Re: multiple Servlets registered for resourceTypes sling/servlet/default

[Felix Meschberger]

Hi Mike,

Mike Müller schrieb:
 Hi
 
 If you register an own Servlet which should be used as default servlet you 
 can register it with
 
 sling.servlet.resourceTypes=sling/servlet/default
 sling.servlet.methods=GET
 (if it should work only for GET requests)
 
 If I upload a bundle with such a Servlet (call it MyServlet) in Sling 
 everything seems to be fine, the GET requests are dispatched by the 
 MyServlet. But after a restart of Sling it's a random luck which Servlet (the 
 DefaultGetServlet or the MyServlet) will dispatch the request. Shouldn't 
 there be a way to mark a Servlet as the one with higher priority. There is 
 the getWeightedResources method on the ResourceCollector, but this doesn't 
 help, because neither Servlet has more weight. In my case I would like to 
 install a Servlet which implements the OptingServlet and gets all requests 
 first to decide if the DefaultGetServlet should handle the request or if it 
 should be handled by the MyServlet itself.

Frankly, this ain't gonna work: you cannot reliably register two
servlets with the same setup. For this reason you can only replace the
DefaultGetServlet by removing the o.a.sling.serlvets.get bundle.

I presume, that this is not an option, though ;-)

Now my question is: what functionality do you implement in your special
generic GET servlet, which is missing from the Sling DefaultGetServlet.
Could there be a chance of plugging your required functionality into the
DefaultGetServlet ?

Another option would be that you create your own servlet extending from
the DefaultGetServlet. You then create a bundle with your own code
merged with the contents of the o.a.sling.servlets.get bundle and only
install your own bundle. But I suggest, we first explore the first option.

Regards
Felix

[jira] Created: (SLING-938) Refine initiaition of the authentication process

[Felix Meschberger (JIRA)]

Refine initiaition of the authentication process


 Key: SLING-938
 URL: https://issues.apache.org/jira/browse/SLING-938
 Project: Sling
  Issue Type: Improvement
  Components: Engine
Affects Versions: Engine 2.0.2
Reporter: Felix Meschberger
Assignee: Felix Meschberger
 Fix For: Engine 2.0.4


Currently the authentication process can only be initiated by explicitly 
calling a login page provided by some AuthenticationHandler implementation 
bundle. There is no way to initiate the authentication process from within a 
servlet or script (e.g. to have the user log in a 404/NOT FOUND error handler).

To support this kind of functionality the existing 
SlingAuthenticator.requestAuthentcation method should be publicly accessible 
through Service interface. Servlets or scripts which want to request 
authentication from the client for the current request may then call this 
service method.

This method applies the same authentication handler selection algorithm for the 
given HttpServletRequest object as it does for finding the authentication 
handler in the authenticate process. This ensures, that for a given request, 
the appropriate authentication handler is called which is then able to initiate 
authentication appropriately, for example by drawing a form.

For full details refer to 
http://cwiki.apache.org/SLING/authentication-initiation.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (SLING-939) Adapt the Http Authenticator to the refined authentication process

[Felix Meschberger (JIRA)]

Adapt the Http Authenticator to the refined authentication process
--

 Key: SLING-939
 URL: https://issues.apache.org/jira/browse/SLING-939
 Project: Sling
  Issue Type: Sub-task
  Components: Extensions
Affects Versions: Extensions httpauth 2.0.2
Reporter: Felix Meschberger
Assignee: Felix Meschberger


Adapt the HTTP Header authentication handler to the new refined authenticaiton 
initiation processing implemented by SLING-938.

Tasks: 
  * The LoginServlet calls the new requestAuthentication service method
  * requestAuthentication method will now draw the login form

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-938) Refine initiaition of the authentication process

[Felix Meschberger (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SLING-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Meschberger resolved SLING-938.
-

Resolution: Fixed

Implemented a new Authenticator interface with (currently) a single method:

   login(HttpServletRequest, HttpServletResponse)

which may called to ask the client to login.

Note: I renamed the method from the initial proposal requestAuthentication to 
login, since it sounds more appropriate and any future extension to also 
support logging out would then just add a logout method.

 Refine initiaition of the authentication process
 

 Key: SLING-938
 URL: https://issues.apache.org/jira/browse/SLING-938
 Project: Sling
  Issue Type: Improvement
  Components: Engine
Affects Versions: Engine 2.0.2
Reporter: Felix Meschberger
Assignee: Felix Meschberger
 Fix For: Engine 2.0.4


 Currently the authentication process can only be initiated by explicitly 
 calling a login page provided by some AuthenticationHandler implementation 
 bundle. There is no way to initiate the authentication process from within a 
 servlet or script (e.g. to have the user log in a 404/NOT FOUND error 
 handler).
 To support this kind of functionality the existing 
 SlingAuthenticator.requestAuthentcation method should be publicly accessible 
 through Service interface. Servlets or scripts which want to request 
 authentication from the client for the current request may then call this 
 service method.
 This method applies the same authentication handler selection algorithm for 
 the given HttpServletRequest object as it does for finding the authentication 
 handler in the authenticate process. This ensures, that for a given request, 
 the appropriate authentication handler is called which is then able to 
 initiate authentication appropriately, for example by drawing a form.
 For full details refer to 
 http://cwiki.apache.org/SLING/authentication-initiation.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Restricting SlingRepository.loginAdministrative()? (was: Security in Sling)

[Bertrand Delacretaz]

Hi,

On Wed, Apr 22, 2009 at 6:22 PM, Rory Douglas rory.doug...@oracle.com wrote:
 Bertrand Delacretaz wrote:
 2) Prevent legitimate scripts from messing up with the system
 An variant of 2) just showed up in the Accessing JCR thread.  Looks like
 anyone that can upload a script can do the following:

 sling:defineObjects/
 %
   SlingRepository repo = sling.getService(SlingRepository.class);
   Session superSession = repo.loginAdministrative(null);
   // and then do anything, like
   superSession.getRootNode().remove();
 %

loginAdministrative is fine for trusted code, but you're right that we
might want to restrict it.

Not sure how to best approach this...what do people think?

-Bertrand

[jira] Commented: (SLING-939) Adapt the Http Authenticator to the refined authentication process

[Felix Meschberger (JIRA)]

[ 
https://issues.apache.org/jira/browse/SLING-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12701850#action_12701850
 ] 

Felix Meschberger commented on SLING-939:
-

Updated reference to the HTTP Header Authentication Handler bundle in Rev. 
767855 of the launchpad/bundles pom

 Adapt the Http Authenticator to the refined authentication process
 --

 Key: SLING-939
 URL: https://issues.apache.org/jira/browse/SLING-939
 Project: Sling
  Issue Type: Sub-task
  Components: Extensions
Affects Versions: Extensions httpauth 2.0.2
Reporter: Felix Meschberger
Assignee: Felix Meschberger

 Adapt the HTTP Header authentication handler to the new refined 
 authenticaiton initiation processing implemented by SLING-938.
 Tasks: 
   * The LoginServlet calls the new requestAuthentication service method
   * requestAuthentication method will now draw the login form

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: Restricting SlingRepository.loginAdministrative()? (was: Security in Sling)

[Felix Meschberger]

Hi,

Bertrand Delacretaz schrieb:
 Hi,
 
 On Wed, Apr 22, 2009 at 6:22 PM, Rory Douglas rory.doug...@oracle.com wrote:
 Bertrand Delacretaz wrote:
 2) Prevent legitimate scripts from messing up with the system
 An variant of 2) just showed up in the Accessing JCR thread.  Looks like
 anyone that can upload a script can do the following:

 sling:defineObjects/
 %
   SlingRepository repo = sling.getService(SlingRepository.class);
   Session superSession = repo.loginAdministrative(null);
   // and then do anything, like
   superSession.getRootNode().remove();
 %
 
 loginAdministrative is fine for trusted code, but you're right that we
 might want to restrict it.
 
