[jira] [Commented] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499880#comment-17499880
]
Sergiu Dumitriu commented on SLING-11168:
-
Oh, one more thing, there are 2 Windows users, one with WSL one with the Ubuntu
client or something like that, and it only happens on WSL.
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png, starter-12-windows.log
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499878#comment-17499878
]
Sergiu Dumitriu commented on SLING-11168:
-
It usually happens to the one dev that uses Windows on my team, but I have seen
it a couple of times on my Linux as well. I have no idea why it would behave so
different on Windows, since Java is supposed to be very platform-independent,
but here's something of interest: on the same Windows machine, most of the time
content loading happens before the repoinit is executed, so ACLs embedded in
source json files fail because the users they reference haven't been created
yet. May be an unrelated bug, or it may also be the cause of the composum
failure. Just my 2 cents.
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png, starter-12-windows.log
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-engine] janaki-r-bhagwath commented on pull request #22: SLING-7492 Lots of logs on missing SlingRequestProgressTracker
janaki-r-bhagwath commented on pull request #22: URL: https://github.com/apache/sling-org-apache-sling-engine/pull/22#issuecomment-1055804194 @rombert , Yes, the change is just downgrading the log level. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] removed a comment on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] removed a comment on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1055612863 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [92.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [24.5% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] commented on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] commented on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1055787345 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [92.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [24.5% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499710#comment-17499710
]
Robert Munteanu commented on SLING-11168:
-
I've attached [^starter-12-windows.log] . I also see the warning that [~kwin]
noted in my Windows logs, and also in my local Linux logs. So this is probably
a bug, but not the root cause.
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png, starter-12-windows.log
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-jcr-repoinit] anchela commented on pull request #22: SLING-11160 : Repoinit does not allow to remove individual ACEs (jcr impl)
anchela commented on pull request #22: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/22#issuecomment-1055786285 @bdelacretaz , i renamed the methods/classes as discussed and would appreciate if you could take another look -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-11168:
Attachment: starter-12-windows.log
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png, starter-12-windows.log
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Comment Edited] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499706#comment-17499706
]
Eric Norman edited comment on SLING-11168 at 3/1/22, 7:31 PM:
--
FYI: I am not seeing the original problem reported for SLING-11168 on my linux
box. The composum UI appears to be working ok for me.
[~kwin] I don't think that WARN log message from your comment would be related
to the reported trouble. To me it looks that that WARN is related to
SLING-9622 adding a new requirement for a auth.core service user. I don't see
that service user being defined in the starter features at the moment which
appears to be a bug? Maybe [~cziegeler] can confirm? I see an auth.core
service user was added to the karaf feature/config for SLING-10368 but the
equivalent seems to be missing from the starter.
was (Author: enorman):
FYI: I am not seeing the problem problem reported for SLING-11168 on my linux
box. The composum UI appears to be working ok for me.
[~kwin] I don't think that WARN log message from your comment would be related
to the reported trouble. To me it looks that that WARN is related to
SLING-9622 adding a new requirement for a auth.core service user. I don't see
that service user being defined in the starter features at the moment which
appears to be a bug? Maybe [~cziegeler] can confirm? I see an auth.core
service user was added to the karaf feature/config for SLING-10368 but the
equivalent seems to be missing from the starter.
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png, starter-12-windows.log
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499706#comment-17499706
]
Eric Norman commented on SLING-11168:
-
FYI: I am not seeing the problem problem reported for SLING-11168 on my linux
box. The composum UI appears to be working ok for me.
[~kwin] I don't think that WARN log message from your comment would be related
to the reported trouble. To me it looks that that WARN is related to
SLING-9622 adding a new requirement for a auth.core service user. I don't see
that service user being defined in the starter features at the moment which
appears to be a bug? Maybe [~cziegeler] can confirm? I see an auth.core
service user was added to the karaf feature/config for SLING-10368 but the
equivalent seems to be missing from the starter.
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499673#comment-17499673
]
Stefan Seifert commented on SLING-11168:
[~rombert] can you attach the error.log from your windows VM for comparison?
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Comment Edited] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499665#comment-17499665
]
Robert Munteanu edited comment on SLING-11168 at 3/1/22, 5:22 PM:
--
Actually this works for me on a Windows 10 VM, Oracle Java 11.0.14, see
[^screenshot-1.png]
was (Author: rombert):
Actually this works for me on a Windows 10 VM, Oracle Java 11.0.14 .
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499665#comment-17499665
]
Robert Munteanu commented on SLING-11168:
-
Actually this works for me on a Windows 10 VM, Oracle Java 11.0.14 .
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-11168:
Attachment: screenshot-1.png
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png,
> screenshot-1.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
Re: New org.apache.sling.event release?
Hi, Am Di., 1. März 2022 um 17:35 Uhr schrieb Robert Munteanu < romb...@apache.org>: > Hi, > > I would like to cut a new Sling Event release. I don't see anything big > standing out but I'm not that familiar with the changes so I thought > I'd ask > > +1 > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20SLING%20AND%20fixVersion%20%3D%20%22Event%204.2.26%22 > > One thing that stands out is the usage of a dedicated thread pool ( > https://issues.apache.org/jira/browse/SLING-11025 ) which would IMO > warrant a minor version bump, making it a 4.3.0 release. > Fine with me. > > I plan to start the release vote by the end of the week. > > Thoughts? > > Thanks, > Robert > > -- Cheers, Jörg Hoh, https://cqdump.joerghoh.de Twitter: @joerghoh
[jira] [Comment Edited] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499655#comment-17499655
]
Konrad Windszus edited comment on SLING-11168 at 3/1/22, 5:04 PM:
--
May this is related:
{code}
01.03.2022 17:34:48.152 *WARN* [pool-11-thread-1]
org.apache.sling.jcr.resource.internal.JcrSystemUserValidator The provided
service user id 'serviceuser--org.apache.sling.auth.core' is not a known JCR
system user id and therefore not allowed in the Sling Service User Mapper.
{code}
I have never seen this on my Mac machine.
was (Author: kwin):
May this is related:
`01.03.2022 17:34:48.152 *WARN* [pool-11-thread-1]
org.apache.sling.jcr.resource.internal.JcrSystemUserValidator The provided
service user id 'serviceuser--org.apache.sling.auth.core' is not a known JCR
system user id and therefore not allowed in the Sling Service User Mapper.`
I have never seen this on my Mac machine.
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499655#comment-17499655
]
Konrad Windszus commented on SLING-11168:
-
May this is related:
`01.03.2022 17:34:48.152 *WARN* [pool-11-thread-1]
org.apache.sling.jcr.resource.internal.JcrSystemUserValidator The provided
service user id 'serviceuser--org.apache.sling.auth.core' is not a known JCR
system user id and therefore not allowed in the Sling Service User Mapper.`
I have never seen this on my Mac machine.
