKeys.ENCODING,
"UTF-8");
+ StringWriter stringWriter = new StringWriter();
+ handler.setResult(new StreamResult(stringWriter));
+
+ AbstractPolicyParser systemUserParser = createPolicyParser(new
RepoPath(PlatformNameFormat.getRepositoryPath(resourcePath)),
+ converter.getAclManager(),
+ handler);
+ boolean hasRejectedAcls;
+
+ try (InputStream input = archive.openInputStream(entry)) {
+ hasRejectedAcls = systemUserParser.parse(input);
+ }
+
+ if (hasRejectedAcls) {
+ try (Reader reader = new StringReader(stringWriter.toString());
+ OutputStreamWriter writer = new
OutputStreamWriter(converter.getMainPackageAssembler().createEntry(path))) {
+ IOUtils.copy(reader, writer);
+ }
+ }
+ }
+
+ @NotNull
+ abstract AbstractPolicyParser createPolicyParser(@NotNull RepoPath
repositoryPath, @NotNull AclManager aclManager, @NotNull TransformerHandler
handler);
+}
\ No newline at end of file
diff --git
a/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyParser.java
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyParser.java
new file mode 100644
index 0000000..c36479a
--- /dev/null
+++
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/AbstractPolicyParser.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.feature.cpconverter.handlers;
+
+import org.apache.sling.feature.cpconverter.accesscontrol.AccessControlEntry;
+import org.apache.sling.feature.cpconverter.accesscontrol.AclManager;
+import org.apache.sling.feature.cpconverter.shared.AbstractJcrNodeParser;
+import org.apache.sling.feature.cpconverter.shared.RepoPath;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.Attributes;
+import org.xml.sax.SAXException;
+
+import javax.xml.transform.sax.TransformerHandler;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+abstract class AbstractPolicyParser extends AbstractJcrNodeParser<Boolean> {
+
+ static final String REP_RESTRICTIONS = "rep:Restrictions";
+ static final String REP_PRINCIPAL_NAME = "rep:principalName";
+
+ private static final String REP_PRIVILEGES = "rep:privileges";
+ private static final String[] RESTRICTIONS = new String[] { "rep:glob",
"rep:ntNames", "rep:prefixes", "rep:itemNames" };
+
+ private static final Pattern typeIndicatorPattern =
Pattern.compile("\\{[^\\}]+\\}\\[(.+)\\]");
+
+ private final RepoPath repositoryPath;
+
+ final TransformerHandler handler;
+ final AclManager aclManager;
+
+ boolean onRepAclNode = false;
+ // ACL processing result
+ boolean hasRejectedNodes = false;
+
+ public AbstractPolicyParser(@NotNull String primaryType, @NotNull RepoPath
repositoryPath, @NotNull AclManager aclManager, @NotNull TransformerHandler
handler) {
+ super(primaryType);
+ this.handler = handler;
+ this.repositoryPath = repositoryPath;
+ this.aclManager = aclManager;
+ }
+
+ private static String extractValue(String expression) {
+ if (expression == null || expression.isEmpty()) {
+ return expression;
+ }
+
+ Matcher matcher = typeIndicatorPattern.matcher(expression);
+ if (matcher.matches()) {
+ return matcher.group(1);
+ }
+
+ return expression;
+ }
+
+ static void addRestrictions(@NotNull AccessControlEntry ace, @NotNull
Attributes attributes) {
+ for (String restriction : RESTRICTIONS) {
+ String v = extractValue(attributes.getValue(restriction));
+
+ if (v != null && !v.isEmpty()) {
+ ace.addRestriction(restriction + ',' + v);
+ }
+ }
+ }
+
+ AccessControlEntry createEntry(boolean isAllow, @NotNull Attributes
attributes) {
+ return new AccessControlEntry(isAllow,
extractValue(attributes.getValue(REP_PRIVILEGES)), repositoryPath);
+ }
+
+ @Override
+ public void startDocument() throws SAXException {
+ handler.startDocument();
+ }
+
+ @Override
+ public void endDocument() throws SAXException {
+ handler.endDocument();
+ }
+
+ @Override
+ protected void onJcrRootElement(String uri, String localName, String