 Not sure how to best approach this...what do people think?

In terms of OPSGi and Java Security, the best approach would probably be
 to guard this method by the SecurityManager and introduce a Permission
for this.

Regards
Felix

Content Technology track at the ApacheCon US 2009

[Jukka Zitting]

Hi,

[Sorry again for cross-posting, perhaps we should set up a
jcr-interest@ mailing list somewhere]

The ApacheCon planners are asking for Apache projects to self-organize
content for the upcoming ApacheCon US in November this year. It would
be cool to have a track related to content repositories and content
management. Jackrabbit and Sling would form a nice core for such a
track, but we could also include sessions on things like Chemistry and
other related projects.

The planners would like an indication of interest ASAP, so I will
contact them about this if people think it's a good idea. In previous
ApacheCons we've typically had a few related presentations and a BoF
session or a Meetup. Based on that I think we could well organize
something like a half-day track of presentations and workshops
followed by a more informal community meetup in the evening.

BR,

Jukka Zitting

[jira] Commented: (SLING-939) Adapt the Http Authenticator to the refined authentication process

[Felix Meschberger (JIRA)]

[ 
https://issues.apache.org/jira/browse/SLING-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12701879#action_12701879
 ] 

Felix Meschberger commented on SLING-939:
-

No, not at the moment, since you cannot replace bundle content with a fragment, 
just ammend. In this case it would have to be replacement.

What I would envision to make the form for this handler configurable is to 
actually place it in the repository where it might be modified, replaced, 
whatever ...

But this requires more thinking about the protocol and much more importandly: 
documentation of the protocol.

 Adapt the Http Authenticator to the refined authentication process
 --

 Key: SLING-939
 URL: https://issues.apache.org/jira/browse/SLING-939
 Project: Sling
  Issue Type: Sub-task
  Components: Extensions
Affects Versions: Extensions httpauth 2.0.2
Reporter: Felix Meschberger
Assignee: Felix Meschberger

 Adapt the HTTP Header authentication handler to the new refined 
 authenticaiton initiation processing implemented by SLING-938.
 Tasks: 
   * The LoginServlet calls the new requestAuthentication service method
   * requestAuthentication method will now draw the login form

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

AW: multiple Servlets registered for resourceTypes sling/servlet/default

[Mike Müller]

  If you register an own Servlet which should be used as
 default servlet you can register it with
 
  sling.servlet.resourceTypes=sling/servlet/default
  sling.servlet.methods=GET
  (if it should work only for GET requests)
 
  If I upload a bundle with such a Servlet (call it
  MyServlet) in Sling everything seems to be fine, the GET
  requests are dispatched by the MyServlet. But after a restart
  of Sling it's a random luck which Servlet (the
  DefaultGetServlet or the MyServlet) will dispatch the
  request. Shouldn't there be a way to mark a Servlet as the
  one with higher priority. There is the getWeightedResources
  method on the ResourceCollector, but this doesn't help,
  because neither Servlet has more weight. In my case I would
  like to install a Servlet which implements the OptingServlet
  and gets all requests first to decide if the
  DefaultGetServlet should handle the request or if it should
  be handled by the MyServlet itself.

 Frankly, this ain't gonna work: you cannot reliably register two
 servlets with the same setup. For this reason you can only replace the
 DefaultGetServlet by removing the o.a.sling.serlvets.get bundle.

 I presume, that this is not an option, though ;-)

 Now my question is: what functionality do you implement in
 your special
 generic GET servlet, which is missing from the Sling
 DefaultGetServlet.
 Could there be a chance of plugging your required
 functionality into the
 DefaultGetServlet ?

 Another option would be that you create your own servlet
 extending from
 the DefaultGetServlet. You then create a bundle with your own code
 merged with the contents of the o.a.sling.servlets.get bundle and only
 install your own bundle. But I suggest, we first explore the
 first option.

Hi Felix

What I try tio achieve is run some legacy stuff shoulder to shoulder with
new stuff which entirely is built on Sling. So the MyServlet (or call it
LegacyServlet) should check (as OptingServlet) if the request is a call
to the legacy stuff and handle it in this case. If not, accepts() on the
LegacyServlet should return false and the request should be handled by the
default Servlets of Sling (or any other registered Servlet for the request).
So plugging in the functionality to the existing DefaultGetServlet and the
SlingPostServlet is probably not the solution.
Extending from the existing default Servlets seems to fit better in this case.
Maybe also Filters could help in this case, but as far as I understood filters
are not preprocessed in a Sling standalone app, so the solution with filters
would be bound to using Sling in a Servlet container (which I do not prefer!).

is there any other possability?

best regards
mike

Re: Content Technology track at the ApacheCon US 2009

[Paolo Mottadelli]

Hi,

On Thu, Apr 23, 2009 at 11:37 AM, Jukka Zitting jukka.zitt...@gmail.com wrote:
 It would
 be cool to have a track related to content repositories and content
 management

I like your idea. This is based on the same idea of the
'Interoperability' one, that I mentioned some days ago.

 Jackrabbit and Sling would form a nice core for such a
 track, but we could also include sessions on things like Chemistry and
 other related projects.

POI is often used in CM contexts and products; do you think that such
a project could fall within such a track?

Cheers,

-- 
Paolo Mottadelli: http://www.paolomottadelli.com
Sourcesense - making sense of Open Source: http://www.sourcesense.com

Strange eclipse errors?

