[jira] [Closed] (SLING-7078) Update Jackrabbit to 2.14.2
[ https://issues.apache.org/jira/browse/SLING-7078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-7078. - > Update Jackrabbit to 2.14.2 > --- > > Key: SLING-7078 > URL: https://issues.apache.org/jira/browse/SLING-7078 > Project: Sling > Issue Type: Task > Components: JCR, Karaf, Testing >Reporter: Oliver Lietz >Assignee: Oliver Lietz > Fix For: Karaf Features 0.2.0, Karaf Integration Tests 0.2.0, > Commons Testing 2.1.2, JCR Davex 1.3.10, JCR Webdav 2.3.10, JCR Oak Server > 1.1.6 > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6404) Remove loginAdministrative() usage from jcr.davex
[ https://issues.apache.org/jira/browse/SLING-6404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-6404. - > Remove loginAdministrative() usage from jcr.davex > - > > Key: SLING-6404 > URL: https://issues.apache.org/jira/browse/SLING-6404 > Project: Sling > Issue Type: Improvement > Components: JCR >Reporter: Antonio Sanso >Assignee: Karl Pauls > Fix For: JCR Davex 1.3.10 > > Attachments: SLING-6404.patch > > > Remove loginAdministrative() usage from jcr.davex -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [RESULT][VOTE] Release Apache Sling JCR Davex 1.3.10
Time to call the vote on the Apache Sling JCR Davex 1.3.10 release. * +1 votes from Antonio Sanso, Stefan Egli, Carsten Ziegeler, and Karl Pauls. * No other votes. The vote is successful. I will make the artifacts available as soon as possible.
Re: [VOTE] Release Apache Sling JCR Davex 1.3.10
+1 regards, Karl On Thu, Nov 16, 2017 at 4:28 PM, Karl Pauls wrote: > On Thu, Nov 16, 2017 at 3:54 PM, Julian Reschke wrote: >> On 2017-11-16 13:07, Karl Pauls wrote: >>> >>> I would like to call a vote on the following release, >>> >>> Apache Sling JCR Davex 1.3.10 >>> ... >> >> >> I'm about to branch Jackrabbit 2.16 and release 2.16.0 subsequently - so >> this seems to be minimally bad timing :-). > > Oh well, no harm done. I missed SLING-7212 because it didn't have the > fixVersion set. > > Anyways, this release will conclude before 2.16 is out - hence, I'll > added JCR Davex 1.3.12 to the fixVersion so that we don't forget. > > regards, > > Karl > > -- > Karl Pauls > karlpa...@gmail.com -- Karl Pauls karlpa...@gmail.com
Re: [RESULT][VOTE] Release Apache Sling JCR Resource 3.0.8 and File System ClassLoader 1.0.8
Ups, that should have been: Time to call the vote on the Apache Sling JCR Resource 3.0.8 and File System ClassLoader 1.0.8 releases. * +1 votes from Carsten Ziegeler, Stefan Seifert, Radu Cotescu, and Karl Pauls. * No other votes. The vote is successful. I will make the artifacts available as soon as possible. On Mon, Nov 20, 2017 at 11:35 PM, Karl Pauls wrote: > Time to call the vote on the Apache Sling Launchpad Base 5.6.10-2.6.26 > release. > > * +1 votes from Carsten Ziegeler, Stefan Seifert, Radu Cotescu, and Karl > Pauls. > > * No other votes. > > The vote is successful. I will make the artifacts available as soon as > possible. -- Karl Pauls karlpa...@gmail.com
[jira] [Closed] (SLING-6419) Remove loginAdministrative() usage from jcr.resource - JcrSystemUserValidator
[ https://issues.apache.org/jira/browse/SLING-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-6419. - > Remove loginAdministrative() usage from jcr.resource - JcrSystemUserValidator > - > > Key: SLING-6419 > URL: https://issues.apache.org/jira/browse/SLING-6419 > Project: Sling > Issue Type: Improvement > Components: JCR >Reporter: Antonio Sanso >Assignee: Karl Pauls > Fix For: JCR Resource 3.0.8 > > > Remove getAdministrativeResourceResolver() and loginAdministrative() usage > from jcr.resource -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-7175) Improve concurrency in FSDynamicClassLoader
[ https://issues.apache.org/jira/browse/SLING-7175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-7175. - > Improve concurrency in FSDynamicClassLoader > --- > > Key: SLING-7175 > URL: https://issues.apache.org/jira/browse/SLING-7175 > Project: Sling > Issue Type: Improvement > Components: Commons >Affects Versions: File System ClassLoader 1.0.6 >Reporter: Karl Pauls >Assignee: Karl Pauls > Fix For: File System ClassLoader 1.0.8 > > Attachments: SLING-7175.patch > > > FSDynamicClassLoader currently maintains two synchronized sets of class names > that have been loaded ( a "hit" and a "miss" set). That can be a source of > contention when a lot of classes are loaded concurrently. > I think we can optimize this somewhat by a) merging the two sets into one (as > they are never used independently from what I can tell) and b) using a > Collections.newSetFromMap(new ConcurrentHashMap) instead of a > Collections.synchronizedSet(new HashSet()). > Furthermore, the isDirty boolean flag should be volatile as it might be > accessed concurrently. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6667) Convert to OSGi annotations
[ https://issues.apache.org/jira/browse/SLING-6667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-6667. - > Convert to OSGi annotations > --- > > Key: SLING-6667 > URL: https://issues.apache.org/jira/browse/SLING-6667 > Project: Sling > Issue Type: Improvement > Components: Commons >Affects Versions: File System ClassLoader 1.0.6 >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler > Fix For: File System ClassLoader 1.0.8 > > > We should convert to the official OSGi annotations > avoid the usage of PropertiesUtil > Use annotations to specify exported package version/provider type -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [RESULT][VOTE] Release Apache Sling JCR Resource 3.0.8 and File System ClassLoader 1.0.8
Time to call the vote on the Apache Sling Launchpad Base 5.6.10-2.6.26 release. * +1 votes from Carsten Ziegeler, Stefan Seifert, Radu Cotescu, and Karl Pauls. * No other votes. The vote is successful. I will make the artifacts available as soon as possible.
[jira] [Closed] (SLING-7186) Update to Felix Framework 5.6.10 and limit system bundle exports to available packages on java9
[ https://issues.apache.org/jira/browse/SLING-7186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-7186. - > Update to Felix Framework 5.6.10 and limit system bundle exports to available > packages on java9 > --- > > Key: SLING-7186 > URL: https://issues.apache.org/jira/browse/SLING-7186 > Project: Sling > Issue Type: Improvement > Components: Launchpad >Affects Versions: Launchpad Base 2.6.24 >Reporter: Karl Pauls >Assignee: Karl Pauls > Fix For: Launchpad Base 2.6.26 > > > We need to revisit the packages we export from the system bundle as well as > the extension bundles we add when running with java9. The issue is that by > default, starting with java9, we only have java.se modules on the module > path. Our current packages list + extension bundles assumes java.se.ee to be > present (which is not the case unless it is specifically requested via > --add-modules). > We have to investigate what we want to do to remedy this situation - I'll > create subtasks for the actual work (which probably has to include updating > to a Felix 5.6.10 when it is released). -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [VOTE] Release Apache Sling JCR Resource 3.0.8 and File System ClassLoader 1.0.8
+1 regards, Karl On Mon, Nov 20, 2017 at 10:37 AM, Radu Cotescu wrote: > +1 > > On Thu, 16 Nov 2017 at 15:44 Karl Pauls wrote: > >> Please vote to approve these releases: >> >> [ ] +1 Approve the releases >> [ ] 0 Don't care >> [ ] -1 Don't release, because ... >> -- Karl Pauls karlpa...@gmail.com
[jira] [Closed] (SLING-7232) Remove http.bridge from launchpad base
[ https://issues.apache.org/jira/browse/SLING-7232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-7232. - > Remove http.bridge from launchpad base > -- > > Key: SLING-7232 > URL: https://issues.apache.org/jira/browse/SLING-7232 > Project: Sling > Issue Type: Improvement > Components: Launchpad >Reporter: Carsten Ziegeler >Assignee: Karl Pauls > Fix For: Launchpad Base 2.6.26 > > > Currently launchpad base embedds the http.bridge bundle for the webapp setup. > So whenever the http bridge needs an update, we need to release a new > launchpad version. As this is just a bundle which needs to be available in > the webapp scenario we can move this to the provisioning model and bind it to > the webapp runmode. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [RESULT][VOTE] Release Apache Sling Launchpad Base 5.6.10-2.6.26
Time to call the vote on the Apache Sling Launchpad Base 5.6.10-2.6.26 release. * +1 votes from Robert Munteanu, Carsten Ziegeler, Stefan Egli, and Karl Pauls. * No other votes. The vote is successful. I will make the artifacts available as soon as possible.
