[jira] [Created] (SLING-3742) Python and Ruby language bundle throw exception with sling scripting console
Nitin Nizhawan created SLING-3742: - Summary: Python and Ruby language bundle throw exception with sling scripting console Key: SLING-3742 URL: https://issues.apache.org/jira/browse/SLING-3742 Project: Sling Issue Type: Bug Components: Console, Extensions Reporter: Nitin Nizhawan When running Ruby and Python language bundles from contrib/scripting with sling scripting console I am getting following exception java.lang.NullPointerException at org.apache.sling.scripting.python.PythonScriptEngine.eval(PythonScriptEngine.java:69) at org.apache.sling.scripting.core.impl.DefaultSlingScript.call(DefaultSlingScript.java:361) at org.apache.sling.scripting.core.impl.DefaultSlingScript.eval(DefaultSlingScript.java:171) at org.apache.sling.scripting.console.internal.ScriptConsolePlugin.doPost(ScriptConsolePlugin.java:112) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:526) at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:450) at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:96) at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:79) at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:42) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SLING-3742) Python and Ruby language bundle throw exception with sling scripting console
[ https://issues.apache.org/jira/browse/SLING-3742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-3742: -- Attachment: SLING-3742.patch Patch to check for NPE Python and Ruby language bundle throw exception with sling scripting console Key: SLING-3742 URL: https://issues.apache.org/jira/browse/SLING-3742 Project: Sling Issue Type: Bug Components: Console, Extensions Reporter: Nitin Nizhawan Attachments: SLING-3742.patch When running Ruby and Python language bundles from contrib/scripting with sling scripting console I am getting following exception java.lang.NullPointerException at org.apache.sling.scripting.python.PythonScriptEngine.eval(PythonScriptEngine.java:69) at org.apache.sling.scripting.core.impl.DefaultSlingScript.call(DefaultSlingScript.java:361) at org.apache.sling.scripting.core.impl.DefaultSlingScript.eval(DefaultSlingScript.java:171) at org.apache.sling.scripting.console.internal.ScriptConsolePlugin.doPost(ScriptConsolePlugin.java:112) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:526) at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:450) at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:96) at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:79) at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:42) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (SLING-5266) Adding org.mozilla.javascript.ast package in org.apache.sling.scripting.javascript bundle
[ https://issues.apache.org/jira/browse/SLING-5266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-5266: -- Attachment: SLING-5266.patch Attaching patch for exporting org.mozilla.javascript.ast package. We need this package in one of our project. Our project needs to parse javascript source and get its AST using Rhino. Currently Sling Scripting Javascript Support only exports org.mozilla.javascript package which is sufficient for evaluating javascript using Rhino but for getting access to parsed AST we need this additional package. Thanks Nitin > Adding org.mozilla.javascript.ast package in > org.apache.sling.scripting.javascript bundle > --- > > Key: SLING-5266 > URL: https://issues.apache.org/jira/browse/SLING-5266 > Project: Sling > Issue Type: Task > Components: General >Reporter: Mandeep Gandhi >Priority: Critical > Attachments: SLING-5266.patch > > > There is a need of parsing javascript expression. For achieving this, there > is a requirement of adding org.mozilla.javascript.ast package to the existing > bundle (org.apache.sling.scripting.javascript ) and exporting it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6423: -- Attachment: SLING-6423_parser_changes.patch [~bdelacretaz] Attached patch to support ACLOptions syntax in parser. Could you please review > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nitin Nizhawan updated SLING-6423:
--
Attachment: SLING_6423_testcasesV2.patch
patch SLING_6423_testcasesV2.patch containing updated test cases as per
{{(ACLOptions=merge)}} syntax
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
> Attachments: SLING-6423_parser_changes.patch,
> SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch
>
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821973#comment-15821973 ] Nitin Nizhawan edited comment on SLING-6423 at 1/14/17 5:58 AM: [~bdelacretaz] Attached patch SLING-6423_parser_changes.patch to support ACLOptions syntax in parser. Could you please review was (Author: nitin.nizhawan): [~bdelacretaz] Attached patch to support ACLOptions syntax in parser. Could you please review > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15821973#comment-15821973 ] Nitin Nizhawan edited comment on SLING-6423 at 1/14/17 5:58 AM: [~bdelacretaz] Attached patch SLING\-6423_parser_changes.patch to support ACLOptions syntax in parser. Could you please review was (Author: nitin.nizhawan): [~bdelacretaz] Attached patch SLING-6423_parser_changes.patch to support ACLOptions syntax in parser. Could you please review > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15818567#comment-15818567
]
Nitin Nizhawan commented on SLING-6423:
---
Yes, {{(ACLOptions=merge)}} syntax looks good to me for our use case.
