ObjectContentManagerFactoryImpl still deploying as delayed component?
I'm encountering the same error with the simple-demo sample reported in http://issues.apache.org/jira/browse/SLING-546. I fetched all the source from SVN this afternoon. On the management console > Components tab, ObjectContentManagerFactoryImpl is showing as "registered", not "active" (expanding the node the Activation value is "delayed"). I've checked the source for ObjectContentManagerFactoryImpl and it has @scr.component metatype="no" immediate="true" in the JavaDoc (and immediate="true" in serviceComponents.xml). Any idea why this is happening? Thanks for any help Regards, Rory
Re: ObjectContentManagerFactoryImpl still deploying as delayed component?
I think I figured this out: I added @scr.service interface="org.osgi.framework.SynchronousBundleListener" to ObjectContentManagerFactoryImpl, and the component now activates immediately (and registers mapped types from simple-demo) Rory Douglas wrote: I'm encountering the same error with the simple-demo sample reported in http://issues.apache.org/jira/browse/SLING-546. I fetched all the source from SVN this afternoon. On the management console > Components tab, ObjectContentManagerFactoryImpl is showing as "registered", not "active" (expanding the node the Activation value is "delayed"). I've checked the source for ObjectContentManagerFactoryImpl and it has @scr.component metatype="no" immediate="true" in the JavaDoc (and immediate="true" in serviceComponents.xml). Any idea why this is happening? Thanks for any help Regards, Rory
Basic Sling authentication question
Related to my previous post about node creation best practice, I have a question about authentication. When I create basic HTML forms that post to the SlingPostServlet, node creation is denied because I'm logged in as anonymous. I tried first visiting /system/sling/login & logging in as admin, but my credentials don't seem to be picked up by the SlingPostServlet. Do I need to somehow specify that my form resource is protected? Would this involve adding elements to the web.xml in the launchpad-app module?
Node creation form best practice
I have registered a couple of custom nodetypes with corresponding rendering scripts html.jsp in the appropriate folder. Now I'd like to include a few simple forms to create that node type (re-using as much existing functionality as possible). What is the best way to do this? I had a few ideas: (assume I have a nodetype test:Widget with a display script /apps/test/Widget/html.jsp) 1) Create "form" nodes (/forms/Widget/create) a) use sling:resourceType="form:Widget" b) register a script /apps/form/Widget/html.jsp that generates an HTML form (and uses the SlingPostServlet to create the content) 2) Create an "empty" Widget node (/content/Widget/new) a) use jcr:primaryResourceType="test:Widget" b) register a script with a "create" selector apps/test/Widget/create.html.jsp that generates the HTML form I assume I could also register new servlets by paths, and then either directly create content or somehow forward to the SlingPostServlet. In all cases where I use the SlingPostServlet, what's the best way to handle failures or errors?
Re: Node creation form best practice
Thanks Toby I guess my question is even simpler then - where do you store those forms? I've tried uploading .HTML forms to the repository: curl -X PUT -d @createNewWidget.html "http://admin:[EMAIL PROTECTED]:/forms/widgets/createNewWidget.html" When I request that path (/forms/widgets/createNewWidget.html), my browser tries to download me the source rather than display the HTML. I assume I need to add some kind of contentType attribute when I upload the form, I'll look into that. Also, how would I deploy a dynamic form (say, JSP-based), that might configure it's display, default values etc differently based on request params, cookies etc? Since JSPs in Sling appear to be either precompiled with JSPC or compiled when requested as the the script corresponding to a resource type, would it work to just put a JSP script somewhere in the repo? Tobias Bocanegra wrote: hi, On 7/28/08, Rory Douglas <[EMAIL PROTECTED]> wrote: I have registered a couple of custom nodetypes with corresponding rendering scripts html.jsp in the appropriate folder. Now I'd like to include a few simple forms to create that node type (re-using as much existing functionality as possible). What is the best way to do this? I had a few ideas: (assume I have a nodetype test:Widget with a display script /apps/test/Widget/html.jsp) 1) Create "form" nodes (/forms/Widget/create) a) use sling:resourceType="form:Widget" b) register a script /apps/form/Widget/html.jsp that generates an HTML form (and uses the SlingPostServlet to create the content) 2) Create an "empty" Widget node (/content/Widget/new) a) use jcr:primaryResourceType="test:Widget" b) register a script with a "create" selector apps/test/Widget/create.html.jsp that generates the HTML form you can simply use a form that posts to the node you want to create, eg: I assume I could also register new servlets by paths, and then either directly create content or somehow forward to the SlingPostServlet. In all cases where I use the SlingPostServlet, what's the best way to handle failures or errors? you can either post to a hidden frame, and the read the response via the DOM or use an AJAX post and read the response. regards, toby -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: Node creation form best practice
Thanks all, that was what I needed. Setting the mimeType on the jcr:content node worked for basic HTML. The dummy node with sling:resourceType is what I was leaning towards with my 1) option. I guess it might be possible to make a fairly generic "form" JSP that reads a property (say, form:createResourceType") from the dummy node to figure out what node it's going to create and then looks up the NodeType & configures it's UI accordingly, I'll give it a try. Bertrand Delacretaz wrote: On Mon, Jul 28, 2008 at 10:16 PM, Rory Douglas <[EMAIL PROTECTED]> wrote: ...curl -X PUT -d @createNewWidget.html "http://admin:[EMAIL PROTECTED]:/forms/widgets/createNewWidget.html" When I request that path (/forms/widgets/createNewWidget.html), my browser tries to download me the source rather than display the HTML. I assume I need to add some kind of contentType attribute when I upload the form, I'll look into that You're right about the Content-Type, and the easiest way to get this right is to use a WebDAV client to upload your scripts and forms to the repository. The WebDAV root URL is http://localhost:/ for the launchpad webapp. ..Also, how would I deploy a dynamic form (say, JSP-based), that might configure it's display, default values etc differently based on request params, cookies etc? Since JSPs in Sling appear to be either precompiled with JSPC or compiled when requested as the the script corresponding to a resource type, would it work to just put a JSP script somewhere in the repo?... Yes, but to trigger the JSP you need a node that has the correct node type. For example, create a /bin/foo node with sling:resourceType=bar, and a script found at /apps/bar/bar.jsp will be executed when you request /bin/foo.html -Bertrand (just read Lars almost midair-colliding response, we're basically saying the same thing ;-) -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: Basic Sling authentication question
I still can't get a post to SlingPostServlet to create any content due to AccessDeniedException. I've tried adding the "sudo" form parameter set to "admin", but that doesn't help either. Any idea what I might be missing? Rory Douglas wrote: Related to my previous post about node creation best practice, I have a question about authentication. When I create basic HTML forms that post to the SlingPostServlet, node creation is denied because I'm logged in as anonymous. I tried first visiting /system/sling/login & logging in as admin, but my credentials don't seem to be picked up by the SlingPostServlet. Do I need to somehow specify that my form resource is protected? Would this involve adding elements to the web.xml in the launchpad-app module?
RE: [jira] Created: (SLING-603) Primary node type is not detected
Great, I'm not crazy - this stopped working for me too. It was working about two weeks ago. Rory Douglas Senior Principal Consultant Oracle Consulting (sent from my Blackberry) --Original Message-- From: "Carsten Ziegeler (JIRA)" <[EMAIL PROTECTED]> Sent: Wed, August 06, 2008 5:13 AM To: sling-dev@incubator.apache.org Subject: [jira] Created: (SLING-603) Primary node type is not detected Primary node type is not detected - Key: SLING-603 URL: https://issues.apache.org/jira/browse/SLING-603 Project: Sling Issue Type: Bug Components: Servlets Post Affects Versions: Servlets Post 2.0.2 Reporter: Carsten Ziegeler Assignee: Carsten Ziegeler Fix For: Servlets Post 2.0.4 If a POST is send to a new node like /sling/mynode/something with a request parameter ./jcr:primaryNode=my:nodetype then this node type is not applied to the newly created new "something". The problem is in the ModifyOperation class. Each request property name is made absolute, so the final property name becomes: /sling/mynode/something/./jcr:primaryNode (method toPropertyPath) The getPrimaryType() method then searches for /sling/mynode/something/jcr:primaryNode which is logically the same path but a different key! Therefore the request parameter is never found. I've no idea why this is not working anymore as it used to. I'll change the toPropertyPath method to check for the prefix ./ and remove it when creating the path. But I'll leave this bug open as there might be a better solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
RE: listing nodes in the root
You should be able to do this with the query servlet, if you know one exisitng node path http://localhost:/pathexists.query.json?statement= Put XPath query syntax in the statement param (I think statement=//* would get the root, but I'm not at a computer to verify). You'll get back the node list in JSON. Rory Rory Douglas Senior Principal Consultant Oracle Consulting (sent from my Blackberry) --Original Message-- From: Ruben Reusser <[EMAIL PROTECTED]> Sent: Fri, August 08, 2008 2:56 PM To: sling-dev@incubator.apache.org Subject: listing nodes in the root hi. is there a way to do a http request to the launch pad to list all nodes in the root or in any other path? Thanks Ruben
ClassCircularityError when using LdapLoginModule (updated)
Apologies if this is a repeat, my first post didn't seem to make it:
I disabled the SimpleLoginModule in repository.xml and configured a
login.conf file with the com.sun.security.auth.module.
LdapLoginModule (from JDK 6). After creating LDAP users for the admin &
anonymous identities, Sling starts up fine.
However, when requesting a node with a JSP rendering script, the
JspScriptEngineFactory throws an ClassCircularityError on activate - it
seems to be looping in the RepositoryClassLoader as it tries to login to
the repository (stack trace is below). I debugged through this and find
that RepositoryClassLoaderProviderImpl has this code in
getSession(String owner):
if (admin.getUserID().equals(owner)) {
return admin;
}
otherwise it tries to impersonate the "owner". I've verified that by
commenting out the owner check & always returning the admin session, the
ClassCircularityError doesn't occur.
When using LdapLoginModule, the userID returned from Session is the full
LDAP distinguished name (uid=admin,ou=People,ou=test1,o=test.com
),while owner is just "admin". This occurs because the
Jackrabbit SessionImpl class just grabs the first Principal from the
Subject when it is initialized, and that principal is LdapPrincipal in
the case of the LdapLoginModule. The LoginModule actually adds another
(UserPrincipal), whose name is just "admin", but this is not used or
checked.
I'm not sure what the right approach to fix this is. It would be good
if RepositoryClassLoaderProviderImpl checked the owner string against
all Principal names in the Session's Subject. However, Session doesn't
expose it's Subject, so you can't do this. And there doesn't seem to be
a way to tell Jackrabbit which Principal to choose (like specify it
should use first instance of UserPrincipal, or first Principal whose
name matches some regex). The last option appears to be rewriting the
LoginModule to store the UserPrincipal first, which isn't desirable (and
may not be possible for other LoginModules).