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
Export MBeans to Sling Metrics
Hi, I am currently trying to make Jetty MBeans available as Sling Metrics, so we can post-process them from there. I thought about integrating it directly in the Felix HTTP module, but the functionality is quite generic, and there might be code around, which already supports MBeans for monitoring but no (Sling) Metrics. I pushed a first simple version to the Sling Whiteboard ( https://github.com/apache/sling-whiteboard/tree/master/jmx-exporter) for review. What is your opinion? Would such a simple and small bundle be benefical for Sling or should I rather try to get it directly in Felix, as Jetty is the only real usecase for such a feature? Jörg -- Cheers, Jörg Hoh, https://cqdump.joerghoh.de Twitter: @joerghoh
Re: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
Thanks! I'll try to reproduce in a VM. Robert On Tue, 2022-03-01 at 16:50 +, Stefan Seifert wrote: > it works fine with docker on the same machine! > i've created an issue for further tracking: > https://issues.apache.org/jira/browse/SLING-11168 > > stefan > > > -Original Message- > > From: Robert Munteanu > > Sent: Tuesday, March 1, 2022 5:08 PM > > To: dev@sling.apache.org > > Subject: Re: [VOTE] Release Apache Sling Starter 12, Apache Sling > > Project > > Archetype 1.0.6 and associated testing modules, > > > > On Tue, 2022-03-01 at 16:00 +, Stefan Seifert wrote: > > > > For 1., how exactly did you start the Starter? > > > > > > as documented in the README: > > > > > > mvn clean install > > > java -jar target/dependency/org.apache.sling.feature.launcher.jar > > > -f > > > target/slingfeature-tmp/feature-oak_tar.json > > > > This (un)fortunately works for me, I just downloaded the source- > > release > > and rebuilt it. > > > > Some questions to narrow it down: > > - have you tried private mode? > > - have anything specific in the logs? > > - what Java version are you using? > > - is this using Windows? > > - does the docker image work? docker run -p 8080:8080 > > apache/sling:12 > > > > Thanks, > > Robert
RE: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
it works fine with docker on the same machine! i've created an issue for further tracking: https://issues.apache.org/jira/browse/SLING-11168 stefan >-Original Message- >From: Robert Munteanu >Sent: Tuesday, March 1, 2022 5:08 PM >To: dev@sling.apache.org >Subject: Re: [VOTE] Release Apache Sling Starter 12, Apache Sling Project >Archetype 1.0.6 and associated testing modules, > >On Tue, 2022-03-01 at 16:00 +, Stefan Seifert wrote: >> > For 1., how exactly did you start the Starter? >> >> as documented in the README: >> >> mvn clean install >> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f >> target/slingfeature-tmp/feature-oak_tar.json > >This (un)fortunately works for me, I just downloaded the source-release >and rebuilt it. > >Some questions to narrow it down: >- have you tried private mode? >- have anything specific in the logs? >- what Java version are you using? >- is this using Windows? >- does the docker image work? docker run -p 8080:8080 apache/sling:12 > >Thanks, >Robert
[jira] [Updated] (SLING-11168) Sling Starter 12: Unable to launch Composum
[
https://issues.apache.org/jira/browse/SLING-11168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert updated SLING-11168:
---
Description:
environment:
* Windows 10
* java 11.0.13 2021-10-19 LTS
started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
with:
{noformat}
mvn clean install
java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
target/slingfeature-tmp/feature-oak_tar.json
{noformat}
when trying to access composum via http://localhost:8080/bin/browser.html i get
the normal sling login (if not logged in already) and login as admin/admin.
directly after this i see a blink of composum, which is replaced immediately
with another composum login dialog:
[^image-2022-03-01-17-47-08-965.png]
[^error.log] from the instance
was:
environment:
* Windows 10
* java 11.0.13 2021-10-19 LTS
started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
with:
{noformat}
mvn clean install
java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
target/slingfeature-tmp/feature-oak_tar.json
{noformat}
when trying to access composum via http://localhost:8080/bin/browser.html i get
the normal sling login (if not logged in already) and login as admin/admin.
directly after this i see a blink of composum, which is replaced immediately
with another composum login dialog:
!image-2022-03-01-17-47-08-965.png|thumbnail!
[^error.log] from the instance
> Sling Starter 12: Unable to launch Composum
> ---
>
> Key: SLING-11168
> URL: https://issues.apache.org/jira/browse/SLING-11168
> Project: Sling
> Issue Type: Bug
> Components: Starter
>Affects Versions: Starter 12
>Reporter: Stefan Seifert
>Priority: Major
> Attachments: error.log, image-2022-03-01-17-47-08-965.png
>
>
> environment:
> * Windows 10
> * java 11.0.13 2021-10-19 LTS
> started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
> with:
> {noformat}
> mvn clean install
> java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
> target/slingfeature-tmp/feature-oak_tar.json
> {noformat}
> when trying to access composum via http://localhost:8080/bin/browser.html i
> get the normal sling login (if not logged in already) and login as
> admin/admin.
> directly after this i see a blink of composum, which is replaced immediately
> with another composum login dialog:
> [^image-2022-03-01-17-47-08-965.png]
> [^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Created] (SLING-11168) Sling Starter 12: Unable to launch Composum
Stefan Seifert created SLING-11168:
--
Summary: Sling Starter 12: Unable to launch Composum
Key: SLING-11168
URL: https://issues.apache.org/jira/browse/SLING-11168
Project: Sling
Issue Type: Bug
Components: Starter
Affects Versions: Starter 12
Reporter: Stefan Seifert
Attachments: error.log, image-2022-03-01-17-47-08-965.png
environment:
* Windows 10
* java 11.0.13 2021-10-19 LTS
started sling starter 12 (or actually 13-SNAPSHOT from current master branch)
with:
{noformat}
mvn clean install
java -jar target/dependency/org.apache.sling.feature.launcher.jar -f
target/slingfeature-tmp/feature-oak_tar.json
{noformat}
when trying to access composum via http://localhost:8080/bin/browser.html i get
the normal sling login (if not logged in already) and login as admin/admin.
directly after this i see a blink of composum, which is replaced immediately
with another composum login dialog:
!image-2022-03-01-17-47-08-965.png|thumbnail!
[^error.log] from the instance
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-feature-cpconverter] rombert commented on pull request #128: SLING-11134 - Extract Oak index definitions and package them as an additional file
rombert commented on pull request #128: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/128#issuecomment-1055639973 @thomasmueller - I am working on tooling to create index definitions in JSON format from FileVault content packages. I am following the oak-run indexing file format described at https://jackrabbit.apache.org/oak/docs/query/oak-run-indexing.html#json-file-format . Does this PR go in the right direction for that from an Oak indexing point of view? Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-feature-cpconverter] rombert commented on a change in pull request #128: SLING-11134 - Extract Oak index definitions and package them as an additional file
rombert commented on a change in pull request #128:
URL:
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/128#discussion_r816950437
##
File path:
src/main/java/org/apache/sling/feature/cpconverter/handlers/IndexDefinitionsEntryHandler.java
##
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.handlers;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Optional;
+
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.util.Text;
+import org.apache.jackrabbit.vault.fs.api.WorkspaceFilter;
+import org.apache.jackrabbit.vault.fs.io.Archive;
+import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
+import org.apache.jackrabbit.vault.fs.io.DocViewParser;
+import org.apache.jackrabbit.vault.fs.io.DocViewParser.XmlParseException;
+import org.apache.jackrabbit.vault.fs.io.DocViewParserHandler;
+import org.apache.jackrabbit.vault.util.DocViewNode2;
+import org.apache.jackrabbit.vault.util.PlatformNameFormat;
+import
org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter;
+import org.apache.sling.feature.cpconverter.ConverterException;
+import org.apache.sling.feature.cpconverter.index.IndexDefinitions;
+import org.apache.sling.feature.cpconverter.index.IndexManager;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.InputSource;
+
+/**
+ * Handler for Jackrabbit Oak index definitions
+ *
+ * This implementation scans content packages for entries stored under
/oak:index
+ * and exposes them to the {@link IndexManager} for further processing.
+ *
+ */
+public class IndexDefinitionsEntryHandler extends AbstractRegexEntryHandler {
+
+private final class IndexDefinitionsParserHandler implements
DocViewParserHandler {
+private final WorkspaceFilter filter;
+private IndexDefinitions definitions;
+
+public IndexDefinitionsParserHandler(WorkspaceFilter filter,
IndexDefinitions definitions) {
+this.filter = filter;
+this.definitions = definitions;
+}
+
+@Override
+public void startDocViewNode(@NotNull String nodePath, @NotNull
DocViewNode2 docViewNode,
+@NotNull Optional parentDocViewNode, int line,
int column)
+throws IOException, RepositoryException {
+
+if ( nodePath.startsWith(IndexDefinitions.OAK_INDEX_PATH) &&
filter.contains(nodePath) ) {
Review comment:
That's a good catch @anchela . I am right now trying to figure out
whether it makes sense to make the 'index roots' configurable or to scan all
the content packages and detect oak index definitions present anywhere. I guess
the bookkeeping won't be too complicated but I wonder whether it's actually
worth it.
##
File path:
src/main/java/org/apache/sling/feature/cpconverter/handlers/IndexDefinitionsEntryHandler.java
##
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.handlers;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Optional;
+
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.util.Text;
+import org.apache.jackrabbit.vault.fs.api.WorkspaceFilter;
+import org.apache.jackrabbit.vault.fs.io.Archive;
+import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
+import org.apache.jackrabbit.vault.fs.io.DocViewParser;
+import
[jira] [Commented] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499647#comment-17499647
]
Dan Klco commented on SLING-11160:
--
Sorry about that Angela, should have had the examples in front of me :)
add ACL => set ACL
grant => allow
And really my point was just to say that from a grammar perspective, what we're
proposing here seems to _actually_ be remove ACE not remove ACL.
So I think we're saying the same thing, I just said it poorly.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
New org.apache.sling.event release?