[Aaron Zeckoski]

Anyone else seeing the following compile errors when viewing sling
trunk in eclipse?
Description ResourcePathLocationType
Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved 
Sling.java   
sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl  
line
406 Java Problem
Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved 
Sling.java   
sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl  
line
407 Java Problem
Constants.FRAMEWORK_STORAGE cannot be resolved  Sling.java  
sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl   
line
396 Java Problem

Here is the code where the errors occur (starts line 395):
// migrate old properties to new properties
migrateProp(staticProps, felix.cache.profiledir,
Constants.FRAMEWORK_STORAGE);
migrateProp(staticProps, sling.osgi-core-packages,
osgi-core-packages);
migrateProp(staticProps, sling.osgi-compendium-services,
osgi-compendium-services);

// migrate initial start level property: Felix used to have
// felix.startlevel.framework, later moved to
org.osgi.framework.startlevel
// and finally now uses org.osgi.framework.startlevel.beginning as
// speced in the latest R 4.2 draft (2009/03/10). We first check the
// intermediate Felix property, then the initial property, thus allowing
// the older (and more probable value) to win
migrateProp(staticProps, org.osgi.framework.startlevel,
Constants.FRAMEWORK_BEGINNING_STARTLEVEL);
migrateProp(staticProps, felix.startlevel.framework,
Constants.FRAMEWORK_BEGINNING_STARTLEVEL);

The values do not appear to be in the constants file but I don't see
any failure when building with maven so I am not sure what is going on
here. I am willing to chalk it up to weirdness in my eclipse
installation but I thought I might ask if anyone else sees this also
before I dig deeper.
-AZ


-- 
Aaron Zeckoski (aar...@vt.edu)
Senior Research Engineer - CARET - Cambridge University
[http://bugs.sakaiproject.org/confluence/display/~aaronz/]
Sakai Fellow - [http://aaronz-sakai.blogspot.com/]

Re: AW: multiple Servlets registered for resourceTypes sling/servlet/default

[Felix Meschberger]

Hi Mike,

Mike Müller schrieb:
 ... snip snap ...
 What I try tio achieve is run some legacy stuff shoulder to shoulder with
 new stuff which entirely is built on Sling. So the MyServlet (or call it
 LegacyServlet) should check (as OptingServlet) if the request is a call
 to the legacy stuff and handle it in this case. If not, accepts() on the
 LegacyServlet should return false and the request should be handled by the
 default Servlets of Sling (or any other registered Servlet for the request).

Ok, the crucial point here is any other registered Servlet: If Sling
decides to no check for another servlet, your LegacyServlet will never
be asked whether it accepts the request or not.

 So plugging in the functionality to the existing DefaultGetServlet and the
 SlingPostServlet is probably not the solution.

Agreed, but mainly due to how servlet resolution works.

 Extending from the existing default Servlets seems to fit better in this case.
 Maybe also Filters could help in this case, but as far as I understood filters
 are not preprocessed in a Sling standalone app, so the solution with filters
 would be bound to using Sling in a Servlet container (which I do not prefer!).

Filter processing inside Sling is always the same because Sling is
managing the filters themselves and does not work with the servlet
container filter processing. As such Filters registered as Filter
services in Sling always work the same, no matter what.

So for your legacy issue, I would suggest you create a request filter
(filter.scope=request) which checks whether the request is for a
legacy resource or a sling resource.

If the request is for a legacy resource, the filter processes the
request in the legacy way and terminates the request after that by
simply not calling the FilterChain.doFilter method.

If the request for a Sling resource (non-legacy), the request is simply
passed through to the filter chain calling FilterChain.doFilter.

Would that work for you ?

Regards
Felix

PS: I have just written down some more information on filters which
should appear on the site in an hour or two, until then the page may
already be seen at http://cwiki.apache.org/SLINGxSITE/filters.html

Re: Strange eclipse errors?

[John Langley]

I ran into a similar problem, but it was ages (months) ago. 
My guess is that you tried to use the maven eclipse plugin to import the
sling project. 
Instead I would use the mvn eclipse:eclipse goal first and then import
existing projects. 

The heart of the problem lies in eclipse not really resolving libraries
in the order that maven does, so you see these sorts of
discontinuities from time to time. Also, there was a change in felix
a few months ago that triggered the problem, I forget the details now,
but you may see something in the mailing lists about it (with my name on
it). 

I'm not sure if the above suggestion will fix your problem, but it's
certainly worth a try. 

-- Langley 


On Thu, 2009-04-23 at 06:57 -0400, Aaron Zeckoski wrote:

 Anyone else seeing the following compile errors when viewing sling
 trunk in eclipse?
 Description   ResourcePathLocationType
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved   
 Sling.java 
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl 
  line
 406   Java Problem
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved   
 Sling.java 
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl 
  line
 407   Java Problem
 Constants.FRAMEWORK_STORAGE cannot be resolvedSling.java  
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl 
 line
 396   Java Problem
 
 Here is the code where the errors occur (starts line 395):
 // migrate old properties to new properties
 migrateProp(staticProps, felix.cache.profiledir,
 Constants.FRAMEWORK_STORAGE);
 migrateProp(staticProps, sling.osgi-core-packages,
 osgi-core-packages);
 migrateProp(staticProps, sling.osgi-compendium-services,
 osgi-compendium-services);
 
 // migrate initial start level property: Felix used to have
 // felix.startlevel.framework, later moved to
 org.osgi.framework.startlevel
 // and finally now uses org.osgi.framework.startlevel.beginning as
 // speced in the latest R 4.2 draft (2009/03/10). We first check the
 // intermediate Felix property, then the initial property, thus 
 allowing
 // the older (and more probable value) to win
 migrateProp(staticProps, org.osgi.framework.startlevel,
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL);
 migrateProp(staticProps, felix.startlevel.framework,
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL);
 
 The values do not appear to be in the constants file but I don't see
 any failure when building with maven so I am not sure what is going on
 here. I am willing to chalk it up to weirdness in my eclipse
 installation but I thought I might ask if anyone else sees this also
 before I dig deeper.
 -AZ
 
 

Re: Content Technology track at the ApacheCon US 2009

[Bertrand Delacretaz]

Hi,

On Thu, Apr 23, 2009 at 11:37 AM, Jukka Zitting jukka.zitt...@gmail.com wrote:
 ...I think we could well organize
 something like a half-day track of presentations and workshops
 followed by a more informal community meetup in the evening

+1

I'm sure we can easily fill a half-day track with Jacrkabbit, Sling,
Chemistry, and by inviting related projects like POI, Tika, etc. to
contribute.

-Bertrand

Re: [jira] Commented: (SLING-939) Adapt the Http Authenticator to the refined authentication process

[Felix Meschberger]

Hi Aaron

Taking this to the list...

 That makes sense. I was thinking something like checking for 
 overrideTemplate before getting the default one but storing in the repo 
 would be good. My only possible issue with that is setting up a new one the 
 first time sling starts up would be annoying (unless there is some way to 
 push things into the repo on startup?). If there is no way to push things 
 into the repo on startup I would recommend doing something like allowing a 
 bundle fragment to control this.

Things can be injected into the repository on startup using the initial
content feature, which is described at [1].

I could then imagine, that the httpauth bundle just installs the default
template using the initial content feature, but in a way, that any
existing file is not replaced.

This file may then be edited or replaced by other files either in place
or by another bundle providing initial content.

Regards
Felix

[1] http://cwiki.apache.org/SLINGxSITE/content-loading.html

 
 Adapt the Http Authenticator to the refined authentication process
 --

 Key: SLING-939
 URL: https://issues.apache.org/jira/browse/SLING-939
 Project: Sling
  Issue Type: Sub-task
  Components: Extensions
Affects Versions: Extensions httpauth 2.0.2
Reporter: Felix Meschberger
Assignee: Felix Meschberger

 Adapt the HTTP Header authentication handler to the new refined 
 authenticaiton initiation processing implemented by SLING-938.
 Tasks: 
   * The LoginServlet calls the new requestAuthentication service method
   * requestAuthentication method will now draw the login form
 

Re: Strange eclipse errors?

