Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
jsedding merged PR #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-12138) Node Browser page keeps popping up login window
James Raynor created SLING-12138: Summary: Node Browser page keeps popping up login window Key: SLING-12138 URL: https://issues.apache.org/jira/browse/SLING-12138 Project: Sling Issue Type: Bug Components: App CMS Affects Versions: App CMS 1.1.8 Reporter: James Raynor Attachments: 2023-11-10--15-15-59.jpg When I open the Nobe Browser page, there is a login popup, and I can't stop it from popping up. You can only click cancel to skip it. [http://localhost:8080/bin/browser.html] This was normal in previous versions. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
jsedding commented on PR #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#issuecomment-1805221195 @anchela in order to clear your "changes request" status from the PR, I clicked the "re-request review" icon. Should have done that yesterday, before you reviewed again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
jsedding commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1389007296
##
src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java:
##
@@ -174,9 +173,26 @@ private static void setAcl(Session session, List
principals, String jcrP
}
}
-public static void setRepositoryAcl(Session session, List
principals, List privileges, boolean isAllow, List
restrictionClauses)
- throws RepositoryException {
-setAcl(session, principals, (String)null, privileges, isAllow,
restrictionClauses);
+@NotNull
+private static Principal getPrincipal(Session session, String name,
boolean ignoreMissingPrincipal) throws RepositoryException {
+Principal principal = AccessControlUtils.getPrincipal(session, name);
+if (principal == null) {
+// backwards compatibility: fallback to original code treating
principal name as authorizable ID (see SLING-8604)
+final Authorizable authorizable =
UserUtil.getAuthorizable(session, name);
+if (!ignoreMissingPrincipal) {
Review Comment:
I prefer it the way it is. Granted, the condition _is_ probably harder to
read and understand with what is effectively a double negation. For me, having
what I consider to be the default code-path first, makes reading the code
easier again. But I can totally see that there's a good argument to be made for
both ways.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (SLING-12026) Check for implementation/extension of provider types
[ https://issues.apache.org/jira/browse/SLING-12026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784682#comment-17784682 ] Carsten Ziegeler commented on SLING-12026: -- I wasn't thinking of anything particular. maybe a bnd plugin is the easiest and right place to do, it basically has the context as it can only check the current bundle. > Check for implementation/extension of provider types > > > Key: SLING-12026 > URL: https://issues.apache.org/jira/browse/SLING-12026 > Project: Sling > Issue Type: New Feature > Components: Feature Model Analyser >Affects Versions: Feature Model Analyser 2.0.0 >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > > OSGi distinguishes between > [consumer|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ConsumerType.html] > and > [provider|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ProviderType.html] > types (either interfaces or classes). > Some bundles/features are only supposed to implement/extend consumer types in > order to be more stable against API changes. There should be a feature model > analyser enforcing this. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
rombert commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388291023
##
src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java:
##
@@ -174,9 +173,26 @@ private static void setAcl(Session session, List
principals, String jcrP
}
}
-public static void setRepositoryAcl(Session session, List
principals, List privileges, boolean isAllow, List
restrictionClauses)
- throws RepositoryException {
-setAcl(session, principals, (String)null, privileges, isAllow,
restrictionClauses);
+@NotNull
+private static Principal getPrincipal(Session session, String name,
boolean ignoreMissingPrincipal) throws RepositoryException {
+Principal principal = AccessControlUtils.getPrincipal(session, name);
+if (principal == null) {
+// backwards compatibility: fallback to original code treating
principal name as authorizable ID (see SLING-8604)
+final Authorizable authorizable =
UserUtil.getAuthorizable(session, name);
+if (!ignoreMissingPrincipal) {
Review Comment:
Nit: I would remove the double negation and write the statement as
if ( ignoreMissingPrincipal ) {
...
} else {
...