Re: [VOTE] Release Apache Sling Launchpad Base 5.6.10-2.6.26
+1 regards, Karl On Thu, Nov 16, 2017 at 2:51 PM, Stefan Egli wrote: > +1 > > Cheers, > Stefan > > On 14.11.17, 23:21, "Karl Pauls" wrote: > >>I would like to call a vote on the following release, >> >>Apache Sling Launchpad Base 5.6.10-2.6.26 >> >>We solved 2 issue in this release: >>https://issues.apache.org/jira/projects/SLING/versions/12341546 >> >>Staging repository: >>https://repository.apache.org/content/repositories/orgapachesling-1810/ >> >>You can use this UNIX script to download the release and verify the >>signatures: >>http://svn.apache.org/repos/asf/sling/trunk/check_staged_release.sh >> >>Usage: >>sh check_staged_release.sh 1810 /tmp/sling-staging >> >>Please vote to approve these releases: >> >> [ ] +1 Approve the releases >> [ ] 0 Don't care >> [ ] -1 Don't release, because ... > > -- Karl Pauls karlpa...@gmail.com
[jira] [Closed] (SLING-7069) CompositeHealthcheck combines subchecks with AND instead of OR
[ https://issues.apache.org/jira/browse/SLING-7069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-7069. - > CompositeHealthcheck combines subchecks with AND instead of OR > -- > > Key: SLING-7069 > URL: https://issues.apache.org/jira/browse/SLING-7069 > Project: Sling > Issue Type: Improvement > Components: Health Check >Affects Versions: Health Check Core 1.2.8 >Reporter: Jörg Hoh >Assignee: Justin Edelson > Fix For: Health Check Core 1.2.10 > > > I have a CompositeHealthcheck like this > {code} > http://sling.apache.org/jcr/sling/1.0"; > xmlns:cq="http://www.day.com/jcr/cq/1.0"; > xmlns:jcr="http://www.jcp.org/jcr/1.0"; > xmlns:nt="http://www.jcp.org/jcr/nt/1.0"; > jcr:primaryType="sling:OsgiConfig" > hc.name="Health Checks (Runtime)" > hc.mbean.name="runtime-monitoring" > filter.tags="[tag1,tag2,tag3]" > hc.tags="[runtime-monitoring]" > hc.async.cronExpression="50 0/1 * 1/1 * ? *"/> > {code} > whenever I run a healthcheck on the tag "runtime-monitoring" the healthchecks > tagged with "tag1", "tag2" and "tage3" should be executed. > But whenever I run the healthceck on "runtime-monitoring", noone is executed > at all. > I tracked it down to the fact, that only these healthchecks are executed > which have all tags (tag1,tag2 and tag3) configured. Which of course none of > my tags are. > {code} > 21.08.2017 17:06:00.502 *DEBUG* [HealthCheck Health Checks (Runtime)] > org.apache.sling.hc.util.HealthCheckFilter OSGi service filter in > getTaggedHealthCheckServiceReferences(): > (&(objectClass=org.apache.sling.hc.api.HealthCheck)(hc.tags=tag1)(hc.tags=tag2)(hc.tags=tag3)) > {code} > It seems to me that instead of the AND it should be an OR: > {code} > (&(objectClass=org.apache.sling.hc.api.HealthCheck)(|(hc.tags=tag1)(hc.tags=tag2)(hc.tags=tag3))) > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6946) Make HC servlet send CORS header Access-Control-Allow-Origin
[ https://issues.apache.org/jira/browse/SLING-6946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-6946. - > Make HC servlet send CORS header Access-Control-Allow-Origin > > > Key: SLING-6946 > URL: https://issues.apache.org/jira/browse/SLING-6946 > Project: Sling > Issue Type: Improvement > Components: Health Check >Reporter: Georg Henzler >Assignee: Georg Henzler > Fix For: Health Check Core 1.2.10 > > > There is no reason why the HC servlet should not be allowed to be called from > a webpage that was served from another domain. Hence the header > {{Access-Control-Allow-Origin}} shall be added with a default value {{*}} > (configurable in case it is really needed, but allowing general access as > default makes sense here). > Concrete Use Case: A Jenkins HTML Report that aggregates HC results from > multiple sling instances. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6855) Sticky Results Support
[ https://issues.apache.org/jira/browse/SLING-6855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-6855. - > Sticky Results Support > -- > > Key: SLING-6855 > URL: https://issues.apache.org/jira/browse/SLING-6855 > Project: Sling > Issue Type: New Feature > Components: Health Check >Reporter: Clinton H Goudie-Nice >Assignee: Georg Henzler > Fix For: Health Check Annotations 1.0.6, Health Check Core > 1.2.10, Health Check API 1.0.2 > > > Introduce HC service property {{hc.warningsStickForMinutes}} to allow old > WARN/CRITICAL/HEALTH_CHECK_ERROR results to be sticky (see also > http://sling.markmail.org/thread/tawikgt7bqxvnlj5#query:+page:1+mid:57hhg55hekr7ib33+state:results) > --- Original Request > *Create ResultRegistry to provide health check behavior for executing code > that does not want a HealthCheck* > I want to provide a Registry service that can be leveraged to provide health > check results. > These results can be for a period of time through an expiration, until the > JVM is restarted, or added and later removed. > This can be useful when code observes a specific (possibly bad) state, and > wants to alert through the health check API that this state has taken place. > Some examples: > An event pool has filled, and some events will be thrown away. > This is a failure case that requires a restart of the instance. > It would be appropriate to trigger a permanent failure. > > A quota has been tripped. This quota may immediately recover, but it is > sensible to alert for 30 minutes that the quota has been tripped. > If you expect the failure will clear itself within a certain window, setting > the expiration to that window can be ideal. > GHPR to follow -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6804) Request to allow the health check servlet to directly query a single health check by name
[ https://issues.apache.org/jira/browse/SLING-6804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls closed SLING-6804. - > Request to allow the health check servlet to directly query a single health > check by name > - > > Key: SLING-6804 > URL: https://issues.apache.org/jira/browse/SLING-6804 > Project: Sling > Issue Type: Improvement > Components: Health Check >Reporter: Clinton H Goudie-Nice >Assignee: Justin Edelson >Priority: Minor > Fix For: Health Check Core 1.2.10, Health Check API 1.0.2 > > Attachments: SLING-6804-allow-hc.name-in-hc-urls-simple.patch, > SLING-6804.diff > > > AMS has a request to be able to access an individual health check by name > For example: > http://localhost:4502/system/health/named/Sling%20Get%20Servlet.json > And have it return the results for only this named health check. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [RESULT][VOTE] Release Apache Sling Health Check API 1.0.2, Health Check Core 1.2.10, and Health Check Annotations 1.0.6
Time to call the vote on the Apache Sling Health Check API 1.0.2, Health Check Core 1.2.10, and Health Check Annotations 1.0.6 release. * +1 votes from Stefan Egli, Carsten Ziegeler, Georg Henzler, Radu Cotescu, and Karl Pauls. * No other votes. The vote is successful. I will make the artifacts available as soon as possible.
Re: [VOTE] Release Apache Sling Health Check API 1.0.2, Health Check Core 1.2.10, and Health Check Annotations 1.0.6
+1 regards, Karl On Mon, Nov 20, 2017 at 10:41 AM, Radu Cotescu wrote: > +1 > > On Thu, 16 Nov 2017 at 12:58 Karl Pauls wrote: > >> Please vote to approve these releases: >> >> [ ] +1 Approve the releases >> [ ] 0 Don't care >> [ ] -1 Don't release, because ... >> -- Karl Pauls karlpa...@gmail.com
RE: value level encryption - Donating?