Hi, I would like to cut a new Sling Event release. I don't see anything big standing out but I'm not that familiar with the changes so I thought I'd ask https://issues.apache.org/jira/issues/?jql=project%20%3D%20SLING%20AND%20fixVersion%20%3D%20%22Event%204.2.26%22 One thing that stands out is the usage of a dedicated thread pool ( https://issues.apache.org/jira/browse/SLING-11025 ) which would IMO warrant a minor version bump, making it a 4.3.0 release. I plan to start the release vote by the end of the week. Thoughts? Thanks, Robert
[jira] [Commented] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499636#comment-17499636
]
Angela Schreiber commented on SLING-11160:
--
[~bdelacretaz], that's exactly what i was suggesting :-). unless there are any
objection i would adjust the PRs accordingly tomorrow (including operation
names). as far as documentation is concerned: that's on my todo list and will
not be missed. i just don't want to start changing it before we have reached
consensus on how to fix it.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-jcr-repoinit] anchela commented on a change in pull request #22: SLING-11160 : Repoinit does not allow to remove individual ACEs (jcr impl)
anchela commented on a change in pull request #22:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/22#discussion_r816926678
##
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##
@@ -692,28 +693,64 @@ public void testRemoveMatchingEntry() throws Exception {
}
}
+@Test
+public void testRemoveNoExistingPolicy() throws Exception {
+String setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read on " + path + "\n"
++ "end";
+U.parseAndExecute(setup);
+}
+
+@Test
+public void testRemoveMatchingEntry() throws Exception {
+Principal principal = getPrincipal(U.username);
+String setup = "set principal ACL for " + U.username + "\n"
++ "allow jcr:write on "+path+"\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// privilege mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read,jcr:write on " + path + "\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// path mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:write on " + path + "/mismatch\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// restriction mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:write on " + path + " restriction(rep:glob,
/*/jcr:content/*)\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+}
+
@Test
public void testRemoveNoMatchingEntry() throws Exception {
+Principal principal = getPrincipal(U.username);
String setup = "set principal ACL for " + U.username + "\n"
+ "allow jcr:write on "+path+"\n"
+ "end";
U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
-setup = "set principal ACL for " + U.username + "\n"
-+ "remove jcr:read on " + path + "\n"
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read on " + path + "\n"
+ "end";
-try {
-U.parseAndExecute(setup);
-fail("Expecting REMOVE to fail");
-} catch(RuntimeException rex) {
-assertRegex(REMOVE_NOT_SUPPORTED_REGEX, rex.getMessage());
-}
+assertPolicy(principal, U.adminSession, 1);
}
-@Test(expected = RuntimeException.class)
+@Test(expected = RepoInitException.class)
public void testRemoveNonExistingPrincipal() throws Exception {
-String setup = "set principal ACL for nonExistingPrincipal\n"
Review comment:
this one didn't go away instead i refactored the tests. i think 1
test to make sure the unsupported remove-action really throws an exception is
sufficient instead wanted to have extra coverage for the new removal.
##
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##
@@ -725,16 +762,16 @@ public void testRemovePrincipalMismatch() throws
Exception {
+ "end";
U.parseAndExecute(setup);
U.parseAndExecute("create service user otherSystemPrincipal");
+assertPolicy(getPrincipal(U.username), U.adminSession, 1);
-try {
-setup = "set principal ACL for otherSystemPrincipal\n"
-+ "remove jcr:write on " + path + "\n"
-+ "end";
-U.parseAndExecute(setup);
-fail("Expecting REMOVE to fail");
-} catch(RuntimeException rex) {
-assertRegex(REMOVE_NOT_SUPPORTED_REGEX, rex.getMessage());
Review comment:
see above.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] commented on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] commented on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1055612863 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [92.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [24.5% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] removed a comment on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] removed a comment on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1055562441 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [92.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [24.8% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499633#comment-17499633
]
Bertrand Delacretaz commented on SLING-11160:
-
I agree with the need to avoid confusion between ACL and ACE - and we probably
need to add a short section on what those are, or point to existing
documentation, from
[https://sling.apache.org/documentation/bundles/repository-initialization.html].
Basically just explain that an Access Control List is a set of Access Control
Entries, and repoinit statements act on one or the other.
In terms of implementation, reformulating what [~angela] is suggesting to make
sure I understand:
* {{set ACL}} remains unchanged, to add a set of ACEs to a given ACL.
* {{delete ACL}} remains unchanged, to delete a complete ACL
* {{remove ACE}} is added, similar to the current pull request but using
{{ACE}} instead of {{ACL}} in the statement
If my understanding is correct, the above works for me.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
Re: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
On Tue, 2022-03-01 at 16:00 +, Stefan Seifert wrote: > > For 1., how exactly did you start the Starter? > > as documented in the README: > > mvn clean install > java -jar target/dependency/org.apache.sling.feature.launcher.jar -f > target/slingfeature-tmp/feature-oak_tar.json This (un)fortunately works for me, I just downloaded the source-release and rebuilt it. Some questions to narrow it down: - have you tried private mode? - have anything specific in the logs? - what Java version are you using? - is this using Windows? - does the docker image work? docker run -p 8080:8080 apache/sling:12 Thanks, Robert
[jira] [Commented] (SLING-7492) Lots of logs on missing SlingRequestProgressTracker
[
https://issues.apache.org/jira/browse/SLING-7492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499628#comment-17499628
]
Robert Munteanu commented on SLING-7492:
[~casal...@adobe.com] - thanks, I replied to the PR, this will need a bit of
discussion. About the AEM 6.5 service pack, I have no idea :-) I would guess
you need to find the right team within Adobe and ask them about this.
We don't have any idea about AEM decisions and schedules in the Apache Sling
open source project :-)
> Lots of logs on missing SlingRequestProgressTracker
> ---
>
> Key: SLING-7492
> URL: https://issues.apache.org/jira/browse/SLING-7492
> Project: Sling
> Issue Type: Bug
>Affects Versions: Engine 2.6.6
> Environment: Using Adobe Experience Manager
>Reporter: Tomasz
>Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Constructing a fully correct request that implements HttpServletRequest means
> that it won't have an attribute of SlingRequestProgressTracker. There is no
> chance to instantiate it.
> When developer invokes method processRequest from SlingRequestProcessor
> using mentioned, created request it writes lots of warnings in logs.
> That's because constructor of
> org.apache.sling.engine.impl.request.RequestData contains given lines:
> Object o = request.getAttribute(RequestProgressTracker.class.getName());
> if(o instanceof SlingRequestProgressTracker)
> { this.requestProgressTracker = (SlingRequestProgressTracker)o; }
> else
> { this.log.warn("SlingRequestProgressTracker not found in request
> attributes"); this.requestProgressTracker = new
> SlingRequestProgressTracker(request); }
> Steps to reproduce:
> # Create new class, let's call it MockRequest, that implements
> HttpServletRequest.
> # Create an object of MockRequest.
> # Instantiate or inject an object of SlingRequestProcessor.
> # On SlingRequestProcessor object invoke method processRequest(), where, as
> a request parameter, provide a MockRequest object.
> # Check logs. You will see lot's of warnings like given one:
> 26.01.2018 01:25:48.607 *WARN* [pool-331-thread-3]
> org.apache.sling.engine.impl.request.RequestData SlingRequestProgressTracker
> not found in request attributes
> Expected: warnings does not appear in logs or there is a way to avoid them.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
RE: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
>For 1., how exactly did you start the Starter? as documented in the README: mvn clean install java -jar target/dependency/org.apache.sling.feature.launcher.jar -f target/slingfeature-tmp/feature-oak_tar.json stefan
[GitHub] [sling-org-apache-sling-engine] rombert commented on pull request #22: SLING-7492 Lots of logs on missing SlingRequestProgressTracker
rombert commented on pull request #22: URL: https://github.com/apache/sling-org-apache-sling-engine/pull/22#issuecomment-1055595193 Thanks for the PR @janaki-r-bhagwath . I think this is simply downgrading a warn to a debug, right? I am not sure if that is the proper solution for this ticket. @bdelacretaz has originally introduced this warning in https://github.com/apache/sling-org-apache-sling-engine/commit/f26e1bc68824f1741b0341f38280377a0c657104, perhaps he can comment. In the meantime, I wonder whether a proper fix for you would be setting the respective log level to ERROR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499623#comment-17499623
]
Angela Schreiber commented on SLING-11160:
--
[~dklco], uhhh.. not sure i can follow you with that one. what is 'add
ACL'? that doesn't exist. and introducing 'grant' when up to now it's
called allow? and what exactly is granted? this is getting even more
complicated. the goal of the 'remove ACL' was _NOT_ to remove the policy (for
that we have 'delete ACL' already). it was simply to remove individual
entries that match. and if there is no matching entry -> ignore.