}
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
jsedding commented on PR #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#issuecomment-1804022381 Thank you for your reviews, @anchela! Addressing the points you raised forced me to look at all the details again, and I believe the result is an improvement over the previous state. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
jsedding commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388150998
##
src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java:
##
@@ -270,9 +270,9 @@ private void verifyRegisterNamespace(String username,
String prefix, String uri,
try {
userSession = U.loginService(username);
userSession.getWorkspace().getNamespaceRegistry().registerNamespace(prefix,
uri);
-assertTrue("Register namespace succeeded " + prefix + uri,
successExpected);
+assertTrue("Register namespace succeeded " + prefix + " " + uri,
successExpected);
} catch (RepositoryException e) {
-assertTrue("Error registering namespace " + prefix + uri + " " +
e.getMessage(), !successExpected);
+assertFalse("Error registering namespace " + prefix + " " + uri +
" " + e.getMessage(), successExpected);
Review Comment:
Yes, I fully agree. The diff should focus on the issue at hand. FYI, I
reverted this change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (SLING-12131) Update sling-parent pom.xml to include JUnit5 dependencies
[ https://issues.apache.org/jira/browse/SLING-12131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784482#comment-17784482 ] Rob McDougall commented on SLING-12131: --- OK, will do. Thanks for the pointers. > Update sling-parent pom.xml to include JUnit5 dependencies > -- > > Key: SLING-12131 > URL: https://issues.apache.org/jira/browse/SLING-12131 > Project: Sling > Issue Type: Task >Reporter: Rob McDougall >Priority: Major > > JUnit4 is in maintenance mode (no updates in the last 2 years and then only > security fixes). I think updating projects to JUnit5 should be encouraged. > I am thinking this should be a relatively easy change of adding the > junit-jupiter and junit-vintage-engine into the Dependency Management section > of the sling-parent. > Once this is done, individual projects could switch to the vintage-engine (at > the very least) or move to jupiter by switching the dependency in their > project pom. > Some day down the road, the JUnit 4 dependencies could be removed. Projects > that have not updated to JUnit5 (vintage or jupiter) by that time are likely > no longer maintained. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Updated Hamcrest version to 2.2 [sling-org-apache-sling-testing-hamcrest]
rombert commented on PR #2: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/2#issuecomment-1803933132 All good, thanks for the contribution! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Updated Hamcrest version to 2.2 [sling-org-apache-sling-testing-hamcrest]
rmcdouga commented on PR #2: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/2#issuecomment-1803926586 Thank you for doing that and walking me through the process. I will structure my commit comments like that in the future. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12137 - XSS API bundle no longer embeds the needed org.owasp.html classes [sling-org-apache-sling-xss]
sonarcloud[bot] commented on PR #40: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/40#issuecomment-1803869680 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-xss=40) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=40=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=40=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=40=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=40=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=40=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=40=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12137 - XSS API bundle no longer embeds the needed org.owasp.html classes [sling-org-apache-sling-xss]
rombert commented on PR #40: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/40#issuecomment-1803866476 Manual checks for the generated jar ``` $ jar tf target/org.apache.sling.xss-2.3.11-SNAPSHOT.jar | grep -E -c 'owasp/html/.*.class' 117 $ jar tf target/org.apache.sling.xss-2.3.11-SNAPSHOT.jar | grep -E -c 'owasp/encoder/.*.class' 0 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-12137) XSS API bundle no longer embeds the needed org.owasp.html classes
[
https://issues.apache.org/jira/browse/SLING-12137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-12137:
Priority: Critical (was: Major)
> XSS API bundle no longer embeds the needed org.owasp.html classes
> -
>
> Key: SLING-12137
> URL: https://issues.apache.org/jira/browse/SLING-12137
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
>Reporter: Robert Munteanu
>Assignee: Robert Munteanu
>Priority: Critical
> Fix For: XSS Protection API 2.3.12
>
>
> This manifests itself at runtime
> {noformat}09.11.2023 14:26:57.444 *ERROR* [FelixLogListener]
> org.apache.sling.xss.impl.XSSFilterImpl bundle
> org.apache.sling.xss:2.3.11.SNAPSHOT
> (148)[org.apache.sling.xss.impl.XSSFilterImpl(223)] : The activate method has
> thrown an exception (org.apache.felix.log.LogException:
> java.lang.NoClassDefFoundError: org/owasp/html/HtmlStreamEventReceiver)
> org.apache.felix.log.LogException: java.lang.NoClassDefFoundError:
> org/owasp/html/HtmlStreamEventReceiver
> at
> org.apache.sling.xss.impl.PolicyHandler.(PolicyHandler.java:47)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> at
> org.apache.sling.xss.impl.XSSFilterImpl.setActiveEmbededPolicy(XSSFilterImpl.java:311)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> at
> org.apache.sling.xss.impl.XSSFilterImpl.updatePolicy(XSSFilterImpl.java:298)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> at
> org.apache.sling.xss.impl.XSSFilterImpl.activate(XSSFilterImpl.java:267)
> [org.apache.sling.xss:2.3.11.SNAPSHOT]
> {noformat}
> Manually inspecting the jars shows that we don't have the org.owasp.html
> classes we used to embed
> {noformat}
> $ jar tf target/org.apache.sling.xss-2.3.11-SNAPSHOT.jar | grep owasp/html
> org/owasp/html/
> org/owasp/html/DynamicAttributesSanitizerPolicy.class
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[PR] SLING-12137 - XSS API bundle no longer embeds the needed org.owasp.ht… [sling-org-apache-sling-xss]
rombert opened a new pull request, #40: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/40 …ml classes Mark org.owasp.html as a private-package so that it is included in the jar file. Use 'merge-first' since we provide classes in our own project. We don't overwrite anything, but this is the more desireable outcome. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
anchela commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388024166
##
src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java:
##
@@ -270,9 +270,9 @@ private void verifyRegisterNamespace(String username,
String prefix, String uri,
try {
userSession = U.loginService(username);
userSession.getWorkspace().getNamespaceRegistry().registerNamespace(prefix,
uri);
-assertTrue("Register namespace succeeded " + prefix + uri,
successExpected);
+assertTrue("Register namespace succeeded " + prefix + " " + uri,
successExpected);
} catch (RepositoryException e) {
-assertTrue("Error registering namespace " + prefix + uri + " " +
e.getMessage(), !successExpected);
+assertFalse("Error registering namespace " + prefix + " " + uri +
" " + e.getMessage(), successExpected);
Review Comment:
but unrelated to the task at hand, right?