I earlier thought that block would be required but looking at it again since
we can define multiple ACEs within one set ACL statement, it seems unnecessary.
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
> Attachments: SLING-6423_testcases.patch
>
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING-6422.patch [~bdelacretaz] Attached patch for supporting restriction clause in repoinit as mentioned. Currently, it does not accept explicit type information but we can add that incrementally i.e. type hint can be optional. Please review and merge > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6423: -- Attachment: SLING-6423_testcases.patch patch containing test cases for merge and merge_preserve mode > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING-6423_testcases.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15768903#comment-15768903
]
Nitin Nizhawan edited comment on SLING-6423 at 1/2/17 11:23 AM:
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob crx:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write,crx:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
was (Author: nitin.nizhawan):
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob crx:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15768903#comment-15768903
]
Nitin Nizhawan edited comment on SLING-6423 at 1/2/17 10:01 AM:
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob crx:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
was (Author: nitin.nizhawan):
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob cq:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
Nitin Nizhawan created SLING-6423: - Summary: Allow for specifying ACL merge mode (ACHandling) in repoinit Key: SLING-6423 URL: https://issues.apache.org/jira/browse/SLING-6423 Project: Sling Issue Type: New Feature Components: Repoinit Reporter: Nitin Nizhawan Repoinit by default just add new ACLs if they are not already present. By contract package manager provides various strategies for ACL merging Extend repoinit to allow specifying these strategies https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (SLING-6422) Allow for specifying oak restrictions with repoinit
Nitin Nizhawan created SLING-6422: - Summary: Allow for specifying oak restrictions with repoinit Key: SLING-6422 URL: https://issues.apache.org/jira/browse/SLING-6422 Project: Sling Issue Type: New Feature Components: Repoinit Reporter: Nitin Nizhawan Allow for specifying oak restrictions with repoinit. Currently repoinit allows one to ADD remove ACLs but there is no way to specify oak restrictions. http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15768852#comment-15768852
]
Nitin Nizhawan commented on SLING-6422:
---
+1 , in addition to this, do we think that we need to add any type hint or we
can add that later if required? \[0\].
{code}
allow ... restriction{String}(rep:glob, *.jsp, *.txt) restriction(rep:ntNames,
sling:Folder) restriction(rep:prefixes, sling)
allow ... restriction{Date}(my:custom, "13:00UTC, 23:59UTC")
allow ... restriction{Decimal}(my:custom2, 1, 2)
allow ... restriction{Name}(rep:ntNames, dam:Asset, nt:unstructured)
allow ... restriction(my:string, "It's \"quoted\"", "second string")
{code}
\[0\]
https://docs.adobe.com/content/docs/en/spec/javax.jcr/javadocs/jcr-2.0/javax/jcr/Value.html?is-external=true
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15768903#comment-15768903
]
Nitin Nizhawan commented on SLING-6423:
---
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob cq:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15768852#comment-15768852
]
Nitin Nizhawan edited comment on SLING-6422 at 12/22/16 3:02 AM:
-
+1 , in addition to this, do we think that we need to add any type hint or we
can add that later if required? \[0\].
{code}
allow ... restriction{String}(rep:glob, *.jsp, *.txt)
restriction{Name}(rep:ntNames, sling:Folder) restriction{String}(rep:prefixes,
sling)
allow ... restriction{Date}(my:custom, "13:00UTC, 23:59UTC")
allow ... restriction{Decimal}(my:custom2, 1, 2)
allow ... restriction{Name}(rep:ntNames, dam:Asset, nt:unstructured)
allow ... restriction(my:string, "It's \"quoted\"", "second string")
{code}
\[0\]
https://docs.adobe.com/content/docs/en/spec/javax.jcr/javadocs/jcr-2.0/javax/jcr/Value.html?is-external=true
was (Author: nitin.nizhawan):
+1 , in addition to this, do we think that we need to add any type hint or we
can add that later if required? \[0\].