but i am with you that 'remove ACL', when in fact the desired action is 'remove
ACEs' is confusing.
what about the following new statement:
{code}
remove ace for alice
end
remove principal ace for alice
end
remove ace on /content
end
{code}
- no need to learn too much new stuff the entry definitions stay the same
- the existing variants of 'set acl' to add entries would be left untouched
- the existing variants of 'delete acl' to remove the policies altogether would
be left untouched
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
Re: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
Hi Stefan, For 1., how exactly did you start the Starter? Thanks, Robert On Tue, 2022-03-01 at 15:05 +, Stefan Seifert wrote: > hello robert. > > thanks for finally getting this out of the door! > > signatures are validating fine, however i found two issues when > starting the sling starter and using the links provided on the > starter page - not sure if it only happens on my machine: > > 1. even after logging in as admin/admin, i cannot open composum > (browse content). i always get an error dialog "Console assets not > accessible..." with another login dialog, but logging in again only > shows the same dialog. i think composum is quite a crucial feature > for the starter. > > 2. the "api documentation" link is still pointing to sling 11 > > stefan > > > -Original Message- > > From: Robert Munteanu > > Sent: Friday, February 25, 2022 5:37 PM > > To: dev@sling.apache.org > > Subject: [VOTE] Release Apache Sling Starter 12, Apache Sling > > Project > > Archetype 1.0.6 and associated testing modules, > > > > Hi, > > > > We solved 80 issues in these releases (not accounting for > > duplicates): > > > > > > https://issues.apache.org/jira/browse/SLING/fixforversion/12344080 > > (57) > > https://issues.apache.org/jira/browse/SLING/fixforversion/12348435 > > (3) > > https://issues.apache.org/jira/browse/SLING/fixforversion/12345675 > > (7) > > https://issues.apache.org/jira/browse/SLING/fixforversion/12348357 > > (6) > > https://issues.apache.org/jira/browse/SLING/fixforversion/12348291 > > (7) > > > > There is no Jira version for the test-fragment bundle, but I've > > included it in the release since we keep the same version for all > > the > > testing projects. > > > > Staging repository: > > https://repository.apache.org/content/repositories/orgapachesling-2604 > > > > You can use this UNIX script to download the release and verify the > > signatures: > > > > https://gitbox.apache.org/repos/asf?p=sling-tooling- > > release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > > > Usage: > > sh check_staged_release.sh 2604 /tmp/sling-staging > > > > Please vote to approve this release: > > > > [ ] +1 Approve the release > > [ ] 0 Don't care > > [ ] -1 Don't release, because ... > > > > This majority vote is open for at least 72 hours. > > > > Thanks, > > Robert
[jira] [Commented] (SLING-7492) Lots of logs on missing SlingRequestProgressTracker
[
https://issues.apache.org/jira/browse/SLING-7492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499621#comment-17499621
]
J. Casalino commented on SLING-7492:
[~rombert] Our engineers have created a patch for this. Could you please merge
it into SLING? What's the next step to get this promoted into the next AEM 6.5
service pack?
[https://github.com/apache/sling-org-apache-sling-engine/pull/22]
> Lots of logs on missing SlingRequestProgressTracker
> ---
>
> Key: SLING-7492
> URL: https://issues.apache.org/jira/browse/SLING-7492
> Project: Sling
> Issue Type: Bug
>Affects Versions: Engine 2.6.6
> Environment: Using Adobe Experience Manager
>Reporter: Tomasz
>Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Constructing a fully correct request that implements HttpServletRequest means
> that it won't have an attribute of SlingRequestProgressTracker. There is no
> chance to instantiate it.
> When developer invokes method processRequest from SlingRequestProcessor
> using mentioned, created request it writes lots of warnings in logs.
> That's because constructor of
> org.apache.sling.engine.impl.request.RequestData contains given lines:
> Object o = request.getAttribute(RequestProgressTracker.class.getName());
> if(o instanceof SlingRequestProgressTracker)
> { this.requestProgressTracker = (SlingRequestProgressTracker)o; }
> else
> { this.log.warn("SlingRequestProgressTracker not found in request
> attributes"); this.requestProgressTracker = new
> SlingRequestProgressTracker(request); }
> Steps to reproduce:
> # Create new class, let's call it MockRequest, that implements
> HttpServletRequest.
> # Create an object of MockRequest.
> # Instantiate or inject an object of SlingRequestProcessor.
> # On SlingRequestProcessor object invoke method processRequest(), where, as
> a request parameter, provide a MockRequest object.
> # Check logs. You will see lot's of warnings like given one:
> 26.01.2018 01:25:48.607 *WARN* [pool-331-thread-3]
> org.apache.sling.engine.impl.request.RequestData SlingRequestProgressTracker
> not found in request attributes
> Expected: warnings does not appear in logs or there is a way to avoid them.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] commented on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] commented on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1055562441 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [92.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [24.8% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] removed a comment on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] removed a comment on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1055307115 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [92.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [26.2% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] anchela commented on a change in pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
anchela commented on a change in pull request #17:
URL:
https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#discussion_r816874389
##
File path: src/main/javacc/RepoInitGrammar.jjt
##
@@ -359,24 +362,30 @@ void removeStarLine(List lines) :
}
}
-AclLine privilegesLineOperation() :
-{}
+AclLine privilegesLineOperation(boolean supportsRemoveAction) :
+{
+}
{
(
-{ return new AclLine(AclLine.Action.REMOVE); }
+{
+if (supportsRemoveAction) {
+return new AclLine(AclLine.Action.REMOVE);
+} else {
+throw new IllegalArgumentException("REMOVE action not supported with
'remove acl' statements.");
Review comment:
i added tests both for the unsupported remove actions as well as for the
unsupported acl-options and changed the exception to ParseException to keep it
consistent.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] anchela commented on a change in pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
anchela commented on a change in pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#discussion_r816873223 ## File path: src/main/javacc/RepoInitGrammar.jjt ## @@ -22,7 +22,7 @@ package org.apache.sling.repoinit.parser.impl; import java.util.List; import java.util.ArrayList; -import org.apache.sling.repoinit.parser.operations.*; +import org.apache.sling.repoinit.parser.RepoInitParsingException;import org.apache.sling.repoinit.parser.operations.*; Review comment: it was in fact an unused import :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499606#comment-17499606
]
Dan Klco edited comment on SLING-11160 at 3/1/22, 3:17 PM:
---
I agree that the nomenclature is confusing. What about a "remove ACE(s)"
command which would take a path along with a principal, optional restriction
and optional modifier and remove any matching ACEs from the ACL?
>From a consumer perspective this would seem to match the use case better, for
>example I may want to do something like:
{{remove ACE for users-with-write-by-default with grant on /content}}
{{add ACL for users-with-write-by-default}}
{{allow jcr:read on /content}}
{{end}}
{{add ACL for more-restrictive-group}}
{{allow jcr:read,jcr:write on /content}}
{{end}}
So that you could remove the OOTB ACE for a principal and apply a different ACE
without removing the ACL entirely and thus run the risk of missing an unrelated
ACE when re-adding the ACL.
was (Author: dklco):
I agree that the nomenclature is confusing. What about a "remove ACE(s)"
command which would take a path along with a principal, optional restriction
and optional modifier and remove any matching ACEs from the ACL?
>From a consumer perspective this would seem to match the use case better, for
>example I may want to do something like:
remove ACE for users-with-write-by-default with grant on /content
add ACL for users-with-write-by-default
allow jcr:read on /content
end
add ACL for more-restrictive-group
allow jcr:read,jcr:write on /content
end
So that you could remove the OOTB permissions granted to a group and apply a
more restrictive permission set without removing the ACL entirely and thus run
the risk of missing an ACE when re-adding the ACL.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499606#comment-17499606
]
Dan Klco commented on SLING-11160:
--
I agree that the nomenclature is confusing. What about a "remove ACE(s)"
command which would take a path along with a principal, optional restriction
and optional modifier and remove any matching ACEs from the ACL?