i really would like changes to a particular bug or improvement to be limited
to the task at hand for me just looking at the diff it's just harder to
figure out why something was change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] SLING-12123 - Unexpected new requirements for the XSS bundle [sling-org-apache-sling-xss]
sonarcloud[bot] commented on PR #39: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/39#issuecomment-1803855483 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-xss=39) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=39=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=39=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=39=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=39=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=39=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=39=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
anchela commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388016165
##
src/main/java/org/apache/sling/jcr/repoinit/impl/DoNothingVisitor.java:
##
@@ -66,7 +66,7 @@ protected DoNothingVisitor(Session s) {
session = s;
}
-protected void report(Exception e, String message) {
+protected static void report(Exception e, String message) {
Review Comment:
i see
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
anchela commented on code in PR #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388015841 ## src/main/java/org/apache/sling/jcr/repoinit/impl/AclVisitor.java: ## Review Comment: @jsedding , those are all valid points... it's just that i don't have the bandwidths to review it. too many reviews piling up. i don't insist that you revert it and i see the benefit of improving the repoinit code but i would love someone else to take a look and verify that the result is equivalent. maybe @kwin , @cziegeler or @rombert can jump in here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-12137) XSS API bundle no longer embeds the needed org.owasp.html classes
Robert Munteanu created SLING-12137:
---
Summary: XSS API bundle no longer embeds the needed org.owasp.html
classes
Key: SLING-12137
URL: https://issues.apache.org/jira/browse/SLING-12137
Project: Sling
Issue Type: Bug
Components: XSS Protection API
Reporter: Robert Munteanu
Assignee: Robert Munteanu
Fix For: XSS Protection API 2.3.12
This manifests itself at runtime
{noformat}09.11.2023 14:26:57.444 *ERROR* [FelixLogListener]
org.apache.sling.xss.impl.XSSFilterImpl bundle
org.apache.sling.xss:2.3.11.SNAPSHOT
(148)[org.apache.sling.xss.impl.XSSFilterImpl(223)] : The activate method has
thrown an exception (org.apache.felix.log.LogException:
java.lang.NoClassDefFoundError: org/owasp/html/HtmlStreamEventReceiver)
org.apache.felix.log.LogException: java.lang.NoClassDefFoundError:
org/owasp/html/HtmlStreamEventReceiver
at
org.apache.sling.xss.impl.PolicyHandler.(PolicyHandler.java:47)
[org.apache.sling.xss:2.3.11.SNAPSHOT]
at
org.apache.sling.xss.impl.XSSFilterImpl.setActiveEmbededPolicy(XSSFilterImpl.java:311)
[org.apache.sling.xss:2.3.11.SNAPSHOT]
at
org.apache.sling.xss.impl.XSSFilterImpl.updatePolicy(XSSFilterImpl.java:298)
[org.apache.sling.xss:2.3.11.SNAPSHOT]
at
org.apache.sling.xss.impl.XSSFilterImpl.activate(XSSFilterImpl.java:267)
[org.apache.sling.xss:2.3.11.SNAPSHOT]
{noformat}
Manually inspecting the jars shows that we don't have the org.owasp.html
classes we used to embed
{noformat}
$ jar tf target/org.apache.sling.xss-2.3.11-SNAPSHOT.jar | grep owasp/html
org/owasp/html/
org/owasp/html/DynamicAttributesSanitizerPolicy.class
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
anchela commented on code in PR #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388010901 ## src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java: ## @@ -420,7 +419,7 @@ private static boolean isValidPath(@NotNull Session session, @Nullable String jc /** * * @param acMgr the access control manager - * @param principal the principal + * @param path the path Review Comment: don;t get me wrong. i am all for cleaning up code and actively maintaining it... but i would love this to happen with a separate PR. such that we can really track what has changed and why. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
anchela commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388009498
##
src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java:
##
@@ -152,7 +154,9 @@ private static void setAcl(Session session, List
principals, String jcrP
boolean changed = false;
for (String name : principals) {
-Principal principal = AccessControlUtils.getPrincipal(session,
name);
+Principal principal = options.contains("ignoreMissingPrincipal")
Review Comment:
lgtm now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
anchela commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1388008517
