Author: mykee
Date: Mon Jun 3 13:39:13 2013
New Revision: 1488990
URL: http://svn.apache.org/r1488990
Log:
SLING-2875 - Easy way for enabling ResourceAccessSecurity for resource
providers without underlaying ACLs
Modified:
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceProvider.java
sling/trunk/bundles/resourceresolver/pom.xml
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverContext.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/SortedProviderList.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ProviderHandler.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderFactoryHandler.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderHandler.java
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/RootResourceProviderEntry.java
Modified:
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceProvider.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceProvider.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceProvider.java
(original)
+++
sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceProvider.java
Mon Jun 3 13:39:13 2013
@@ -65,6 +65,17 @@ public interface ResourceProvider {
String OWNS_ROOTS = "provider.ownsRoots";
/**
+ * The name of the service registration property containing the a boolean
+ * flag indicating if the ResourceAccessSecurity service should be used for
+ * this provider or not. ResourceProvider implementations are encouraged
+ * to use the ResourceAccessSecurity service for access control unless
+ * the underlying storage already provides it.
+ * The default for this value is <code>false</code>.
+ * (value is "provider.useResourceAccessSecurity")
+ */
+ String USE_RESOURCE_ACCESS_SECURITY = "provider.useResourceAccessSecurity";
+
+ /**
* The resource type be set on resources returned by the
* {@link #listChildren(Resource)} method to enable traversing the
* resource
Modified: sling/trunk/bundles/resourceresolver/pom.xml
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/pom.xml?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/pom.xml (original)
+++ sling/trunk/bundles/resourceresolver/pom.xml Mon Jun 3 13:39:13 2013
@@ -115,7 +115,7 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.api</artifactId>
- <version>2.4.0</version>
+ <version>2.4.3-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
<dependency>
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverFactoryImpl.java
Mon Jun 3 13:39:13 2013
@@ -24,6 +24,7 @@ import org.apache.commons.collections.Bi
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
+import org.apache.sling.api.security.ResourceAccessSecurity;
import
org.apache.sling.resourceresolver.impl.console.ResourceResolverWebConsolePlugin;
import org.apache.sling.resourceresolver.impl.helper.ResourceDecoratorTracker;
import org.apache.sling.resourceresolver.impl.helper.ResourceResolverContext;
@@ -32,6 +33,7 @@ import org.apache.sling.resourceresolver
import org.apache.sling.resourceresolver.impl.mapping.Mapping;
import org.apache.sling.resourceresolver.impl.tree.RootResourceProviderEntry;
import org.osgi.framework.BundleContext;
+import org.osgi.util.tracker.ServiceTracker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -55,6 +57,8 @@ public class ResourceResolverFactoryImpl
/** The activator */
private final ResourceResolverFactoryActivator activator;
+
+ private ServiceTracker resourceAccessSecurityTracker;
public ResourceResolverFactoryImpl(final ResourceResolverFactoryActivator
activator) {
this.activator = activator;
@@ -89,7 +93,7 @@ public class ResourceResolverFactoryImpl
final boolean isAdmin)
throws LoginException {
// create context
- final ResourceResolverContext ctx = new
ResourceResolverContext(isAdmin, authenticationInfo);
+ final ResourceResolverContext ctx = new
ResourceResolverContext(isAdmin, authenticationInfo,
resourceAccessSecurityTracker);
// login
this.activator.getRootProviderEntry().loginToRequiredFactories(ctx);
@@ -117,6 +121,10 @@ public class ResourceResolverFactoryImpl
} catch (final Exception e) {
logger.error("activate: Cannot access repository, failed setting
up Mapping Support", e);
}
+
+ // create and open service tracker for ResourceAccessSecurity
+ resourceAccessSecurityTracker = new ServiceTracker(bundleContext,
ResourceAccessSecurity.class.getName(), null);
+ resourceAccessSecurityTracker.open();
}
/**
@@ -132,6 +140,8 @@ public class ResourceResolverFactoryImpl
mapEntries.dispose();
mapEntries = MapEntries.EMPTY;
}
+
+ resourceAccessSecurityTracker.close();
}
public ResourceDecoratorTracker getResourceDecoratorTracker() {
@@ -165,4 +175,12 @@ public class ResourceResolverFactoryImpl
public int getDefaultVanityPathRedirectStatus() {
return this.activator.getDefaultVanityPathRedirectStatus();
}
+
+ /**
+ * get's the ServiceTracker of the ResourceAccessSecurity service
+ */
+
+ public ServiceTracker getResourceAccessSecurityTracker () {
+ return resourceAccessSecurityTracker;
+ }
}
\ No newline at end of file
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java
Mon Jun 3 13:39:13 2013
@@ -123,7 +123,8 @@ public class ResourceResolverImpl extend
}
// create new context
- final ResourceResolverContext newContext = new
ResourceResolverContext(this.context.isAdmin(), newAuthenticationInfo);
+ final ResourceResolverContext newContext = new
ResourceResolverContext(this.context.isAdmin(),
+ newAuthenticationInfo,
factory.getResourceAccessSecurityTracker() );
this.factory.getRootProviderEntry().loginToRequiredFactories(newContext);
// create a regular resource resolver
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverContext.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverContext.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverContext.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverContext.java
Mon Jun 3 13:39:13 2013
@@ -28,6 +28,7 @@ import org.apache.sling.api.resource.Per
import org.apache.sling.api.resource.RefreshableResourceProvider;
import org.apache.sling.api.resource.ResourceProvider;
import org.apache.sling.api.resource.ResourceResolver;
+import org.osgi.util.tracker.ServiceTracker;
/**
* This class keeps track of the used resource providers for a
@@ -55,13 +56,17 @@ public class ResourceResolverContext {
* The original authentication information - this is used for cloning and
lazy logins.