15.08.2008 12:25:24.171 **ERROR** [SCR Component Actor]
org.apache.sling.scripting.jsp
[org.apache.sling.scripting.jsp.JspScriptEngineFactory] The activate
method has thrown an exception (java.lang.ClassCircularityError:
com/sun/security/auth/module/LdapLoginModule)
java.lang.ClassCircularityError:
com/sun/security/auth/module/LdapLoginModule
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.jackrabbit.core.security.AuthContext$JAAS.login(AuthContext.java:88)
at
org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1245)
at
org.apache.sling.jcr.base.internal.SessionPool.acquireSession(SessionPool.java:268)
at
org.apache.sling.jcr.base.internal.SessionPoolManager.login(SessionPoolManager.java:99)
at
org.apache.sling.jcr.base.AbstractSlingRepository.login(AbstractSlingRepository.java:240)
at
org.apache.sling.jcr.base.AbstractSlingRepository.loginAdministrative(AbstractSlingRepository.java:206)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderProviderImpl.getSession(RepositoryClassLoaderProviderImpl.java:103)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getSession(RepositoryClassLoaderFacade.java:185)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getDelegateClassLoader(RepositoryClassLoaderFacade.java:195)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.loadClass(RepositoryClassLoaderFacade.java:105)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.jackrabbit.core.security.AuthContext$JAAS.login(AuthContext.java:88)
at
org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1245)
at
org.apache.jackrabbit.core.SessionImpl.impersonate(SessionImpl.java:810)
at
org.apache.sling.jcr.base.internal.Sessi
ClassCircularityError when using LdapLoginModule
I disabled the SimpleLoginModule in repository.xml and configured a login.conf file with the com.sun.security.auth.module.LdapLoginModule (from JDK 6). After creating LDAP users for the admin & anonymous identities, Sling starts up fine. However, when requesting a node with a JSP rendering script, the JspScriptEngineFactory throws an ClassCircularityError on activate - it seems to be looping in the RepositoryClassLoader as it tries to login to the repository (stack trace is below): 15.08.2008 12:25:24.171 *ERROR* [SCR Component Actor] org.apache.sling.scripting.jsp [org.apache.sling.scripting.jsp.JspScriptEngineFactory] The activate method has thrown an exception (java.lang.ClassCircularityError: com/sun/security/auth/module/LdapLoginModule) java.lang.ClassCircularityError: com/sun/security/auth/module/LdapLoginModule at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.apache.jackrabbit.core.security.AuthContext$JAAS.login(AuthContext.java:88) at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1245) at org.apache.sling.jcr.base.internal.SessionPool.acquireSession(SessionPool.java:268) at org.apache.sling.jcr.base.internal.SessionPoolManager.login(SessionPoolManager.java:99) at org.apache.sling.jcr.base.AbstractSlingRepository.login(AbstractSlingRepository.java:240) at org.apache.sling.jcr.base.AbstractSlingRepository.loginAdministrative(AbstractSlingRepository.java:206) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderProviderImpl.getSession(RepositoryClassLoaderProviderImpl.java:103) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getSession(RepositoryClassLoaderFacade.java:185) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getDelegateClassLoader(RepositoryClassLoaderFacade.java:195) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.loadClass(RepositoryClassLoaderFacade.java:105) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.apache.jackrabbit.core.security.AuthContext$JAAS.login(AuthContext.java:88) at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1245) at org.apache.jackrabbit.core.SessionImpl.impersonate(SessionImpl.java:810) at org.apache.sling.jcr.base.internal.SessionPool.acquireSession(SessionPool.java:330) at org.apache.sling.jcr.base.internal.SessionPoolManager.impersonate(SessionPoolManager.java:127) at org.apache.sling.jcr.base.internal.PooledSession.impersonate(PooledSession.java:220) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderProviderImpl.getSession(RepositoryClassLoaderProviderImpl.java:112) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getSession(RepositoryClassLoaderFacade.java:185) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getDelegateClassLoader(RepositoryClassLoaderFacade.java:195) at org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getResource(RepositoryClassLoaderFacade.java:114) at java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:1168) at javax.xml.parsers.SecuritySupport$4.run(SecuritySupport.java:96) at java.security.AccessController.doPrivileged(Native Method) at javax.xml.parsers.SecuritySupport.getResourceAsStream(SecuritySupport.java:89) at javax.xml.parsers.FactoryFinder.findJarServiceProvider(FactoryFinder.java:250) at javax.xml.parsers.FactoryFinder.find(FactoryFinder.java:223) at javax.xml.parsers.DocumentBuilderFactory.newInstance(DocumentBuilderFactory.java:123) at org.apache.sling.scripting.jsp.jasper.xmlparser.ParserUtils.parseXMLDocument(ParserUtils.java:89) at org.apache.sling.scripting.jsp.jasper.xmlparser.ParserUtils.parseXMLDocument(ParserUtils.java:133) at org.apache.sling.scripting.j
ClassCircularityError when using LdapLoginModule (updated)
Apologies if this is a repeat, my first post didn't seem to make it:
I disabled the SimpleLoginModule in repository.xml and configured a
login.conf file with the com.sun.security.auth.module.LdapLoginModule (from
JDK 6). After creating LDAP users for the admin & anonymous identities,
Sling starts up fine.
However, when requesting a node with a JSP rendering script, the
JspScriptEngineFactory throws an ClassCircularityError on activate - it
seems to be looping in the RepositoryClassLoader as it tries to login to the
repository (stack trace is below). I debugged through this and find that
RepositoryClassLoaderProviderImpl has this code in getSession(String owner):
if (admin.getUserID().equals(owner)) {
return admin;
}
otherwise it tries to impersonate the "owner". I've verified that by
commenting out the owner check & always returning the admin session, the
ClassCircularityError doesn't occur.
When using LdapLoginModule, the userID returned from Session is the full
LDAP distinguished name (uid=admin,ou=People,ou=test1,o=test.com),while
owner is just "admin". This occurs because the Jackrabbit SessionImpl class
just grabs the first Principal from the Subject when it is initialized, and
that principal is LdapPrincipal in the case of the LdapLoginModule. The
LoginModule actually adds another (UserPrincipal), whose name is just
"admin", but this is not used or checked.
I'm not sure what the right approach to fix this is. It would be good if
RepositoryClassLoaderProviderImpl checked the owner string against all
Principal names in the Session's Subject. However, Session doesn't expose
it's Subject, so you can't do this. And there doesn't seem to be a way to
tell Jackrabbit which Principal to choose (like specify it should use first
instance of UserPrincipal, or first Principal whose name matches some
regex). The last option appears to be rewriting the LoginModule to store
the UserPrincipal first, which isn't desirable (and may not be possible for
other LoginModules).
15.08.2008 12:25:24.171 **ERROR** [SCR Component Actor]
org.apache.sling.scripting.jsp
[org.apache.sling.scripting.jsp.JspScriptEngineFactory] The activate method
has thrown an exception (java.lang.ClassCircularityError:
com/sun/security/auth/module/LdapLoginModule)
java.lang.ClassCircularityError:
com/sun/security/auth/module/LdapLoginModule
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.jackrabbit.core.security.AuthContext$JAAS.login(AuthContext.java:88)
at
org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1245)
at
org.apache.sling.jcr.base.internal.SessionPool.acquireSession(SessionPool.java:268)
at
org.apache.sling.jcr.base.internal.SessionPoolManager.login(SessionPoolManager.java:99)
at
org.apache.sling.jcr.base.AbstractSlingRepository.login(AbstractSlingRepository.java:240)
at
org.apache.sling.jcr.base.AbstractSlingRepository.loginAdministrative(AbstractSlingRepository.java:206)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderProviderImpl.getSession(RepositoryClassLoaderProviderImpl.java:103)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getSession(RepositoryClassLoaderFacade.java:185)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.getDelegateClassLoader(RepositoryClassLoaderFacade.java:195)
at
org.apache.sling.jcr.classloader.internal.RepositoryClassLoaderFacade.loadClass(RepositoryClassLoaderFacade.java:105)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.jackrabbit.core.security.AuthContext$JAAS.login(AuthContext.java:88)
at
org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1245)
at
org.apache.jackrabbit.core.SessionImpl.impersonate(SessionImpl.java:810)
at
org.apache.sling.jcr.base.internal.SessionPool.acquireSession(SessionPool.java:330)
at
org.a
RE: Build Failure with Revision 687019
This occurs when building with JDK 6, because the ScriptException class is
slightly different in JDK 6 vs BSF.
I edited BetterScriptException to pass the message as the super argument, and
initialize the cause exception using initCause. That then works on either JDK.
Rory
Rory Douglas
Senior Principal Consultant
Oracle Consulting
(sent from my Blackberry)
--Original Message--
From: Maruan Sahyoun <[EMAIL PROTECTED]>
Sent: Tue, August 19, 2008 4:26 AM
To: sling-dev@incubator.apache.org
Subject: Build Failure with Revision 687019
Dear team,
I've tried to build sling from scratch following the description
"Getting and Building Sling". Unfortunately that fails with the
following error
...
[INFO]
[INFO] Building Sling - Scripting - JSP Support
[INFO]task-segment: [clean, install]
[INFO]
[INFO] [clean:clean]
[INFO] [enforcer:enforce {execution: enforce-java}]
[INFO] [resources:resources]
[INFO] Using default encoding to copy filtered resources.
[INFO] [antrun:run {execution: default}]
[INFO] Executing tasks
[echo] ** WARNING (SLING-443)
**
[echo] On most platforms, building Sling currently requires
setting
[echo] MAVEN_OPTS="-Xmx256M", see https://issues.apache.org/
jira/browse/SLING-443
[echo] You might get a "java.lang.OutOfMemoryError: Java heap
space" if that
[echo] setting is not correct.
[echo]
*
[INFO] Executed tasks
[INFO] [compiler:compile]
[INFO] Compiling 119 source files to /home/msahyoun/workspace/sling/
scripting/jsp/target/classes
[INFO]
[ERROR] BUILD FAILURE
[INFO]
[INFO] Compilation failure
/home/msahyoun/workspace/sling/scripting/jsp/src/main/java/org/apache/
sling/scripting/jsp/JspScriptEngineFactory.java:[326,16] cannot find
symbol
symbol : variable message
location: class
org.apache.sling.scripting.jsp.JspScriptEngineFactory.BetterScriptExcept
ion
/home/msahyoun/workspace/sling/scripting/jsp/src/main/java/org/apache/
sling/scripting/jsp/JspScriptEngineFactory.java:[326,16] cannot find
symbol
symbol : variable message
location: class
org.apache.sling.scripting.jsp.JspScriptEngineFactory.BetterScriptExcept
ion
[INFO]
[INFO] For more information, run Maven with the -e switch
[INFO]
[INFO] Total time: 54 seconds
[INFO] Finished at: Tue Aug 19 13:07:12 CEST 2008
[INFO] Final Memory: 66M/159M
[INFO]
Am I missing something?
With kind regards
Maruan Sahyoun
Re: Build Failure with Revision 687019
Here it is (should have done this earlier ;-)
Regards,
Rory
Carsten Ziegeler wrote:
Rory Douglas wrote:
This occurs when building with JDK 6, because the ScriptException class is
slightly different in JDK 6 vs BSF.
I edited BetterScriptException to pass the message as the super argument, and
initialize the cause exception using initCause. That then works on either JDK.
Great, can you show us a patch?
Thanks
Carsten
Index: JspScriptEngineFactory.java
===
--- JspScriptEngineFactory.java (revision 685942)
+++ JspScriptEngineFactory.java (working copy)
@@ -322,8 +322,8 @@
private static class BetterScriptException extends ScriptException {
public BetterScriptException(String message, Exception cause) {
-super(cause);
-this.message = message;
+super(message);
+this.initCause(cause);
}
}
Accessing Felix services from Jackrabbit classes
I want to write a facade AccessManager implementation that will delegate to a bundle-provided service. The idea would be to register one or more bundles providing AccessManager implementations and be able to configure the paths and/or nodetypes that they control, though initially it will probably just delegate to one service (if available), and fallback to SimpleAccessManager logic if no AccessManager service is available. Since the AccessManager implementation is instantiated by Jackrabbit directly (has no Bundle- or ComponentContext), how can I get a handle to the Felix framework to lookup/listen for services? Would this even be advisable? Regards, Rory
Re: How do I create a Ruby template?
I think the extension you need is .erb (see org.apache.sling.scripting.ruby.ErbScriptEngineFactory#ERB_SCRIPT_EXTENSION) Joshua Oransky wrote: I'm just getting started with Sling. I've played around with the examples and feel pretty comfortable with the layout. However, I need to use Ruby as my scripting language. What extension do I use for a template that uses Ruby code? I tried various extensions, but nothing works. Thanks in advance - Josh
Re: How do I create a Ruby template?
Have you installed the ruby scripting bundle - I don't think it's
installed by default in the launchpad app?
Joshua Oransky wrote:
I tried that one. I get this:
Node dumped by HtmlRendererServlet
Node path: /content/maniatv/gameology
Resource metadata: {sling.resolutionPath=/content/maniatv/gameology}
Node properties
jcr:primaryType: nt:unstructured
I've looked all over for the answer. This doesn't seem to be a topic
explored very much.
-Josh
On Aug 20, 2008, at 12:02 PM, Rory Douglas wrote:
I think the extension you need is .erb (see
org.apache.sling.scripting.ruby.ErbScriptEngineFactory#ERB_SCRIPT_EXTENSION)
Joshua Oransky wrote:
I'm just getting started with Sling. I've played around with the
examples and feel pretty comfortable with the layout.
However, I need to use Ruby as my scripting language. What extension
do I use for a template that uses Ruby code? I tried various
extensions, but nothing works.
Thanks in advance - Josh
Re: Accessing Felix services from Jackrabbit classes
Hi Felix,
Thanks for this advice, I have it working now. I copied the mechanism
from SlingAuthenticator (for tracking AuthenticationHandler services)
almost verbatim. The facade checks the path property of each
DelegateAccessManager against the item path, and uses the appropriate
AM(s), or falls back to the default logic if there's no match.