It's all good. I have less meetings today then I normally would and the exercise was beneficial as it got me thinking about other potential vectors. Since the key for this is configurable via the OSGi console I would have taken key rotation as being a business process exercise rather than a technical one. But I don't mind changing it, I'm having a lot of fun with this. To make sure I'm on the same page. The direction right now is AES/CBC/PKCS5Padding but with encrypt and MAC? -Original Message- From: Antonio Sanso [mailto:asa...@adobe.com.INVALID] Sent: Monday, November 20, 2017 3:07 PM To: dev@sling.apache.org Subject: Re: value level encryption - Donating? EXTERNAL hi Jason, I get your point On Nov 20, 2017, at 4:57 PM, Jason Bailey wrote: > Thanks Antonio. I had considered doing GCM, but I hesitated since it's not > listed as a standard transformation that a Java platform must support. As I > couldn't know what platform it would be running on I tried to be as much OOTB > as possible. That desire to be OOTB is also why it's 128bit. My idea was to > provide a generic level of encryption with the assumption that a downstream > implementer would/should implement the EncryptionProvider service to the > level of security their company requires. > > Saying that, if the desire is to have it GCM I will get that implemented. Thanks a lot taking this consideration and speed the implementation. You are right about AES GCM. On top there is also another problem with it. AES GCM uses a nonce of 96 bits. It is vital important to never reuse the same nonce with the same key otherwise the result is a real catastrophe (cryptographically wise). This implies, given the birthday paradox, that we need to rotate the key after 2^48 encryptions. This is a pretty big number but you know the life of the key can be also long. Hence, without key rotation, it wouldn't probably good to ship with this (now I am sorry you already jumped on it and implemented but I did not think you were so fast). Another more conservative approach would be encrypt-than-mac (or we can simply keep AES/CBC as default). An overall observation would be also that given the sensitive topic it would be good to have a more extensive test suite for this feature... my 2 cents regards antonio > > -Original Message- > From: Antonio Sanso [mailto:asa...@adobe.com.INVALID] > Sent: Monday, November 20, 2017 10:29 AM > To: dev@sling.apache.org > Subject: Re: value level encryption - Donating? > > EXTERNAL > > hi Jason, > > thanks a lot for the donation. > I already commented on the issue, just pasting inline part of the > comment though > > On Nov 20, 2017, at 2:50 PM, Jason Bailey wrote: > >> So I'm just about done implementing this. >> >> https://github.com/JEBailey/sling-encrypt >> >> Value level encryption. IV is stored inline so there's no repetition. >> Accessing encrypted data via the EncryptionValueMap will decode it >> automatically on access and will handle automatically encrypting values if >> an encrypted value is updated. >> >> Only problem I had besides catching up on the last 15 years of >> cryptography > > I have seen you have used AES/CBC that is not (extremely) bad. Said that if > we really want to put this in Sling we'd better do things as the state of art > requires. > As rule of thumbs you never (only) encrypt . You'd better add some integrity > check mechanism (eg AES GCM or encrypt-then-mac). > > regards > > antonio > >> was that the downstream application I use has a non configurable whitelist >> filter for post processors that contain an '@' So I had to make the post >> processor configurable. >> >> As mentioned earlier I wrote this with the intention of donating. I tried to >> make it as easy as possible for it to be pulled into where it needs to go. >> >> However I don't know the process for Donating. Can someone point me the way >> or to some documentation? >> >> Thanks. >> -Jason >> >> -Original Message- >> From: Justin Edelson [mailto:jus...@justinedelson.com] >> Sent: Friday, November 03, 2017 3:37 PM >> To: dev@sling.apache.org >> Subject: Re: value level encryption >> >> EXTERNAL >> >> In AEM, posting encrypted properties to /etc/cloudservices is historically >> the primary use case for @Encrypted, but the PostProcessor applies to all >> post requests. >> >> I think this would be a useful addition to Sling. We may want to have some >> kind of SPI to support different encryption schemes, but that's an >> implementation detail. >> >> Regards, >> Justin >> >> >> On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey wrote: >> >>> They only docs I can find on that, assuming we're talking AEM, >>> mentions it only works for posting things into /etc/cloudservices. So >>> that's out. >>> It's been a while, but I'm under the impression that all >>> implementations of the java platform now come with a certain level >>> of crypto >>> >>> https://docs.oracle.com/javase/8/docs/a
Re: value level encryption - Donating?
hi Jason, I get your point On Nov 20, 2017, at 4:57 PM, Jason Bailey wrote: > Thanks Antonio. I had considered doing GCM, but I hesitated since it's not > listed as a standard transformation that a Java platform must support. As I > couldn't know what platform it would be running on I tried to be as much OOTB > as possible. That desire to be OOTB is also why it's 128bit. My idea was to > provide a generic level of encryption with the assumption that a downstream > implementer would/should implement the EncryptionProvider service to the > level of security their company requires. > > Saying that, if the desire is to have it GCM I will get that implemented. Thanks a lot taking this consideration and speed the implementation. You are right about AES GCM. On top there is also another problem with it. AES GCM uses a nonce of 96 bits. It is vital important to never reuse the same nonce with the same key otherwise the result is a real catastrophe (cryptographically wise). This implies, given the birthday paradox, that we need to rotate the key after 2^48 encryptions. This is a pretty big number but you know the life of the key can be also long. Hence, without key rotation, it wouldn’t probably good to ship with this (now I am sorry you already jumped on it and implemented but I did not think you were so fast). Another more conservative approach would be encrypt-than-mac (or we can simply keep AES/CBC as default). An overall observation would be also that given the sensitive topic it would be good to have a more extensive test suite for this feature… my 2 cents regards antonio > > -Original Message- > From: Antonio Sanso [mailto:asa...@adobe.com.INVALID] > Sent: Monday, November 20, 2017 10:29 AM > To: dev@sling.apache.org > Subject: Re: value level encryption - Donating? > > EXTERNAL > > hi Jason, > > thanks a lot for the donation. > I already commented on the issue, just pasting inline part of the comment > though > > On Nov 20, 2017, at 2:50 PM, Jason Bailey wrote: > >> So I'm just about done implementing this. >> >> https://github.com/JEBailey/sling-encrypt >> >> Value level encryption. IV is stored inline so there's no repetition. >> Accessing encrypted data via the EncryptionValueMap will decode it >> automatically on access and will handle automatically encrypting values if >> an encrypted value is updated. >> >> Only problem I had besides catching up on the last 15 years of >> cryptography > > I have seen you have used AES/CBC that is not (extremely) bad. Said that if > we really want to put this in Sling we'd better do things as the state of art > requires. > As rule of thumbs you never (only) encrypt . You'd better add some integrity > check mechanism (eg AES GCM or encrypt-then-mac). > > regards > > antonio > >> was that the downstream application I use has a non configurable whitelist >> filter for post processors that contain an '@' So I had to make the post >> processor configurable. >> >> As mentioned earlier I wrote this with the intention of donating. I tried to >> make it as easy as possible for it to be pulled into where it needs to go. >> >> However I don't know the process for Donating. Can someone point me the way >> or to some documentation? >> >> Thanks. >> -Jason >> >> -Original Message- >> From: Justin Edelson [mailto:jus...@justinedelson.com] >> Sent: Friday, November 03, 2017 3:37 PM >> To: dev@sling.apache.org >> Subject: Re: value level encryption >> >> EXTERNAL >> >> In AEM, posting encrypted properties to /etc/cloudservices is historically >> the primary use case for @Encrypted, but the PostProcessor applies to all >> post requests. >> >> I think this would be a useful addition to Sling. We may want to have some >> kind of SPI to support different encryption schemes, but that's an >> implementation detail. >> >> Regards, >> Justin >> >> >> On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey wrote: >> >>> They only docs I can find on that, assuming we're talking AEM, >>> mentions it only works for posting things into /etc/cloudservices. So >>> that's out. >>> It's been a while, but I'm under the impression that all >>> implementations of the java platform now come with a certain level of >>> crypto >>> >>> https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html >>> >>> I'd probably add a configuration so you could define the level of >>> cryptography, and then that would allow people who needed a higher >>> level to install their own providers. Is this something that Sling >>> would be interested in? Since I'm going to be writing this, if you're >>> interested, I'd rather write it with the intent of directly donating it. >>> >>> >>> >>> -Original Message- >>> From: Justin Edelson [mailto:jus...@justinedelson.com] >>> Sent: Friday, November 03, 2017 1:35 PM >>> To: dev@sling.apache.org >>> Subject: Re: value level encryption >>> >>> EXTERNAL >>> >>> We have this in our comm
[jira] [Commented] (SLING-7255) Donating Sling Resource Encryption Utils