*/
private final Map<String, Object> originalAuthInfo;
+
+ /** service tracker for ResourceAccessSecurity service */
+ private final ServiceTracker resourceAccessSecurityTracker;
/**
* Create a new resource resolver context.
*/
- public ResourceResolverContext(final boolean isAdmin, final Map<String,
Object> originalAuthInfo) {
+ public ResourceResolverContext(final boolean isAdmin, final Map<String,
Object> originalAuthInfo, final ServiceTracker resourceAccessSecurityTracker) {
this.isAdmin = isAdmin;
this.originalAuthInfo = originalAuthInfo;
+ this.resourceAccessSecurityTracker = resourceAccessSecurityTracker;
}
/**
@@ -169,4 +174,12 @@ public class ResourceResolverContext {
provider.refresh();
}
}
+
+ /**
+ * get's the ServiceTracker of the ResourceAccessSecurity service
+ */
+ public ServiceTracker getResourceAccessSecurityTracker () {
+ return resourceAccessSecurityTracker;
+ }
+
}
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/SortedProviderList.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/SortedProviderList.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/SortedProviderList.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/helper/SortedProviderList.java
Mon Jun 3 13:39:13 2013
@@ -25,6 +25,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
+import org.apache.sling.api.resource.ResourceProvider;
import org.apache.sling.resourceresolver.impl.tree.ProviderHandler;
import
org.apache.sling.resourceresolver.impl.tree.ResourceProviderFactoryHandler;
import org.apache.sling.resourceresolver.impl.tree.ResourceProviderHandler;
@@ -183,6 +184,25 @@ public class SortedProviderList<T> {
public void remove(final ResourceProviderFactoryHandler factory) {
this.removeFromList(factory);
}
+
+ /**
+ * returns the ProviderHandler for a specific resource provider
+ */
+ public ProviderHandler getProviderHandler ( ResourceProvider
resourceProvider )
+ {
+ ProviderHandler returnValue = null;
+ final List<Entry> list = new ArrayList<Entry>();
+ list.addAll(Arrays.asList(this.sortedList));
+ final Iterator<Entry> i = list.iterator();
+ while ( i.hasNext() ) {
+ final Entry entry = i.next();
+ if ( entry.handler.equals(resourceProvider) ) {
+ returnValue = entry.handler;
+ break;
+ }
+ }
+ return returnValue;
+ }
private static final class Entry implements Comparable<Entry> {
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ProviderHandler.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ProviderHandler.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ProviderHandler.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ProviderHandler.java
Mon Jun 3 13:39:13 2013
@@ -29,9 +29,11 @@ import org.apache.sling.api.resource.Que
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceProvider;
import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.ResourceAccessSecurity;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.resourceresolver.impl.helper.ResourceResolverContext;
import org.osgi.framework.Constants;
+import org.osgi.util.tracker.ServiceTracker;
/**
* The provider handler is the common base class for the
@@ -54,6 +56,9 @@ public abstract class ProviderHandler im
/** Owns roots? */
private final boolean ownsRoots;
+
+ /** use ResourceAccessSecurity? */
+ private final boolean useResourceAccessSecurity;
/**
* Create a new handler
@@ -85,6 +90,7 @@ public abstract class ProviderHandler im
this.roots = configuredRoots.toArray(new
String[configuredRoots.size()]);
}
this.ownsRoots =
PropertiesUtil.toBoolean(properties.get(ResourceProvider.OWNS_ROOTS), false);
+ this.useResourceAccessSecurity =
PropertiesUtil.toBoolean(properties.get(ResourceProvider.USE_RESOURCE_ACCESS_SECURITY),
false);
final Set<String> configuredLanguages = new HashSet<String>();
final String[] languages =
PropertiesUtil.toStringArray(properties.get(QueriableResourceProvider.LANGUAGES));
if ( languages != null) {
@@ -103,6 +109,54 @@ public abstract class ProviderHandler im
this.queryLanguages = configuredLanguages;
}
}
+
+ /**
+ * applies resource access security if configured
+ */
+ protected Resource getReadableResource ( final ResourceResolverContext
ctx, Resource resource ) {
+ Resource returnValue = null;
+
+ if (useResourceAccessSecurity && resource != null) {
+ ServiceTracker serviceTracker = ctx
+ .getResourceAccessSecurityTracker();