The complication was the dependency on org.apache.jackrabbit.core/spi
classes (for AccessManager, HierarchyManager etc). They aren't exported
anywhere, so I tried embedding them (like the jackrabbit-server
bundle). This enabled the bundle to load, but caused linkage errors
when Jackrabbit tried to instantiate my AccessManager, since
org.apache.jackrabbit.core.security.AccessManager was being loaded in 2
places. The quick solution I found was to modify the jackrabbit-server
pom.xml to export o.a.j.core and o.a.j.spi packages, though I'd be
interested in finding out if there's another way.
I also implemented a basic ACL-based AccessManager bundle to test it
out. Let me know if you think these would be useful as samples.
Regards,
Rory
Felix Meschberger wrote:
Hi Rory,
Rory Douglas schrieb:
I want to write a facade AccessManager implementation that will
delegate to a bundle-provided service. The idea would be to register
one or more bundles providing AccessManager implementations and be
able to configure the paths and/or nodetypes that they control,
though initially it will probably just delegate to one service (if
available), and fallback to SimpleAccessManager logic if no
AccessManager service is available.
Since the AccessManager implementation is instantiated by Jackrabbit
directly (has no Bundle- or ComponentContext), how can I get a handle
to the Felix framework to lookup/listen for services? Would this
even be advisable?
Depends on who you ask ;-) I think this is a valuable extension of
Jackrabbit. Unfortunately, as you correctly note, Jackrabbit is
currently configured in an non-dependency-injection way.
Of course, I assume you know of the risk of allowing any provider to
plug in an AccessManager ;-)
As a solution I suggest you do the following:
* Create a new bundle and export the AccessManagerFacade class
and the extension interface.
* Configure your AccessManagerFacade into Jackrabbit. The
jackrabbit-server bundle will find the AccessManagerFacade
class with a dynamic import.
* Create a BundleActivator in your AccessManagerFacade bundle
along these lines (make sure to _not_export this class) :
public class Activator implements BundleActivator {
private static BundleContext context;
public static BundleContext getBundleContext() {
return context;
}
public void start(BundleContext context) {
this.context = context;
}
public void stop(BundleContext context) {
this.context = null;
}
* To find and use the real access managers the AccessManagerFacade
would then access the Activator.getBundleContext() method
This works thanks to OSGi's class loader isolation. The drawback is,
that the repository of course only works correctly if your
AccessManager bundle is started.
Hope this helps.
Regards
Felix
Regards,
Rory
Metatype information not showing up in webconsole
I noticed this several months back, that metatype information was not being rendered in the webconsole for some configuration options. Originally, it would happen after installing updated bundles (after a fresh checkout & build from trunk). Michael Marth alluded to this in SLING-757: > btw: "auth.annonymous.name" is a bit cryptic However, the metatype strings are showing up for some configs (notably the Sling POST Servlet). I can't see any difference between the bundle JARs - both contain metatype.xml and metatype.properties, and they look correct to me. Any idea why this is happening?
Re: Metatype information not showing up in webconsole
It looks like bundles with version 2.0.2.incubator all have their metatype strings appearing correctly, and any that are version 2.0.3.incubator-SNAPSHOT don't. This is after doing an update, clean, install cycle against trunk. If I subsequently update a 2.0.2 bundle to a 2.0.3snapshot via webconsole, it's configuration metatype strings stop working too (tried this with Sling POST servlet bundle). Rory Douglas wrote: I noticed this several months back, that metatype information was not being rendered in the webconsole for some configuration options. Originally, it would happen after installing updated bundles (after a fresh checkout & build from trunk). Michael Marth alluded to this in SLING-757: > btw: "auth.annonymous.name" is a bit cryptic However, the metatype strings are showing up for some configs (notably the Sling POST Servlet). I can't see any difference between the bundle JARs - both contain metatype.xml and metatype.properties, and they look correct to me. Any idea why this is happening?
Path component disappears
I have a node at path /sample/content/test, with a child node /entries. "entries" has a sling:resourceType="test/EntryList", but there is no script registered for that resourceType. If I browse to http://localhost:/sample/content/test/entries (i.e no selectors or extension), I get redirected to http://localhost:/sample/test/entries/ I realize some work has gone on recently with directory listing and resource resolution, but is this supposed to happen? The ResourceResolver mapping property is set to /content/- (a default value), which I had interpreted to mean URLs prefixed with /content, not all URLs containing /content. The checkbox next to "resource.resolver.new.name" is checked, but like the problem with the SlingAuthenticator allow-anonymous-access config, I'm unable to uncheck it.
Re: Path component disappears
I understand the part about requiring an extension to see the node contents, and how sling is appending a / to the URL to allow the directory listing feature to work if enabled, but should it be swallowing the "/content/" element in the path when it does so? It seems arbitrary: /sample/content/test/entries --> /sample/test/entries/ Bertrand Delacretaz wrote: Hi Rory, On Fri, Dec 12, 2008 at 10:07 PM, Rory Douglas wrote: ...If I browse to http://localhost:/sample/content/test/entries (i.e no selectors or extension), I get redirected to http://localhost:/sample/test/entries/... Yes, this recently changed (see SLING-770 for example) - you need to add an extension to see the "entries" node URL, .txt, .json, .xml ... ...The checkbox next to "resource.resolver.new.name" is checked, but like the problem with the SlingAuthenticator allow-anonymous-access config, I'm unable to uncheck it... The workaround is to install a more recent snapshot of the webconsole, see links to that in SLING-757 -Bertrand -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Using JSTL core taglib
I feel I'm missing something really simple here - how do I use the JSTL core taglib with JSP scripts in Sling? Other posters to this list appear to be using it succesfully, but whenever I add <%...@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %> to my JSPs they fail with: "The absolute uri: http://java.sun.com/jsp/jstl/core cannot be resolved in either web.xml or the jar files deployed with this application (500)". This is using the default launchpad/webapp project with embedded Jetty. The scripting/jsp project includes tag plugins for all the JSTL core library tags - do I still need to add jstl.jar/standard.jar to the webapp dependencies? Regards, Rory
Re: Problems Implementing a Custom AccessManager
Hi Sebastian
I went this route back in August, and came up against the same problems
(see [1]). I had the AccessManager working by exporting the .spi
classes from Sling's Jackrabbit bundle, but would intermittently run
into issues with the JAAS LoginModule after restarts. I think there may
be a need to specify the JAAS classes so they are added to the
system/framework classpath using sling.properties, but I don't
understand that mechanism & couldn't get it work. I ultimately
abandoned work on this because it didn't seem the right approach (as
Felix points out) to depend on non-API classes from the underlying
repository.
As for the AccessManager, I think there are plans to upgrade Sling to
Jackrabbit 1.5, so it may be more worthwhile to wait for that & use the
repository-ACL-based AccessManager that comes with 1.5 rather than
implementing your own. Or ping me & I can send you what I cobbled
together for ACL-based control.
Regards,
Rory
[1] http://markmail.org/message/ejzb4vk6nypmrf5s
Sebastian Gomez wrote:
Hi everyone.
I'm trying to secure the JCR repository creating a custom LoginModule and
AccessManager. The first one has gone OK, as it implements the JAAS standard
interface. On the other hand, the second one must implement Jackrabbit's
AccessManager interface, but as Sling's Jackrabbit Embedded Repository
bundle does not export the jackrabbit-core packages (that includes the
AccessManager interface), the only way to create my custom implementation
has been to embed the dependency in my bundle's classpath. This then makes a
ClassCastException occur in Jackrabbit's SessionImpl when my class is being
casted to the AccessManager interface (line 335). As I guess you'll know,
this is because my CustomAccessManager is implementing the AccessManager
loaded by my bundle's classloader, while Jackrabbit's SessionImpl will
expect the AccessManager loaded by the Jackrabbit Embedded Repository
bundle.
I'd like to know if someone has already come up with (and hopefully
resolved) the same problem as I have, because I guess it's quite a common
scenario. The easiest solution would be to make the Sling's Jackrabbit
Embedded Repository bundle to export the security package of jackrabbit-core
but I suppose there must be some reason for it not to be doing so. I'll
appreciate any indication.
Thanks in advance.
Sebastian Gomez.
P.S: Here's the line of org.apache.jackrabbit.core.SessionImpl where the
ClassCastException occurs, marked with a "=>" (in case it's of any use):
protected AccessManager createAccessManager(Subject subject,
HierarchyManager hierMgr)
throws AccessDeniedException, RepositoryException {
AccessManagerConfig amConfig =
rep.getConfig().getAccessManagerConfig();
try {
AMContext ctx = new AMContext(new
File(rep.getConfig().getHomeDir()),
rep.getFileSystem(),
subject,
hierMgr,
rep.getNamespaceRegistry(),
wsp.getName());
>AccessManager accessMgr = (AccessManager)
amConfig.newInstance();
accessMgr.init(ctx);
return accessMgr;
} catch (AccessDeniedException ade) {
// re-throw
throw ade;
} catch (Exception e) {
// wrap in RepositoryException
String msg = "failed to instantiate AccessManager
implementation: " + amConfig.getClassName();
log.error(msg, e);
throw new RepositoryException(msg, e);
}
}
Re: Problems Implementing a Custom AccessManager
You may also need org.apache.jackrabbit.spi.* if you use some HierarchyManager methods (e.g. getPath) in your AccessManager. I added the snippet below to jackrabbit-server bundle's POM: org.apache.jackrabbit.core.*, org.apache.jackrabbit.spi.* Sebastian Gomez wrote: Hi Felix. I tested what you told me, but I've seen it's not going to be possible only exporting org.apache.jackrabbit.core.security due to the fact that the AccessManager interface uses org.apache.jackrabbit.core.ItemId (so it will also need org.apache.jackrabbit.core exported, that by what you said I see is not an option). On the other hand I've had a look over the JSR-283 spec and the Jackrabbit 1.5 source code and it looks that it will include exactly what I need, so I think my best option is to hold on until you finish the migration. The thing is that I'm in a bit of a hurry with this part of my application, I've got my deadline quite near, so I hope you don't mind me daring to ask you how much time you estimate it will take (just to know if I can wait, or if I must implement this in some quick&dirty way and expect an upgrade in the future). Thanks a lot for your help, and I hope you can help me out with this last doubt. Br, SebatiAn Gomez ;) On Wed, Dec 17, 2008 at 2:44 PM, Felix Meschberger wrote: Hi Sebastien, Sebastian Gomez schrieb: Hi. Thanks for the answers. Is there any date scheduled for the upgrade to Jackrabbit 1.5? ACL was what I was thinking to use, so maybe the upgrade resolves my problem (although I haven't been able to find much documentation on ACL in 1.5 (if someone knows where I can find it I'll appreciate the indication). What worries me the most is that if ACL in 1.5 is not suitable enough for my app, what would be the way to go? As Alex said, I am already working on migrating Sling's Jackrabbit inclusion to 1.5. Now for documentation: There is the jackrabbit.apache.org site and there is a Jackrabbit Wiki. If you don't find any documentation there, it is probably best to just ask on the Jackrabbit dev or user list. Finally, since the Jackrabbit access control functionality is an implementation of the JSR-283 (JCR 2.0) access control functionality, you might find the appropriate description there. The public review draft is available from http://www.jcp.org/en/jsr/detail?id=283 Hope this helps. Regards Felix On Wed, Dec 17, 2008 at 1:34 AM, Torgeir Veimo wrote: On 17 Dec 2008, at 03:59, Rory Douglas wrote: As for the AccessManager, I think there are plans to upgrade Sling to Jackrabbit 1.5, so it may be more worthwhile to wait for that & use the repository-ACL-based AccessManager that comes with 1.5 rather than implementing your own. Or ping me & I can send you what I cobbled together for ACL-based control. ACLs are not suitable for most web applications. They're declarative, while most interactive web applications require implicit or application specific security constraints. Sling really needs to allow custom AccessManager implementations. -- Torgeir Veimo torg...@pobox.com -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: json on root node
I've noticed this too. From tracing through the code, I think the problem starts when writing out non-JCR Resources (like BundleResource or SyntheticResource). The dump(Resource, JSONWriter,int, int) method of JsonResourceWriter tries to adapt the given Resource to ValueMap, then a Map and finally a String. Those non-JCR Resources don't adapt to any of these, so the method just returns, rather than executing a JSONWriter.object()/JSONWriter.endObject() pair. I think this leaves the JSONWriter in the incorrect mode (set to 'o' in JSONWriter.key call at line 136), causing the failure on the subsequent node dump. If you have the dojo bundle installed (which renders the dojo javascript files as BundleResources) & try to dump http://localhost:/dojo.1.json, you'll see it renders the first file (AdapaterRegistry.js), but fails on the next. Unfortunately, I don't know enough about how this code is supposed to work to suggest a fix. Maybe those non-JCR resources should be adaptable to ValueMap or Map? Regards, Rory Torgeir Veimo wrote: Using http://localhost:8080/.json works, but trying http://localhost:8080/.infinity.json or http://localhost:8080/.1.json gives me an exception and error 500; org.apache.sling.commons.json.JSONException: Misplaced endArray. org.apache.sling.commons.json.io.JSONWriter.end(JSONWriter.java:203) org.apache.sling.commons.json.io.JSONWriter.endObject(JSONWriter.java:237) org.apache.sling.servlets.get.helpers.JsonResourceWriter.dump(JsonResourceWriter.java:128) org.apache.sling.servlets.get.helpers.JsonResourceWriter.dump(JsonResourceWriter.java:78) org.apache.sling.servlets.get.helpers.JsonRendererServlet.doGet(JsonRendererServlet.java:94) org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMethodsServlet.java:262) How do I fetch child nodes of the root node in json format? This is with sling current trunk from last week.