qName, Attributes attributes) {
+ onRepAclNode = true;
+ }
+
+ @Override
+ protected Boolean getParsingResult() {
+ return hasRejectedNodes;
+ }
+}
\ No newline at end of file
diff --git
a/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java
index 38b9204..1ac8e97 100644
---
a/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java
+++
b/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java
@@ -16,137 +16,49 @@
*/
package org.apache.sling.feature.cpconverter.handlers;
-import org.xml.sax.Attributes;
-import org.xml.sax.SAXException;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.jackrabbit.vault.fs.io.Archive;
-import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
-import org.apache.jackrabbit.vault.util.PlatformNameFormat;
-import
org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter;
import org.apache.sling.feature.cpconverter.accesscontrol.AccessControlEntry;
import org.apache.sling.feature.cpconverter.accesscontrol.AclManager;
-import org.apache.sling.feature.cpconverter.shared.AbstractJcrNodeParser;
import org.apache.sling.feature.cpconverter.shared.RepoPath;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.Attributes;
+import org.xml.sax.SAXException;
-import java.io.InputStream;
-import java.io.OutputStreamWriter;
-import java.io.Reader;
-import java.io.StringReader;
-import java.io.StringWriter;
+import javax.xml.transform.sax.TransformerHandler;
import java.util.HashMap;
import java.util.Map;
import java.util.Stack;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.sax.SAXTransformerFactory;
-import javax.xml.transform.sax.TransformerHandler;
-import javax.xml.transform.stream.StreamResult;
import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
-public final class RepPolicyEntryHandler extends AbstractRegexEntryHandler {
-
- private final SAXTransformerFactory saxTransformerFactory =
(SAXTransformerFactory) TransformerFactory.newInstance();
+public final class RepPolicyEntryHandler extends AbstractPolicyEntryHandler {
public RepPolicyEntryHandler() {
super("/jcr_root(.*/)_rep_policy.xml");
}
- @Override
- public void handle(String path, Archive archive, Entry entry,
ContentPackage2FeatureModelConverter converter)
- throws Exception {
- String resourcePath;
- Matcher matcher = getPattern().matcher(path);
- // we are pretty sure it matches, here
- if (matcher.matches()) {
- resourcePath = matcher.group(1);
- } else {
- throw new IllegalStateException("Something went terribly wrong:
pattern '"
- + getPattern().pattern()
- + "' should have matched already
with path '"
- + path
- + "' but it does not, currently");
- }
-
- TransformerHandler handler =
saxTransformerFactory.newTransformerHandler();
- handler.getTransformer().setOutputProperty(OutputKeys.INDENT, "yes");
-
handler.getTransformer().setOutputProperty("{http://xml.apache.org/xslt}indent-amount";,
"4");
- handler.getTransformer().setOutputProperty(OutputKeys.ENCODING,
"UTF-8");
- StringWriter stringWriter = new StringWriter();
- handler.setResult(new StreamResult(stringWriter));
-
- RepPolicyParser systemUserParser = new RepPolicyParser(new
RepoPath(PlatformNameFormat.getRepositoryPath(resourcePath)),
-
converter.getAclManager(),
- handler);
- boolean hasRejectedAcls;
-
- try (InputStream input = archive.openInputStream(entry)) {
- hasRejectedAcls = systemUserParser.parse(input);
- }
-
- if (hasRejectedAcls) {
- try (Reader reader = new StringReader(stringWriter.toString());
- OutputStreamWriter writer = new
OutputStreamWriter(converter.getMainPackageAssembler().createEntry(path))) {
- IOUtils.copy(reader, writer);
- }
- }
+ @NotNull
+ AbstractPolicyParser createPolicyParser(@NotNull RepoPath repositoryPath,
@NotNull AclManager aclManager, @NotNull TransformerHandler handler) {