##
src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java:
##
@@ -156,8 +156,11 @@ private static void setAcl(Session session, List
principals, String jcrP
if (principal == null) {
// backwards compatibility: fallback to original code treating
principal name as authorizable ID (see SLING-8604)
final Authorizable authorizable =
UserUtil.getAuthorizable(session, name);
-checkState(authorizable != null, "Authorizable not found:
{0}", name);
-principal = authorizable.getPrincipal();
+if (authorizable != null) {
+principal = authorizable.getPrincipal();
+} else {
+principal = () -> name;
Review Comment:
yes, i agree
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (SLING-12026) Check for implementation/extension of provider types
[ https://issues.apache.org/jira/browse/SLING-12026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784456#comment-17784456 ] Konrad Windszus commented on SLING-12026: - Are you referring to a specific Maven plugin where this could be easily done? I was more thinking about implementing a [bnd plugin|https://bnd.bndtools.org/chapters/870-plugins.html]. When using in the analyser you indeed need to distinguish between privileged and non-privileged bundles. But usually this is achieved by building separate features and only merging them afterwards (compare with https://github.com/adobe/aemanalyser-maven-plugin/blob/d2b7b530fb1ac8b0280c6c33560adedbcdb580f2/aemanalyser-core/src/main/java/com/adobe/aem/analyser/AemAnalyser.java#L70). What is the feature extension with name "api-jars-config" (https://github.com/apache/sling-org-apache-sling-feature-analyser/blob/e72bc7979b7d3de57dc538815fb7ef9fd27fb1d3/src/main/java/org/apache/sling/feature/analyser/task/impl/CheckApisJarsProperties.java#L65) referring to. Can that be used/extended somehow? > Check for implementation/extension of provider types > > > Key: SLING-12026 > URL: https://issues.apache.org/jira/browse/SLING-12026 > Project: Sling > Issue Type: New Feature > Components: Feature Model Analyser >Affects Versions: Feature Model Analyser 2.0.0 >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > > OSGi distinguishes between > [consumer|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ConsumerType.html] > and > [provider|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ProviderType.html] > types (either interfaces or classes). > Some bundles/features are only supposed to implement/extend consumer types in > order to be more stable against API changes. There should be a feature model > analyser enforcing this. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[Jenkins] Sling » Modules » sling-org-apache-sling-starter » master #1119 is FIXED
Please see https://ci-builds.apache.org/job/Sling/job/modules/job/sling-org-apache-sling-starter/job/master/1119/ for details. No further emails will be sent until the status of the build is changed.
[jira] [Resolved] (SLING-12136) MapUtil.toMap infinite loop for Dictionary arguments
[ https://issues.apache.org/jira/browse/SLING-12136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-12136. - Resolution: Fixed Fix applied, thanks [~RobMcDougall]! > MapUtil.toMap infinite loop for Dictionary arguments > > > Key: SLING-12136 > URL: https://issues.apache.org/jira/browse/SLING-12136 > Project: Sling > Issue Type: Task >Reporter: Rob McDougall >Assignee: Rob McDougall >Priority: Major > Fix For: Testing Hamcrest 1.0.4 > > > MapUtil.toLoop causes an infinite loop in case an object that implements > Dictionary but not Map is passed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (SLING-12130) Update Apache Sling Hamcrest Matchers to use latest version of Hamcrest libraries
[ https://issues.apache.org/jira/browse/SLING-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-12130. - Resolution: Fixed Fixed applied, thanks [~RobMcDougall]! > Update Apache Sling Hamcrest Matchers to use latest version of Hamcrest > libraries > - > > Key: SLING-12130 > URL: https://issues.apache.org/jira/browse/SLING-12130 > Project: Sling > Issue Type: Task >Reporter: Rob McDougall >Assignee: Rob McDougall >Priority: Major > Fix For: Testing Hamcrest 1.0.4 > > > The Apache Sling Hamcrest Matchers use hamcrest-library 1.3 > ([here|[https://github.com/apache/sling-org-apache-sling-testing-hamcrest/blob/master/pom.xml]).] > This version is circa 2012. The latest (2.2) is from 2019 ([as shown > here|[https://central.sonatype.com/artifact/org.hamcrest/hamcrest-core/versions]).] > > Is it OK if I make a PR to update to the latest version? -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Updated Hamcrest version to 2.2 [sling-org-apache-sling-testing-hamcrest]
rombert merged PR #2: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/2 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (SLING-12123) Unexpected new requirements for the XSS bundle