{code}
allow ... restriction{String}(rep:glob, *.jsp, *.txt) restriction(rep:ntNames,
sling:Folder) restriction(rep:prefixes, sling)
allow ... restriction{Date}(my:custom, "13:00UTC, 23:59UTC")
allow ... restriction{Decimal}(my:custom2, 1, 2)
allow ... restriction{Name}(rep:ntNames, dam:Asset, nt:unstructured)
allow ... restriction(my:string, "It's \"quoted\"", "second string")
{code}
\[0\]
https://docs.adobe.com/content/docs/en/spec/javax.jcr/javadocs/jcr-2.0/javax/jcr/Value.html?is-external=true
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16137720#comment-16137720 ] Nitin Nizhawan commented on SLING-6423: --- [~cziegeler] This is only partially implemented. The parsing logic was committed but actual merging is not in place. CC: [~bdelacretaz] > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan >Assignee: Bertrand Delacretaz > Fix For: Repoinit Parser 1.1.2 > > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16046526#comment-16046526 ] Nitin Nizhawan commented on SLING-6422: --- [~anchela] Not an issue. I have raised a fresh PR https://github.com/apache/sling/pull/241 also link to original PR which you had reviewed https://github.com/apache/sling/pull/232 CC: [~bdelacretaz] Thanks Nitin > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16046950#comment-16046950 ] Nitin Nizhawan commented on SLING-6422: --- Hi [~bdelacretaz] That is an interesting point. IIUC, you mean that match should unordered like that for privileges. I could not find "unorderedness" of values in documentation and assumed them to be ordered since everywhere API is using an array to store these values. So, current method implementation assumes that values are "ordered" but not sorted i.e. order of values is meaningful and preserved by underlying layer. You are correct that for OOTB restrictions like rep:ntNames and rep:itemNames the order of values does not matter. But we have written some custom restriction providers (based on same assumption) for which order of values does matter, so, if I make the match unordered (by either sorting or using a set) the those restriction providers would break. TBH, now even I am not too sure if orderedness assumption is valid. CC: [~anchela] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING6422_interpretparsedrestrictionclause.patch [~bdelacretaz] Attaching patch with changes for interpreting parsed restriction clauses from repoinit. Please review and merge these Also, request you to release repoinit parser, currently patch points to SNAPSHOT version of the parser since release version does not have the parser changes so needs to be release first. Thanks Nitin > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16016082#comment-16016082 ] Nitin Nizhawan commented on SLING-6422: --- Also tagging [~anchela] and [~chetanm] for review CC: [~bdelacretaz] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16016082#comment-16016082 ] Nitin Nizhawan edited comment on SLING-6422 at 5/18/17 5:05 PM: Also tagging [~anchela] and [~chetanm] for review [^SLING6422_interpretparsedrestrictionclause.patch] CC: [~bdelacretaz] was (Author: nitin.nizhawan): Also tagging [~anchela] and [~chetanm] for review CC: [~bdelacretaz] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (SLING-6867) Repoinit ACL handler should take aggregate privilege into account
Nitin Nizhawan created SLING-6867: - Summary: Repoinit ACL handler should take aggregate privilege into account Key: SLING-6867 URL: https://issues.apache.org/jira/browse/SLING-6867 Project: Sling Issue Type: Bug Components: Repoinit Affects Versions: Repoinit JCR 1.1.4 Reporter: Nitin Nizhawan Repoinit ACLUtil "contains privileges" method does not take aggregation into account -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16017326#comment-16017326 ] Nitin Nizhawan commented on SLING-6422: --- [~anchela] Thanks for your review. For some reason I am unable to see any comment at https://github.com/apache/sling/pull/232 Probably I am looking at wrong place, could please check if this is where you have added comments. CC: [~bdelacretaz] [~chetanm] Thanks Nitin > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING6422ApplyRestrictionsV2.patch Uploaded new patch with review comment incorporated [^SLING6422ApplyRestrictionsV2.patch] CC:[~anchela] [~bdelacretaz] [~chetanm] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16018657#comment-16018657 ] Nitin Nizhawan edited comment on SLING-6422 at 5/21/17 12:30 AM: - Uploaded new patch with review comments incorporated [^SLING6422ApplyRestrictionsV2.patch]. CC:[~anchela] [~bdelacretaz] [~chetanm] was (Author: nitin.nizhawan): Uploaded new patch with review comment incorporated [^SLING6422ApplyRestrictionsV2.patch] CC:[~anchela] [~bdelacretaz] [~chetanm] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6867) Repoinit ACL handler should take aggregate privilege into account