Re: json on root node
I had a similar issue dumping bundle resources (e.g. extensions/dojo content), does this fix address this too? Rory Rory Douglas Senior Principal Consultant Oracle Consulting (sent from my Blackberry) --Original Message-- From: "Bertrand Delacretaz" Sent: Tue, December 23, 2008 7:44 AM To: sling-dev@incubator.apache.org Subject: Re: json on root node On Mon, Dec 22, 2008 at 2:00 AM, Torgeir Veimo wrote: > Using http://localhost:8080/.json works, but trying > http://localhost:8080/.infinity.json or http://localhost:8080/.1.json gives > me an exception and error 500;... Fixed, see https://issues.apache.org/jira/browse/SLING-795 -Bertrand
Re: Upgrade to Jackrabbit 1.5
While following the steps in [1] to configure the Jackrabbit 1.5 DefaultAccessManager, I had to update the jackrabbit-api bundle configuration in the POM a little: 1) Updated from: org.apache.jackrabbit.api;version=1.4 to: org.apache.jackrabbit.api.*;version=1.5.0 2) Updated version to 1.5.0 This solved errors relating to references to org.apache.jackrabbit.api.security.user/principal packages. I also updated the embedded dependencies of jackrabbit-server bundle configuration in the POM to match those mentioned in Jackrabbit 1.5 release notes: 3) Changed/added the following: pdfbox;version=0.7.3, fontbox;version=0.1.0, jempbox;version=0.2.0, poi;version=3.0.2-FINAL, poi-scratchpad;version=3.0.2-FINAL, 4) Removed the direct nekohtml dependency (the newest 1.9.7 version gets pulled in via jackrabbit-text-extractors dependency). Lastly, to follow the final step in [1] (actually updating an ACL on a node), you need to get the AccessControlManager, which is currently only available on the SessionImpl class (), so I retained my jackrabbit-server POM tweak to make those o.a.j.core classes visible outside the bundle: org.apache.jackrabbit.core.*, org.apache.jackrabbit.spi.* That last tweak is ugly, and could perhaps be avoided by exporting a utility class from the jackrabbit-server bundle that can return the AccessControlManager without exposing the o.a.j.core classes (say, AccessControlUtil.getAccessControlManager(Session session))? Regards, Rory [1] http://www.nabble.com/Jackrabbit-1.5-Security-td21080602.html Felix Meschberger wrote: Hi all again, Well, I think, I have finished upgrading to Jackrabbit 1.5. There may be glitches, which should be fixed in the next few days... Please report any issues, you might find. Thanks. Regards Felix Felix Meschberger schrieb: Hi all, I am currently committing the changes to use Jackrabbit 1.5 in Sling. This may result in temporary failure building Sling. As soon as I am done, I will inform you. Regards Felix
Re: Since sling is support ing for jackrabbit 1.5 why doesn't provide http api for user manager?
You need to do two things to get access to
UserManager/PrincipalManager. First, you should remove the
org.apache.sling.jcr.jackrabbit.api bundle. Then download the
Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
That will export the releveant JSR283 packages.
Then you should be able to do the following (in a JSP or anywhere you
have a Session):
UserManager userManager = null;
if(session instanceof PooledJackrabbitSession) {
userManager = ((PooledJackrabbitSession)session).getUserManager();
} else {
// use reflection since Jackrabbit.core package not exported
Method m = session.getClass().getMethod("getUserManager");
userManager = (UserManager)m.invoke(session);
}
This same pattern works for PrincipalManager which is exposed on the
JackrabbitSession. If you want the AccessControlManager (to set ACLs),
you'll need to use the reflection approach only for now. You don't need
to actually access the "security" workspace in order to create & manager
users (although there's no good way to list all users right now, so
accessing the workspace probably would give you that ability).
I've created a utility class that wraps up all this messy code - I'll
open an issue & submit the patch now.
Regards,
Rory
yanshaozhiGmail wrote:
HI:
As I know , now sling is support for jackrabbit 1.5 , it will
more powerfull if sling can provide api for user manager .
And is there any way to implement user manage with sling
if I implement it myself ? how can I get ""security" workspace?
It's seems that there isn't "security" workspace in sling's
jackrabbit repository.
2009-01-08
yanjie
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
Yes, I think you'll need (at a minimum) to setup the SecurityManager.
If you setup the DefaultAccessManager, you can use AccessControlManager
to set ACLs on nodes for authorization. I haven't tried mixing these
with an external JAAS LoginModule, but I think it would work.
Otherwise, configure that too.
class="org.apache.jackrabbit.core.DefaultSecurityManager"
workspaceName="security">
class="org.apache.jackrabbit.core.security.DefaultAccessManager">
class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
Regards,
Rory
yanshaozhiGmail wrote:
HI:
thanks very much for telling me so much , I have another question ,
if I want to user the user manager in sling, Do I have to change the
sling code (sling repository: repository.xml replace the SimpleAccessManager
to DefultAccessManager and other interface.)
2009-01-08
yanshaozhiGmail
发件人: Rory Douglas
发送时间: 2009-01-08 23:41:11
收件人: sling-dev
抄送:
主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
You need to do two things to get access to
UserManager/PrincipalManager. First, you should remove the
org.apache.sling.jcr.jackrabbit.api bundle. Then download the
Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
That will export the releveant JSR283 packages.
Then you should be able to do the following (in a JSP or anywhere you
have a Session):
UserManager userManager = null;
if(session instanceof PooledJackrabbitSession) {
userManager = ((PooledJackrabbitSession)session).getUserManager();
} else {
// use reflection since Jackrabbit.core package not exported
Method m = session.getClass().getMethod("getUserManager");
userManager = (UserManager)m.invoke(session);
}
This same pattern works for PrincipalManager which is exposed on the
JackrabbitSession. If you want the AccessControlManager (to set ACLs),
you'll need to use the reflection approach only for now. You don't need
to actually access the "security" workspace in order to create & manager
users (although there's no good way to list all users right now, so
accessing the workspace probably would give you that ability).
I've created a utility class that wraps up all this messy code - I'll
open an issue & submit the patch now.
Regards,
Rory
yanshaozhiGmail wrote:
HI:
As I know , now sling is support for jackrabbit 1.5 , it will
more powerfull if sling can provide api for user manager .
And is there any way to implement user manage with sling
if I implement it myself ? how can I get ""security" workspace?
It's seems that there isn't "security" workspace in sling's
jackrabbit repository.
2009-01-08
yanjie
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
+1
If you don't set any ACLs, it appears to behave identically to the
Simple* setup.
Felix Meschberger wrote:
Hmm, I wonder, whether we should not change the default configuration of
the jackrabbit-server bundle to use the below setup instead of our
current Simple non-secured setup.
WDYT ?
Regards
Felix
Rory Douglas schrieb:
Yes, I think you'll need (at a minimum) to setup the SecurityManager.
If you setup the DefaultAccessManager, you can use AccessControlManager
to set ACLs on nodes for authorization. I haven't tried mixing these
with an external JAAS LoginModule, but I think it would work.
Otherwise, configure that too.
Regards,
Rory
yanshaozhiGmail wrote:
HI:
thanks very much for telling me so much , I have another question ,
if I want to user the user manager in sling, Do I have to change the
sling code (sling repository: repository.xml replace the
SimpleAccessManager
to DefultAccessManager and other interface.)
2009-01-08
yanshaozhiGmail
发件人: Rory Douglas 发送时间: 2009-01-08 23:41:11 收件人:
sling-dev 抄送: 主题: Re: Since sling is support ing for jackrabbit
1.5 why doesn't providehttp api for user manager?
You need to do two things to get access to
UserManager/PrincipalManager. First, you should remove the
org.apache.sling.jcr.jackrabbit.api bundle. Then download the
Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
That will export the releveant JSR283 packages.
Then you should be able to do the following (in a JSP or anywhere you
have a Session):
UserManager userManager = null;
if(session instanceof PooledJackrabbitSession) {
userManager = ((PooledJackrabbitSession)session).getUserManager();
} else {
// use reflection since Jackrabbit.core package not exported
Method m = session.getClass().getMethod("getUserManager");
userManager = (UserManager)m.invoke(session);
}
This same pattern works for PrincipalManager which is exposed on the
JackrabbitSession. If you want the AccessControlManager (to set
ACLs), you'll need to use the reflection approach only for now. You
don't need to actually access the "security" workspace in order to
create & manager users (although there's no good way to list all users
right now, so accessing the workspace probably would give you that
ability).
I've created a utility class that wraps up all this messy code - I'll
open an issue & submit the patch now.
Regards,
Rory
yanshaozhiGmail wrote:
HI:
As I know , now sling is support for jackrabbit 1.5 , it will
more powerfull if sling can provide api for user manager .
And is there any way to implement user manage with sling
if I implement it myself ? how can I get ""security" workspace?
It's seems that there isn't "security" workspace in sling's
jackrabbit repository.
2009-01-08
yanjie
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
Actually, if you need to, it's simple to access the "security" workspace
(if you have the admin credentials):
<%
Session jcrSession = currentNode.getSession();
SimpleCredentials creds = new
SimpleCredentials("admin","admin".toCharArray());
Session secSession = jcrSession.getRepository().login(creds,"security");
Query secQuery =
secSession.getWorkspace().getQueryManager().createQuery("//element(*,rep:User)","xpath");
QueryResult secResult = secQuery.execute();
%>
That should list all users configured in the repository (as a result of
UserManager.createUser() calls, and the admin/anonymous profiles).
yanshaozhiGmail wrote:
HI:
thanks very much for telling me so much , I have another question ,
if I want to user the user manager in sling, Do I have to change the
sling code (sling repository: repository.xml replace the SimpleAccessManager
to DefultAccessManager and other interface.)
2009-01-08
yanshaozhiGmail
发件人: Rory Douglas
发送时间: 2009-01-08 23:41:11
收件人: sling-dev
抄送:
主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
You need to do two things to get access to
UserManager/PrincipalManager. First, you should remove the
org.apache.sling.jcr.jackrabbit.api bundle. Then download the
Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
That will export the releveant JSR283 packages.
Then you should be able to do the following (in a JSP or anywhere you
have a Session):
UserManager userManager = null;
if(session instanceof PooledJackrabbitSession) {
userManager = ((PooledJackrabbitSession)session).getUserManager();
} else {
// use reflection since Jackrabbit.core package not exported
Method m = session.getClass().getMethod("getUserManager");
userManager = (UserManager)m.invoke(session);
}
This same pattern works for PrincipalManager which is exposed on the
JackrabbitSession. If you want the AccessControlManager (to set ACLs),
you'll need to use the reflection approach only for now. You don't need
to actually access the "security" workspace in order to create & manager
users (although there's no good way to list all users right now, so
accessing the workspace probably would give you that ability).
I've created a utility class that wraps up all this messy code - I'll
open an issue & submit the patch now.
Regards,
Rory
yanshaozhiGmail wrote:
HI:
As I know , now sling is support for jackrabbit 1.5 , it will
more powerfull if sling can provide api for user manager .
And is there any way to implement user manage with sling
if I implement it myself ? how can I get ""security" workspace?
It's seems that there isn't "security" workspace in sling's
jackrabbit repository.