[Felix Meschberger]

Hi,

John Langley schrieb:
 I ran into a similar problem, but it was ages (months) ago. 
 My guess is that you tried to use the maven eclipse plugin to import the
 sling project. 
 Instead I would use the mvn eclipse:eclipse goal first and then import
 existing projects. 
 
 The heart of the problem lies in eclipse not really resolving libraries
 in the order that maven does, so you see these sorts of
 discontinuities from time to time. Also, there was a change in felix
 a few months ago that triggered the problem, I forget the details now,
 but you may see something in the mailing lists about it (with my name on
 it). 
 
 I'm not sure if the above suggestion will fix your problem, but it's
 certainly worth a try. 

Yes, this is the problem. The Felix framework jar file contains updated
OSGi interfaces (you ran into an issue with the updated Constants
interface). The interfaces contain the updates defined by the upcoming
4.2 release of the OSGi framework API. This contrasts with the osgi-core
libraries, which still contain the definitions from the R4.1 specification.

To fix this issue in Eclipse, I think it suffices it to ensure the Felix
framework libary is listed before the osgi-core library in the Eclipse
build configuration.

Hope this helps.

Regards
Felix

 
 -- Langley 
 
 
 On Thu, 2009-04-23 at 06:57 -0400, Aaron Zeckoski wrote:
 
 Anyone else seeing the following compile errors when viewing sling
 trunk in eclipse?
 Description  ResourcePathLocationType
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved  
 Sling.java
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl
   line
 406  Java Problem
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved  
 Sling.java
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl
   line
 407  Java Problem
 Constants.FRAMEWORK_STORAGE cannot be resolved   Sling.java  
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl
 line
 396  Java Problem

 Here is the code where the errors occur (starts line 395):
 // migrate old properties to new properties
 migrateProp(staticProps, felix.cache.profiledir,
 Constants.FRAMEWORK_STORAGE);
 migrateProp(staticProps, sling.osgi-core-packages,
 osgi-core-packages);
 migrateProp(staticProps, sling.osgi-compendium-services,
 osgi-compendium-services);

 // migrate initial start level property: Felix used to have
 // felix.startlevel.framework, later moved to
 org.osgi.framework.startlevel
 // and finally now uses org.osgi.framework.startlevel.beginning as
 // speced in the latest R 4.2 draft (2009/03/10). We first check the
 // intermediate Felix property, then the initial property, thus 
 allowing
 // the older (and more probable value) to win
 migrateProp(staticProps, org.osgi.framework.startlevel,
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL);
 migrateProp(staticProps, felix.startlevel.framework,
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL);

 The values do not appear to be in the constants file but I don't see
 any failure when building with maven so I am not sure what is going on
 here. I am willing to chalk it up to weirdness in my eclipse
 installation but I thought I might ask if anyone else sees this also
 before I dig deeper.
 -AZ


 

Re: Strange eclipse errors?

[Aaron Zeckoski]

You're right. That is what I am doing. I like the maven 2 plugin so I
will just live with it for now (and give Felix's suggestion a try).
Thanks all!
-AZ


On Thu, Apr 23, 2009 at 12:05 PM, John Langley
john.lang...@mathworks.com wrote:
 I ran into a similar problem, but it was ages (months) ago.
 My guess is that you tried to use the maven eclipse plugin to import the
 sling project.
 Instead I would use the mvn eclipse:eclipse goal first and then import
 existing projects.

 The heart of the problem lies in eclipse not really resolving libraries
 in the order that maven does, so you see these sorts of
 discontinuities from time to time. Also, there was a change in felix
 a few months ago that triggered the problem, I forget the details now,
 but you may see something in the mailing lists about it (with my name on
 it).

 I'm not sure if the above suggestion will fix your problem, but it's
 certainly worth a try.

 -- Langley


 On Thu, 2009-04-23 at 06:57 -0400, Aaron Zeckoski wrote:

 Anyone else seeing the following compile errors when viewing sling
 trunk in eclipse?
 Description   Resource        Path    Location        Type
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved
 Sling.java     
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl
   line
 406   Java Problem
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL cannot be resolved
 Sling.java     
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl
   line
 407   Java Problem
 Constants.FRAMEWORK_STORAGE cannot be resolved        Sling.java
 sling-trunk/launchpad/base/src/main/java/org/apache/sling/launchpad/base/impl
  line
 396   Java Problem

 Here is the code where the errors occur (starts line 395):
         // migrate old properties to new properties
         migrateProp(staticProps, felix.cache.profiledir,
 Constants.FRAMEWORK_STORAGE);
         migrateProp(staticProps, sling.osgi-core-packages,
 osgi-core-packages);
         migrateProp(staticProps, sling.osgi-compendium-services,
 osgi-compendium-services);

         // migrate initial start level property: Felix used to have
         // felix.startlevel.framework, later moved to
 org.osgi.framework.startlevel
         // and finally now uses org.osgi.framework.startlevel.beginning as
         // speced in the latest R 4.2 draft (2009/03/10). We first check the
         // intermediate Felix property, then the initial property, thus 
 allowing
         // the older (and more probable value) to win
         migrateProp(staticProps, org.osgi.framework.startlevel,
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL);
         migrateProp(staticProps, felix.startlevel.framework,
 Constants.FRAMEWORK_BEGINNING_STARTLEVEL);

 The values do not appear to be in the constants file but I don't see
 any failure when building with maven so I am not sure what is going on
 here. I am willing to chalk it up to weirdness in my eclipse
 installation but I thought I might ask if anyone else sees this also
 before I dig deeper.
 -AZ






-- 
Aaron Zeckoski (aar...@vt.edu)
Senior Research Engineer - CARET - Cambridge University
[http://bugs.sakaiproject.org/confluence/display/~aaronz/]
Sakai Fellow - [http://aaronz-sakai.blogspot.com/]

Re: Content Technology track at the ApacheCon US 2009

[Paolo Mottadelli]

On Thu, Apr 23, 2009 at 1:28 PM, Bertrand Delacretaz
bdelacre...@apache.org wrote:
 I'm sure we can easily fill a half-day track with Jacrkabbit, Sling,
 Chemistry, and by inviting related projects like POI, Tika, etc. to
 contribute.

+1
I'm forwarding this message to the POI community, which is strongly
willing to join some other project.
I've also submitted a proposal about 'POI' (besides one about 'CMIS'
and another about 'Apache in Open Source ECM')
Hope this is going to help.

Cheers,

-- 
Paolo Mottadelli: http://www.paolomottadelli.com
Sourcesense - making sense of Open Source: http://www.sourcesense.com

Re: Restricting SlingRepository.loginAdministrative()? (was: Security in Sling)

[Julian Sedding]

Hello

For sure not the easiest solution, but what about storing the
application in a separate workspace from the content. If scripts were
only executable in the application workspace, malicious attackers
could maybe create a script in the content workspace, but it would not
be possible to execute it.