[ https://issues.apache.org/jira/browse/SLING-6867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6867: -- Attachment: SLING_6867.patch > Repoinit ACL handler should take aggregate privilege into account > - > > Key: SLING-6867 > URL: https://issues.apache.org/jira/browse/SLING-6867 > Project: Sling > Issue Type: Bug > Components: Repoinit >Affects Versions: Repoinit JCR 1.1.4 >Reporter: Nitin Nizhawan > Attachments: SLING_6867.patch > > > Repoinit ACLUtil "contains privileges" method does not take aggregation into > account -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6867) Repoinit ACL handler should take aggregate privilege into account
[ https://issues.apache.org/jira/browse/SLING-6867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16031005#comment-16031005 ] Nitin Nizhawan commented on SLING-6867: --- [~bdelacretaz] [~anchela] Attached patch for taking care of aggregate privileges in contains check. please review and merge. > Repoinit ACL handler should take aggregate privilege into account > - > > Key: SLING-6867 > URL: https://issues.apache.org/jira/browse/SLING-6867 > Project: Sling > Issue Type: Bug > Components: Repoinit >Affects Versions: Repoinit JCR 1.1.4 >Reporter: Nitin Nizhawan > Attachments: SLING_6867.patch > > > Repoinit ACLUtil "contains privileges" method does not take aggregation into > account -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16047529#comment-16047529
]
Nitin Nizhawan edited comment on SLING-6422 at 6/13/17 9:52 AM:
[~bdelacretaz] I further verified that vault package manager also respects
ordering. To verify I specified following aces
{code}
{code}
Since in above case restrictions and principal are same, package manager merged
the privileges as follows
{code}
{code}
Then I tried with order reversed for restriction values as follows
{code}
{code}
In above case package manager did not merge ACEs because I think it also
considers restrictions different. So, I suppose we should also consider
restrictions with different ordering of values different.
Also, the example date based restriction provider at \[0\] assumes ordered
values
WDYT?
\[0\]
http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
was (Author: nitin.nizhawan):
[~bdelacretaz] I further verified that vault package manager also respects
ordering. To verify I specified following aces
{code}
{code}
Since in above case restrictions and principal are same, package manager merged
the privileges as follows
{code}
{code}
Then I tried with order reversed for restriction values as follows
{code}
{code}
In above case package manager did not merge ACEs because I think it also
considers restrictions different. So, I suppose we should also consider
restrictions with different ordering of values different. WDYT?
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
> Attachments: SLING6422ApplyRestrictionsV2.patch,
> SLING6422ApplyRestrictionsV3.patch,
> SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch
>
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16047904#comment-16047904 ] Nitin Nizhawan commented on SLING-6422: --- [~bdelacretaz] Comparison function looks good to me, yes sorting should not be an issue on small arrays. Although, it would have been great if jackrabbit clearly documented ordered ness of the values :-) > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16047942#comment-16047942 ] Nitin Nizhawan commented on SLING-6422: --- Thanks > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan >Assignee: Bertrand Delacretaz > Fix For: Repoinit JCR 1.1.6 > > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING6422ApplyRestrictionsV3.patch > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16046399#comment-16046399 ] Nitin Nizhawan commented on SLING-6422: --- [~bdelacretaz] [~anchela] Updated patch after resolving conflicts with latest code [^SLING6422ApplyRestrictionsV3.patch] . Could you please review and merge. > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16047529#comment-16047529
]
Nitin Nizhawan commented on SLING-6422:
---
[~bdelacretaz] I further verified that vault package manager also respects
ordering. To verify I specified following aces
{code}
{code}
Since in above case restrictions and principal are same, package manager merged
the privileges as follows
{code}
{code}
Then I tried with order reversed for restriction values as follows
{code}
{code}
In above case package manager did not merge ACEs because I think it also
considers restrictions different. So, I suppose we should also consider
restrictions with different ordering of values different. WDYT?
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
> Attachments: SLING6422ApplyRestrictionsV2.patch,
> SLING6422ApplyRestrictionsV3.patch,
> SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch
>
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Created] (SLING-7455) Provide a way to restrict access to servlets and scripts (jsp/ecma etc.)