+ if (serviceTracker != null) {
+ ResourceAccessSecurity resourceAccessSecurity =
(ResourceAccessSecurity) serviceTracker
+ .getService();
+ if (resourceAccessSecurity != null) {
+ returnValue = resourceAccessSecurity
+ .getReadableResource(resource);
+ }
+ }
+ } else {
+ returnValue = resource;
+ }
+
+ return returnValue;
+ }
+
+ /**
+ * applies resource access security if configured
+ */
+ protected Iterator<Resource> getReadableChildrenIterator ( final
ResourceResolverContext ctx, Iterator<Resource> childrenIterator ) {
+ Iterator<Resource> returnValue = null;
+ if ( useResourceAccessSecurity && childrenIterator != null ) {
+ List<Resource> childs = new ArrayList<Resource>();
+ while ( childrenIterator.hasNext() )
+ {
+ Resource res = getReadableResource( ctx,
childrenIterator.next() );
+ if ( res != null )
+ {
+ childs.add(res);
+ }
+ }
+ returnValue = childs.iterator();
+ }
+ else {
+ returnValue = childrenIterator;
+ }
+
+ return returnValue;
+ }
/**
* Return the service properties.
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderFactoryHandler.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderFactoryHandler.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderFactoryHandler.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderFactoryHandler.java
Mon Jun 3 13:39:13 2013
@@ -104,7 +104,7 @@ public class ResourceProviderFactoryHand
public Resource getResource(final ResourceResolverContext ctx, final
ResourceResolver resourceResolver, final String path) {
final ResourceProvider rp = this.getResourceProvider(ctx);
if ( rp != null ) {
- return rp.getResource(resourceResolver, path);
+ return getReadableResource(ctx, rp.getResource(resourceResolver,
path) );
}
return null;
}
@@ -115,7 +115,7 @@ public class ResourceProviderFactoryHand
public Iterator<Resource> listChildren(final ResourceResolverContext ctx,
final Resource parent) {
final ResourceProvider rp = this.getResourceProvider(ctx);
if ( rp != null ) {
- return rp.listChildren(parent);
+ return getReadableChildrenIterator( ctx, rp.listChildren(parent) );
}
return null;
}
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderHandler.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderHandler.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderHandler.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/ResourceProviderHandler.java
Mon Jun 3 13:39:13 2013
@@ -47,14 +47,14 @@ public class ResourceProviderHandler ext
* @see ResourceProvider#getResource(ResourceResolver, String)
*/
public Resource getResource(final ResourceResolverContext ctx, final
ResourceResolver resourceResolver, final String path) {
- return this.resourceProvider.getResource(resourceResolver, path);
+ return getReadableResource(ctx,
this.resourceProvider.getResource(resourceResolver, path) );
}
/**
* @see ResourceProvider#listChildren(Resource)
*/
public Iterator<Resource> listChildren(final ResourceResolverContext ctx,
final Resource parent) {
- return this.resourceProvider.listChildren(parent);
+ return getReadableChildrenIterator( ctx,
this.resourceProvider.listChildren(parent) );
}
/**
Modified:
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/RootResourceProviderEntry.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/RootResourceProviderEntry.java?rev=1488990&r1=1488989&r2=1488990&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/RootResourceProviderEntry.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/impl/tree/RootResourceProviderEntry.java
Mon Jun 3 13:39:13 2013
@@ -134,6 +134,8 @@ public class RootResourceProviderEntry e
private Resource nextObject = this.seek();
private Iterator<Resource> nextResourceIter;
+
+ private ProviderHandler actProviderHandler;
private Resource seek() {
Resource result = null;
@@ -142,12 +144,14 @@ public class RootResourceProviderEntry e
while ( i.hasNext() && nextResourceIter == null ) {
final QueriableResourceProvider adap = i.next();
nextResourceIter = adap.findResources(resolver, query,
language);
+ actProviderHandler =
queriableProviders.getProviderHandler(adap);
}
}
if ( nextResourceIter != null ) {
while ( nextResourceIter.hasNext() && result == null ) {
result = nextResourceIter.next();
}
+ result = actProviderHandler.getReadableResource(ctx,
result);
if ( result == null ) {
result = seek();
}