[ https://issues.apache.org/jira/browse/SLING-12123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu reassigned SLING-12123: --- Assignee: Robert Munteanu > Unexpected new requirements for the XSS bundle > -- > > Key: SLING-12123 > URL: https://issues.apache.org/jira/browse/SLING-12123 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Critical > Fix For: XSS Protection API 2.3.12 > > > With the 2.3.10 release candidate: > [ERROR] [bundle-packages] org.apache.sling:org.apache.sling.xss:2.3.10: > Bundle is importing packages [javax.annotation.meta, android.os] with start > order 20 but no bundle is exporting these for that start order. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Updated Hamcrest version to 2.2 [sling-org-apache-sling-testing-hamcrest]
sonarcloud[bot] commented on PR #2: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/2#issuecomment-1803763338 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-hamcrest=2) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-hamcrest=2=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-hamcrest=2=new_coverage=list) [85.7% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-hamcrest=2=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-hamcrest=2=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-hamcrest=2=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-12136) MapUtil.toMap infinite loop for Dictionary arguments
[ https://issues.apache.org/jira/browse/SLING-12136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-12136: Description: MapUtil.toLoop causes an infinite loop in case an object that implements Dictionary but not Map is passed. (was: The Apache Sling Hamcrest Matchers use hamcrest-library 1.3 ([here|[https://github.com/apache/sling-org-apache-sling-testing-hamcrest/blob/master/pom.xml]).] This version is circa 2012. The latest (2.2) is from 2019 ([as shown here|[https://central.sonatype.com/artifact/org.hamcrest/hamcrest-core/versions]).] Is it OK if I make a PR to update to the latest version?) > MapUtil.toMap infinite loop for Dictionary arguments > > > Key: SLING-12136 > URL: https://issues.apache.org/jira/browse/SLING-12136 > Project: Sling > Issue Type: Task >Reporter: Rob McDougall >Assignee: Rob McDougall >Priority: Major > Fix For: Testing Hamcrest 1.0.4 > > > MapUtil.toLoop causes an infinite loop in case an object that implements > Dictionary but not Map is passed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12136) MapUtil.toMap infinite loop for Dictionary arguments
Robert Munteanu created SLING-12136: --- Summary: MapUtil.toMap infinite loop for Dictionary arguments Key: SLING-12136 URL: https://issues.apache.org/jira/browse/SLING-12136 Project: Sling Issue Type: Task Reporter: Rob McDougall Assignee: Rob McDougall Fix For: Testing Hamcrest 1.0.4 The Apache Sling Hamcrest Matchers use hamcrest-library 1.3 ([here|[https://github.com/apache/sling-org-apache-sling-testing-hamcrest/blob/master/pom.xml]).] This version is circa 2012. The latest (2.2) is from 2019 ([as shown here|[https://central.sonatype.com/artifact/org.hamcrest/hamcrest-core/versions]).] Is it OK if I make a PR to update to the latest version? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (SLING-12130) Update Apache Sling Hamcrest Matchers to use latest version of Hamcrest libraries
[ https://issues.apache.org/jira/browse/SLING-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu reassigned SLING-12130: --- Assignee: Rob McDougall > Update Apache Sling Hamcrest Matchers to use latest version of Hamcrest > libraries > - > > Key: SLING-12130 > URL: https://issues.apache.org/jira/browse/SLING-12130 > Project: Sling > Issue Type: Task >Reporter: Rob McDougall >Assignee: Rob McDougall >Priority: Major > Fix For: Testing Hamcrest 1.0.4 > > > The Apache Sling Hamcrest Matchers use hamcrest-library 1.3 > ([here|[https://github.com/apache/sling-org-apache-sling-testing-hamcrest/blob/master/pom.xml]).] > This version is circa 2012. The latest (2.2) is from 2019 ([as shown > here|[https://central.sonatype.com/artifact/org.hamcrest/hamcrest-core/versions]).] > > Is it OK if I make a PR to update to the latest version? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (SLING-12026) Check for implementation/extension of provider types