[ https://issues.apache.org/jira/browse/SLING-7255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259745#comment-16259745 ] Jason E Bailey commented on SLING-7255: --- Documentation has been updated in the README. Encryption has been updated to "AES/GCM/NoPadding" Additionally, I extended the API to accept an AAD. EncryptionValueMap uses the property name of the encrypted value as the AAD so that will prevent someone accidentally moving an encrypted value to a different property and exposing the content. > Donating Sling Resource Encryption Utils > > > Key: SLING-7255 > URL: https://issues.apache.org/jira/browse/SLING-7255 > Project: Sling > Issue Type: Task >Reporter: Jason E Bailey > Attachments: sling-encrypt-0.0.2-beta.zip > > > Issue to track donation of Sling resource encryption > Codebase > https://github.com/JEBailey/sling-encrypt > source code is attached with sha1 checksum of > 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-7255) Donating Sling Resource Encryption Utils
[ https://issues.apache.org/jira/browse/SLING-7255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason E Bailey updated SLING-7255: -- Attachment: sling-encrypt-0.0.2-beta.zip sha1 ea1448cab0b96864257783a76aadfab3ca419262 > Donating Sling Resource Encryption Utils > > > Key: SLING-7255 > URL: https://issues.apache.org/jira/browse/SLING-7255 > Project: Sling > Issue Type: Task >Reporter: Jason E Bailey > Attachments: sling-encrypt-0.0.2-beta.zip > > > Issue to track donation of Sling resource encryption > Codebase > https://github.com/JEBailey/sling-encrypt > source code is attached with sha1 checksum of > 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-7255) Donating Sling Resource Encryption Utils
[ https://issues.apache.org/jira/browse/SLING-7255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason E Bailey updated SLING-7255: -- Attachment: (was: sling-encrypt-0.0.1-beta.zip) > Donating Sling Resource Encryption Utils > > > Key: SLING-7255 > URL: https://issues.apache.org/jira/browse/SLING-7255 > Project: Sling > Issue Type: Task >Reporter: Jason E Bailey > > Issue to track donation of Sling resource encryption > Codebase > https://github.com/JEBailey/sling-encrypt > source code is attached with sha1 checksum of > 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-7257) Sling Models injector for resolving paths stored in the repo
[ https://issues.apache.org/jira/browse/SLING-7257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259561#comment-16259561 ] Justin Edelson commented on SLING-7257: --- Leaving aside the Tags-specific piece (which appears to depends upon AEM APIs and so doesn't belong in Sling), how is this different than the existing ResourcePath injector? In terms of the Tags, since AEM Tags are not stored (or at least shouldn't be stored) as traditional paths but rather Tag IDs, the existing ResourcePath injector won't work. This could be submitted to ACS AEM Commons or wcm.io as a contribution. > Sling Models injector for resolving paths stored in the repo > > > Key: SLING-7257 > URL: https://issues.apache.org/jira/browse/SLING-7257 > Project: Sling > Issue Type: New Feature >Affects Versions: Sling Models Impl 1.4.4 >Reporter: Henry Kuijpers > > It would be great to have the ability to store paths in the repository (as a > string or as a string array) and then resolve them with a simple annotation, > instead of having a lot of code in the specific models to do so. > I started working on something that for now only supports resources and tags, > but I think it should actually be possible to delegate the execution of > transforming the resource to any object, using the injectors that are already > available. > I'm not sure if what I made is the way to go, but at least it's a starting > point? > Injector: > {code} > @Component > @Slf4j > public class ResolvePathInjector implements > InjectAnnotationProcessorFactory2, Injector { > @Override > public String getName() { > return "resolve-path"; > } > @Override > public Object getValue(Object adaptable, String name, Type declaredType, > AnnotatedElement element, >DisposalCallbackRegistry callbackRegistry) { > final ResolvePath annotation = > element.getAnnotation(ResolvePath.class); > if (annotation == null) { > return null; > } > final Resource resource = getResource(adaptable); > if (resource == null) { > throw new IllegalArgumentException("Cannot get resource resolver > from adaptable"); > } > final String[] paths = getPaths(annotation, resource); > if (paths == null) { > return null; > } > return getValue(paths, declaredType, resource.getResourceResolver()); > } > private static String[] getPaths(ResolvePath annotation, Resource > resource) { > final ValueMap map = resource.adaptTo(ValueMap.class); > if (map == null) { > return null; > } > final String[] paths = map.get(annotation.name(), String[].class); > if (paths == null || paths.length == 0) { > return null; > } > return paths; > } > private static Object getValue(String[] paths, Type declaredType, > ResourceResolver resourceResolver) { > // TODO: Support more injections! I.e. other sling models > final boolean isTagArray = declaredType == Tag[].class; > final boolean isTag = declaredType == Tag.class; > if (!isTag && !isTagArray) { > return null; > } > final List tags = new ArrayList<>(); > final TagManager tagManager = > resourceResolver.adaptTo(TagManager.class); > if (tagManager != null) { > for (String path : paths) { > final Tag tag = tagManager.resolve(path); > if (tag != null) { > tags.add(tag); > } > } > } > if (isTag && !tags.isEmpty()) { > return tags.get(0); > } > return tags.toArray(new Tag[tags.size()]); > } > private static Resource getResource(Object adaptable) { > Resource resource = null; > if (adaptable instanceof Resource) { > resource = (Resource) adaptable; > } else if (adaptable instanceof SlingHttpServletRequest) { > resource = ((SlingHttpServletRequest) adaptable).getResource(); > } else if (adaptable instanceof Adaptable) { > resource = ((Adaptable)adaptable).adaptTo(Resource.class); > } > return resource; > } > @Override > public InjectAnnotationProcessor2 createAnnotationProcessor(Object > adaptable, AnnotatedElement element) { > // check if the element has the expected annotation > ResolvePath annotation = element.getAnnotation(ResolvePath.class); > if (annotation != null) { > return new ValueAnnotationProcessor(annotation, adaptable); > } > return null; > } > } > {code} > Annotation: > {code} > @Target({ ElementType.FIELD,
[jira] [Created] (SLING-7257) Sling Models injector for resolving paths stored in the repo
Henry Kuijpers created SLING-7257: - Summary: Sling Models injector for resolving paths stored in the repo Key: SLING-7257 URL: https://issues.apache.org/jira/browse/SLING-7257 Project: Sling Issue Type: New Feature Affects Versions: Sling Models Impl 1.4.4 Reporter: Henry Kuijpers It would be great to have the ability to store paths in the repository (as a string or as a string array) and then resolve them with a simple annotation, instead of having a lot of code in the specific models to do so. I started working on something that for now only supports resources and tags, but I think it should actually be possible to delegate the execution of transforming the resource to any object, using the injectors that are already available. I'm not sure if what I made is the way to go, but at least it's a starting point? Injector: {code} @Component @Slf4j public class ResolvePathInjector implements InjectAnnotationProcessorFactory2, Injector { @Override public String getName() { return "resolve-path"; } @Override public Object getValue(Object adaptable, String name, Type declaredType, AnnotatedElement element, DisposalCallbackRegistry callbackRegistry) { final ResolvePath annotation = element.getAnnotation(ResolvePath.class); if (annotation == null) { return null; } final Resource resource = getResource(adaptable); if (resource == null) { throw new IllegalArgumentException("Cannot get resource resolver from adaptable"); } final String[] paths = getPaths(annotation, resource); if (paths == null) { return null; } return getValue(paths, declaredType, resource.getResourceResolver()); } private static String[] getPaths(ResolvePath annotation, Resource resource) { final ValueMap map = resource.adaptTo(ValueMap.class); if (map == null) { return null; } final String[] paths = map.get(annotation.name(), String[].class); if (paths == null || paths.length == 0) { return null; } return paths; } private static Object getValue(String[] paths, Type declaredType, ResourceResolver resourceResolver) { // TODO: Support more injections! I.e. other sling models final boolean isTagArray = declaredType == Tag[].class; final boolean isTag = declaredType == Tag.class; if (!isTag && !isTagArray) { return null; } final List tags = new ArrayList<>(); final TagManager tagManager = resourceResolver.adaptTo(TagManager.class); if (tagManager != null) { for (String path : paths) { final Tag tag = tagManager.resolve(path); if (tag != null) { tags.add(tag); } } } if (isTag && !tags.isEmpty()) { return tags.get(0); } return tags.toArray(new Tag[tags.size()]); } private static Resource getResource(Object adaptable) { Resource resource = null; if (adaptable instanceof Resource) { resource = (Resource) adaptable; } else if (adaptable instanceof SlingHttpServletRequest) { resource = ((SlingHttpServletRequest) adaptable).getResource(); } else if (adaptable instanceof Adaptable) { resource = ((Adaptable)adaptable).adaptTo(Resource.class); } return resource; } @Override public InjectAnnotationProcessor2 createAnnotationProcessor(Object adaptable, AnnotatedElement element) { // check if the element has the expected annotation ResolvePath annotation = element.getAnnotation(ResolvePath.class); if (annotation != null) { return new ValueAnnotationProcessor(annotation, adaptable); } return null; } } {code} Annotation: {code} @Target({ ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER }) @Retention(RetentionPolicy.RUNTIME) @InjectAnnotation @Source("resolve-path") @Qualifier public @interface ResolvePath { String name() default ""; InjectionStrategy injectionStrategy() default InjectionStrategy.DEFAULT; String via() default ""; } {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-7256) Sling Models injector for CAConfig