Nitin Nizhawan created SLING-7455: - Summary: Provide a way to restrict access to servlets and scripts (jsp/ecma etc.) Key: SLING-7455 URL: https://issues.apache.org/jira/browse/SLING-7455 Project: Sling Issue Type: New Feature Components: Resource Access Security, Servlets Affects Versions: Servlets Resolver 2.4.22 Reporter: Nitin Nizhawan *Issue* Most of the web servers provide a way to restrict access to urls based on roles/groups of users. Also, since mapping of urls and scripts (servlets/jsp) is internal and end user cannot define this mapping, this method effectively restricts access to scripts (servlets/jsp). On the other hand, sling restricts access to end point using ACLs setup of content nodes having sling:resourceType property set in the repository. i.e. nodes which have "sling:resourceType" set can be used to invoke script identified by value of "sling:resourceType" property by a user only if she also has read permission on the node But as we know that mapping of paths and scripts(servlets/jsp) is done via "sling:resourceType" property and since this property can written by end users having write access to the repository using SlingPostServlet or possibly other tools. Which means that any user having read/write access to any part of repository can invoke, any servlet or script by creating a node with sling:resourceType property with its value set to resourceType of desired script/servlet. Although, the scripts which make use of current user session are not particularly affected by this since permission checks would be done by repository layer once this scripts access/modify content using this session. But many scripts which either use service user (thus un-linking repository permission check from current users session) or scripts which may have nothing to do with repository such as contacting an external service, crypto, filesystem access, launching processes etc. have no way to restrict access other than manually checking in code for session permissions etc.) *Expected* A declarative method to restrict access to scripts (servlet/jsp). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-8111) API to enable tracer configuration
[ https://issues.apache.org/jira/browse/SLING-8111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-8111: -- Affects Version/s: Log Tracer 1.0.8 > API to enable tracer configuration > --- > > Key: SLING-8111 > URL: https://issues.apache.org/jira/browse/SLING-8111 > Project: Sling > Issue Type: Improvement > Components: Tooling >Affects Versions: Log Tracer 1.0.8 >Reporter: Nitin Nizhawan >Priority: Major > > Sling Tracers allows enabling loggers using request parameters. But these > configs can only be specified for request thread. In cases where a thread is > not associated with request it cannot be done currently and requires addition > of new API > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-8111) API to enable tracer configuration
[ https://issues.apache.org/jira/browse/SLING-8111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-8111: -- Description: Sling Tracers allows enabling loggers using request parameters. But these configs can only be specified for request thread. In cases where a thread is not associated with request it cannot be done currently and requires addition of new API CC: [~chetanm] was: Sling Tracers allows enabling loggers using request parameters. But these configs can only be specified for request thread. In cases where a thread is not associated with request it cannot be done currently and requires addition of new API > API to enable tracer configuration > --- > > Key: SLING-8111 > URL: https://issues.apache.org/jira/browse/SLING-8111 > Project: Sling > Issue Type: Improvement > Components: Tooling >Affects Versions: Log Tracer 1.0.8 >Reporter: Nitin Nizhawan >Priority: Major > > Sling Tracers allows enabling loggers using request parameters. But these > configs can only be specified for request thread. In cases where a thread is > not associated with request it cannot be done currently and requires addition > of new API > > CC: [~chetanm] > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8111) API to enable tracer configuration
Nitin Nizhawan created SLING-8111: - Summary: API to enable tracer configuration Key: SLING-8111 URL: https://issues.apache.org/jira/browse/SLING-8111 Project: Sling Issue Type: Improvement Components: Tooling Reporter: Nitin Nizhawan Sling Tracers allows enabling loggers using request parameters. But these configs can only be specified for request thread. In cases where a thread is not associated with request it cannot be done currently and requires addition of new API -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-9542) Unable to use junit categories with sling junit core
Nitin Nizhawan created SLING-9542: - Summary: Unable to use junit categories with sling junit core Key: SLING-9542 URL: https://issues.apache.org/jira/browse/SLING-9542 Project: Sling Issue Type: Bug Components: JUnit Core Reporter: Nitin Nizhawan Sling Junit core embeds JUnit and exports JUnit packages. These junit packages are imported by test case bundles created by teleporter. If however, test cases use junit categories to filter tests then such tests to not work. This is because sling junit core exports only some junit package. Specifically, it does not export org.junit.experimental.categories and org.junit.validator -- This message was sent by Atlassian Jira (v8.3.4#803005)