[ https://issues.apache.org/jira/browse/SLING-12026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784410#comment-17784410 ] Carsten Ziegeler edited comment on SLING-12026 at 11/9/23 12:16 PM: I don't have a good idea; I have the feeling that the feature analyser is probably the wrong place to do this check. It could be easily done in the maven plugin by checking the dependencies for the provider list files Even with SLING-12084 implemented (adding that info to the feature model), the analyser can not distinguish between bundles where it might be allowed to implement a provider type and a bundle where it is not allowed. So I think that logic needs to be somewhere else where more context is available. was (Author: cziegeler): I don't have a good idea; I have the feeling that the feature analyser is probably the wrong place to do this check. It could be easily done in the maven plugin by checking the dependencies for the provider list files > Check for implementation/extension of provider types > > > Key: SLING-12026 > URL: https://issues.apache.org/jira/browse/SLING-12026 > Project: Sling > Issue Type: New Feature > Components: Feature Model Analyser >Affects Versions: Feature Model Analyser 2.0.0 >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > > OSGi distinguishes between > [consumer|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ConsumerType.html] > and > [provider|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ProviderType.html] > types (either interfaces or classes). > Some bundles/features are only supposed to implement/extend consumer types in > order to be more stable against API changes. There should be a feature model > analyser enforcing this. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
sonarcloud[bot] commented on PR #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#issuecomment-1803721129 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-repoinit=45) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_coverage=list) [87.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[Jenkins] Sling » Modules » sling-org-apache-sling-starter » master #1120 is BROKEN
Please see
https://ci-builds.apache.org/job/Sling/job/modules/job/sling-org-apache-sling-starter/job/master/1120/
for details.
No further emails will be sent until the status of the build is changed.
Build log follows below:
[...truncated 28903 lines...]
@media (min-width: 48em) {
.Home-Grid .Gradient {
flex: 0 0 16px;
height: auto
}
.Home-Grid .Logos {
padding: 6%
}
.Home-Grid #sling-logo {
margin-bottom: 180px
}
}
.Home-Grid #asf-logo {
display: block
}
.Home-Grid .Main-Content {
padding: 0 16px
}
@media (min-width: 48em) {
.Home-Grid .Main-Content {
padding: 0 16px 0 0
}
}
@media (min-width: 62em) {
.Home-Grid .Main-Content {
padding: 0
}
}
.Home-Grid ul {
margin: 0 0 1em;
padding: 0;
list-style: none
}
https://sling.apache.org; target="_blank" rel="noopener"
id="sling-logo" title="Visit the Apache Sling website">
https://apache.org; target="_blank" rel="noopener"
id="asf-logo" title="Visit the Apache Software Foundation website">
Apache Sling is starting up
To get started with Sling, see our https://sling.apache.org/; target="_blank"
title="Visit the
Apache Sling website">website
or the https://sling.apache.org/site/discover-sling-in-15-minutes.html;
target="_blank">Sling in 15 minutes
tutorial.
Resources
Reference
https://sling.apache.org/apidocs/sling12/index.html; target="_blank"
rel="noopener" title="Visit the Apache Sling Javadocs">API
Documentation
https://sling.apache.org/project-information.html#mailing-lists;
target="_blank" rel="noopener"
title="View available Apache Sling mailing
lists">Mailing Lists
https://sling.apache.org/documentation/tutorials-how-tos.html;
target="_blank" rel="noopener"
title="View Apache Sling Developer
Tutorials">Tutorials
https://github.com/apache?utf8=%E2%9C%93=sling-=source;
target="_blank" rel="noopener"
title="View the Apache Sling source code on
Github">Source Code
https://github.com/apache/sling-samples;
target="_blank" rel="noopener"
title="View Apache Sling sample applications on
Github">Sample Applications
) expected:<200> but was:<503>
[ERROR] Errors:
[ERROR] ForwardTest.setUp:57 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] ForwardTest.setUp:57 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] ForwardTest.setUp:57 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] ForwardTest.setUp:57 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] ForwardTest.setUp:57 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] GeneratedNodeNameTest.testCollision:84 » HttpStatusCode Expected
status code 3...
[ERROR] GeneratedNodeNameTest.testNoParams:92 » HttpStatusCode Expected
status code 30...
[ERROR] GeneratedNodeNameTest.testSlingPostNodeNameHintParam:65 »
HttpStatusCode Expec...
[ERROR] GeneratedNodeNameTest.testSlingPostNodeNameParam:57 » HttpStatusCode
Expected ...
[ERROR] GeneratedNodeNameTest.testTitle:49 » HttpStatusCode Expected status
code 302 f...
[ERROR] GeneratedNodeNameTest.testTitleWithSavePrefix:74 » HttpStatusCode
Expected sta...
[ERROR] GetWithSuffixTest.setUp:42 » HttpStatusCode Expected status code 302
for POST,...