Henry Kuijpers created SLING-7256: - Summary: Sling Models injector for CAConfig Key: SLING-7256 URL: https://issues.apache.org/jira/browse/SLING-7256 Project: Sling Issue Type: New Feature Affects Versions: Sling Models Impl 1.4.4 Reporter: Henry Kuijpers It would be great to have a Sling Models injector for CAConfig. An example could be: {code} @Component public class ContextAwareConfigurationInjector implements Injector { public String getName() { return "ca-config"; } public Object getValue(Object adaptable, String name, Type declaredType, AnnotatedElement element, DisposalCallbackRegistry callbackRegistry) { if (isConfigurationObject(declaredType)) { final Resource resource; if (adaptable instanceof Resource) { // TODO: Is this always the correct resource? (Most often we want the one in /content) // So we do not want /conf/... for example resource = (Resource) adaptable; } else if (adaptable instanceof SlingHttpServletRequest) { final SlingHttpServletRequest request = (SlingHttpServletRequest)adaptable; final ResourceResolver resourceResolver = request.getResourceResolver(); resource = resourceResolver.resolve(request, request.getRequestURI()); } else { throw new IllegalArgumentException("Either a resource or the request should be used"); } final ConfigurationBuilder builder = resource.adaptTo(ConfigurationBuilder.class); if (builder != null) { return builder.as((Class) declaredType); } } return null; } private static boolean isConfigurationObject(Type type) { if (!(type instanceof Class)) { return false; } Class clazz = (Class) type; return clazz.isAnnotation() && clazz.isAnnotationPresent(Configuration.class); } } {code} + annotation: {code} @Target({ ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER }) @Retention(RetentionPolicy.RUNTIME) @InjectAnnotation @Source("ca-config") @Qualifier public @interface CaConfig { } {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-7256) Sling Models injector for CAConfig
[ https://issues.apache.org/jira/browse/SLING-7256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Henry Kuijpers updated SLING-7256: -- Description: It would be great to have a Sling Models injector for CAConfig. An example could be: {code} @Component public class ContextAwareConfigurationInjector implements Injector { public String getName() { return "ca-config"; } public Object getValue(Object adaptable, String name, Type declaredType, AnnotatedElement element, DisposalCallbackRegistry callbackRegistry) { if (isConfigurationObject(declaredType)) { final Resource resource; if (adaptable instanceof Resource) { resource = (Resource) adaptable; } else if (adaptable instanceof SlingHttpServletRequest) { // TODO: Is this always the correct resource? (Most often we want the one in /content) // So we do not want /conf/... for example final SlingHttpServletRequest request = (SlingHttpServletRequest)adaptable; final ResourceResolver resourceResolver = request.getResourceResolver(); resource = resourceResolver.resolve(request, request.getRequestURI()); } else { throw new IllegalArgumentException("Either a resource or the request should be used"); } final ConfigurationBuilder builder = resource.adaptTo(ConfigurationBuilder.class); if (builder != null) { return builder.as((Class) declaredType); } } return null; } private static boolean isConfigurationObject(Type type) { if (!(type instanceof Class)) { return false; } Class clazz = (Class) type; return clazz.isAnnotation() && clazz.isAnnotationPresent(Configuration.class); } } {code} + annotation: {code} @Target({ ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER }) @Retention(RetentionPolicy.RUNTIME) @InjectAnnotation @Source("ca-config") @Qualifier public @interface CaConfig { } {code} was: It would be great to have a Sling Models injector for CAConfig. An example could be: {code} @Component public class ContextAwareConfigurationInjector implements Injector { public String getName() { return "ca-config"; } public Object getValue(Object adaptable, String name, Type declaredType, AnnotatedElement element, DisposalCallbackRegistry callbackRegistry) { if (isConfigurationObject(declaredType)) { final Resource resource; if (adaptable instanceof Resource) { // TODO: Is this always the correct resource? (Most often we want the one in /content) // So we do not want /conf/... for example resource = (Resource) adaptable; } else if (adaptable instanceof SlingHttpServletRequest) { final SlingHttpServletRequest request = (SlingHttpServletRequest)adaptable; final ResourceResolver resourceResolver = request.getResourceResolver(); resource = resourceResolver.resolve(request, request.getRequestURI()); } else { throw new IllegalArgumentException("Either a resource or the request should be used"); } final ConfigurationBuilder builder = resource.adaptTo(ConfigurationBuilder.class); if (builder != null) { return builder.as((Class) declaredType); } } return null; } private static boolean isConfigurationObject(Type type) { if (!(type instanceof Class)) { return false; } Class clazz = (Class) type; return clazz.isAnnotation() && clazz.isAnnotationPresent(Configuration.class); } } {code} + annotation: {code} @Target({ ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER }) @Retention(RetentionPolicy.RUNTIME) @InjectAnnotation @Source("ca-config") @Qualifier public @interface CaConfig { } {code} > Sling Models injector for CAConfig > -- > > Key: SLING-7256 > URL: https://issues.apache.org/jira/browse/SLING-7256 > Project: Sling > Issue Type: New Feature >Affects Versions: Sling Models Impl 1.4.4 >Reporter: Henry Kuijpers > > It would be great to have a Sling Models injector for CAConfig. > An example could be: > {code} > @Component > public class ContextAwareConfigurationInjector implements Injector { > public String getName() { > return "ca-config"; > } > public Object getValue(Object adaptable, String name, Type declaredType, > AnnotatedElement element, >DisposalCallbackRegistry callbackRegistry) { > if (isConfigurationObject(decl
RE: value level encryption - Donating?
Thanks Antonio. I had considered doing GCM, but I hesitated since it's not listed as a standard transformation that a Java platform must support. As I couldn't know what platform it would be running on I tried to be as much OOTB as possible. That desire to be OOTB is also why it's 128bit. My idea was to provide a generic level of encryption with the assumption that a downstream implementer would/should implement the EncryptionProvider service to the level of security their company requires. Saying that, if the desire is to have it GCM I will get that implemented. -Original Message- From: Antonio Sanso [mailto:asa...@adobe.com.INVALID] Sent: Monday, November 20, 2017 10:29 AM To: dev@sling.apache.org Subject: Re: value level encryption - Donating? EXTERNAL hi Jason, thanks a lot for the donation. I already commented on the issue, just pasting inline part of the comment though On Nov 20, 2017, at 2:50 PM, Jason Bailey wrote: > So I'm just about done implementing this. > > https://github.com/JEBailey/sling-encrypt > > Value level encryption. IV is stored inline so there's no repetition. > Accessing encrypted data via the EncryptionValueMap will decode it > automatically on access and will handle automatically encrypting values if an > encrypted value is updated. > > Only problem I had besides catching up on the last 15 years of > cryptography I have seen you have used AES/CBC that is not (extremely) bad. Said that if we really want to put this in Sling we'd better do things as the state of art requires. As rule of thumbs you never (only) encrypt . You'd better add some integrity check mechanism (eg AES GCM or encrypt-then-mac). regards antonio > was that the downstream application I use has a non configurable whitelist > filter for post processors that contain an '@' So I had to make the post > processor configurable. > > As mentioned earlier I wrote this with the intention of donating. I tried to > make it as easy as possible for it to be pulled into where it needs to go. > > However I don't know the process for Donating. Can someone point me the way > or to some documentation? > > Thanks. > -Jason > > -Original Message- > From: Justin Edelson [mailto:jus...@justinedelson.com] > Sent: Friday, November 03, 2017 3:37 PM > To: dev@sling.apache.org > Subject: Re: value level encryption > > EXTERNAL > > In AEM, posting encrypted properties to /etc/cloudservices is historically > the primary use case for @Encrypted, but the PostProcessor applies to all > post requests. > > I think this would be a useful addition to Sling. We may want to have some > kind of SPI to support different encryption schemes, but that's an > implementation detail. > > Regards, > Justin > > > On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey wrote: > >> They only docs I can find on that, assuming we're talking AEM, >> mentions it only works for posting things into /etc/cloudservices. So that's >> out. >> It's been a while, but I'm under the impression that all >> implementations of the java platform now come with a certain level of >> crypto >> >> https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html >> >> I'd probably add a configuration so you could define the level of >> cryptography, and then that would allow people who needed a higher >> level to install their own providers. Is this something that Sling >> would be interested in? Since I'm going to be writing this, if you're >> interested, I'd rather write it with the intent of directly donating it. >> >> >> >> -Original Message- >> From: Justin Edelson [mailto:jus...@justinedelson.com] >> Sent: Friday, November 03, 2017 1:35 PM >> To: dev@sling.apache.org >> Subject: Re: value level encryption >> >> EXTERNAL >> >> We have this in our commercial product. At a high level, the way it >> works is that there is a PostProcessor which looks for an @Encrypted >> postfixed property and, if that is present, the corresponding >> property is stored in an encrypted fashion. Decryption is all done >> manually, although personally the idea of an EncryptionValueMap seems really >> cool to me. >> >> I believe the challenge in bringing this into Sling relates to the >> encryption libraries. >> >> On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey wrote: >> >>> Here's the use case >>> >>> My organization has decided that to conform to the GDPR, any >>> sensitive data should be encrypted while at rest. From a Sling >>> perspective that is a challenge since we've empowered the authors to >>> create forms the way they want. So to be on the safe side, we're >>> looking at encrypting all form fields as they are persisted, and >>> then decrypting the values from the resource when we need to processes >>> them. >>> >>> Now I'm thinking of an EncryptionValueMap that will simplify this >>> process and encapsulate the functionality. You guys are usually >>> ahead of me when I come up with this stuff and I don't like >>> replicati
Re: value level encryption - Donating?