Regards
Julian



On Thu, Apr 23, 2009 at 10:51 AM, Felix Meschberger fmesc...@gmail.com wrote:
 Hi,

 Bertrand Delacretaz schrieb:
 Hi,

 On Wed, Apr 22, 2009 at 6:22 PM, Rory Douglas rory.doug...@oracle.com 
 wrote:
 Bertrand Delacretaz wrote:
 2) Prevent legitimate scripts from messing up with the system
 An variant of 2) just showed up in the Accessing JCR thread.  Looks like
 anyone that can upload a script can do the following:

 sling:defineObjects/
 %
   SlingRepository repo = sling.getService(SlingRepository.class);
   Session superSession = repo.loginAdministrative(null);
   // and then do anything, like
   superSession.getRootNode().remove();
 %

 loginAdministrative is fine for trusted code, but you're right that we
 might want to restrict it.

 Not sure how to best approach this...what do people think?

 In terms of OPSGi and Java Security, the best approach would probably be
  to guard this method by the SecurityManager and introduce a Permission
 for this.

 Regards
 Felix




-- 
Julian Sedding, Solution Engineer, Day Software AG
email: julian.sedd...@day.com
office: +41 61 226 98 92
http://www.day.com/

--
This message is a private communication. If you are not the intended
recipient, please do not read, copy, or use it, and do not disclose it to
others. Please notify the sender of the delivery error by replying to this
message, and then delete it from your system. Thank you.

The sender does not assume any liability for timely, trouble-free,
complete, virus free, secure, error free or uninterrupted arrival of this
e-mail. For verification please request a hard-copy version.

Re: [jira] Commented: (SLING-939) Adapt the Http Authenticator to the refined authentication process

[Aaron Zeckoski]

That seems like a nice way to do it from my perspective.
-AZ

On Thu, Apr 23, 2009 at 12:40 PM, Felix Meschberger fmesc...@gmail.com wrote:
 Hi Aaron

 Taking this to the list...

 That makes sense. I was thinking something like checking for 
 overrideTemplate before getting the default one but storing in the repo 
 would be good. My only possible issue with that is setting up a new one the 
 first time sling starts up would be annoying (unless there is some way to 
 push things into the repo on startup?). If there is no way to push things 
 into the repo on startup I would recommend doing something like allowing a 
 bundle fragment to control this.

 Things can be injected into the repository on startup using the initial
 content feature, which is described at [1].

 I could then imagine, that the httpauth bundle just installs the default
 template using the initial content feature, but in a way, that any
 existing file is not replaced.

 This file may then be edited or replaced by other files either in place
 or by another bundle providing initial content.

 Regards
 Felix

 [1] http://cwiki.apache.org/SLINGxSITE/content-loading.html


 Adapt the Http Authenticator to the refined authentication process
 --

                 Key: SLING-939
                 URL: https://issues.apache.org/jira/browse/SLING-939
             Project: Sling
          Issue Type: Sub-task
          Components: Extensions
    Affects Versions: Extensions httpauth 2.0.2
            Reporter: Felix Meschberger
            Assignee: Felix Meschberger

 Adapt the HTTP Header authentication handler to the new refined 
 authenticaiton initiation processing implemented by SLING-938.
 Tasks:
   * The LoginServlet calls the new requestAuthentication service method
   * requestAuthentication method will now draw the login form





-- 
Aaron Zeckoski (aar...@vt.edu)
Senior Research Engineer - CARET - Cambridge University
[http://bugs.sakaiproject.org/confluence/display/~aaronz/]
Sakai Fellow - [http://aaronz-sakai.blogspot.com/]

[jira] Created: (SLING-940) UserManager and Authorization rest services documentation.

[Ian Boston (JIRA)]

UserManager and Authorization rest services documentation.
--

 Key: SLING-940
 URL: https://issues.apache.org/jira/browse/SLING-940
 Project: Sling
  Issue Type: Improvement
  Components: JCR
Affects Versions: JCR Jackrabbit Server 2.0.2
Reporter: Ian Boston


Patch to follow that adds some Javadoc describing the details of the REST 
services in the user manager and acl servlets.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: Content Technology track at the ApacheCon US 2009

[Paolo Mottadelli]

Hi,

On Thu, Apr 23, 2009 at 2:58 PM, Paolo Mottadelli paolo@gmail.com wrote:
 I'm forwarding this message to the POI community, which is strongly
 willing to join some other project.

I've just had a first positive feedback for POI joining the Content Track.
Which is the time frame we have to manage in designing the proposal?


-- 
Paolo Mottadelli: http://www.paolomottadelli.com
Sourcesense - making sense of Open Source: http://www.sourcesense.com

[jira] Updated: (SLING-940) UserManager and AccessManager rest services documentation.

[Ian Boston (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SLING-940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ian Boston updated SLING-940:
-

Attachment: SLING-940.patch

Patch that adds javadoc so that a description of the services appears somewhere 
a UI developer might be able to read it. Ideally a set of links or perhapse 
something that introspected the javadoc so that its available at runtime.

 UserManager and AccessManager rest services documentation.
 --

 Key: SLING-940
 URL: https://issues.apache.org/jira/browse/SLING-940
 Project: Sling
  Issue Type: Improvement
  Components: JCR
Affects Versions: JCR Jackrabbit Server 2.0.2
Reporter: Ian Boston
 Attachments: SLING-940.patch


 Patch to follow that adds some Javadoc describing the details of the REST 
 services in the user manager and acl servlets.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Mixed line endings.

[Ian Boston]

I am seeing files of different line ending types in the code base.  
This could be an artifact of using the Apache Git mirror to work from,  
but it could also be as a result of some misconfiguration somewhere.


I find bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/ 
sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java is MSDOS

and
bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/ 
jackrabbit/usermanager/post/ChangeUserPasswordServlet.java is unix.


does anyone else see the same in SVN or is this an issue with the git  
mirror ?


Ian

Re: Mixed line endings.

[Jukka Zitting]

Hi,

On Thu, Apr 23, 2009 at 4:43 PM, Ian Boston i...@tfd.co.uk wrote:
 does anyone else see the same in SVN [...]

Yes, the files don't have svn:eol-style settings.

BR,

Jukka Zitting

Re: Mixed line endings.

[Ian Boston]

Jukka,
Isn't that normally put in ~/.subversion/config
or does its presence there add it to the file of first commit ?

and

should I be doing anything in git locally ? My patches contain ^M  
which doesn't look great :)

Ian

On 23 Apr 2009, at 15:50, Jukka Zitting wrote:


Hi,

On Thu, Apr 23, 2009 at 4:43 PM, Ian Boston i...@tfd.co.uk wrote:

does anyone else see the same in SVN [...]


Yes, the files don't have svn:eol-style settings.

BR,

Jukka Zitting

AccessControlManager question.

[Ian Boston]

Hi,
I've spent the last few days looking at the impl of the  
AccessControlManager and I have noticed several things.


ACL's contain , multiple ACE's mapped by a Principal which must  
resolve by the UserManager to an Authorizable. (the ModifyAceServlet  
indicates this)
The set of Authorizables that a user is a member of must be pre- 
determined at jcr session time so the privileges can be compiled.


---

I want to add 2 concepts to AuthZ, but keep the  
DefaultAccessControlManager and the accessmanger servlet bundle if  
possible.