[ERROR] GetWithSuffixTest.setUp:42 » HttpStatusCode Expected status code 302
for POST,...
[ERROR] GetWithSuffixTest.setUp:42 » HttpStatusCode Expected status code 302
for POST,...
[ERROR] GetWithSuffixTest.setUp:42 » HttpStatusCode Expected status code 302
for POST,...
[ERROR]
ImmediateScriptActivationTest.setUp:33->AbstractSlingResourceTypeRenderingTest.setUp:47
» HttpStatusCode
[ERROR]
ImmediateScriptActivationTest.setUp:33->AbstractSlingResourceTypeRenderingTest.setUp:47
» HttpStatusCode
[ERROR] IncludeTest.setUp:55 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] IncludeTest.setUp:55 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] IncludeTest.setUp:55 » HttpStatusCode Expected status code 302 for
POST, got 5...
[ERROR] IncludeTest.setUp:55 »
[jira] [Commented] (SLING-12026) Check for implementation/extension of provider types
[ https://issues.apache.org/jira/browse/SLING-12026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784410#comment-17784410 ] Carsten Ziegeler commented on SLING-12026: -- I don't have a good idea; I have the feeling that the feature analyser is probably the wrong place to do this check. It could be easily done in the maven plugin by checking the dependencies for the provider list files > Check for implementation/extension of provider types > > > Key: SLING-12026 > URL: https://issues.apache.org/jira/browse/SLING-12026 > Project: Sling > Issue Type: New Feature > Components: Feature Model Analyser >Affects Versions: Feature Model Analyser 2.0.0 >Reporter: Konrad Windszus >Assignee: Konrad Windszus >Priority: Major > > OSGi distinguishes between > [consumer|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ConsumerType.html] > and > [provider|https://docs.osgi.org/javadoc/osgi.annotation/7.0.0/org/osgi/annotation/versioning/ProviderType.html] > types (either interfaces or classes). > Some bundles/features are only supposed to implement/extend consumer types in > order to be more stable against API changes. There should be a feature model > analyser enforcing this. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-12135) Expose provider types in apis jar
[
https://issues.apache.org/jira/browse/SLING-12135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784385#comment-17784385
]
Konrad Windszus commented on SLING-12135:
-
Just FTR:
Each line in {{provider-types.txt}} contains one FQCN.
The line separator is platform dependent.
> Expose provider types in apis jar
> -
>
> Key: SLING-12135
> URL: https://issues.apache.org/jira/browse/SLING-12135
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model, Maven Plugins and Archetypes
>Affects Versions: slingfeature-maven-plugin 1.6.8
>Reporter: Konrad Windszus
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: OSGi Feature Maven Plugin 1.8.0
>
>
> In order to be able to check whether provider type interfaces of an API are
> implemented, the apis goal should add the info about provider type interfaces
> to the binary apis jar.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (SLING-12084) Expose provider types in feature model
[ https://issues.apache.org/jira/browse/SLING-12084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Konrad Windszus resolved SLING-12084. - Resolution: Won't Fix [~cziegeler] Thanks, that should work fine as well for SLING-12026. > Expose provider types in feature model > -- > > Key: SLING-12084 > URL: https://issues.apache.org/jira/browse/SLING-12084 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Priority: Major > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-12084) Expose provider types in feature model
[ https://issues.apache.org/jira/browse/SLING-12084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784373#comment-17784373 ] Carsten Ziegeler commented on SLING-12084: -- I've added a similar functionality which adds the info to the apis jar: SLING-12135 > Expose provider types in feature model > -- > > Key: SLING-12084 > URL: https://issues.apache.org/jira/browse/SLING-12084 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Priority: Major > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (SLING-12084) Expose provider types in feature model
[ https://issues.apache.org/jira/browse/SLING-12084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler reassigned SLING-12084: Assignee: (was: Carsten Ziegeler) > Expose provider types in feature model > -- > > Key: SLING-12084 > URL: https://issues.apache.org/jira/browse/SLING-12084 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Priority: Major > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12135) Expose provider types in apis jar
[ https://issues.apache.org/jira/browse/SLING-12135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-12135: - Description: In order to be able to check whether provider type interfaces of an API are implemented, the apis goal should add the info about provider type interfaces to the binary apis jar. (was: In order to ease implementing the analyser task SLING-12026 all provider types should be listed in the feature model. The slingfeature-maven-plugin should be extended to automatically maintain this information from the underlying bundle classes of the feature. ) > Expose provider types in apis jar > - > > Key: SLING-12135 > URL: https://issues.apache.org/jira/browse/SLING-12135 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Assignee: Carsten Ziegeler >Priority: Major > Fix For: OSGi Feature Maven Plugin 1.8.0 > > > In order to be able to check whether provider type interfaces of an API are > implemented, the apis goal should add the info about provider type interfaces > to the binary apis jar. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-12135) Expose provider types in apis jar