hi Jason, thanks a lot for the donation. I already commented on the issue, just pasting inline part of the comment though On Nov 20, 2017, at 2:50 PM, Jason Bailey wrote: > So I'm just about done implementing this. > > https://github.com/JEBailey/sling-encrypt > > Value level encryption. IV is stored inline so there's no repetition. > Accessing encrypted data via the EncryptionValueMap will decode it > automatically on access and will handle automatically encrypting values if an > encrypted value is updated. > > Only problem I had besides catching up on the last 15 years of cryptography I have seen you have used AES/CBC that is not (extremely) bad. Said that if we really want to put this in Sling we’d better do things as the state of art requires. As rule of thumbs you never (only) encrypt . You'd better add some integrity check mechanism (eg AES GCM or encrypt-then-mac). regards antonio > was that the downstream application I use has a non configurable whitelist > filter for post processors that contain an '@' So I had to make the post > processor configurable. > > As mentioned earlier I wrote this with the intention of donating. I tried to > make it as easy as possible for it to be pulled into where it needs to go. > > However I don't know the process for Donating. Can someone point me the way > or to some documentation? > > Thanks. > -Jason > > -Original Message- > From: Justin Edelson [mailto:jus...@justinedelson.com] > Sent: Friday, November 03, 2017 3:37 PM > To: dev@sling.apache.org > Subject: Re: value level encryption > > EXTERNAL > > In AEM, posting encrypted properties to /etc/cloudservices is historically > the primary use case for @Encrypted, but the PostProcessor applies to all > post requests. > > I think this would be a useful addition to Sling. We may want to have some > kind of SPI to support different encryption schemes, but that's an > implementation detail. > > Regards, > Justin > > > On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey wrote: > >> They only docs I can find on that, assuming we're talking AEM, >> mentions it only works for posting things into /etc/cloudservices. So that's >> out. >> It's been a while, but I'm under the impression that all >> implementations of the java platform now come with a certain level of >> crypto >> >> https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html >> >> I'd probably add a configuration so you could define the level of >> cryptography, and then that would allow people who needed a higher >> level to install their own providers. Is this something that Sling >> would be interested in? Since I'm going to be writing this, if you're >> interested, I'd rather write it with the intent of directly donating it. >> >> >> >> -Original Message- >> From: Justin Edelson [mailto:jus...@justinedelson.com] >> Sent: Friday, November 03, 2017 1:35 PM >> To: dev@sling.apache.org >> Subject: Re: value level encryption >> >> EXTERNAL >> >> We have this in our commercial product. At a high level, the way it >> works is that there is a PostProcessor which looks for an @Encrypted >> postfixed property and, if that is present, the corresponding property >> is stored in an encrypted fashion. Decryption is all done manually, >> although personally the idea of an EncryptionValueMap seems really cool to >> me. >> >> I believe the challenge in bringing this into Sling relates to the >> encryption libraries. >> >> On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey wrote: >> >>> Here's the use case >>> >>> My organization has decided that to conform to the GDPR, any >>> sensitive data should be encrypted while at rest. From a Sling >>> perspective that is a challenge since we've empowered the authors to >>> create forms the way they want. So to be on the safe side, we're >>> looking at encrypting all form fields as they are persisted, and >>> then decrypting the values from the resource when we need to processes >>> them. >>> >>> Now I'm thinking of an EncryptionValueMap that will simplify this >>> process and encapsulate the functionality. You guys are usually >>> ahead of me when I come up with this stuff and I don't like >>> replicating effort. So is there any functionality currently or >>> planned to handle encryption of resource values? >>> >>> Thanks >>> Jason >>> >>
[jira] [Commented] (SLING-7255) Donating Sling Resource Encryption Utils
[ https://issues.apache.org/jira/browse/SLING-7255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259339#comment-16259339 ] Antonio Sanso commented on SLING-7255: -- [~jebailey] thanks for your donation. Without going to deep into the API layer (other people might comments on it), IMHO would be best to use some way of authenticated encryption rather than AES/CBC. As rule of thumbs you never (only) encrypt . You'd better add some integrity check mechanism (eg AES GCM or encrypt-then-mac) > Donating Sling Resource Encryption Utils > > > Key: SLING-7255 > URL: https://issues.apache.org/jira/browse/SLING-7255 > Project: Sling > Issue Type: Task >Reporter: Jason E Bailey > Attachments: sling-encrypt-0.0.1-beta.zip > > > Issue to track donation of Sling resource encryption > Codebase > https://github.com/JEBailey/sling-encrypt > source code is attached with sha1 checksum of > 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-7255) Donating Sling Resource Encryption Utils
[ https://issues.apache.org/jira/browse/SLING-7255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259294#comment-16259294 ] Robert Munteanu commented on SLING-7255: Great to see this converging towards a donation. [~jebailey] - would you mind updating the documentation with at least - scenarios where it's supposed to help - how to use this bundle And then it would be great if [~asanso] could do a cursory review of the contribution. > Donating Sling Resource Encryption Utils > > > Key: SLING-7255 > URL: https://issues.apache.org/jira/browse/SLING-7255 > Project: Sling > Issue Type: Task >Reporter: Jason E Bailey > Attachments: sling-encrypt-0.0.1-beta.zip > > > Issue to track donation of Sling resource encryption > Codebase > https://github.com/JEBailey/sling-encrypt > source code is attached with sha1 checksum of > 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-7254) Donating Sling Resource Encryption Utils
Jason E Bailey created SLING-7254: - Summary: Donating Sling Resource Encryption Utils Key: SLING-7254 URL: https://issues.apache.org/jira/browse/SLING-7254 Project: Sling Issue Type: Task Reporter: Jason E Bailey Attachments: sling-encrypt-0.0.1-beta.zip Issue to track donation of Sling resource encryption Codebase https://github.com/JEBailey/sling-encrypt source code is attached with sha1 checksum of 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-7255) Donating Sling Resource Encryption Utils
Jason E Bailey created SLING-7255: - Summary: Donating Sling Resource Encryption Utils Key: SLING-7255 URL: https://issues.apache.org/jira/browse/SLING-7255 Project: Sling Issue Type: Task Reporter: Jason E Bailey Attachments: sling-encrypt-0.0.1-beta.zip Issue to track donation of Sling resource encryption Codebase https://github.com/JEBailey/sling-encrypt source code is attached with sha1 checksum of 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[GitHub] chetanmeh commented on issue #1: SLING-3049 - Make Logback Stacktrace Packaging data support OSGi aware
chetanmeh commented on issue #1: SLING-3049 - Make Logback Stacktrace Packaging data support OSGi aware URL: https://github.com/apache/sling-org-apache-sling-commons-log/pull/1#issuecomment-345706219 Changes merged to master via rebase This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Commented] (SLING-3049) Make Logback Stacktrace Packaging data support OSGi aware