>From a consumer perspective this would seem to match the use case better, for
>example I may want to do something like:
remove ACE for users-with-write-by-default with grant on /content
add ACL for users-with-write-by-default
allow jcr:read on /content
end
add ACL for more-restrictive-group
allow jcr:read,jcr:write on /content
end
So that you could remove the OOTB permissions granted to a group and apply a
more restrictive permission set without removing the ACL entirely and thus run
the risk of missing an ACE when re-adding the ACL.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
RE: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
hello robert. thanks for finally getting this out of the door! signatures are validating fine, however i found two issues when starting the sling starter and using the links provided on the starter page - not sure if it only happens on my machine: 1. even after logging in as admin/admin, i cannot open composum (browse content). i always get an error dialog "Console assets not accessible..." with another login dialog, but logging in again only shows the same dialog. i think composum is quite a crucial feature for the starter. 2. the "api documentation" link is still pointing to sling 11 stefan >-Original Message- >From: Robert Munteanu >Sent: Friday, February 25, 2022 5:37 PM >To: dev@sling.apache.org >Subject: [VOTE] Release Apache Sling Starter 12, Apache Sling Project >Archetype 1.0.6 and associated testing modules, > >Hi, > >We solved 80 issues in these releases (not accounting for duplicates): > > >https://issues.apache.org/jira/browse/SLING/fixforversion/12344080 (57) >https://issues.apache.org/jira/browse/SLING/fixforversion/12348435 (3) >https://issues.apache.org/jira/browse/SLING/fixforversion/12345675 (7) >https://issues.apache.org/jira/browse/SLING/fixforversion/12348357 (6) >https://issues.apache.org/jira/browse/SLING/fixforversion/12348291 (7) > >There is no Jira version for the test-fragment bundle, but I've >included it in the release since we keep the same version for all the >testing projects. > >Staging repository: >https://repository.apache.org/content/repositories/orgapachesling-2604 > >You can use this UNIX script to download the release and verify the >signatures: > >https://gitbox.apache.org/repos/asf?p=sling-tooling- >release.git;a=blob;f=check_staged_release.sh;hb=HEAD > >Usage: >sh check_staged_release.sh 2604 /tmp/sling-staging > >Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > >This majority vote is open for at least 72 hours. > >Thanks, >Robert
[GitHub] [sling-org-apache-sling-jcr-repoinit] bdelacretaz commented on a change in pull request #22: SLING-11160 : Repoinit does not allow to remove individual ACEs (jcr impl)
bdelacretaz commented on a change in pull request #22:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/22#discussion_r816846895
##
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##
@@ -692,28 +693,64 @@ public void testRemoveMatchingEntry() throws Exception {
}
}
+@Test
+public void testRemoveNoExistingPolicy() throws Exception {
+String setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read on " + path + "\n"
++ "end";
+U.parseAndExecute(setup);
+}
+
+@Test
+public void testRemoveMatchingEntry() throws Exception {
+Principal principal = getPrincipal(U.username);
+String setup = "set principal ACL for " + U.username + "\n"
++ "allow jcr:write on "+path+"\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// privilege mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read,jcr:write on " + path + "\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// path mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:write on " + path + "/mismatch\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// restriction mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:write on " + path + " restriction(rep:glob,
/*/jcr:content/*)\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+}
+
@Test
public void testRemoveNoMatchingEntry() throws Exception {
+Principal principal = getPrincipal(U.username);
String setup = "set principal ACL for " + U.username + "\n"
+ "allow jcr:write on "+path+"\n"
+ "end";
U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
-setup = "set principal ACL for " + U.username + "\n"
-+ "remove jcr:read on " + path + "\n"
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read on " + path + "\n"
+ "end";
-try {
-U.parseAndExecute(setup);
-fail("Expecting REMOVE to fail");
-} catch(RuntimeException rex) {
-assertRegex(REMOVE_NOT_SUPPORTED_REGEX, rex.getMessage());
-}
+assertPolicy(principal, U.adminSession, 1);
}
-@Test(expected = RuntimeException.class)
+@Test(expected = RepoInitException.class)
public void testRemoveNonExistingPrincipal() throws Exception {
-String setup = "set principal ACL for nonExistingPrincipal\n"
Review comment:
Same comment as above for a test that goes away
##
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##
@@ -725,16 +762,16 @@ public void testRemovePrincipalMismatch() throws
Exception {
+ "end";
U.parseAndExecute(setup);
U.parseAndExecute("create service user otherSystemPrincipal");
+assertPolicy(getPrincipal(U.username), U.adminSession, 1);
-try {
-setup = "set principal ACL for otherSystemPrincipal\n"
-+ "remove jcr:write on " + path + "\n"
-+ "end";
-U.parseAndExecute(setup);
-fail("Expecting REMOVE to fail");
-} catch(RuntimeException rex) {
-assertRegex(REMOVE_NOT_SUPPORTED_REGEX, rex.getMessage());
Review comment:
Same comment as above for a test that goes away
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-jcr-repoinit] bdelacretaz commented on a change in pull request #22: SLING-11160 : Repoinit does not allow to remove individual ACEs (jcr impl)
bdelacretaz commented on a change in pull request #22:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/22#discussion_r816846413
##
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##
@@ -692,28 +693,64 @@ public void testRemoveMatchingEntry() throws Exception {
}
}
+@Test
+public void testRemoveNoExistingPolicy() throws Exception {
+String setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read on " + path + "\n"
++ "end";
+U.parseAndExecute(setup);
+}
+
+@Test
+public void testRemoveMatchingEntry() throws Exception {
+Principal principal = getPrincipal(U.username);
+String setup = "set principal ACL for " + U.username + "\n"
++ "allow jcr:write on "+path+"\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// privilege mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:read,jcr:write on " + path + "\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// path mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:write on " + path + "/mismatch\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+
+// restriction mismatch
+setup = "remove principal ACL for " + U.username + "\n"
++ "allow jcr:write on " + path + " restriction(rep:glob,
/*/jcr:content/*)\n"
++ "end";
+U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
+}
+
@Test
public void testRemoveNoMatchingEntry() throws Exception {
+Principal principal = getPrincipal(U.username);
String setup = "set principal ACL for " + U.username + "\n"
+ "allow jcr:write on "+path+"\n"
+ "end";
U.parseAndExecute(setup);
+assertPolicy(principal, U.adminSession, 1);
-setup = "set principal ACL for " + U.username + "\n"
Review comment:
IIUC this test goes away with your changes, shouldn't it be kept? To
test backwards compatibility - even if the corresponding operation is
deprecated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
+1 (or should I say +12) On Tue, Mar 1, 2022 at 7:52 AM Robert Munteanu wrote: > On Fri, 2022-02-25 at 17:37 +0100, Robert Munteanu wrote: > > Please vote to approve this release: > > +1 > Robert >
[GitHub] [sling-org-apache-sling-repoinit-parser] anchela commented on a change in pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
anchela commented on a change in pull request #17:
URL:
https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#discussion_r816840066
##
File path: src/main/javacc/RepoInitGrammar.jjt
##
@@ -359,24 +362,30 @@ void removeStarLine(List lines) :
}
}
-AclLine privilegesLineOperation() :
-{}
+AclLine privilegesLineOperation(boolean supportsRemoveAction) :
+{
+}
{
(
-{ return new AclLine(AclLine.Action.REMOVE); }
+{
+if (supportsRemoveAction) {
+return new AclLine(AclLine.Action.REMOVE);
+} else {
+throw new IllegalArgumentException("REMOVE action not supported with
'remove acl' statements.");
Review comment:
good point
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] anchela commented on a change in pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
anchela commented on a change in pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#discussion_r816839630 ## File path: src/main/javacc/RepoInitGrammar.jjt ## @@ -22,7 +22,7 @@ package org.apache.sling.repoinit.parser.impl; import java.util.List; import java.util.ArrayList; -import org.apache.sling.repoinit.parser.operations.*; +import org.apache.sling.repoinit.parser.RepoInitParsingException;import org.apache.sling.repoinit.parser.operations.*; Review comment: no worries and no that's not nitpicking. it should look nice. will fix it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] anchela commented on a change in pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
anchela commented on a change in pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#discussion_r816839630 ## File path: src/main/javacc/RepoInitGrammar.jjt ## @@ -22,7 +22,7 @@ package org.apache.sling.repoinit.parser.impl; import java.util.List; import java.util.ArrayList; -import org.apache.sling.repoinit.parser.operations.*; +import org.apache.sling.repoinit.parser.RepoInitParsingException;import org.apache.sling.repoinit.parser.operations.*; Review comment: no worries and no that's nitpicking. it should look nice. will fix it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] bdelacretaz commented on a change in pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
bdelacretaz commented on a change in pull request #17:
URL:
https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#discussion_r816839013
##
File path: src/main/javacc/RepoInitGrammar.jjt
##
@@ -359,24 +362,30 @@ void removeStarLine(List lines) :
}
}
-AclLine privilegesLineOperation() :
-{}
+AclLine privilegesLineOperation(boolean supportsRemoveAction) :
+{
+}
{
(
-{ return new AclLine(AclLine.Action.REMOVE); }
+{
+if (supportsRemoveAction) {
+return new AclLine(AclLine.Action.REMOVE);
+} else {
+throw new IllegalArgumentException("REMOVE action not supported with
'remove acl' statements.");
Review comment:
I suppose this is not currently tested, would be good to add tests to
org/apache/sling/repoinit/parser/test/ParsingErrorsTest.java for that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] bdelacretaz commented on a change in pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
bdelacretaz commented on a change in pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#discussion_r816837327 ## File path: src/main/javacc/RepoInitGrammar.jjt ## @@ -22,7 +22,7 @@ package org.apache.sling.repoinit.parser.impl; import java.util.List; import java.util.ArrayList; -import org.apache.sling.repoinit.parser.operations.*; +import org.apache.sling.repoinit.parser.RepoInitParsingException;import org.apache.sling.repoinit.parser.operations.*; Review comment: nitpicking: missing newline here -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-feature-cpconverter] anchela commented on a change in pull request #128: SLING-11134 - Extract Oak index definitions and package them as an additional file
anchela commented on a change in pull request #128:
URL:
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/128#discussion_r816745359
##
File path:
src/main/java/org/apache/sling/feature/cpconverter/handlers/IndexDefinitionsEntryHandler.java
##
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.handlers;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Optional;
+
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.util.Text;
+import org.apache.jackrabbit.vault.fs.api.WorkspaceFilter;
+import org.apache.jackrabbit.vault.fs.io.Archive;
+import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
+import org.apache.jackrabbit.vault.fs.io.DocViewParser;
+import org.apache.jackrabbit.vault.fs.io.DocViewParser.XmlParseException;
+import org.apache.jackrabbit.vault.fs.io.DocViewParserHandler;
+import org.apache.jackrabbit.vault.util.DocViewNode2;
+import org.apache.jackrabbit.vault.util.PlatformNameFormat;
+import
org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter;
+import org.apache.sling.feature.cpconverter.ConverterException;
+import org.apache.sling.feature.cpconverter.index.IndexDefinitions;
+import org.apache.sling.feature.cpconverter.index.IndexManager;
+import org.jetbrains.annotations.NotNull;
+import org.xml.sax.InputSource;
+
+/**
+ * Handler for Jackrabbit Oak index definitions
+ *
+ * This implementation scans content packages for entries stored under
/oak:index
+ * and exposes them to the {@link IndexManager} for further processing.