The additions are, owner and dynamic group.

Owner.
Permissions are granted to a sub tree on the basis that the user owns  
the node in question. There may be many nodes, owned by different  
users, and the ownership (denoted by a jcr property xyz:owner) may  
change.


Dynamic Group:
Non determinable.
  There is a class of memberships that can only be determined by  
querying. eg The resource is only readable between 10:00 and 12:00 on  
23/04/2009 to members of First Year Physics class accessing the  
resource from the IP range 131.111.21.0/128 (although *if* you knew  
this group existed, you could test on every request, but that could  
become expensive when only 1 resource out of millions needed this  
sophistication)


Is there a better way of implementing Owner and a Dynamic membership  
which wont generate huge load at session initiation ?


Ian 

Re: Content Technology track at the ApacheCon US 2009

[Jukka Zitting]

Hi,

See below for the proposal that I sent to the conference planners.

BR,

Jukka Zitting

The Jackrabbit and Sling projects would like to organize a Content
Technology track at the ApacheCon US 2009. The track would be focused
on content repositories and content management based on the JCR and
CMIS standards.

We estimate that we could do something like a half-day track followed
by a more informal meetup in the evening. This would be a natural
extension to the meetups and normal sessions we've had in previous
ApacheCons.

We could also enlarge the scope of the track to cover a wider range of
projects like Cocoon, Lenya, Portals, POI, etc. in which case the
track could cover even something like 1-2 days. However, such plans
are mostly speculative at the moment.

The target audience of this track would mostly consist of web
developers and CMS (both web and enterprise) developers and
integrators. We might also do a more business-oriented session on the
current status of standardization in the content management industry.

AW: multiple Servlets registered for resourceTypes sling/servlet/default

[Mike Müller]

Hi Felix

That seems to be exactly what I'm searching for. Thank you very much,
also for the docu page on the Sling site itself.
I was a little bit confused concerning the Filter implementation because
of the thread [1] on the list a year ago...

BTW there's a little mistake on the docu on top, instead of javax.servlet.Filter
you wrote javax.jcr.Filter.

[1] http://markmail.org/message/okmvvgs5ff64i3xa

best regards
mike

  ... snip snap ...
  What I try tio achieve is run some legacy stuff shoulder to
 shoulder with
  new stuff which entirely is built on Sling. So the
 MyServlet (or call it
  LegacyServlet) should check (as OptingServlet) if the
 request is a call
  to the legacy stuff and handle it in this case. If not,
 accepts() on the
  LegacyServlet should return false and the request should be
 handled by the
  default Servlets of Sling (or any other registered Servlet
 for the request).

 Ok, the crucial point here is any other registered Servlet: If Sling
 decides to no check for another servlet, your LegacyServlet will never
 be asked whether it accepts the request or not.

  So plugging in the functionality to the existing
 DefaultGetServlet and the
  SlingPostServlet is probably not the solution.

 Agreed, but mainly due to how servlet resolution works.

  Extending from the existing default Servlets seems to fit
 better in this case.
  Maybe also Filters could help in this case, but as far as I
 understood filters
  are not preprocessed in a Sling standalone app, so the
 solution with filters
  would be bound to using Sling in a Servlet container (which
 I do not prefer!).

 Filter processing inside Sling is always the same because Sling is
 managing the filters themselves and does not work with the servlet
 container filter processing. As such Filters registered as Filter
 services in Sling always work the same, no matter what.

 So for your legacy issue, I would suggest you create a request filter
 (filter.scope=request) which checks whether the request is for a
 legacy resource or a sling resource.

 If the request is for a legacy resource, the filter processes the
 request in the legacy way and terminates the request after that by
 simply not calling the FilterChain.doFilter method.

 If the request for a Sling resource (non-legacy), the request
 is simply
 passed through to the filter chain calling FilterChain.doFilter.

 Would that work for you ?

 Regards
 Felix

 PS: I have just written down some more information on filters which
 should appear on the site in an hour or two, until then the page may
 already be seen at http://cwiki.apache.org/SLINGxSITE/filters.html

Public wiki site is not updated correctly

[Mike Müller]

Hi

It seems that the public wiki space is not properly updated, at least the
index page at [1] is not. For sure you see the actual content at [2], but
if someone new to Slings looks at [1] he maybe gets the sinking feeling
that the project is orphaned because the most recently updated page is from
14th July a year ago...

[1] http://cwiki.apache.org/SLING/
[2] http://cwiki.apache.org/confluence/display/SLING/Index

best regards
mike

Re: ModifyAceServlet.

[Eric Norman]

Yes, the jackrabbit implementation does not allow denying privileges on a
group.  The ModifyAcesServlet mirrors that behavior.   I don't know the
exact reasoning behind that, I'd suggest posting your question to the
jackrabbit list.

Denying privileges is not part of the JCR spec, so this is a jackrabbit
extension.

On Apr 23, 2009 3:28 AM, Ian Boston i...@tfd.co.uk wrote:

Hi,
I am looking at the ModifyAceServlet. in the o.a.s.jackrabbit.accessmanager
bundle
I notice that if a requests privileges are denied from a principal that
references a group, then the request to deny privileges is ignored.

Does this mean its not possible to deny a privilege from a group ?

If so, I would like to understand the reasoning.
Thanks
Ian

Unified system for tags

[Vidar Ramdal]

These are just some loose thoughts that have been brewing in my mind
lately, after reading Richardson/Ruby: RESTful Web Services [1].

In order to make Sling (even) more buzzword compliant, I have been
thinking about a system for tags. Yes, I'm talking about those
keywords that you label your bookmarks with on del.icio.us, photos on
Flickr and so on.

Of course, a tag could just be a (multi-value) string property on a
node. But a tag could also be considered to be a resource in its own
right, with its own URL (e.g. /tags/tagname).  (The concept of tags
as resources is very much present in [1]).

Accessing a tag's URL would output nodes that have the given tag. The
list could of course be rendered in different formats (json, xml,
etc).  Accessing /tags would give a list of tags that are in use. That
list would be useful when a user is applying tags to nodes (in
auto-complete fields etc).

In its simplest form, this could be implemented with a servlet or two.
But, Sling being a WEB framework, maybe tags should be a more
integrated part of the framework. In what way, though, I'm not sure.
Perhaps we could do some tricks with indexing or observation, so that
retrieving a tag (and its resources) could be speedier.

As I hope I made clear, this is not something I've thought through in
any way, and I'm not even sure if it's such a generic usecase that it
should be included in Sling - maybe it's just specific to certain
applications.

WDYT?