[ https://issues.apache.org/jira/browse/SLING-12135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17784371#comment-17784371 ] Carsten Ziegeler commented on SLING-12135: -- The list of provider types is added to the apis jar in META-INF/provider-types.txt https://github.com/apache/sling-slingfeature-maven-plugin/commit/96ed3a18bd1b10111f5c92a9046fff19a9f7b7a8 > Expose provider types in apis jar > - > > Key: SLING-12135 > URL: https://issues.apache.org/jira/browse/SLING-12135 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Assignee: Carsten Ziegeler >Priority: Major > Fix For: OSGi Feature Maven Plugin 1.8.0 > > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12135) Expose provider types in apis jar
Carsten Ziegeler created SLING-12135: Summary: Expose provider types in apis jar Key: SLING-12135 URL: https://issues.apache.org/jira/browse/SLING-12135 Project: Sling Issue Type: Improvement Components: Feature Model, Maven Plugins and Archetypes Affects Versions: slingfeature-maven-plugin 1.6.8 Reporter: Konrad Windszus Assignee: Carsten Ziegeler In order to ease implementing the analyser task SLING-12026 all provider types should be listed in the feature model. The slingfeature-maven-plugin should be extended to automatically maintain this information from the underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12084) Expose provider types in feature model
[ https://issues.apache.org/jira/browse/SLING-12084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-12084: - Fix Version/s: (was: OSGi Feature Maven Plugin 1.8.0) > Expose provider types in feature model > -- > > Key: SLING-12084 > URL: https://issues.apache.org/jira/browse/SLING-12084 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Assignee: Carsten Ziegeler >Priority: Major > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12135) Expose provider types in apis jar
[ https://issues.apache.org/jira/browse/SLING-12135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-12135: - Fix Version/s: OSGi Feature Maven Plugin 1.8.0 > Expose provider types in apis jar > - > > Key: SLING-12135 > URL: https://issues.apache.org/jira/browse/SLING-12135 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Assignee: Carsten Ziegeler >Priority: Major > Fix For: OSGi Feature Maven Plugin 1.8.0 > > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12084) Expose provider types in feature model
[ https://issues.apache.org/jira/browse/SLING-12084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-12084: - Fix Version/s: OSGi Feature Maven Plugin 1.7.6 > Expose provider types in feature model > -- > > Key: SLING-12084 > URL: https://issues.apache.org/jira/browse/SLING-12084 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Assignee: Carsten Ziegeler >Priority: Major > Fix For: OSGi Feature Maven Plugin 1.7.6 > > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12084) Expose provider types in feature model
[ https://issues.apache.org/jira/browse/SLING-12084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-12084: - Component/s: Maven Plugins and Archetypes > Expose provider types in feature model > -- > > Key: SLING-12084 > URL: https://issues.apache.org/jira/browse/SLING-12084 > Project: Sling > Issue Type: Improvement > Components: Feature Model, Maven Plugins and Archetypes >Affects Versions: slingfeature-maven-plugin 1.6.8 >Reporter: Konrad Windszus >Assignee: Carsten Ziegeler >Priority: Major > > In order to ease implementing the analyser task SLING-12026 all provider > types should be listed in the feature model. The slingfeature-maven-plugin > should be extended to automatically maintain this information from the > underlying bundle classes of the feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12124 - Inconsistent handling of empty selectors [sling-org-apache-sling-engine]
cziegeler commented on code in PR #40:
URL:
https://github.com/apache/sling-org-apache-sling-engine/pull/40#discussion_r1387629421
##
src/main/java/org/apache/sling/engine/impl/request/RequestData.java:
##
@@ -507,7 +507,12 @@ public static void service(SlingHttpServletRequest request,
SlingHttpServletResponse response) throws IOException,
ServletException {
-if (!isValidRequest(request.getRequestPathInfo().getResourcePath(),
request.getRequestPathInfo().getSelectors())) {
+final String selectorString =
request.getRequestPathInfo().getSelectorString();
+String[] selectors = selectorString == null ?
+
getRawSelectors(request.getResource().getResourceMetadata().getResolutionPathInfo())
+: request.getRequestPathInfo().getSelectors();
+
+if (!isValidRequest(request.getRequestPathInfo().getResourcePath(),
selectors)) {
Review Comment:
This looks good. How about moving this code into isValidRequest and only
pass the RequestPathInfo into that method (I think you can replace
request.getResource()...getResolutionPathInfo() with
RequestPathInfo.getResourcePath()) ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