+ *
+ */
+public class IndexDefinitionsEntryHandler extends AbstractRegexEntryHandler {
+
+private final class IndexDefinitionsParserHandler implements
DocViewParserHandler {
+private final WorkspaceFilter filter;
+private IndexDefinitions definitions;
+
+public IndexDefinitionsParserHandler(WorkspaceFilter filter,
IndexDefinitions definitions) {
+this.filter = filter;
+this.definitions = definitions;
+}
+
+@Override
+public void startDocViewNode(@NotNull String nodePath, @NotNull
DocViewNode2 docViewNode,
+@NotNull Optional parentDocViewNode, int line,
int column)
+throws IOException, RepositoryException {
+
+if ( nodePath.startsWith(IndexDefinitions.OAK_INDEX_PATH) &&
filter.contains(nodePath) ) {
+definitions.addNode(Text.getRelativeParent(nodePath, 1),
docViewNode);
+}
+}
+
+@Override
+public void endDocViewNode(@NotNull String nodePath, @NotNull
DocViewNode2 docViewNode,
+@NotNull Optional parentDocViewNode, int line,
int column)
+throws IOException, RepositoryException {
+// nothing to do
+}
+
+@Override
+public void startPrefixMapping(String prefix, String uri) {
+definitions.registerPrefixMapping(prefix, uri);
+}
+}
+
+public IndexDefinitionsEntryHandler() {
+super("/jcr_root/" +
PlatformNameFormat.getPlatformName(IndexDefinitions.OAK_INDEX_NAME)+
"/.*(/)?/*.xml");
+}
+
+@Override
+public void handle(@NotNull String path, @NotNull Archive archive,
@NotNull Entry entry,
+@NotNull ContentPackage2FeatureModelConverter converter) throws
IOException, ConverterException {
+
+IndexManager indexManager = converter.getIndexManager();
+if ( indexManager == null ) {
+logger.info("{} not present, will skip index definition
extraction", IndexManager.class.getName());
+} else {
+try (InputStream is = archive.openInputStream(entry)) {
+
+String platformPath = path.replaceAll("^/jcr_root", "")
+.replaceAll("/\\.content\\.xml$", "")
+.replace(".dir", "");
+String repositoryPath =
PlatformNameFormat.getRepositoryPath(platformPath);
+InputSource inputSource = new InputSource(is);
+
+boolean isDocView = false;
+// DocViewParser.isDocView closes the input stream it is passed
+
Re: [VOTE] Release Apache Sling Starter 12, Apache Sling Project Archetype 1.0.6 and associated testing modules,
On Fri, 2022-02-25 at 17:37 +0100, Robert Munteanu wrote: > Please vote to approve this release: +1 Robert signature.asc Description: This is a digitally signed message part
[jira] [Resolved] (SLING-11167) Sling jobs inventory printer for json produces invalid json
[
https://issues.apache.org/jira/browse/SLING-11167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu resolved SLING-11167.
-
Resolution: Fixed
Applied https://github.com/apache/sling-org-apache-sling-event/pull/17, thanks
[~angulohe]!
> Sling jobs inventory printer for json produces invalid json
> ---
>
> Key: SLING-11167
> URL: https://issues.apache.org/jira/browse/SLING-11167
> Project: Sling
> Issue Type: Bug
> Components: Event
>Affects Versions: Event 4.2.24
>Reporter: Natalia Angulo Herrera
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Event 4.2.26
>
>
> Sling jobs inventory printer for json produces invalid json:
> {
> "queues": [
> {
> "configuration" :
> {
> "topics" : "["ref-updater/references", "ref-updater/update",
> "ref-updater/delete"]"
> }
> }
> ]
> }
> where queues.topics is not a valid json format.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Assigned] (SLING-11167) Sling jobs inventory printer for json produces invalid json
[
https://issues.apache.org/jira/browse/SLING-11167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu reassigned SLING-11167:
---
Assignee: Robert Munteanu
> Sling jobs inventory printer for json produces invalid json
> ---
>
> Key: SLING-11167
> URL: https://issues.apache.org/jira/browse/SLING-11167
> Project: Sling
> Issue Type: Bug
> Components: Event
>Affects Versions: Event 4.2.24
>Reporter: Natalia Angulo Herrera
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Event 4.2.26
>
>
> Sling jobs inventory printer for json produces invalid json:
> {
> "queues": [
> {
> "configuration" :
> {
> "topics" : "["ref-updater/references", "ref-updater/update",
> "ref-updater/delete"]"
> }
> }
> ]
> }
> where queues.topics is not a valid json format.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (SLING-11167) Sling jobs inventory printer for json produces invalid json
[
https://issues.apache.org/jira/browse/SLING-11167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-11167:
Component/s: Event
(was: Feature InventoryPrinters)
> Sling jobs inventory printer for json produces invalid json
> ---
>
> Key: SLING-11167
> URL: https://issues.apache.org/jira/browse/SLING-11167
> Project: Sling
> Issue Type: Bug
> Components: Event
>Affects Versions: Event 4.2.24
>Reporter: Natalia Angulo Herrera
>Priority: Major
>
> Sling jobs inventory printer for json produces invalid json:
> {
> "queues": [
> {
> "configuration" :
> {
> "topics" : "["ref-updater/references", "ref-updater/update",
> "ref-updater/delete"]"
> }
> }
> ]
> }
> where queues.topics is not a valid json format.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Updated] (SLING-11167) Sling jobs inventory printer for json produces invalid json
[
https://issues.apache.org/jira/browse/SLING-11167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-11167:
Fix Version/s: Event 4.2.26
> Sling jobs inventory printer for json produces invalid json
> ---
>
> Key: SLING-11167
> URL: https://issues.apache.org/jira/browse/SLING-11167
> Project: Sling
> Issue Type: Bug
> Components: Event
>Affects Versions: Event 4.2.24
>Reporter: Natalia Angulo Herrera
>Priority: Major
> Fix For: Event 4.2.26
>
>
> Sling jobs inventory printer for json produces invalid json:
> {
> "queues": [
> {
> "configuration" :
> {
> "topics" : "["ref-updater/references", "ref-updater/update",
> "ref-updater/delete"]"
> }
> }
> ]
> }
> where queues.topics is not a valid json format.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-event] rombert commented on pull request #17: Fix json output in correct format
rombert commented on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-event/pull/17#issuecomment-1055404964 Thanks for the contribution @angulito ! I've amended your commit to follow our coding conventions ( title should reflect the Jira issue id and summary ). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-event] rombert merged pull request #17: Fix json output in correct format
rombert merged pull request #17: URL: https://github.com/apache/sling-org-apache-sling-event/pull/17 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-feature-cpconverter] rombert commented on pull request #128: SLING-11134 - Extract Oak index definitions and package them as an additional file
rombert commented on pull request #128: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/128#issuecomment-1055400089 The build will fail for now since FileVault 3.6.0 is not yet released, but passes locally for me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-feature-cpconverter] rombert opened a new pull request #128: SLING-11134 - Extract Oak index definitions and package them as an additional file
rombert opened a new pull request #128: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/128 - add an IndexManager that coordinates the various components working on index definitions parsing and storage - add an IndexDefinitionsEntryHandler that is able to parse Oak index definitions and store them for later use in the IndexManager - add add IndexDefinitionsJsonWriter that ouputs the index definitions in a format known to the oak-run tool - wire the IndexManager to the ContentPackage2FeatureModelConverter and store the discovered index definitions in a feature model extension -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-event] sonarcloud[bot] commented on pull request #17: Fix json output in correct format
sonarcloud[bot] commented on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-event/pull/17#issuecomment-1055396497 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-event&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-event&pullRequest=17&metric=new_coverage&view=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-event&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-event&pullRequest=17&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-event&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-11162) Vulnerabilities stopping us from procuring these libs