[ https://issues.apache.org/jira/browse/SLING-3049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259265#comment-16259265 ] ASF GitHub Bot commented on SLING-3049: --- chetanmeh commented on issue #1: SLING-3049 - Make Logback Stacktrace Packaging data support OSGi aware URL: https://github.com/apache/sling-org-apache-sling-commons-log/pull/1#issuecomment-345706219 Changes merged to master via rebase This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Make Logback Stacktrace Packaging data support OSGi aware > - > > Key: SLING-3049 > URL: https://issues.apache.org/jira/browse/SLING-3049 > Project: Sling > Issue Type: Improvement > Components: Commons >Reporter: Chetan Mehrotra >Assignee: Chetan Mehrotra > Labels: logback > Fix For: Commons Log 5.0.4 > > Attachments: SLING-3049.patch, > buildbot-exceptions-while-stopping-jetty.txt > > > Logback provides a useful feature where it dumps the Class packaging Data > along with the stacktrace [1]. This provides a quick view of the location > from where classes in a given stacktrace are coming. Its default logic does > not work properly in OSGi env. Hence it would be useful to patch its logic to > become OSGi aware > [1] http://logback.qos.ch/reasonsToSwitch.html#packagingData -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-3049) Make Logback Stacktrace Packaging data support OSGi aware
[ https://issues.apache.org/jira/browse/SLING-3049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259264#comment-16259264 ] ASF GitHub Bot commented on SLING-3049: --- chetanmeh closed pull request #1: SLING-3049 - Make Logback Stacktrace Packaging data support OSGi aware URL: https://github.com/apache/sling-org-apache-sling-commons-log/pull/1 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Make Logback Stacktrace Packaging data support OSGi aware > - > > Key: SLING-3049 > URL: https://issues.apache.org/jira/browse/SLING-3049 > Project: Sling > Issue Type: Improvement > Components: Commons >Reporter: Chetan Mehrotra >Assignee: Chetan Mehrotra > Labels: logback > Fix For: Commons Log 5.0.4 > > Attachments: SLING-3049.patch, > buildbot-exceptions-while-stopping-jetty.txt > > > Logback provides a useful feature where it dumps the Class packaging Data > along with the stacktrace [1]. This provides a quick view of the location > from where classes in a given stacktrace are coming. Its default logic does > not work properly in OSGi env. Hence it would be useful to patch its logic to > become OSGi aware > [1] http://logback.qos.ch/reasonsToSwitch.html#packagingData -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[GitHub] chetanmeh closed pull request #1: SLING-3049 - Make Logback Stacktrace Packaging data support OSGi aware
chetanmeh closed pull request #1: SLING-3049 - Make Logback Stacktrace Packaging data support OSGi aware URL: https://github.com/apache/sling-org-apache-sling-commons-log/pull/1 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Resolved] (SLING-3049) Make Logback Stacktrace Packaging data support OSGi aware
[ https://issues.apache.org/jira/browse/SLING-3049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chetan Mehrotra resolved SLING-3049. Resolution: Fixed Fix Version/s: Commons Log 5.0.4 Merged the changes to master. Feature is disabled by default and can be enabled by setting config/framework property "org.apache.sling.commons.log.packagingDataEnabled" to true > Make Logback Stacktrace Packaging data support OSGi aware > - > > Key: SLING-3049 > URL: https://issues.apache.org/jira/browse/SLING-3049 > Project: Sling > Issue Type: Improvement > Components: Commons >Reporter: Chetan Mehrotra >Assignee: Chetan Mehrotra > Labels: logback > Fix For: Commons Log 5.0.4 > > Attachments: SLING-3049.patch, > buildbot-exceptions-while-stopping-jetty.txt > > > Logback provides a useful feature where it dumps the Class packaging Data > along with the stacktrace [1]. This provides a quick view of the location > from where classes in a given stacktrace are coming. Its default logic does > not work properly in OSGi env. Hence it would be useful to patch its logic to > become OSGi aware > [1] http://logback.qos.ch/reasonsToSwitch.html#packagingData -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: value level encryption - Donating?
Hi Jason, please first create an according JIRA and link the PR there. Thanks, Konrad > On 20. Nov 2017, at 14:50, Jason Bailey wrote: > > So I'm just about done implementing this. > > https://github.com/JEBailey/sling-encrypt > > Value level encryption. IV is stored inline so there's no repetition. > Accessing encrypted data via the EncryptionValueMap will decode it > automatically on access and will handle automatically encrypting values if an > encrypted value is updated. > > Only problem I had besides catching up on the last 15 years of cryptography > was that the downstream application I use has a non configurable whitelist > filter for post processors that contain an '@' So I had to make the post > processor configurable. > > As mentioned earlier I wrote this with the intention of donating. I tried to > make it as easy as possible for it to be pulled into where it needs to go. > > However I don't know the process for Donating. Can someone point me the way > or to some documentation? > > Thanks. > -Jason > > -Original Message- > From: Justin Edelson [mailto:jus...@justinedelson.com] > Sent: Friday, November 03, 2017 3:37 PM > To: dev@sling.apache.org > Subject: Re: value level encryption > > EXTERNAL > > In AEM, posting encrypted properties to /etc/cloudservices is historically > the primary use case for @Encrypted, but the PostProcessor applies to all > post requests. > > I think this would be a useful addition to Sling. We may want to have some > kind of SPI to support different encryption schemes, but that's an > implementation detail. > > Regards, > Justin > > > On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey wrote: > >> They only docs I can find on that, assuming we're talking AEM, >> mentions it only works for posting things into /etc/cloudservices. So that's >> out. >> It's been a while, but I'm under the impression that all >> implementations of the java platform now come with a certain level of >> crypto >> >> https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html >> >> I'd probably add a configuration so you could define the level of >> cryptography, and then that would allow people who needed a higher >> level to install their own providers. Is this something that Sling >> would be interested in? Since I'm going to be writing this, if you're >> interested, I'd rather write it with the intent of directly donating it. >> >> >> >> -Original Message- >> From: Justin Edelson [mailto:jus...@justinedelson.com] >> Sent: Friday, November 03, 2017 1:35 PM >> To: dev@sling.apache.org >> Subject: Re: value level encryption >> >> EXTERNAL >> >> We have this in our commercial product. At a high level, the way it >> works is that there is a PostProcessor which looks for an @Encrypted >> postfixed property and, if that is present, the corresponding property >> is stored in an encrypted fashion. Decryption is all done manually, >> although personally the idea of an EncryptionValueMap seems really cool to >> me. >> >> I believe the challenge in bringing this into Sling relates to the >> encryption libraries. >> >> On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey wrote: >> >>> Here's the use case >>> >>> My organization has decided that to conform to the GDPR, any >>> sensitive data should be encrypted while at rest. From a Sling >>> perspective that is a challenge since we've empowered the authors to >>> create forms the way they want. So to be on the safe side, we're >>> looking at encrypting all form fields as they are persisted, and >>> then decrypting the values from the resource when we need to processes >>> them. >>> >>> Now I'm thinking of an EncryptionValueMap that will simplify this >>> process and encapsulate the functionality. You guys are usually >>> ahead of me when I come up with this stuff and I don't like >>> replicating effort. So is there any functionality currently or >>> planned to handle encryption of resource values? >>> >>> Thanks >>> Jason >>> >>
RE: value level encryption - Donating?