2009-01-08
yanjie
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
I think those methods are implemented, but only return valid values when "allow anonymous access" is false. Otherwise getRemoteUser is always "anonymous" Regards Rory Rory Douglas Senior Principal Consultant Oracle Consulting (sent from my Blackberry) --Original Message-- From: Torgeir Veimo Sent: Thu, January 08, 2009 3:14 PM To: sling-dev@incubator.apache.org Subject: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager? On 9 Jan 2009, at 03:00, Rory Douglas wrote: > Actually, if you need to, it's simple to access the "security" > workspace (if you have the admin credentials): [...] Having SlingRequest implement getRemoteUser(), getUserPrincipal() and isUserInRole() would help a lot. -- Torgeir Veimo torg...@pobox.com
Problem with replaceSelectors in tag
I have a resource of type test/A, which has 2 rendering scripts at: (1) /apps/test/A/edit.html.jsp and (2) /apps/test/A/view.html.jsp. In those scripts I render resources of type test/B, which has rendering scripts at: (3) /apps/test/B/edit.small.jsp and (4) /apps/test/B/view.small.jsp (5) /apps/test/B/edit.html.jsp What is the correct syntax of a to include the edit.small rendering (3) of test/B inside the edit rendering (1) of test/A? I have but that doesn't work. I also tried addSelectors="small" but that didn't work either. Both of those yield an include of edit.html.jsp (5) instead of edit.small.html.jsp (3). Rory
Re: Problem with replaceSelectors in tag
Sorry, I incorrectly copied down the script names for (3) and (4) they are: (3) /apps/test/B/edit.small.html.jsp (4) /apps/test/B/view.small.html.jsp However, your suggestion works ((A) /apps/test/B/edit/small.html.jsp). It's a little confusing to me though, since (B) /apps/test/B/edit/small/html.jsp also works. Does that imply that at only the first dot-separated component of the scriptname can be considered as part of the selector string? Wouldn't it be more consistent to either: a) consider all dot-separated components part of the selector except the last 2 (those last 2 being the extension and the script language identifier) (like (3) and (4) or b) only allow the script name to be .
Re: Problem with replaceSelectors in tag
Thanks Alex, that explanation about IDEs makes a lot of sense. I was tracing through the code in debug yesterday, and I think the problem with not considering 2+ component selectors strings is in ResourceCollector.getWeightedResources (lines 174-247). I notice the do-while loop exited before considering my "edit.small" selector (requestSelectors[1]) because of the IF block at line 242: with selector "edit" (requestSelectors[0]) it attempts to set resource "current" to the resource path "current"/"selector" (which exists if I have my script as /apps/test/B/edit/small.html.jsp, but not if I only have /apps/test/B/edit.small.html.jsp). Current becomes null & causes the loop to exit. Is the solution perhaps to order the requestSelectors array prior to the do-while loop by decreasing number of dot-separated components? Regards, Rory Alexander Klimetschek wrote: On Tue, Jan 13, 2009 at 5:43 PM, Rory Douglas wrote: Sorry, I incorrectly copied down the script names for (3) and (4) they are: (3) /apps/test/B/edit.small.html.jsp (4) /apps/test/B/view.small.html.jsp However, your suggestion works ((A) /apps/test/B/edit/small.html.jsp). It's a little confusing to me though, since (B) /apps/test/B/edit/small/html.jsp also works. Does that imply that at only the first dot-separated component of the scriptname can be considered as part of the selector string? Wouldn't it be more consistent to either: a) consider all dot-separated components part of the selector except the last 2 (those last 2 being the extension and the script language identifier) (like (3) and (4) or b) only allow the script name to be .
Re: A question about sling launchpad
The fix I use is to just deploy commons-lang.jar (version 2.4) into the
framework, since it's OSGI-ified. I supposed it should be added to the
default dependencies deployed with the launchpad.
Bertrand Delacretaz wrote:
On Thu, Jan 15, 2009 at 9:17 PM, Pontus Amberg wrote:
I still encounter this while starting Sling. Should I create an entry in
JIRA so it isn't forgotten?...
Sure, go ahead - we meant to fix this but didn't get to it yet.
Thanks,
-Bertrand
yanshaozhiGmail schrieb:
When I built run the launchapd webapp with mvn jetty:run (the newest
sling), after the server started I encounter with a question as follow: (I
want to know it's ling's bug or not ,how can I do it?)
2009-01-05 21:48:43.616:/:WARN: ERROR: Error starting
slinginstall:org.apache.sling.jcr.ocm-2.0.3-i
ncubator-SNAPSHOT.jar (org.osgi.framework.BundleException: Unresolved
package in bundle 31: package;
(package=org.apache.commons.lang))
org.osgi.framework.BundleException: Unresolved package in bundle 31:
package; (package=org.apache.co
mmons.lang)
at
org.apache.felix.framework.Felix._resolveBundle(Felix.java:1728)
at org.apache.felix.framework.Felix._startBundle(Felix.java:1591)
at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
at
org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
at
org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
at java.lang.Thread.run(Thread.java:595)
2009-01-05 21:48:45.225:/:INFO: sling: Servlet sling initialized
2009-01-05 21:48:46.317::INFO: Started
selectchannelconnec...@0.0.0.0:
[INFO] Started Jetty Server
2009-01-05
yanshaozhiGmail
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
SlingServerRepository configuration change - expected behavior?
If I select the SlingServerRepository configuration in the webconsole ( the .2423424etc configuration, not the factory configuration), change a property (in this case, max idle sessions) and click "Save", I see a second configuration gets created ( .44534534etc), and I start seeing workspace lock errors from the RepositoryPinger. I can fix this by just deleting the old configuration, but is this expected behavior or a bug? I would expect this kind of behavior when clicking "Create" on a factory config only. Regards, Rory
Re: SlingServerRepository configuration change - expected behavior?
Looks like I'm running 1.2.2 of the console. I can reproduce this on FireFox 3, Google Chrome and IE 6 (all on WinXP). Regards, Rory Felix Meschberger wrote: Hi Rory, Rory Douglas schrieb: If I select the SlingServerRepository configuration in the webconsole ( the .2423424etc configuration, not the factory configuration), change a property (in this case, max idle sessions) and click "Save", I see a second configuration gets created ( .44534534etc), and I start seeing workspace lock errors from the RepositoryPinger. I can fix this by just deleting the old configuration, but is this expected behavior or a bug? I would expect this kind of behavior when clicking "Create" on a factory config only. This really sounds like a bug. Clicking save should really just store the configuration. Are you using the SNAPSHOT version of the console or the latest 1.2.2 release ? What browser are you using (I have a problem report with IE7). Regards Felix -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: SlingServerRepository configuration change - expected behavior?
I grabbed the latest trunk of the webconsole & updated. This fixed the issue. Thanks Felix Regards, Rory Felix Meschberger wrote: Hi Rory, I have tracked this down a bug in the web console, which actually creates a new factory configuration instance on each call to store the updated configuration. I created FELIX-885 [1] for this. I have committed a fix and deployed a SNAPSHOT version (1.2.3-20090118.131353-3) of the web console. Could you try with that version, whether your issue is fixed ? Many thanks. Regards Felix [1] https://issues.apache.org/jira/browse/FELIX-885 Rory Douglas schrieb: Looks like I'm running 1.2.2 of the console. I can reproduce this on FireFox 3, Google Chrome and IE 6 (all on WinXP). Regards, Rory Felix Meschberger wrote: Hi Rory, Rory Douglas schrieb: If I select the SlingServerRepository configuration in the webconsole ( the .2423424etc configuration, not the factory configuration), change a property (in this case, max idle sessions) and click "Save", I see a second configuration gets created ( .44534534etc), and I start seeing workspace lock errors from the RepositoryPinger. I can fix this by just deleting the old configuration, but is this expected behavior or a bug? I would expect this kind of behavior when clicking "Create" on a factory config only. This really sounds like a bug. Clicking save should really just store the configuration. Are you using the SNAPSHOT version of the console or the latest 1.2.2 release ? What browser are you using (I have a problem report with IE7). Regards Felix -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
JSP tag files
I've been experimenting with using JSP 2.0 tag files with Sling and have run into a few quirks that I thought were worth sharing. I am hoping to use tag files as an alternative to for small pieces of standardized content (like a consistent date output style, or link display). With I might need to create SyntheticResources with resource types like standard/ui/date to do the same thing (alternative suggestions welcomed :-) The way I've found to get tag files to work is to create a WEB-INF/tags directory under my Maven resources directory, and then configure the /WEB-INF path as a bundle resource. This actually works great, and the tag files are also picked up by the Eclipse JSP editor. The disadvantages are you have to redeploy your bundle to update the tag files; and there could be conflicts between bundles with identical tag file names (not sure what the bundle resource provider does in this case?) However, ideally, I'd like to be able to store these .tag files in the repository, much like my resource type scripts, or other static resources, and update them using WebDAV or cURL. The problem here is that the JSP compiler requires that tag files come from only 2 places (and their subdirectories): /WEB-INF/tags; or /META-INF/tags, if you have a JAR-based TLD containing a element. Unfortunately, you can't post content to /WEB-INF or /META-INF since they're protected by the web container itself :-( Lastly, you also can't use the /META-INF .tld method with a element due to the way Sling handles bundle TLDs. The bundle listener that registers them reports the location of a TLD as if the JSP page referenced the .TLD file directly, even though you actually use the uri attribute to reference it indirectly. This means the JSP compiler doesn't keep track of the JAR file where the TLD comes from, and so later has no way of finding the associated .tag files contained in it. This might be fixable by having the SlingTldLocationsCache object return the TLD location info as if the TLD is a JAR entry in the bundle JAR (if and only if the TLD contains a element), but I'm not sure it's worth it since deploying tag files from /META-INF is no more convenient than the /WEB-INF method. Regards, Rory
SlingAuthenticator with multiple Handlers for same path prefix
When multiple AuthenticationHandlers are registered for a given path prefix, the SlingAuthenticator tries each one in turn until one returns an AuthenticationInfo object. There is no way to control the order in which the handlers are tried. I suggest the AuthenticationHandler interface be extended to include additional properties for controlling the order in which authentication is attempted. I've implemented this with 2 new properties, Auth Priority and Auth Challenge Priority. The first one controls the order in which handlers are called for the authenticate() method. The second controls the order for the requestAuthentication() method. Using 2 properties allows you to register both the HTTP Auth handler and another (more interactive) handler simultaneously for the same set of paths. The HTTP Auth handler is then assigned the highest "Auth Priority". The interactive handler is assigned the highest "Auth Challenge Priority". If a request is received containing BASIC Auth credentials (i.e. from cURL/WebDAV), it is authenticated & the interactive handler is not tried. If, however, there are no BASIC auth credentials, the other handler is tried. If it too can't authenticate the current request, the SlingAuthenticator will then attempt the challenge process by calling requestAuthentication(). Here now, the interactive handler is called first, which can then show a login form, redirect to an SSO provider etc. I think this gives the behavior one would expect: cURL stills works fine if you provide credentials, and users accessing Sling via the browser get the custom login forms etc. Another alternative would be to register Handlers with a Path and a HostName. That way interactive handlers could be enabled only on certain hostnames, so they wouldn't interfere with cURL or WebDAV. Thoughts? Regards, Rory
Re: Restrict access to the content under a given node
Actually, currently in the HTTP Basic AuthHandler in the authenticate() method, the code looks for a request parameter 'sling:authRequestLogin' (value doesn't matter). If it finds it, the handler actually calls the requestAuthentication() method on itself. So you can force at the HTTP Auth login box to be displayed by just appending that param to your intended target URL. If you've already authenticated via HTTP BASIC, the request passes through directly to the target resource. Could this perhaps be generalized somehow? Perhaps moved into the SlingAuthenticator? Felix Meschberger wrote: Hi Douglas, Douglas José schrieb: Hi Felix, First of all, many thanks for your suggestions. Now I understand better how Sling behaves, but I still have some unclear points: - How can I create an authenticated request? It seems like you stumbled up an issue, which has not been handled yet ;-) Internally we have an API to request authentication for a request. This functionality selects the appropriate authentication handler for the request (according to the requested resource), which in turn then acts correctly, be it by just sending a 401/UNAUTHORIZED reply or by presenting a login form. Unfortunately this API cannot be triggered from the outside.