[ https://issues.apache.org/jira/browse/SLING-11162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Angela Schreiber resolved SLING-11162. -- Resolution: Incomplete > Vulnerabilities stopping us from procuring these libs > - > > Key: SLING-11162 > URL: https://issues.apache.org/jira/browse/SLING-11162 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Mahidhar Chaluvadi >Priority: Major > > Today we wanted to use latest version of WCM IO Mocks for AEM JUnit Testing, > and our organization denied our request stating there are vulnerabilities in > the dependency chain, and here are the details. Wondering if there is a way > to revise the version including necessary fixes. We are okay to contribute > back to the respective git repo with the required guidance so we dont violate > any standards you may have. > Dependency: MAVEN - > org.apache.sling:org.apache.sling.resourcebuilder:1.0.4:jar > RejectReasons (2) > RejectReason: 2057e68c-41f8-4f57-80fe-54278d93e422 > Type: VULNERABILITY > Name: CVE-2016-0956 > CVSS Score v2: 7.8 > Severity: high > Description: The Servlets Post component 2.3.6 in Apache Sling, > as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote > attackers to obtain sensitive information via unspecified vectors. > RejectReason: 51205845-93e2-4d67-8289-afe4ee35cd65 > Type: VULNERABILITY > Name: CVE-2016-6798 > CVSS Score v2: 7.5 > Severity: high > Description: In the XSS Protection API module before 1.0.12 in > Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to > validate the input string, which allows for XXE attacks in all scripts which > use this method to validate user input, potentially allowing an attacker to > read sensitive data on the filesystem, perform same-site-request-forgery > (SSRF), port-scanning behind the firewall or DoS the application. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SLING-11162) Vulnerabilities stopping us from procuring these libs
[ https://issues.apache.org/jira/browse/SLING-11162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499497#comment-17499497 ] Angela Schreiber commented on SLING-11162: -- hi [~friendlymahi], if i read your report right you are concerned about _WCM IO Mocks for AEM JUnit Testing_ using an old version of Sling XSS API (i.e. < 1.0.12 method XSS.getValidXML() uses an insecure SAX parser to validate the input string). afaik the mentioned library is not part of Apache Sling and I would recommend you reach out to the owners of that library to make sure they use the most recent XSS API. i agree with [~rombert] that there is not too much we can do here. If you have reason to believe that Sling XSS API is vulnerable please report it according to instructions on https://sling.apache.org/project-information/security.html. > Vulnerabilities stopping us from procuring these libs > - > > Key: SLING-11162 > URL: https://issues.apache.org/jira/browse/SLING-11162 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Mahidhar Chaluvadi >Priority: Major > > Today we wanted to use latest version of WCM IO Mocks for AEM JUnit Testing, > and our organization denied our request stating there are vulnerabilities in > the dependency chain, and here are the details. Wondering if there is a way > to revise the version including necessary fixes. We are okay to contribute > back to the respective git repo with the required guidance so we dont violate > any standards you may have. > Dependency: MAVEN - > org.apache.sling:org.apache.sling.resourcebuilder:1.0.4:jar > RejectReasons (2) > RejectReason: 2057e68c-41f8-4f57-80fe-54278d93e422 > Type: VULNERABILITY > Name: CVE-2016-0956 > CVSS Score v2: 7.8 > Severity: high > Description: The Servlets Post component 2.3.6 in Apache Sling, > as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote > attackers to obtain sensitive information via unspecified vectors. > RejectReason: 51205845-93e2-4d67-8289-afe4ee35cd65 > Type: VULNERABILITY > Name: CVE-2016-6798 > CVSS Score v2: 7.5 > Severity: high > Description: In the XSS Protection API module before 1.0.12 in > Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to > validate the input string, which allows for XXE attacks in all scripts which > use this method to validate user input, potentially allowing an attacker to > read sensitive data on the filesystem, perform same-site-request-forgery > (SSRF), port-scanning behind the firewall or DoS the application. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-event] angulito opened a new pull request #17: Fix json output in correct format
angulito opened a new pull request #17:
URL: https://github.com/apache/sling-org-apache-sling-event/pull/17
Currently we are producing a wrong json format
```
{
"queues": [
{
"configuration" :
{
"topics" : "["ref-updater/references", "ref-updater/update",
"ref-updater/delete"]"
}
}
]
}
```
with the current changes it will produce
```
{
"queues": [
{
"configuration" :
{
"topics" : ["ref-updater/references", "ref-updater/update",
"ref-updater/delete"]
}
}
]
}
```
[SLING-11167](https://issues.apache.org/jira/browse/SLING-11167)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Updated] (SLING-11167) Sling jobs inventory printer for json produces invalid json
[
https://issues.apache.org/jira/browse/SLING-11167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Natalia Angulo Herrera updated SLING-11167:
---
Description:
Sling jobs inventory printer for json produces invalid json:
{
"queues": [
{
"configuration" :
{
"topics" : "["ref-updater/references", "ref-updater/update",
"ref-updater/delete"]"
}
}
]
}
where queues.topics is not a valid json format.
was:
Sling jobs inventory printer for json produces invalid json:
{
"queues": [
{
"configuration" : {
"topics" : "["ref-updater/references", "ref-updater/update",
"ref-updater/delete"]"
}]
}
where queues.topics is not a valid json format.
> Sling jobs inventory printer for json produces invalid json
> ---
>
> Key: SLING-11167
> URL: https://issues.apache.org/jira/browse/SLING-11167
> Project: Sling
> Issue Type: Bug
> Components: Feature InventoryPrinters
>Affects Versions: Event 4.2.24
>Reporter: Natalia Angulo Herrera
>Priority: Major
>
> Sling jobs inventory printer for json produces invalid json:
> {
> "queues": [
> {
> "configuration" :
> {
> "topics" : "["ref-updater/references", "ref-updater/update",
> "ref-updater/delete"]"
> }
> }
> ]
> }
> where queues.topics is not a valid json format.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Created] (SLING-11167) Sling jobs inventory printer for json produces invalid json
Natalia Angulo Herrera created SLING-11167:
--
Summary: Sling jobs inventory printer for json produces invalid
json
Key: SLING-11167
URL: https://issues.apache.org/jira/browse/SLING-11167
Project: Sling
Issue Type: Bug
Components: Feature InventoryPrinters
Affects Versions: Event 4.2.24
Reporter: Natalia Angulo Herrera
Sling jobs inventory printer for json produces invalid json:
{
"queues": [
{
"configuration" : {
"topics" : "["ref-updater/references", "ref-updater/update",
"ref-updater/delete"]"
}]
}
where queues.topics is not a valid json format.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499477#comment-17499477
]
Angela Schreiber commented on SLING-11160:
--
[~bdelacretaz], i adjusted the PRs according to the discussion. there is one
thing though that would like to point out to: 'remove ACL' might actually be
confusing itself, because what we actually want to achieve is removal of one or
multiple access control entries and NOT the removal of the access control list
(which in JCR is represented by {{AccessControlManager.removePolicy}} (as
opposite to {{AccessControlManager.setPolicy}}) when the corresponding call in
repo-init is named {{delete ACL}}.
in other words: removing individual access control entries is still part of a
{{AccessControlManager.setPolicy}} call because the associated policy is
written back after removing the entry that's my my original suggestion was
to incorporate it in the 'set ACL' blocks.
i don't have a strong preference but wanted to highlight the fact that it's not
really a remove-acl statement but rather a remove-aces
wdyt?
