cziegeler closed pull request #6: SLING-3524: Allow distinguishing cloning from
normal login in providers.
URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/6
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/pom.xml b/pom.xml
index 2d9af60..b2094b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -110,7 +110,7 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.api</artifactId>
- <version>2.18.0</version>
+ <version>2.18.1-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git
a/src/main/java/org/apache/sling/resourceresolver/impl/CommonResourceResolverFactoryImpl.java
b/src/main/java/org/apache/sling/resourceresolver/impl/CommonResourceResolverFactoryImpl.java
index 8cef27d..11c6b24 100644
---
a/src/main/java/org/apache/sling/resourceresolver/impl/CommonResourceResolverFactoryImpl.java
+++
b/src/main/java/org/apache/sling/resourceresolver/impl/CommonResourceResolverFactoryImpl.java
@@ -62,6 +62,8 @@
private static final Logger LOG =
LoggerFactory.getLogger(CommonResourceResolverFactoryImpl.class);
+ private static final String[] FORBIDDEN_AUTH_INFO_KEYS =
{ResourceProvider.AUTH_CLONE};
+
/** Helper for the resource resolver. */
private MapEntriesHandler mapEntries = MapEntriesHandler.EMPTY;
@@ -129,6 +131,32 @@ public void run() {
}
// ---------- Resource Resolver Factory
------------------------------------
+
+ /**
+ * Sanitize the authentication info passed from external code. This method
will always make a defensive
+ * copy of the argument, also making sure that the copy is mutable. Nulls
are turned into empty (mutable) maps.
+ * Keys that are used to communicate with resource providers are removed
from the copy, and optionally
+ * other keys can be removed as well.
+ * @param authenticationInfo The authentication info to sanitize, may be
null.
+ * @param extraForbiddenKeys Keys that should be removed from the returned
copy.
+ * @return A sanitized mutable map.
+ */
+ @Nonnull
+ static Map<String, Object> sanitizeAuthenticationInfo(Map<String, Object>
authenticationInfo, String... extraForbiddenKeys) {
+ if (authenticationInfo == null) {
+ // nothing to sanitize, just return an empty mutable map
+ return new HashMap<>();
+ } else {
+ Map<String, Object> sanitized = new HashMap<>(authenticationInfo);
+ for (String key : FORBIDDEN_AUTH_INFO_KEYS) {
+ sanitized.remove(key);
+ }
+ for (String key : extraForbiddenKeys) {
+ sanitized.remove(key);
+ }
+ return sanitized;
+ }
+ }
/**
* @see
org.apache.sling.api.resource.ResourceResolverFactory#getAdministrativeResourceResolver(java.util.Map)
@@ -139,15 +167,10 @@ public ResourceResolver
getAdministrativeResourceResolver(final Map<String, Obje
throws LoginException {
checkIsLive();
- // create a copy of the passed authentication info as we modify the map
- final Map<String, Object> authenticationInfo = new HashMap<>();
+ // make sure there is no leaking of service info props
+ // (but the bundle info is passed on as we need it downstream)
+ final Map<String, Object> authenticationInfo =
sanitizeAuthenticationInfo(passedAuthenticationInfo, SUBSERVICE);
authenticationInfo.put(ResourceProvider.AUTH_ADMIN, Boolean.TRUE);
- if ( passedAuthenticationInfo != null ) {
- authenticationInfo.putAll(passedAuthenticationInfo);
- // make sure there is no leaking of service info props
- // (but the bundle info is passed on as we need it downstream)
- authenticationInfo.remove(SUBSERVICE);
- }
return getResourceResolverInternal(authenticationInfo, true);
}
@@ -161,14 +184,8 @@ public ResourceResolver getResourceResolver(final
Map<String, Object> passedAuth
throws LoginException {
checkIsLive();
- // create a copy of the passed authentication info as we modify the map
- final Map<String, Object> authenticationInfo = new HashMap<>();
- if ( passedAuthenticationInfo != null ) {
- authenticationInfo.putAll(passedAuthenticationInfo);
- // make sure there is no leaking of service bundle and info props
- authenticationInfo.remove(ResourceProvider.AUTH_SERVICE_BUNDLE);
- authenticationInfo.remove(SUBSERVICE);
- }
+ // make sure there is no leaking of service bundle and info props
+ final Map<String, Object> authenticationInfo =
sanitizeAuthenticationInfo(passedAuthenticationInfo,
ResourceProvider.AUTH_SERVICE_BUNDLE, SUBSERVICE);
final ResourceResolver result =
getResourceResolverInternal(authenticationInfo, false);
Stack<WeakReference<ResourceResolver>> resolverStack =
resolverStackHolder.get();
@@ -391,9 +408,10 @@ public ResourceAccessSecurityTracker
getResourceAccessSecurityTracker () {
@Nonnull
@Override
public ResourceResolver getServiceResourceResolver(
- final Map<String, Object> authenticationInfo) throws
LoginException {
+ final Map<String, Object> passedAuthenticationInfo) throws
LoginException {
checkIsLive();
+ Map<String, Object> authenticationInfo =
sanitizeAuthenticationInfo(passedAuthenticationInfo);
return getResourceResolverInternal(authenticationInfo, false);
}
diff --git
a/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
b/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
index f0f466c..4b9c6f6 100644
---
a/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
+++
b/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
@@ -63,17 +63,9 @@ public ResourceResolverFactoryImpl(
*/
@Override
public ResourceResolver getServiceResourceResolver(final Map<String,
Object> passedAuthenticationInfo) throws LoginException {
- // create a copy of the passed authentication info as we modify the map
- final Map<String, Object> authenticationInfo = new HashMap<>();
- final String subServiceName;
- if ( passedAuthenticationInfo != null ) {
- authenticationInfo.putAll(passedAuthenticationInfo);
- authenticationInfo.remove(PASSWORD);
- final Object info = passedAuthenticationInfo.get(SUBSERVICE);
- subServiceName = (info instanceof String) ? (String) info : null;
- } else {
- subServiceName = null;
- }
+ final Map<String, Object> authenticationInfo =
CommonResourceResolverFactoryImpl.sanitizeAuthenticationInfo(passedAuthenticationInfo,
PASSWORD);
+ final Object info = authenticationInfo.get(SUBSERVICE);
+ final String subServiceName = (info instanceof String) ? (String) info
: null;
// Ensure a mapped user or principal name(s): If no user/principal
names is/are
// defined for a bundle acting as a service, the user may be null. We
can decide whether
diff --git
a/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
b/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
index 66eba96..4a825bf 100644
---
a/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
+++
b/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
@@ -59,6 +59,7 @@
import org.apache.sling.resourceresolver.impl.mapping.MapEntry;
import org.apache.sling.resourceresolver.impl.params.ParsedParameters;
import
org.apache.sling.resourceresolver.impl.providers.ResourceProviderStorageProvider;
+import org.apache.sling.spi.resource.provider.ResourceProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -117,6 +118,7 @@ private ResourceResolverImpl(final ResourceResolverImpl
resolver, final Map<Stri
if (authenticationInfo != null) {
authInfo.putAll(authenticationInfo);
}
+ authInfo.put(ResourceProvider.AUTH_CLONE, true);
this.context = new ResourceResolverContext(this,
factory.getResourceAccessSecurityTracker());
this.control = createControl(factory.getResourceProviderTracker(),
authInfo, resolver.control.isAdmin());
this.factory.register(this, control);
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