Re: SlingAuthenticator with multiple Handlers for same path prefix
I've been using the priority ordering method locally for a while and it works OK, but I agree that it might not always be flexible enough to handle corner cases. The more I think about it, the more I feel the authentication handlers should be registered with applicable virtual hosts (as Felix suggested earlier). I'm not sure that multiple handlers for a given virtual host & path would be a very common scenario - more common would be the following (assuming an appropriately secured network/DMZ): http://public.my.site.com -> requires some kind of SSO, OpenID etc http://admin.my.site.com -> uses only HTTP Basic auth, for content updates via cURL etc, perhaps only visible to local network It would be nice to hook into the existing Virtual Host support, by just registering the appropriate handlers for the mapped virtual paths (e.g http://public.my.site.com -> /content/public/site), but I think request authentication is performed only on the originally requested URL, not any translations/mapping internal to Sling, correct? In that case, perhaps we could just modify the AuthenticationHandler PATH property handling in SlingAuthenticator to allow including the virtual hostname and even the protocol for matching purposes? So the following would apply: Path=/ Applies to: all URLs across all virtual hosts (1) Path=//public.my.site.com/ Applies to: all URLs on the public.my.site.com host (2) Path=//public.my.site.com/protected Applies to: URLs starting with /protected on public.my.site.com host (3) Path=https://public.my.site.com/protected/personalinfo/ Applies to: URLs starting with /protected/personalinfo on public.my.site.com host under SSL (4) The priority ordering would work from most specific to most general, so above (4) would have priority over (3), (3) over (2) etc. This could be implemented by changing getAuthenticationHandlers() method to return a Map> - the first lookup is by protocol, the second by hostname, the last by path. How does that sound? Regards, Rory Alexander Klimetschek wrote: On Sun, Feb 1, 2009 at 2:27 AM, Rory Douglas wrote: When multiple AuthenticationHandlers are registered for a given path prefix, the SlingAuthenticator tries each one in turn until one returns an AuthenticationInfo object. There is no way to control the order in which the handlers are tried. A solution that is sub-optimal, but at least gives you full control and works with current Sling, is simply to write your custom authentication handler that handles all cases in the correct order. For example, if you want to handle OpenID and fall back to HTTP Basic Auth if no OpenID is available, you could subclass from the existing basic auth handler; in there you call/check for OpenID auth first and call the super implementation if no OpenID is available. This way you can also handle corner-cases where two authentication schemes might overlap in some way. But I would still opt for re-use of existing classes through simple configuration, most cases are probably rather simple and just require the proper order. Regards, Alex
Re: How to disable login Pop-Up
Hello Nitesh If you enter the credentials one time, they should be perisisted by your browser for the whole session across all paths. If that's not happening, something strange is happening. Note that the credentials you enter for the Felix console (/system/console) are not for the same realm, so you need to separately authenticate to the repository for other paths. I think you'd usually want people to authenticate to a blogging app, so I assume this is for development purposes. There are a few things you can do: 1) a) Enable anonymous access in the Request Authenticator AND b) Set the node ACLs appropriately so "anonymous" is allowed to write to them. (You should be able to use the AccessControlUtil getUserManager(Session) and and getAccessControlManager(Session) methods to create/get the anonymous user & setup the ACLs.) 2) If you really just want to write everything as one configured user & never have people login, you could implement a dummy AuthenticationHandler that just returns those default credentials for every request. Register that handler for the "/" path and uninstall the HTTP Auth bundle. Regards, Rory Nitesh Ambuj wrote: Hi All, I have created a Blog application on Sling Framework but it keeps on popping the window for login credentials. Could you please let me know how to disable the popup asking for sling credentials (admin/admin)? I guess this can be done by the allowing the anonymous user at the Felix configuration console. But when I trying to write something it's throwing me error because anonymous don't have the write permission on the repository. Thanks & Regards, Nitesh Ambuj
Re: How can I realize authentication in sling?
Hi Yanjie From your first post, it seems you're really more interested in authorization than authentication, but both are handled (to different degrees) in Sling. For authentication, you can configure one of the provided handlers (HTTP Basic or OpenID) to be active on one or more paths or host/path combinations. This takes care of extracting the credentials of the remote user from the request & providing them to Sling. For user management, you can use the new SlingPostOperations to create & update users (or groups) associated with the above credentials. These are the Jackrabbit/repository -level identities that are needed in order to use the authorization features. For authorization, you can use the AccessControlUtil class to add/remove/update ACLs on repository nodes, referring to the above users/groups. This last part is from memory and may be incorrect :-): by default a fresh Jackrabbit 1.5 repository has 2 users (admin and anonymous), and 3 groups (administrators, UserAdmin, and GroupAdmin). There are no ACLs initially, though the admin user always has full permissions anyway. After you set an initial ACL, I think you will see a root-level ACL will be added explicitly giving the admin user full permissions (though *not* the administrators group!!!). I believe the details of the above are covered elsewhere in the mailing archives - let me know if this doesn't resolve your questions. Regards, Rory yanjie wrote: HI felix: Glad to recieve your answer , I think it's important for a content manager system to have authentication control. If there is no authenticatioin control , user management will be less useful. I think the users of sling really hope sling can add the authentication's function early. waiting ... thanks. 2009-03-02 yanjie 发件人: Felix Meschberger 发送时间: 2009-02-28 05:03:18 收件人: sling-dev 抄送: 主题: Re: How can I realize authentication in sling? Hi, yanjie schrieb: Hi everyone: I want to give a user some policy to handle a node(read or write or modify..) , and other users don't have the policy . Or a group has the policy and the users in the group all have the authentication . how can I use sling to realize it? Sling employs the authentication and access control functionality of the underlying JCR repository (Jackrabbit by default). So you have to create users and groups in Jackrabbit (I have applied the SLING-875 patches by Eric Norman today to enable user/group management in Sling. In addition you have to set access control in the repository. This is more problematic at the moment because Jackrabbit 1.5 embedded in Sling only contains partial support for JSR-283 (aka JCR 2.0) access control support. Maybe others on the list are more knowledgeable in this respect... Regards Felix -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: Using a custom AccessManager
Prior to Jackrabbit 1.5, I did similar work for an ACL-based AccessManager (see [1]). The difference was I hacked the server bundle to export the desired classes & created an AccessManagerFacade that would load up implementations from bundles. You can look at o.a.s.jcr.jackrabbit.server.security.LoginModulePlugin and o.a.s.jcr.jackrabbit.server.impl.security.PluggableDefaultLoginModule for another approach that doesn't require exporting core Jackrabbit classes, but does require providing delegate classes for any core API you want to expose outside the jackrabbit-server bundle. Regards, Rory Vidar Ramdal wrote: I'm in a situation where I want to write my own Jackrabbit AccessManager (I think). However, to do so, I must implement org.apache.jackrabbit.core.security.AccessManager, and none of the org.apache.jackrabbit.core.* packages are exported by any of the Jackrabbit bundles provided by Sling, so I'm unable to provide my AccessManager in a bundle. I have got my stuff running by hacking/extending the jackrabbit-server bundle, but this is hardly optimal. Does anyone have any suggestions for a better approach? Or maybe we could provide some extension point in Sling, to plug-in a custom AccessManager bundle into the supplied jackrabbit-server bundle? -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: Using a custom AccessManager
Sorry...here it is (early morning here) [1]. Unfortunately, it doesn't say much more than my first post ;-) [1] http://markmail.org/message/bea62gkwcknkw3hp Vidar Ramdal wrote: On Fri, Mar 6, 2009 at 3:44 PM, Rory Douglas wrote: Prior to Jackrabbit 1.5, I did similar work for an ACL-based AccessManager (see [1]). The difference was I hacked the server bundle to export the desired classes & created an AccessManagerFacade that would load up implementations from bundles. You can look at o.a.s.jcr.jackrabbit.server.security.LoginModulePlugin and o.a.s.jcr.jackrabbit.server.impl.security.PluggableDefaultLoginModule for another approach that doesn't require exporting core Jackrabbit classes, but does require providing delegate classes for any core API you want to expose outside the jackrabbit-server bundle. Interesting, thanks! So, maybe the best approach would be a PluggableAccessManager. What do you guys think? I could have a shot at implementing it, if you think it's a good idea. BTW, I think you forgot the link [1] - I'd really like to see it :) -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: Initial content loading: Overwrite from multiple bundles
I was wondering about this too. I think the issue is that the overwrite appears to happen from the top level directory (e.g. /apps), and content is literally replaced with exactly what is in the overwriting bundle. So in even if you separate out /apps/foo and /apps/foo/gui/css into different bundles, depending on the order of install, you'll only have one of the directory structures present at the end. I stopped using ;overwrite:=true for this reason. I verified this now by adding the overwrite option to the espblog sample & all my custom scripts disappeared from apps (can someone else confirm this behavior?) This may be desirable behavior in some situations, but many applications & modules are going to install content starting at /apps, so perhaps there should be a third option like 'update:=true', that does only an additive overwrite? Regards, Rory Felix Meschberger wrote: Hi Andreas, Andreas Hartmann schrieb: is it possible to load overlapping initial content from multiple bundles when overwriting is enabled? E.g. if I have the following bundles with content: IIRC the initial content tree should be disjoint for different bundles if overwrite is set. bundle "core": content/apps/foo/index.html bundle "gui": content/apps/foo/gui/css/foo.css When I install either of these bundles, the content of the other module is removed. Is there any way around this, or do I have to disable overwriting? So maybe in your core bundle you should just provide content/apps/foo/index.html while in the gui bundle you should provide contetn/apps/foo/gui. Hope this helps. Regards Felix -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: Initial content loading: Overwrite from multiple bundles
Aaah, missed that. Cool. Only thing that comes to mind though - what about registering scripts for sling/servlet/default or sling/servlet/errorhandler in different bundles? Felix Meschberger wrote: Hi, Rory Douglas schrieb: I was wondering about this too. I think the issue is that the overwrite appears to happen from the top level directory (e.g. /apps), and content is literally replaced with Actually, by default the content is added from the root (/) unless the path parameter is used as in : /content;overwrite:=true;path=/some/lower/level Regards Felix exactly what is in the overwriting bundle. So in even if you separate out /apps/foo and /apps/foo/gui/css into different bundles, depending on the order of install, you'll only have one of the directory structures present at the end. I stopped using ;overwrite:=true for this reason. I verified this now by adding the overwrite option to the espblog sample & all my custom scripts disappeared from apps (can someone else confirm this behavior?) This may be desirable behavior in some situations, but many applications & modules are going to install content starting at /apps, so perhaps there should be a third option like 'update:=true', that does only an additive overwrite? Regards, Rory Felix Meschberger wrote: Hi Andreas, Andreas Hartmann schrieb: is it possible to load overlapping initial content from multiple bundles when overwriting is enabled? E.g. if I have the following bundles with content: IIRC the initial content tree should be disjoint for different bundles if overwrite is set. bundle "core": content/apps/foo/index.html bundle "gui": content/apps/foo/gui/css/foo.css When I install either of these bundles, the content of the other module is removed. Is there any way around this, or do I have to disable overwriting? So maybe in your core bundle you should just provide content/apps/foo/index.html while in the gui bundle you should provide contetn/apps/foo/gui. Hope this helps. Regards Felix -- Rory Douglas | Senior Principal Consultant Fax: +1-201-604-6428 | Mobile: +1-917-498-5344 Oracle North America Consulting ORACLE United States | | San Diego, CA "Please consider your environmental responsibility before printing this e-mail"
Re: Prefixes for JCR node names
I believe you can access namespace-prefixed nodes using the namespace-mangling feature of the resource resolver, try: /tutorial/_app_content/content/chapter1 You can change the regex used for this mangling in the Felix webconsole configuration screen for "Apache Sling Resource Resolver" However, it also sounds like perhaps you don't have an actual "app" namepace, but rather a node name containing an escaped/transformed prefix - I'm not familiar enough with Sling to know how this came about. How did you create this test content tree? Regards, Rory Andreas Hartmann wrote: Hi Sling devs, sorry if this basic question has been answered before – I didn't find anything. If I want to distinguish JCR item names belonging to my application from user-generated items, my first idea would be to use a prefix: /tutorial /app:content > nt:resource /content /chapter1 (How) is this compatible with Sling's URI mapping? I did some tests, but somehow I couldn't access a prefixed node (like app:content) over HTTP. Strangely, when I mount the repository via WebDAV, the folder name is "app/content" (not a hierarchy, but as the name of a single folder). Is it discouraged to use node name prefixes in Sling? Should I use a naming convention instead, e.g. appContent? TIA! -- Andreas
Re: Can't resize images in Sling
I think you might have to add them to the Felix framework system or
bootdelegation packes in order to be accessible (in sling.properties),
see the comments for property org.osgi.framework.bootdelegation.
The JRE classes are added to the org.osgi.framework.system.packages
property depending on JRE version, and the included classes are only
those specified in the jre-.properties files, which don't
include any com.sun.* or sun.* package by default
Regards,
Rory
Joshua Oransky wrote:
I'm trying to resize an image using basic Java2D, but I keep getting
this error:
Can't find method
sun.java2d.SunGraphics2D.drawImage(org.apache.jackrabbit.core.NodeImpl,number,number,number,number,null).