[1] http://oreilly.com/catalog/9780596529260/
-- 
Vidar S. Ramdal vi...@idium.no - http://www.idium.no
Akersgata 16, N-0158 Oslo, Norway
+47 21 531941, ext 2070

[jira] Commented: (SLING-902) add java annotation support for sling scr components/servlets

[Stefan Seifert (JIRA)]

[ 
https://issues.apache.org/jira/browse/SLING-902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12702086#action_12702086
 ] 

Stefan Seifert commented on SLING-902:
--

i've refactored the slingservlet annotation support to match the latest felix 
implementation of annotations in the trunk and submitted it as patch to the 
felix project: FELIX-1056
if accepted there, this ticket becomes obsolete.

 add java annotation support for sling scr components/servlets
 -

 Key: SLING-902
 URL: https://issues.apache.org/jira/browse/SLING-902
 Project: Sling
  Issue Type: New Feature
  Components: Servlets Resolver
Reporter: Stefan Seifert
 Attachments: 090329_sling_scr_annotations.zip


 please note: this proposal depends on a felix-scr-plugin proposal described in
 https://issues.apache.org/jira/browse/FELIX-1010
 with the described scr plugin enhancement it is possible to define SCR 
 component definitions via annotations. furthermore it is possible for 
 felix/SCR based projects to define their own and less verbose annotations for 
 specific need, together with a provider class mapping them to the SCR tags 
 needed by the plugin internally.
 the attached zip file provides such a implemented for one new annotation 
 SlingServlet, see example below.
 i was not sure into which project and classpath this classes should be 
 placed, so i attached a ZIP file for discussion and try-out. the best 
 solution would be to split them up into two projects - one project containing 
 only the annotation, and the other containing the provider and tag mapping. 
 the first project has no dependencies and can be referenced by any other 
 project needing the annotation. the second has to import the felix-scr-plugin 
 as dependency, this results in a lot of transitive dependency not to be 
 wished in a normal project.
 Example
 ---
 QDox version:
 /**
  * Sample servlet with sling mappings.
  * 
  * @scr.component immediate=true
  * @scr.service interface=javax.servlet.Servlet
  * @scr.property name=sling.servlet.methods value=GET
  * @scr.property name=sling.servlet.resourceTypes
  *   value=/apps/test/components/samplecomponent
  * @scr.property name=sling.servlet.extensions values.0=html 
 values.1=json
  */
 public class SlingServletQDox implements Servlet {
 Annotation version:
 /**
  * Sample servlet with sling mappings.
  */
 @SlingServlet(methods = GET, resourceTypes = 
 /apps/test/components/samplecomponent, extensions = { html, json })
 public class SlingServletAnnotation implements Servlet {
 Custom annotation mappings can be integrated by defining a class implementing 
 org.apache.felix.scrplugin.tags.annotation.AnnotationTagProvider for the 
 new plugin property annotationTagProviders in the pom.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: AccessControlManager question.

[Vidar Ramdal]

2009/4/23 Ian Boston i...@tfd.co.uk:
 Hi,
 I've spent the last few days looking at the impl of the AccessControlManager
 and I have noticed several things.

 ACL's contain , multiple ACE's mapped by a Principal which must resolve by
 the UserManager to an Authorizable. (the ModifyAceServlet indicates this)
 The set of Authorizables that a user is a member of must be pre-determined
 at jcr session time so the privileges can be compiled.

 ---

 I want to add 2 concepts to AuthZ, but keep the DefaultAccessControlManager
 and the accessmanger servlet bundle if possible.

 The additions are, owner and dynamic group.

 Owner.
 Permissions are granted to a sub tree on the basis that the user owns the
 node in question. There may be many nodes, owned by different users, and the
 ownership (denoted by a jcr property xyz:owner) may change.

 Dynamic Group:
 Non determinable.
  There is a class of memberships that can only be determined by querying. eg
 The resource is only readable between 10:00 and 12:00 on 23/04/2009 to
 members of First Year Physics class accessing the resource from the IP range
 131.111.21.0/128 (although *if* you knew this group existed, you could test
 on every request, but that could become expensive when only 1 resource out
 of millions needed this sophistication)

 Is there a better way of implementing Owner and a Dynamic membership which
 wont generate huge load at session initiation ?

I have been doing some stuff with dynamic policies myself, and ended
up with writing a PluggableAccessManager. This way you can supply your
access control logic in your own bundle, and have Sling using it,
without touching the default bundles in Sling. The only thing you need
to change is the AccessManager element in your repository.xml.

The PluggableAccessManager extends DefaultAccessManager, and provides
an interface for you to implement your own access control logic.

To be able to plugin an access manager, I had to make some minor
changes in the Jackrabbit Server bundle. These changes are waiting in
a patch at SLING-880 [1]. I'll see if I can get consensus on applying
that patch.

[1] https://issues.apache.org/jira/browse/SLING-880


-- 
Vidar S. Ramdal vi...@idium.no - http://www.idium.no
Akersgata 16, N-0158 Oslo, Norway
+47 21 531941, ext 2070

SLING-880

[Vidar Ramdal]

Being a new committer, I'm not sure how everything is supposed to be
done. Can we (that is, I) apply the patch in SLING-880 [1], or does it
need a review or a vote or something first?

[1] https://issues.apache.org/jira/browse/SLING-880
-- 
Vidar S. Ramdal vi...@idium.no - http://www.idium.no
Akersgata 16, N-0158 Oslo, Norway
+47 21 531941, ext 2070

Re: SLING-880

[Jukka Zitting]

Hi,

On Thu, Apr 23, 2009 at 10:59 PM, Vidar Ramdal vi...@idium.no wrote:
 Being a new committer, I'm not sure how everything is supposed to be
 done. Can we (that is, I) apply the patch in SLING-880 [1], or does it
 need a review or a vote or something first?

Sling uses the CTR policy (commit-then-review, [1]) so you're free to
commit anything that you think is good for the project. If people
disagree, they may then ask you to revert or revise the change (don't
worry if this happens to you, it's just a sign that people pay
attention and that you're pushing the limits :-).

If you're working on some part of the code that you're not yet very
familiar with or you're otherwise not sure whether a change you're
about to make really works as expected, then you can voluntarily ask
people to review the patch before you commit it. If you don't hear
from anyone in a few days, then you can typically just assume lazy
consensus and go forward with the commit.

[1] http://www.apache.org/foundation/glossary.html#CommitThenReview

BR,

Jukka Zitting

[jira] Assigned: (SLING-880) Pluggable AccessManager

[Vidar S. Ramdal (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SLING-880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vidar S. Ramdal reassigned SLING-880:
-

Assignee: Vidar S. Ramdal  (was: Felix Meschberger)

 Pluggable AccessManager
 ---

 Key: SLING-880
 URL: https://issues.apache.org/jira/browse/SLING-880
 Project: Sling
  Issue Type: New Feature
  Components: JCR
Affects Versions: JCR Jackrabbit Server 2.0.2
Reporter: Vidar S. Ramdal
Assignee: Vidar S. Ramdal
 Fix For: JCR Jackrabbit Server 2.0.4

 Attachments: SLING-880.patch


 Provide a way to plug in a custom AccessManager, just as you can plug in a 
 custom LoginModule or AuthenticationPlugin, using a delegate. This way we 
 don't have to export the jackrabbit.core packages.
 See http://markmail.org/thread/wlqm3yjpbyokwcvy and 
 http://markmail.org/thread/myaieenaelot4y66 for background.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-880) Pluggable AccessManager

[Vidar S. Ramdal (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SLING-880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vidar S. Ramdal resolved SLING-880.
---