+ return new RepPolicyParser(repositoryPath, aclManager, handler);
}
- private static final class RepPolicyParser extends
AbstractJcrNodeParser<Boolean> {
+ private static final class RepPolicyParser extends AbstractPolicyParser {
private static final String REP_ACL = "rep:ACL";
-
private static final String REP_GRANT_ACE = "rep:GrantACE";
-
private static final String REP_DENY_ACE = "rep:DenyACE";
-
- private static final String REP_RESTRICTIONS = "rep:Restrictions";
-
- private static final String REP_PRINCIPAL_NAME = "rep:principalName";
-
- private static final String REP_PRIVILEGES = "rep:privileges";
-
private static final Map<String, Boolean> operations = new HashMap<>();
-
static {
operations.put(REP_GRANT_ACE, true);
operations.put(REP_DENY_ACE, false);
}
- private static final String[] RESTRICTIONS = new String[] {
"rep:glob", "rep:ntNames", "rep:prefixes", "rep:itemNames" };
-
- private static final Pattern typeIndicatorPattern =
Pattern.compile("\\{[^\\}]+\\}\\[(.+)\\]");
-
private final Stack<AccessControlEntry> acls = new Stack<>();
- private final RepoPath repositoryPath;
-
- private final AclManager aclManager;
-
- private final TransformerHandler handler;
-
- private boolean onRepAclNode = false;
-
- // ACL processing result
- private boolean hasRejectedNodes = false;
-
// just internal pointer for every iteration
private boolean processCurrentAcl = false;
public RepPolicyParser(RepoPath repositoryPath, AclManager aclManager,
TransformerHandler handler) {
- super(REP_ACL);
- this.repositoryPath = repositoryPath;
- this.aclManager = aclManager;
- this.handler = handler;
- }
-
- @Override
- public void startDocument() throws SAXException {
- handler.startDocument();
+ super(REP_ACL, repositoryPath, aclManager, handler);
}
@Override
@@ -156,12 +68,7 @@ public final class RepPolicyEntryHandler extends
AbstractRegexEntryHandler {
String primaryType = attributes.getValue(JCR_PRIMARYTYPE);
if (REP_GRANT_ACE.equals(primaryType) ||
REP_DENY_ACE.equals(primaryType)) {
String principalName =
attributes.getValue(REP_PRINCIPAL_NAME);
-
- Boolean isAllow = operations.get(primaryType);
-
- String privileges =
extractValue(attributes.getValue(REP_PRIVILEGES));
-
- AccessControlEntry acl = new AccessControlEntry(isAllow,
privileges, repositoryPath);
+ AccessControlEntry acl =
createEntry(operations.get(primaryType), attributes);
processCurrentAcl = aclManager.addAcl(principalName, acl);
if (processCurrentAcl) {
@@ -171,14 +78,9 @@ public final class RepPolicyEntryHandler extends
AbstractRegexEntryHandler {
}
} else if (REP_RESTRICTIONS.equals(primaryType) &&
!acls.isEmpty()) {
if (processCurrentAcl) {
- acls.add(acls.peek());
- for (String restriction : RESTRICTIONS) {
- String path =
extractValue(attributes.getValue(restriction));
-
- if (path != null && !path.isEmpty()) {
- acls.peek().addRestriction(restriction + ',' +
path);
- }
- }
+ AccessControlEntry ace = acls.peek();
+ acls.add(ace);
+ addRestrictions(ace, attributes);
}
}
} else {
@@ -199,35 +101,5 @@ public final class RepPolicyEntryHandler extends
AbstractRegexEntryHandler {
handler.endElement(uri, localName, qName);
}
}
-
- @Override
- public void endDocument() throws SAXException {
- handler.endDocument();
- }
-
- @Override
- protected void onJcrRootElement(String uri, String localName, String
qName, Attributes attributes) {
- onRepAclNode = true;
- }
-
- @Override
- protected Boolean getParsingResult() {
- return hasRejectedNodes;
- }
-
- private static String extractValue(String expression) {
- if (expression == null || expression.isEmpty()) {
- return expression;
- }
-
- Matcher matcher = typeIndicatorPattern.matcher(expression);
- if (matcher.matches()) {
- return matcher.group(1);
- }
-
- return expression;
- }
-
}
-
}