So I'm just about done implementing this. https://github.com/JEBailey/sling-encrypt Value level encryption. IV is stored inline so there's no repetition. Accessing encrypted data via the EncryptionValueMap will decode it automatically on access and will handle automatically encrypting values if an encrypted value is updated. Only problem I had besides catching up on the last 15 years of cryptography was that the downstream application I use has a non configurable whitelist filter for post processors that contain an '@' So I had to make the post processor configurable. As mentioned earlier I wrote this with the intention of donating. I tried to make it as easy as possible for it to be pulled into where it needs to go. However I don't know the process for Donating. Can someone point me the way or to some documentation? Thanks. -Jason -Original Message- From: Justin Edelson [mailto:jus...@justinedelson.com] Sent: Friday, November 03, 2017 3:37 PM To: dev@sling.apache.org Subject: Re: value level encryption EXTERNAL In AEM, posting encrypted properties to /etc/cloudservices is historically the primary use case for @Encrypted, but the PostProcessor applies to all post requests. I think this would be a useful addition to Sling. We may want to have some kind of SPI to support different encryption schemes, but that's an implementation detail. Regards, Justin On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey wrote: > They only docs I can find on that, assuming we're talking AEM, > mentions it only works for posting things into /etc/cloudservices. So that's > out. > It's been a while, but I'm under the impression that all > implementations of the java platform now come with a certain level of > crypto > > https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html > > I'd probably add a configuration so you could define the level of > cryptography, and then that would allow people who needed a higher > level to install their own providers. Is this something that Sling > would be interested in? Since I'm going to be writing this, if you're > interested, I'd rather write it with the intent of directly donating it. > > > > -Original Message- > From: Justin Edelson [mailto:jus...@justinedelson.com] > Sent: Friday, November 03, 2017 1:35 PM > To: dev@sling.apache.org > Subject: Re: value level encryption > > EXTERNAL > > We have this in our commercial product. At a high level, the way it > works is that there is a PostProcessor which looks for an @Encrypted > postfixed property and, if that is present, the corresponding property > is stored in an encrypted fashion. Decryption is all done manually, > although personally the idea of an EncryptionValueMap seems really cool to me. > > I believe the challenge in bringing this into Sling relates to the > encryption libraries. > > On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey wrote: > > > Here's the use case > > > > My organization has decided that to conform to the GDPR, any > > sensitive data should be encrypted while at rest. From a Sling > > perspective that is a challenge since we've empowered the authors to > > create forms the way they want. So to be on the safe side, we're > > looking at encrypting all form fields as they are persisted, and > > then decrypting the values from the resource when we need to processes > > them. > > > > Now I'm thinking of an EncryptionValueMap that will simplify this > > process and encapsulate the functionality. You guys are usually > > ahead of me when I come up with this stuff and I don't like > > replicating effort. So is there any functionality currently or > > planned to handle encryption of resource values? > > > > Thanks > > Jason > > >
[jira] [Created] (SLING-7253) Upgrade Karaf to 4.2
Oliver Lietz created SLING-7253: --- Summary: Upgrade Karaf to 4.2 Key: SLING-7253 URL: https://issues.apache.org/jira/browse/SLING-7253 Project: Sling Issue Type: Task Components: Karaf Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Karaf Features 0.2.0, Karaf Integration Tests 0.2.0, Karaf Distribution 0.2.0, Karaf Launchpad Integration Tests (Oak Tar) 0.0.2 [\[ANN\] Apache Karaf "Container" 4.2.0.M1 has been released !|https://lists.apache.org/thread.html/cb12c5f5bc3c78422a523b44afc23195d9d353e4bd2fd5a62d1baa1c@%3Cdev.karaf.apache.org%3E] -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-7244) Correct require capability for http whiteboard
[ https://issues.apache.org/jira/browse/SLING-7244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-7244: - Fix Version/s: (was: Security 1.1.8) Security 1.1.10 > Correct require capability for http whiteboard > -- > > Key: SLING-7244 > URL: https://issues.apache.org/jira/browse/SLING-7244 > Project: Sling > Issue Type: Bug > Components: Engine, Extensions >Affects Versions: i18n 2.5.8, Feature Flags 1.2.0, Engine 2.6.8, Security > 1.1.6 >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler > Fix For: Feature Flags 1.2.2, Engine 2.6.10, Security 1.1.10, > i18n 2.5.10 > > > The require capability should not use a fixed version but a version range, > otherwise it will not resolve once we update the http implementation -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-7218) NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate
[ https://issues.apache.org/jira/browse/SLING-7218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-7218. > NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate > --- > > Key: SLING-7218 > URL: https://issues.apache.org/jira/browse/SLING-7218 > Project: Sling > Issue Type: Bug > Components: Extensions >Affects Versions: Security 1.1.4 >Reporter: Antonio Sanso >Assignee: Konrad Windszus > Fix For: Security 1.1.8 > > > {noformat} > 09.10.2017 07:05:55.216 *ERROR* [FelixStartLevel] org.apache.sling.security > [org.apache.sling.security.impl.ContentDispositionFilter(96)] The activate > method has thrown an exception (java.lang.NullPointerException) > java.lang.NullPointerException: null > at java.util.Objects.requireNonNull(Objects.java:203) > at java.util.Arrays$ArrayList.(Arrays.java:3813) > at java.util.Arrays.asList(Arrays.java:3800) > 09.10.2017 07:05:55.219 *ERROR* [FelixDispatchQueue] org.apache.sling.engine > FrameworkEvent ERROR (org.osgi.framework.ServiceException: Service factory > returned null. (Component: > org.apache.sling.security.impl.ContentDispositionFilter (96))) > org.osgi.framework.ServiceException: Service factory returned null. > (Component: org.apache.sling.security.impl.ContentDispositionFilter (96)) > at > org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:380) > at > org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:247) > at > org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-7219) Add scope forward to ContentDispositionFilter
[ https://issues.apache.org/jira/browse/SLING-7219?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-7219. > Add scope forward to ContentDispositionFilter > - > > Key: SLING-7219 > URL: https://issues.apache.org/jira/browse/SLING-7219 > Project: Sling > Issue Type: Improvement > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Security 1.1.8 > > > The {{ContentDispositionFilter}} sets the filter scope to request > {code} > @Component(property={"sling.filter.scope=request", > "service.ranking:Integer=25000"}) > {code} > it would be good to add as well the scope forward -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (SLING-7252) ResourceResolverImpl.map() does not invoke ResourceDecorator
[ https://issues.apache.org/jira/browse/SLING-7252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls reassigned SLING-7252: - Assignee: Karl Pauls > ResourceResolverImpl.map() does not invoke ResourceDecorator > > > Key: SLING-7252 > URL: https://issues.apache.org/jira/browse/SLING-7252 > Project: Sling > Issue Type: Bug > Components: ResourceResolver >Affects Versions: Resource Resolver 1.4.16, Resource Resolver 1.5.30 >Reporter: Francisco Chicharro >Assignee: Karl Pauls > Fix For: Resource Resolver 1.5.32 > > Attachments: resourceresolverimpl.patch > > > ResourceDecorators are invoked by ResourceResolverImpl for resource > resolution but not for mapping. > I'm experiencing this issue with version 1.4.16, but the issue is also there > for latest version 1.5.30. > I'm attaching a patch for 1.4.16 version. > CC: [~cziegeler] -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[RESULT][VOTE] Release Apache Sling Security 1.1.8
The vote passed with 4 binding +1s regards antonio
Re: [VOTE] Release Apache Sling Health Check API 1.0.2, Health Check Core 1.2.10, and Health Check Annotations 1.0.6
+1 On Thu, 16 Nov 2017 at 12:58 Karl Pauls wrote: > Please vote to approve these releases: > > [ ] +1 Approve the releases > [ ] 0 Don't care > [ ] -1 Don't release, because ... >
Re: [VOTE] Release Apache Sling JCR Resource 3.0.8 and File System ClassLoader 1.0.8
+1 On Thu, 16 Nov 2017 at 15:44 Karl Pauls wrote: > Please vote to approve these releases: > > [ ] +1 Approve the releases > [ ] 0 Don't care > [ ] -1 Don't release, because ... >
[jira] [Updated] (SLING-7252) ResourceResolverImpl.map() does not invoke ResourceDecorator
[ https://issues.apache.org/jira/browse/SLING-7252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-7252: Component/s: ResourceResolver > ResourceResolverImpl.map() does not invoke ResourceDecorator > > > Key: SLING-7252 > URL: https://issues.apache.org/jira/browse/SLING-7252 > Project: Sling > Issue Type: Bug > Components: ResourceResolver >Affects Versions: Resource Resolver 1.4.16, Resource Resolver 1.5.30 >Reporter: Francisco Chicharro > Fix For: Resource Resolver 1.5.32 > > Attachments: resourceresolverimpl.patch > > > ResourceDecorators are invoked by ResourceResolverImpl for resource > resolution but not for mapping. > I'm experiencing this issue with version 1.4.16, but the issue is also there > for latest version 1.5.30. > I'm attaching a patch for 1.4.16 version. > CC: [~cziegeler] -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-7252) ResourceResolverImpl.map() does not invoke ResourceDecorator
[ https://issues.apache.org/jira/browse/SLING-7252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-7252: Fix Version/s: Resource Resolver 1.5.32 > ResourceResolverImpl.map() does not invoke ResourceDecorator > > > Key: SLING-7252 > URL: https://issues.apache.org/jira/browse/SLING-7252 > Project: Sling > Issue Type: Bug >Affects Versions: Resource Resolver 1.4.16, Resource Resolver 1.5.30 >Reporter: Francisco Chicharro > Fix For: Resource Resolver 1.5.32 > > Attachments: resourceresolverimpl.patch > > > ResourceDecorators are invoked by ResourceResolverImpl for resource > resolution but not for mapping. > I'm experiencing this issue with version 1.4.16, but the issue is also there > for latest version 1.5.30. > I'm attaching a patch for 1.4.16 version. > CC: [~cziegeler] -- This message was sent by Atlassian JIRA (v6.4.14#64029)
RE: [VOTE] Release Apache Sling JCR Resource 3.0.8 and File System ClassLoader 1.0.8
+1
[jira] [Created] (SLING-7252) ResourceResolverImpl.map() does not invoke ResourceDecorator
Francisco Chicharro created SLING-7252: -- Summary: ResourceResolverImpl.map() does not invoke ResourceDecorator Key: SLING-7252 URL: https://issues.apache.org/jira/browse/SLING-7252 Project: Sling Issue Type: Bug Affects Versions: Resource Resolver 1.5.30, Resource Resolver 1.4.16 Reporter: Francisco Chicharro Attachments: resourceresolverimpl.patch ResourceDecorators are invoked by ResourceResolverImpl for resource resolution but not for mapping. I'm experiencing this issue with version 1.4.16, but the issue is also there for latest version 1.5.30. I'm attaching a patch for 1.4.16 version. CC: [~cziegeler] -- This message was sent by Atlassian JIRA (v6.4.14#64029)