Resolution: Fixed

Tidied the patch up a bit, added license headers, and applied it in rev#768086

 Pluggable AccessManager
 ---

 Key: SLING-880
 URL: https://issues.apache.org/jira/browse/SLING-880
 Project: Sling
  Issue Type: New Feature
  Components: JCR
Affects Versions: JCR Jackrabbit Server 2.0.2
Reporter: Vidar S. Ramdal
Assignee: Vidar S. Ramdal
 Fix For: JCR Jackrabbit Server 2.0.4

 Attachments: SLING-880.patch


 Provide a way to plug in a custom AccessManager, just as you can plug in a 
 custom LoginModule or AuthenticationPlugin, using a delegate. This way we 
 don't have to export the jackrabbit.core packages.
 See http://markmail.org/thread/wlqm3yjpbyokwcvy and 
 http://markmail.org/thread/myaieenaelot4y66 for background.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: SLING-880

[Vidar Ramdal]

 On Thu, Apr 23, 2009 at 10:59 PM, Vidar Ramdal vi...@idium.no wrote:
 Being a new committer, I'm not sure how everything is supposed to be
 done. Can we (that is, I) apply the patch in SLING-880 [1], or does it
 need a review or a vote or something first?

2009/4/23 Jukka Zitting jukka.zitt...@gmail.com:
 Sling uses the CTR policy (commit-then-review, [1]) so you're free to
 commit anything that you think is good for the project. If people
 disagree, they may then ask you to revert or revise the change (don't
 worry if this happens to you, it's just a sign that people pay
 attention and that you're pushing the limits :-).

Cool. I applied SLING-880 then.

-- 
Vidar S. Ramdal vi...@idium.no - http://www.idium.no
Akersgata 16, N-0158 Oslo, Norway
+47 21 531941, ext 2070

Re: AW: multiple Servlets registered for resourceTypes sling/servlet/default

[Felix Meschberger]

Hi Mike,

Mike Müller schrieb:
 That seems to be exactly what I'm searching for. Thank you very much,
 also for the docu page on the Sling site itself.
 I was a little bit confused concerning the Filter implementation because
 of the thread [1] on the list a year ago...

That was something slightly different: The use case was to be able to
work around a limitation of the resource resolver at that time (virtual
host support). The proposal was to register a regular servlet filter,
which would of course only have worked with sling running as a web
application.

 
 BTW there's a little mistake on the docu on top, instead of 
 javax.servlet.Filter
 you wrote javax.jcr.Filter.

Thanks for reporting. If just fixed this.

Regards
Felix

 
 [1] http://markmail.org/message/okmvvgs5ff64i3xa
 
 best regards
 mike
 
 ... snip snap ...
 What I try tio achieve is run some legacy stuff shoulder to
 shoulder with
 new stuff which entirely is built on Sling. So the
 MyServlet (or call it
 LegacyServlet) should check (as OptingServlet) if the
 request is a call
 to the legacy stuff and handle it in this case. If not,
 accepts() on the
 LegacyServlet should return false and the request should be
 handled by the
 default Servlets of Sling (or any other registered Servlet
 for the request).

 Ok, the crucial point here is any other registered Servlet: If Sling
 decides to no check for another servlet, your LegacyServlet will never
 be asked whether it accepts the request or not.

 So plugging in the functionality to the existing
 DefaultGetServlet and the
 SlingPostServlet is probably not the solution.
 Agreed, but mainly due to how servlet resolution works.

 Extending from the existing default Servlets seems to fit
 better in this case.
 Maybe also Filters could help in this case, but as far as I
 understood filters
 are not preprocessed in a Sling standalone app, so the
 solution with filters
 would be bound to using Sling in a Servlet container (which
 I do not prefer!).

 Filter processing inside Sling is always the same because Sling is
 managing the filters themselves and does not work with the servlet
 container filter processing. As such Filters registered as Filter
 services in Sling always work the same, no matter what.

 So for your legacy issue, I would suggest you create a request filter
 (filter.scope=request) which checks whether the request is for a
 legacy resource or a sling resource.

 If the request is for a legacy resource, the filter processes the
 request in the legacy way and terminates the request after that by
 simply not calling the FilterChain.doFilter method.

 If the request for a Sling resource (non-legacy), the request
 is simply
 passed through to the filter chain calling FilterChain.doFilter.

 Would that work for you ?

 Regards
 Felix

 PS: I have just written down some more information on filters which
 should appear on the site in an hour or two, until then the page may
 already be seen at http://cwiki.apache.org/SLINGxSITE/filters.html


 

Re: Public wiki site is not updated correctly

[Felix Meschberger]

Hi Mike,

Hmm, yes. This is a problem of the autoexport plugin, which not
allways takes into account changes on dependent pages. Most notably we
include the {recently-updated} and {children} tags, which seem to not be
updated (ie page re-exported) on changes.

I just exported this page again, so this should be fixed.

Regards
Felix

Mike Müller schrieb:
 Hi
 
 It seems that the public wiki space is not properly updated, at least the
 index page at [1] is not. For sure you see the actual content at [2], but
 if someone new to Slings looks at [1] he maybe gets the sinking feeling
 that the project is orphaned because the most recently updated page is from
 14th July a year ago...
 
 [1] http://cwiki.apache.org/SLING/
 [2] http://cwiki.apache.org/confluence/display/SLING/Index
 
 best regards
 mike
 

Re: Unified system for tags

[Felix Meschberger]

Hi Vidar,

We have implemented such a feature exactly as you describe it in our
Communiqué 5 product and incidentally, Betrand Delacretaz just yesterday
wrote an informative blog entry about it [2]

Regards
Felix

[2] http://dev.day.com/microsling/content/blogs/main/cq5tags.html

Vidar Ramdal schrieb:
 These are just some loose thoughts that have been brewing in my mind
 lately, after reading Richardson/Ruby: RESTful Web Services [1].
 
 In order to make Sling (even) more buzzword compliant, I have been
 thinking about a system for tags. Yes, I'm talking about those
 keywords that you label your bookmarks with on del.icio.us, photos on
 Flickr and so on.
 
 Of course, a tag could just be a (multi-value) string property on a
 node. But a tag could also be considered to be a resource in its own
 right, with its own URL (e.g. /tags/tagname).  (The concept of tags
 as resources is very much present in [1]).
 
 Accessing a tag's URL would output nodes that have the given tag. The
 list could of course be rendered in different formats (json, xml,
 etc).  Accessing /tags would give a list of tags that are in use. That
 list would be useful when a user is applying tags to nodes (in
 auto-complete fields etc).
 
 In its simplest form, this could be implemented with a servlet or two.
 But, Sling being a WEB framework, maybe tags should be a more
 integrated part of the framework. In what way, though, I'm not sure.
 Perhaps we could do some tricks with indexing or observation, so that
 retrieving a tag (and its resources) could be speedier.
 
 As I hope I made clear, this is not something I've thought through in
 any way, and I'm not even sure if it's such a generic usecase that it
 should be included in Sling - maybe it's just specific to certain
 applications.
 
 WDYT?
 
 [1] http://oreilly.com/catalog/9780596529260/