Author: enorman
Date: Sun May 1 23:13:21 2011
New Revision: 1098439
URL: http://svn.apache.org/viewvc?rev=1098439&view=rev
Log:
SLING-2067 Added null check to AuthorizablePrivilegesInfo to fix NPE when used
in a script that is being rendered for the anonymous user
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java?rev=1098439&r1=1098438&r2=1098439&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
Sun May 1 23:13:21 2011
@@ -23,6 +23,7 @@ import java.util.Dictionary;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
+import javax.servlet.Servlet;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
@@ -31,6 +32,9 @@ import org.apache.jackrabbit.api.securit
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo;
import org.apache.sling.jcr.base.util.AccessControlUtil;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -110,16 +114,18 @@ public class AuthorizablePrivilegesInfoI
UserManager userManager =
AccessControlUtil.getUserManager(jcrSession);
Authorizable currentUser =
userManager.getAuthorizable(jcrSession.getUserID());
- if (((User)currentUser).isAdmin()) {
- return true; //admin user has full control
- }
-
- //check if the user is a member of the 'Group
administrator' group
- Authorizable groupAdmin =
userManager.getAuthorizable(this.groupAdminGroupName);
- if (groupAdmin instanceof Group) {
- boolean isMember =
((Group)groupAdmin).isMember(currentUser);
- if (isMember) {
- return true;
+ if (currentUser != null) {
+ if (((User)currentUser).isAdmin()) {
+ return true; //admin user has full
control
+ }
+
+ //check if the user is a member of the 'Group
administrator' group
+ Authorizable groupAdmin =
userManager.getAuthorizable(this.groupAdminGroupName);
+ if (groupAdmin instanceof Group) {
+ boolean isMember =
((Group)groupAdmin).isMember(currentUser);
+ if (isMember) {
+ return true;
+ }
}
}
} catch (RepositoryException e) {
@@ -133,23 +139,46 @@ public class AuthorizablePrivilegesInfoI
*/
public boolean canAddUser(Session jcrSession) {
try {
+ //if self-registration is enabled, then anyone can
create a user
+ if (componentContext != null) {
+ String filter =
"(&(sling.servlet.resourceTypes=sling/users)(|(sling.servlet.methods=POST)(sling.servlet.selectors=create)))";
+ BundleContext bundleContext =
componentContext.getBundleContext();
+ ServiceReference[] serviceReferences =
bundleContext.getServiceReferences(Servlet.class.getName(), filter);
+ if (serviceReferences != null) {
+ String propName =
"self.registration.enabled";
+ for (ServiceReference serviceReference
: serviceReferences) {
+ Object propValue =
serviceReference.getProperty(propName);
+ if (propValue != null) {
+ boolean selfRegEnabled
= Boolean.TRUE.equals(propValue);
+ if (selfRegEnabled) {
+ return true;
+ }
+ break;
+ }
+ }
+ }
+ }
+
UserManager userManager =
AccessControlUtil.getUserManager(jcrSession);
Authorizable currentUser =
userManager.getAuthorizable(jcrSession.getUserID());
-
- if (((User)currentUser).isAdmin()) {
- return true; //admin user has full control
- }
-
- //check if the user is a member of the 'User
administrator' group
- Authorizable userAdmin =
userManager.getAuthorizable(this.userAdminGroupName);
- if (userAdmin instanceof Group) {
- boolean isMember =
((Group)userAdmin).isMember(currentUser);
- if (isMember) {
- return true;
+ if (currentUser != null) {
+ if (((User)currentUser).isAdmin()) {
+ return true; //admin user has full
control
+ }
+
+ //check if the user is a member of the 'User
administrator' group
+ Authorizable userAdmin =
userManager.getAuthorizable(this.userAdminGroupName);
+ if (userAdmin instanceof Group) {
+ boolean isMember =
((Group)userAdmin).isMember(currentUser);
+ if (isMember) {
+ return true;
+ }
}
}
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can add a new
user", jcrSession.getUserID());
+ } catch (InvalidSyntaxException e) {
+ log.warn("Failed to determine if {} can add a new
user", jcrSession.getUserID());
}
return false;
}
@@ -276,6 +305,9 @@ public class AuthorizablePrivilegesInfoI
// ---------- SCR Integration
----------------------------------------------
+ //keep track of the bundle context
+ private ComponentContext componentContext;
+
/**
* Called by SCR to activate the component.
*
@@ -288,6 +320,8 @@ public class AuthorizablePrivilegesInfoI
throws InvalidKeyException, NoSuchAlgorithmException,
IllegalStateException, UnsupportedEncodingException {
+ this.componentContext = componentContext;
+
Dictionary<?, ?> properties = componentContext.getProperties();
this.userAdminGroupName =
OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME),