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-resourceresolver] rombert commented on a change in pull request #50: SLING-10844: ResourceMapper.getMapping() returns null for empty path
rombert commented on a change in pull request #50:
URL:
https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/50#discussion_r816690749
##
File path:
src/test/java/org/apache/sling/resourceresolver/impl/mapping/ResourceMapperImplTest.java
##
@@ -100,7 +104,10 @@ public void prepare() throws LoginException {
ctx.registerInjectActivateService(new
StringInterpolationProviderImpl());
InMemoryResourceProvider resourceProvider = new
InMemoryResourceProvider();
-resourceProvider.putResource("/"); // root
+
+
if(!testName.getMethodName().contains("mapEmptyPathWithUnreadableRoot")) {
Review comment:
I am still interested in finding out how the unreadable root can take
happen. Please describe the scenario in detail - either here, or in the Jira
issue so that we can reproduce it in the Sling Starter. A content package that
works with the Sling Starter would be ideal, but I can also work with "textual"
descriptions.
If this becomes too complicated for this unit testing framework we can
always add an integration test in
https://github.com/apache/sling-org-apache-sling-launchpad-integration-tests .
But first, I want to understand the problem.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] commented on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] commented on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1055307115 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [92.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [26.2% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-repoinit-parser] sonarcloud[bot] removed a comment on pull request #17: SLING-11160 : Repoinit does not allow to remove individual ACEs (parser)
sonarcloud[bot] removed a comment on pull request #17: URL: https://github.com/apache/sling-org-apache-sling-repoinit-parser/pull/17#issuecomment-1050693770 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [89.7% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-repoinit-parser&pullRequest=17&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-11165) Make pipes additional script feature toggleable
[ https://issues.apache.org/jira/browse/SLING-11165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Peltier resolved SLING-11165. - Resolution: Fixed https://github.com/apache/sling-org-apache-sling-pipes/commit/57733a0d9fc02a7071f10faac99836fb266aa128 > Make pipes additional script feature toggleable > --- > > Key: SLING-11165 > URL: https://issues.apache.org/jira/browse/SLING-11165 > Project: Sling > Issue Type: Improvement > Components: pipes >Reporter: Nicolas Peltier >Assignee: Nicolas Peltier >Priority: Major > Fix For: Pipes 4.4.0 > > > some might feel unconfortable with the ability for a given script to depend > on another (remote) script. > To help those :) we could add a toggle that make additional script feature a > toggleable feature -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499384#comment-17499384
]
Bertrand Delacretaz commented on SLING-11160:
-
I agree with your comment on {{remove repository ACL}}, and I think this means
that the grammar will not simply reproduce all {{set ACL}} constructs as
{{remove ACL}} ones.
That will make the grammar a bit more complicated but I think that's fine, as
long as we add all the required test cases to make things clear. And also to
produce good documentation [on the Sling
website|https://sling.apache.org/documentation/bundles/repository-initialization.html#appendix-a-repoinit-syntax-parser-test-scenarios-1],
where the _Repoinit parser test scenarios_ section is generated from the test
cases.
I also agree with your view on {{remove *}}.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-10116) Add Maintenance Job to Starter and CMS
[ https://issues.apache.org/jira/browse/SLING-10116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499379#comment-17499379 ] Robert Munteanu commented on SLING-10116: - Sounds good, thanks [~dklco]! I was only asking since the title of this Jira issue seemed to indicate that the configurations are added as well. > Add Maintenance Job to Starter and CMS > -- > > Key: SLING-10116 > URL: https://issues.apache.org/jira/browse/SLING-10116 > Project: Sling > Issue Type: Sub-task >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > Fix For: Starter 12, App CMS 1.0.2 > > Attachments: screenshot-1.png > > > Add the Maintenance Job bundle to the starter and CMS without the run > configuration (by default). -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Comment Edited] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499369#comment-17499369
]
Angela Schreiber edited comment on SLING-11160 at 3/1/22, 8:05 AM:
---
[~bdelacretaz], I am equally fine with that and will adjust my patches
accordingly.
btw: i don't think that variant
{code}
remove repository ACL for user1,user2
allow jcr:read,jcr:lockManagement
deny jcr:write
end
{code}
is needed as it can be represented as follows:
{code}
remove ACL for user1,user2
allow jcr:read,jcr:lockManagement on :repository
deny jcr:write on :repository
end
{code}
I would also suggest to leave out the _aclOptions_ defined with the setter
methods. they have never been implemented and i don't see need for it.
regarding _remove *_: i would leave that as it is for backwards compatibility
but not adding a corresponding variant to the new remove_acl operations. after
all it's easier to drop the entire policy using _delete acl_ in this case
instead of removing all entries and leaving an empty policy.
was (Author: anchela):
[~bdelacretaz], I am equally fine with that and will adjust my patches
accordingly.
btw: i don't think that variant
{code}
remove repository ACL for user1,user2
allow jcr:read,jcr:lockManagement
deny jcr:write
end
{code}
is needed as it can be represented as follows:
{code}
remove ACL for user1,user2
allow jcr:read,jcr:lockManagement on :repository
deny jcr:write on :repository
end
{code}
I would also suggest to leave out the _aclOptions_ defined with the setter
methods. they have never been implemented and i don't see need for it.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Comment Edited] (SLING-11160) Repoinit does not allow to remove individual ACEs
[
https://issues.apache.org/jira/browse/SLING-11160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499369#comment-17499369
]
Angela Schreiber edited comment on SLING-11160 at 3/1/22, 8:01 AM:
---
[~bdelacretaz], I am equally fine with that and will adjust my patches
accordingly.
btw: i don't think that variant
{code}
remove repository ACL for user1,user2
allow jcr:read,jcr:lockManagement
deny jcr:write
end
{code}
is needed as it can be represented as follows:
{code}
remove ACL for user1,user2
allow jcr:read,jcr:lockManagement on :repository
deny jcr:write on :repository
end
{code}
I would also suggest to leave out the _aclOptions_ defined with the setter
methods. they have never been implemented and i don't see need for it.
was (Author: anchela):
[~bdelacretaz], I am equally fine with that and will adjust my patches
accordingly.
> Repoinit does not allow to remove individual ACEs
> -
>
> Key: SLING-11160
> URL: https://issues.apache.org/jira/browse/SLING-11160
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Reporter: Angela Schreiber
>Assignee: Angela Schreiber
>Priority: Major
> Attachments: SLING-11160-initial-draft.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> With SLING-9090 support for using _REMOVE *_ for all entries at a given path
> or for a given principal has been implemented.
> However as indicated in the same issue the intended usage of _REMOVE
> some-thing-specific_ is not clear.
> What is therefore missing with repo-init is the ability to remove a single
> access control entry that matches
> - prinicipal
> - privileges
> - allow-status
> - single value restriction
> - mv restrictions.
> As far as I can see the biggest issue is the fact that REMOVE vs ALLOW/DENY
> are mutually exclusive as the other params listed above can be extracted from
> a given AclLine in combination with the set-ACL statement.
> This could be fixed by adjusting the following parser method
> {code}
> AclLine privilegesLineOperation() :
> {}
> {
> (
> { return new AclLine(AclLine.Action.REMOVE); }
> | ( { return new AclLine(AclLine.Action.ALLOW); } )
> | ( { return new AclLine(AclLine.Action.DENY); } )
> )
> }
> {code}
> such that
> - REMOVE is optional, followed by
> - ALLOW or DENY
> The {{AclLine}} would then need to be slightly adjusted such that REMOVE can
> be combined with either ALLOW or DENY.
> Otherwise, I don't see how
> {{AccessControlList.removeAccessControlEntry(AccessControlEntry)}} could be
> implemented in org.apache.sling.jcr.repoinit for a single ACE.
> Or maybe the intention was something different in the first place?
> [~bdelacretaz], I would appreciate if you had time to comment on this.
> cc: [~kpauls], [~cziegeler]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
