[jira] [Comment Edited] (SLING-6305) LoginAdminWhitelist configuration is applied too late

Robert Munteanu (JIRA) Mon, 21 Nov 2016 02:12:14 -0800

    [ 
https://issues.apache.org/jira/browse/SLING-6305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15683094#comment-15683094
 ]


Robert Munteanu edited comment on SLING-6305 at 11/21/16 10:11 AM:
-------------------------------------------------------------------

[~jsedding] - the changes is below, just to make it easy to see all config 
parameters on one line:

{noformat}diff --git 
a/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
 
b/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
index e41f745..c1f304a 100644
--- 
a/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
+++ 
b/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
@@ -113,7 +113,7 @@ public class LoginAdminWhitelist {
                         "configuration of this service. This is NOT 
RECOMMENDED, for security reasons."
                 );
             } else {
-                LOG.info("bypassWhitelist=false, whitelisted BSNs({})={}", 
whitelistedBsn.size(), whitelistedBsn);
+                LOG.info("bypassWhitelist=false, whitelisted BSNs({})={}, 
whitelistRegexp={}", whitelistedBsn.size(), whitelistedBsn, whitelistRegexp);
             }
         }
     }
{noformat}

After a failed test run I run a {noformat}grep -e bypassWhitelist 
target/_-*/sling/logs/error.log{noformat} command to get the results.


was (Author: rombert):
[~jsedding] - the changes is below, just to make it easy to see all config 
parameters on one line:

{noformat}diff --git 
a/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
 
b/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
index e41f745..c1f304a 100644
--- 
a/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
+++ 
b/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelist.java
@@ -113,7 +113,7 @@ public class LoginAdminWhitelist {
                         "configuration of this service. This is NOT 
RECOMMENDED, for security reasons."
                 );
             } else {
-                LOG.info("bypassWhitelist=false, whitelisted BSNs({})={}", 
whitelistedBsn.size(), whitelistedBsn);
+                LOG.info("bypassWhitelist=false, whitelisted BSNs({})={}, 
whitelistRegexp={}", whitelistedBsn.size(), whitelistedBsn, whitelistRegexp);
             }
         }
     }
{noformat}

After a failed test run I run a {{grep -e bypassWhitelist 
target/_-*/sling/logs/error.log}} command to get the results.

> LoginAdminWhitelist configuration is applied too late
> -----------------------------------------------------
>
>                 Key: SLING-6305
>                 URL: https://issues.apache.org/jira/browse/SLING-6305
>             Project: Sling
>          Issue Type: Bug
>          Components: JCR
>    Affects Versions: JCR Base 2.4.2
>            Reporter: Robert Munteanu
>
> I've been getting some local failures with the launchpad/testing module, and 
> I noticed that the {{org.apache.sling.junit.scriptable}} bundle was not 
> whitelisted for loginAdministrative:
> {noformat}19.11.2016 10:40:54.063 *ERROR* [CM Event Dispatcher (Fire 
> ConfigurationEvent: 
> pid=org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService)] 
> org.apache.sling.junit.scriptable 
> [org.apache.sling.junit.scriptable.ScriptableTestsProvider(204)] The activate 
> method has thrown an exception (javax.jcr.LoginException: Bundle 
> org.apache.sling.junit.scriptable is NOT whitelisted)
> javax.jcr.LoginException: Bundle org.apache.sling.junit.scriptable is NOT 
> whitelisted{noformat}
> The configuration was correct, so I added a little debug information in the 
> {{org.apache.sling.jcr.base}} bundle to print the whitelist regexp in the 
> same line as the whitelisted bundles. I noticed then that the component is 
> activated several times, with only the last one actually setting the 
> configuration
> {noformat}19.11.2016 10:40:51.630 *INFO* [CM Event Dispatcher (Fire 
> ConfigurationEvent: 
> pid=org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService)] 
> org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, 
> whitelisted BSNs(17)=[org.apache.sling.discovery.base, 
> org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, 
> org.apache.sling.extensions.webconsolesecurityprovider, 
> org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, 
> org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, 
> org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, 
> org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, 
> org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, 
> org.apache.sling.resourceresolver, org.apache.sling.servlets.post, 
> org.apache.sling.servlets.resolver], whitelistRegexp=null
> 19.11.2016 10:40:55.150 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: 
> pid=org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl)]
>  org.apache.sling.jcr.base.internal.LoginAdminWhitelist 
> bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, 
> org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, 
> org.apache.sling.extensions.webconsolesecurityprovider, 
> org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, 
> org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, 
> org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, 
> org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, 
> org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, 
> org.apache.sling.resourceresolver, org.apache.sling.servlets.post, 
> org.apache.sling.servlets.resolver], whitelistRegexp=null
> 19.11.2016 10:40:56.200 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: 
> pid=org.apache.jackrabbit.oak.security.user.UserConfigurationImpl)] 
> org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, 
> whitelisted BSNs(17)=[org.apache.sling.discovery.base, 
> org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, 
> org.apache.sling.extensions.webconsolesecurityprovider, 
> org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, 
> org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, 
> org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, 
> org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, 
> org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, 
> org.apache.sling.resourceresolver, org.apache.sling.servlets.post, 
> org.apache.sling.servlets.resolver], whitelistRegexp=null
> 19.11.2016 10:40:57.190 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: 
> pid=org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider)]
>  org.apache.sling.jcr.base.internal.LoginAdminWhitelist 
> bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, 
> org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, 
> org.apache.sling.extensions.webconsolesecurityprovider, 
> org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, 
> org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, 
> org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, 
> org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, 
> org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, 
> org.apache.sling.resourceresolver, org.apache.sling.servlets.post, 
> org.apache.sling.servlets.resolver], whitelistRegexp=null
> 19.11.2016 10:40:57.692 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: 
> pid=org.apache.sling.jcr.base.internal.LoginAdminWhitelist)] 
> org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, 
> whitelisted BSNs(17)=[org.apache.sling.discovery.base, 
> org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, 
> org.apache.sling.extensions.webconsolesecurityprovider, 
> org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, 
> org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, 
> org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, 
> org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, 
> org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, 
> org.apache.sling.resourceresolver, org.apache.sling.servlets.post, 
> org.apache.sling.servlets.resolver], 
> whitelistRegexp=org.apache.sling.(launchpad|junit).*{noformat}
> With the error appearing at 10:40:54. and the correct configuration being 
> applied at 10:40:57, it's clear that the configuration should've been applied 
> much earlier.
> [~jsedding] - what are your thoughts on this?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (SLING-6305) LoginAdminWhitelist configuration is applied too late

Reply via email to