This doesn't make any sense, as these classes are part of the basic
JavaSE install... My code is simple:
<% load("/apps/whipopen/global/functions.esp");
var imageIO = Packages.javax.imageio;
var awt = Packages.java.awt.image;
var image;
if(jcrSession.itemExists(imagePath))
image = jcrSession.getItem(imagePath);
var bImage =
imageIO.ImageIO.read(image.getProperty("jcr:data").getStream());
var rImage = resize(image, 100, 200);
imageIO.ImageIO.write(rImage, "png", out);
function resize(image, width, height) {
var resizedImage = new awt.BufferedImage(width, height,
awt.BufferedImage.TYPE_INT_ARGB);
var g = resizedImage.getGraphics();
g.drawImage(image, 0, 0, width, height, null);
g.dispose();
return resizedImage;
}
%>
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
Re: [RT] sling and couchdb
J Aaron Farr wrote: I think it might be in this team's interest to do a comparison between couch and sling and publish it. Having people start to look at sling as a couchdb alternative for Java could be a very good thing. I'm not very familiar with CouchDB at all, but after reviewing the CouchDB wiki & website, this is what stands out to me: Similarities: 1) Both frameworks can be thought of as schema-free "document" or "content" centric data storage 2) Both can generate JSON representations of these documents 3) Both support distributed replication of data to multiple nodes 4) Both are integrated with search technology and provide methods for querying stored data 5) Both support development in a variety of scripting & formal languages Differences: 1) Sling (well Jackrabbit) can optionally enforce schema statically through primary & mixin node types 2) The concurrent conflict resolution process & locking (or lack of it) appear quite different. For content editing purposes with multiple writers, the CouchDB approach appears quite powerful. 3) Sling can generate any kind of representation for a specific "document", not just JSON 4) a) Sling is more concerned with providing flexible ways to generate different representations for logical content types - it is more "content"-centric b) As a consequence, it provides many features useful to a CMS system: flexible script resolution, background job architecture, extensible content model (resources) 5) a) CouchDB is more concerned with providing flexible ways to manipulate unstructured data - it is more "data"-centric b) As a consequence, it provides many features useful to a database system: high performance updates, replication, conflict resolution c) CouchDB is a standalone server architecture - you store your data there, not your application 6) Sling is built on the OSGI framework & Java, which means you normally build your Sling apps on those platforms. By providing bundles with custom code, scripts & contents you essentially build apps "in" Sling. The whole app is deployed like a standard Java web application. Underlying data storage is delegated to whatever Jackrabbit persistence mechanism you plug in (typically a standard relational DB). 7) You also could use Sling as a standalone data storage server from a completely separate web application platform (e.g. .Net), accessing JSON or XML data representations via HTTP client libraries, or client-side scripting languages. If any of the above is off-base or plain wrong, I apologize. I thought it was an interesting question because I'd wondered about CouchDB myself in the past (but haven't had nearly enough time to truly investigate it). Regards, Rory
Re: How can I realize authentication in sling?
Torgeir Veimo wrote: I have to agree, having programmatically security is much more useful in a lot of scenarios. One example is when the security requirements changes. If you have a lot of ACLs in a very large repository, it becomes a nightmare to change. It would be very handy to be able to express permission in terms of scripts, with an appropriate selector mechanism. That sounds like an interesting idea. We could provide an AccessManager implementation that uses something like the Sling servlet resolution process to locate per-resource-type or per-path "AccessHandler". These services would then make the authorization decisions for the types or paths they control. This might make implementing access policies like the one Vidar described much simpler (than implementing an AccessManager or plugin from scratch), since you enforce the policy at the type level rather than at the each instance node of that type. For instance if I may have a need to restrict access to nodes under paths "/user/username" to be visible only to the user named "username". I can of course create an appropriate ACL every time I create a new node under the /user path, but it would be simpler & more reliable to just register a path-based AccessHandler that controls /user, and just checks that current authenticated user = username taken from the path. I realize the downside of this approach is that, unlike the default Jackrabbit ACLs, these kinds of policies aren't persisted in the repository (they'd essentially be persisted in the Felix framework properties if the registration of AccessHandlers was handled like servlets), however, that might be acceptable for many applications. This approach also addresses something I've previously wondered about: access to servlets that are registered by path (like /system/sling/login). There doesn't appear to be any way to apply access control to these paths currently? WDYT? Rory
Re: Integrate Sling with data from another system
At one point I experimented with a custom ResourceProvider that provided REST-ful access to database tables. The idea works conceptually, but requires that you re-create a fair amount of functionality that already works out-of-the-box with JCR Node Resources. I think that's what you alluded to with the discussion of URL parsing & 20+ controllers. However, I think you could use this idea, and then dispense with actually importing the data as XML into the repository & rather just access it directly from the source system (if it's a DB, service-bus, file-system etc). In particular, it appears the Sling-side of your application doesn't require updating this data, so that would simplify the implementation. I eventually abandoned my approach because I didn't have time to re-implement all the SlingPostServlet functionality for creation/update (which is JCR node specific) for my custom Resource Types. tao wen wrote: Hi, There are two issues stopped us from importing them as JCR nodes: 1. the data not owned by us It is owned by a backend system. So, it will need to be updated once a day at least. 2. the data has rules For example, products have dependencies. When we show the product catalogue, we allow user to play with different packaging possibilities. We need to apply the domain logic to validate the package user built. So, if we store things in JCR nodes, we need to use OCM to map it back to memory and invoke domain logic. Also, the relationships of domain entities are very rich, also add complexitity to the mappings. 2009/3/16 Michael Marth
JCR Explorer (was: Summer of Code is upon us)
Just FYI there is a *very* basic repository explorer example included as
part of the Dojo-Sling bundle, on the demo page
/dojox/data/demo/demo4.html. It refers to some sample content that
appears to have disappeared from the build (at /samplenodes), so it
doesn't work out of the box. If you search & replace in that file
changing: url="/samplenodes" to url="/", that should fix it (though it
will also make some of the ComboBox examples incredibly slow depending
on the size of your repo).
Once fixed, if you click on the "Complete" tab, you get a left-pane tree
view of the repo, and a right-pane details view of the selected node's
properties. You can also add properties to the selected node. It
currently makes no attempt to distinguish between different node types,
provide specialized editors for different property types, handle binary
content etc. You also can't add new nodes :-) Also due to the current
way the SlingNodeStore & SlingPropertyStore are implemented, changes are
persisted immediately. I'm working on a fix that will allow an
edit/commit style interaction with those stores.
If you're having trouble getting it working, make sure to upgrade your
Dojo bundle to the latest 1.2.x release (1.2.3 I believe).
Bertrand Delacretaz wrote:
Sure - creating a minimal "kernel" that allows for editing plugins
would be a good start.
And the rest ("create editing plugins for the Sling JCR Explorer")
could still be a GSoC project?
Security in Sling
Bertrand Delacretaz wrote: 2) Prevent legitimate scripts from messing up with the system An variant of 2) just showed up in the "Accessing JCR" thread. Looks like anyone that can upload a script can do the following: <% SlingRepository repo = sling.getService(SlingRepository.class); Session superSession = repo.loginAdministrative(null); // and then do anything, like superSession.getRootNode().remove(); %> Regards, Rory
RE: [VOTE] Graduate Apache Sling as a top level project
[X] +1 Graduate as a top level project Non-binding, but enthusiastic:-) Regards Rory Rory Douglas Senior Principal Consultant Oracle Consulting (sent from my Blackberry) --Original Message-- From: Felix Meschberger Sent: Mon, May 18, 2009 7:13 AM To: Sling Developers Subject: [VOTE] Graduate Apache Sling as a top level project Hi all, After the second release and an ever growing community, I think we are ready to graduate from the Incubator. At the beginning we entered the Incubator sponsored by the Apache Jackrabbit project with the potential goal of graduating as a subproject to Jackrabbit. Over time, it showed, that Sling will have a life on its own and that the communities of Jackrabbit and Sling are sufficiently different. As a consequence the common opinion of the PPMC is that Sling might best graduate as an Apache Top Level Project. The PPMC has in the meantime held a vote on proposing the first PMC chair and I have updated the graduation-resolution-draft accordingly [1]. So here is the vote: [ ] +1 Graduate as a top level project [ ] 0 Don't care [ ] -1 Don't graduate yet, because The vote is open for the next 72 hours. Every vote is welcome, especially votes from our Mentors. Only votes from PPMC members are considered binding. Thanks and Regards Felix [1] http://cwiki.apache.org/SLING/graduation-resolution-draft.html
Openid integration for Sling 3
Hi Tanmay I went down this road once before when developing the OpenIDAuthenticationHandler. OpenID4Java has a large number of dependencies, some of which are not even required for basic operation (though your last email is not an example of that). I eventually switched (at Felix's suggestion) to using the dyuproject OpenID APIs, which are very lightweight in terms of dependencies & much easier to integrate. Take a look at that and see if it accomplishes what you need. Also, if you are just implementing OpenID authentication (and not self-registration, attribute exchange etc) for Sling, there is already an OpenID hander in bundles/extensions/openidauth that might work for you. Regards, Rory
resource type xpath question.
Ian Boston wrote: And, how would I do the same for a sling:resourceType (that is not a node type) ie I believe you can just use: //*...@sling:resourceType='my/resourceType' and jcr:contains(."test")]
[jira] Commented: (SLING-608) Provide Authentication Control
[ https://issues.apache.org/jira/browse/SLING-608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12622098#action_12622098 ] Rory Douglas commented on SLING-608: One way of improving the authentication aspect is to enable Jetty JAAS by adding the jetty-plus dependency, then configuring a in the launchpad/webapp pom.xml (in the configuration section of the maven-jetty-plugin). You'll need to setup the usual J2EE security constraints in web.xml as well (possibly protecting the whole app). The missing piece would be (I think) an implementation of AuthenticationHandler that just calls request.getRemoteUser(). I've gotten the first part of this to work using the basic PropertyFileLoginModule that comes with Jetty, though an LDAP or JDBC-based one would be more useful. > Provide Authentication Control > -- > > Key: SLING-608 > URL: https://issues.apache.org/jira/browse/SLING-608 > Project: Sling > Issue Type: Improvement > Components: Documentation, JCR, Launchpad >Affects Versions: Launchpad Webapp 3 >Reporter: Marvin Phelps > > Sling sits atop a content repository - so there should be better examples of > how to post versions and list versions. (mix:versionable). I managed to find > out how to do this using the Day notes application. Secondly, it's now > apparent to me that the LaunchPad webapp is using Jackrabbit's > SimpleLoginModule and by default it allows access for every user: even > http://doodoo:[EMAIL PROTECTED]:/ Sling needs to have some authentication > strategy built-in. With this stuff provided in Launchpad, Sling would be more > usable out of the box. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-301) Dojo Classes for accessing the repository via the µjax protocol
[ https://issues.apache.org/jira/browse/SLING-301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12658420#action_12658420 ] Rory Douglas commented on SLING-301: The current store implementations don't work well with some common widgets (in particular ComboBox and FilteringSelect), in latest 1.2 Dojo releases. There are 2 problems: one, these widgets use the "query" parameter to pass a wildcarded fragment of user input to accomplish the autocomplete feature, but the SlingNodeStore/SlingPropertyStore currently only do exact string matches against the query; and two, this autocomplete query overwrites the filtering query specified on the store itself, when it really should be merged/ANDed with it. I've fixed the 2 classes to accomodate these wildcard queries (copied code from ItemFileReadStore). I've also made some changes/enhancements to the SlingNodeStore : 1) Moved 'level' out of 'query', put it in optional 'queryOptions' param instead (and renamed to 'depth') 2) Use common 'queryOptions' parameters 'deep' (along with 'depth') to control how hierarchy below target node is returned 2)a)If 'deep' is true, return all nodes below target up to 'depth'. If 'depth' not specified, use 'infinity'. b)If 'deep' is false, return only nodes at 'depth' below target node. If 'depth' not specified, use 1. So, with the following hierarchy, and store url="/test" /samplenodes /content/ /list1 /nodeA /subNodeA /list2 /nodeB /data /nodeC deep=true, depth=2 gives [samplenodes,content,list1,nodeA,list2,nodeB,nodeC,data] deep=true, no depth gives [samplenodes,content,list1,nodeA,subNodeA,nodeB,list2,nodeC,data] deep=false, depth=2 gives [nodeA,nodeB] deep=false, no depth gives [samplenodes] The behavior is consistent when used with ComboBox, but a little weird for Trees (where deep=false is default). Overriding deep to true for a tree can put the same node into the tree multiple times at different levels. Setting a depth for a ComboBox with deep=false sets the level from which nodes are retrieved, but for a Tree it only sets the depth at which the tree starts, it doesn't actually restrict the depth of the tree. So I've added another property 'treeDepth' (set in 'overrideDepth') which sets the the tree depth limit. This parameter has no effect on ComboBoxes since it's only enforced in the get/hasChildren methods. 3) Added attributes 'overrideDeep' and 'overrideDepth' to enable store to override values passed in via 'queryOptions' for 'deep' and 'depth'. Primarily useful since 'deep' defaults to 'false' for DataStores, but is hard-coded to 'true' in requests from ComboBox. 4) Merged specified store query with incoming queries from widgets before executing feth 5) Added attributes 'statement' and 'searchprops' to enable specifying a search query for the JsonQueryServlet, rather than a JsonRendererServlet URL. The modified files are attached as a zip (dojo.sling.patch.20081221.zip). Also includes a new demo page (demo4.html) and a set of sample nodes (samplenodes.json) used by the demo. > Dojo Classes for accessing the repository via the µjax protocol > --- > > Key: SLING-301 > URL: https://issues.apache.org/jira/browse/SLING-301 > Project: Sling > Issue Type: Improvement > Components: Servlets Post >Reporter: Lars Trieloff >Assignee: Felix Meschberger >Priority: Minor > Attachments: demo.html, demo2.html, demo4.html, dojo-ujax.tar.gz, > SlingNodeStore.js, SlingPropertyStore.js > > > I've created two Dojo Store implementations that use the µjax protocol to > communicate with the repository. The UJaxNodeStore implements a read-only > hierarchical store (I am planning to add write support later on) that can be > used to read properties and children of a node. The UJaxPropertyStore > implements a read-write flat store for accessing the properties of a node. > The Store showcases a high-level integration with a full-fledged AJAX toolkit > that allows easy integration with an existing widget system. > Using these store classes, it was easy to create an example repository > browser that uses a tree control and a grid control to browse the resource > tree and allows to create new and change existing properties. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-301) Dojo Classes for accessing the repository via the µjax protocol
[ https://issues.apache.org/jira/browse/SLING-301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-301: --- Attachment: dojo.sling.patch.20081221.zip Updates to SlingNodeStore & SlingPropertyStore to work with Dojo 1.2, plus feature enhancements > Dojo Classes for accessing the repository via the µjax protocol > --- > > Key: SLING-301 > URL: https://issues.apache.org/jira/browse/SLING-301 > Project: Sling > Issue Type: Improvement > Components: Servlets Post >Reporter: Lars Trieloff >Assignee: Felix Meschberger >Priority: Minor > Attachments: demo.html, demo2.html, demo4.html, dojo-ujax.tar.gz, > dojo.sling.patch.20081221.zip, SlingNodeStore.js, SlingPropertyStore.js > > > I've created two Dojo Store implementations that use the µjax protocol to > communicate with the repository. The UJaxNodeStore implements a read-only > hierarchical store (I am planning to add write support later on) that can be > used to read properties and children of a node. The UJaxPropertyStore > implements a read-write flat store for accessing the properties of a node. > The Store showcases a high-level integration with a full-fledged AJAX toolkit > that allows easy integration with an existing widget system. > Using these store classes, it was easy to create an example repository > browser that uses a tree control and a grid control to browse the resource > tree and allows to create new and change existing properties. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-792) Adapt Sling(Node|Property)Store to Dojo 1.2 and some extensions
[ https://issues.apache.org/jira/browse/SLING-792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12659602#action_12659602 ] Rory Douglas commented on SLING-792: This works for me, thanks! I'm not sure I have rights to close the issue though... > Adapt Sling(Node|Property)Store to Dojo 1.2 and some extensions > --- > > Key: SLING-792 > URL: https://issues.apache.org/jira/browse/SLING-792 > Project: Sling > Issue Type: Improvement > Components: Extensions >Reporter: Felix Meschberger >Assignee: Felix Meschberger > > Creating issue from the extension provided by Rory Douglas in > https://issues.apache.org/jira/browse/SLING-301?focusedCommentId=12658420#action_12658420: > The current store implementations don't work well with some common widgets > (in particular ComboBox and FilteringSelect), in latest 1.2 Dojo releases. > There are 2 problems: one, these widgets use the "query" parameter to pass a > wildcarded fragment of user input to accomplish the autocomplete feature, but > the SlingNodeStore/SlingPropertyStore currently only do exact string matches > against the query; and two, this autocomplete query overwrites the filtering > query specified on the store itself, when it really should be merged/ANDed > with it. > I've fixed the 2 classes to accomodate these wildcard queries (copied code > from ItemFileReadStore). I've also made some changes/enhancements to the > SlingNodeStore : > 1) Moved 'level' out of 'query', put it in optional 'queryOptions' param > instead (and renamed to 'depth') > 2) Use common 'queryOptions' parameters 'deep' (along with 'depth') to > control how hierarchy below target node is returned > 2)a)If 'deep' is true, return all nodes below target up to 'depth'. If > 'depth' not specified, use 'infinity'. > b)If 'deep' is false, return only nodes at 'depth' below target node. If > 'depth' not specified, use 1. > So, with the following hierarchy, and store url="/test" > /samplenodes > /content/ > /list1 > /nodeA > /subNodeA > /list2 > /nodeB > /data > /nodeC > deep=true, depth=2 gives > [samplenodes,content,list1,nodeA,list2,nodeB,nodeC,data] > deep=true, no depth gives > [samplenodes,content,list1,nodeA,subNodeA,nodeB,list2,nodeC,data] > deep=false, depth=2 gives [nodeA,nodeB] > deep=false, no depth gives [samplenodes] > The behavior is consistent when used with ComboBox, but a little weird for > Trees (where deep=false is default). Overriding deep to true for a tree can > put the same node into the tree multiple times at different levels. Setting a > depth for a ComboBox with deep=false sets the level from which nodes are > retrieved, but for a Tree it only sets the depth at which the tree starts, it > doesn't actually restrict the depth of the tree. So I've added another > property 'treeDepth' (set in 'overrideDepth') which sets the the tree depth > limit. This parameter has no effect on ComboBoxes since it's only enforced in > the get/hasChildren methods. > 3) Added attributes 'overrideDeep' and 'overrideDepth' to enable store to > override values passed in via 'queryOptions' for 'deep' and 'depth'. > Primarily useful since 'deep' defaults to 'false' for DataStores, but is > hard-coded to 'true' in requests from ComboBox. > 4) Merged specified store query with incoming queries from widgets before > executing feth > 5) Added attributes 'statement' and 'searchprops' to enable specifying a > search query for the JsonQueryServlet, rather than a JsonRendererServlet URL. > The modified files are attached as a zip (dojo.sling.patch.20081221.zip). > Also includes a new demo page (demo4.html) and a set of sample nodes > (samplenodes.json) used by the demo. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-795) JSON dump of / children fails due to /system synthetic resource
[ https://issues.apache.org/jira/browse/SLING-795?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12659603#action_12659603 ] Rory Douglas commented on SLING-795: This works for me now > JSON dump of / children fails due to /system synthetic resource > --- > > Key: SLING-795 > URL: https://issues.apache.org/jira/browse/SLING-795 > Project: Sling > Issue Type: Bug > Components: Servlets Get >Reporter: Bertrand Delacretaz >Assignee: Bertrand Delacretaz >Priority: Minor > Fix For: Servlets Get 2.0.4 > > > Requesting http://localhost:8080/.1.json for example fails with > org.apache.sling.commons.json.JSONException: Misplaced endArray -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-796) Corrupt json output with resources from a bundle or other places
[ https://issues.apache.org/jira/browse/SLING-796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12659604#action_12659604 ] Rory Douglas commented on SLING-796: this works for me now > Corrupt json output with resources from a bundle or other places > > > Key: SLING-796 > URL: https://issues.apache.org/jira/browse/SLING-796 > Project: Sling > Issue Type: Bug > Components: Servlets Get >Affects Versions: Servlets Get 2.0.2 >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler > Fix For: Servlets Get 2.0.4 > > > When outputting json through the JsonResourceWriter, the resource is tried to > adapted to a ValueMap, Map and as a last resort String. > If the resource is can't be adapted to any of the three, only the key is > outputted with no value, creating a corrupt json. > As in this case there is nothing one can really output, I think it makes > sense to just output an empty object. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (SLING-818) Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5
Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5 - Key: SLING-818 URL: https://issues.apache.org/jira/browse/SLING-818 Project: Sling Issue Type: Improvement Components: JCR Affects Versions: JCR Base 2.0.4 Reporter: Rory Douglas Priority: Trivial Create a utility class to wrap up accessing JSR283 classes: UserManager, PrincipalManager and AccessControlManager. Also provide utility methods for accessing Jacrabbit-specific ACL features (allow/deny ACLs). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-818) Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5
[ https://issues.apache.org/jira/browse/SLING-818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-818: --- Attachment: AccessControlUtil.java AccessControlUtil uses reflection and/or casting to JackrabbitSession to access. Currently there is no way to access getSession on PooledSession, so getAccessManager may not work (it's working for me though, from a JSP). Could move this class into .internal package, but that's not exported??? > Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5 > - > > Key: SLING-818 > URL: https://issues.apache.org/jira/browse/SLING-818 > Project: Sling > Issue Type: Improvement > Components: JCR >Affects Versions: JCR Base 2.0.4 >Reporter: Rory Douglas >Priority: Trivial > Attachments: AccessControlUtil.java > > > Create a utility class to wrap up accessing JSR283 classes: UserManager, > PrincipalManager and AccessControlManager. Also provide utility methods for > accessing Jacrabbit-specific ACL features (allow/deny ACLs). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-818) Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5
[ https://issues.apache.org/jira/browse/SLING-818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-818: --- Attachment: (was: AccessControlUtil.java) > Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5 > - > > Key: SLING-818 > URL: https://issues.apache.org/jira/browse/SLING-818 > Project: Sling > Issue Type: Improvement > Components: JCR >Affects Versions: JCR Base 2.0.4 >Reporter: Rory Douglas >Priority: Trivial > Attachments: AccessControlUtil.java > > > Create a utility class to wrap up accessing JSR283 classes: UserManager, > PrincipalManager and AccessControlManager. Also provide utility methods for > accessing Jacrabbit-specific ACL features (allow/deny ACLs). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-818) Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5
[ https://issues.apache.org/jira/browse/SLING-818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-818: --- Attachment: AccessControlUtil.java Updated to remove references to PooledSessions > Create a utility class to simplify accessing JSR283 classes in Jackrabbit 1.5 > - > > Key: SLING-818 > URL: https://issues.apache.org/jira/browse/SLING-818 > Project: Sling > Issue Type: Improvement > Components: JCR >Affects Versions: JCR Base 2.0.4 >Reporter: Rory Douglas >Priority: Trivial > Attachments: AccessControlUtil.java > > > Create a utility class to wrap up accessing JSR283 classes: UserManager, > PrincipalManager and AccessControlManager. Also provide utility methods for > accessing Jacrabbit-specific ACL features (allow/deny ACLs). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (SLING-823) Allow overriding default workspace via request parameter & cookie (like the sudo parameter)
Allow overriding default workspace via request parameter & cookie (like the sudo parameter) --- Key: SLING-823 URL: https://issues.apache.org/jira/browse/SLING-823 Project: Sling Issue Type: New Feature Components: Engine Affects Versions: Engine 2.0.2 Reporter: Rory Douglas Priority: Minor Attachments: metatype.properties, SlingAuthenticator.java Enable access to non-default workspace using a request parameter & cookie analogous to how the sudo impersonation is currently handled. Make this override behavior configurable via a property, and default it to off for backwards compatibility/security. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-823) Allow overriding default workspace via request parameter & cookie (like the sudo parameter)
[ https://issues.apache.org/jira/browse/SLING-823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-823: --- Attachment: SlingAuthenticator.java Added method handleWorkspaceOverride > Allow overriding default workspace via request parameter & cookie (like the > sudo parameter) > --- > > Key: SLING-823 > URL: https://issues.apache.org/jira/browse/SLING-823 > Project: Sling > Issue Type: New Feature > Components: Engine >Affects Versions: Engine 2.0.2 >Reporter: Rory Douglas >Priority: Minor > Attachments: metatype.properties, SlingAuthenticator.java > > > Enable access to non-default workspace using a request parameter & cookie > analogous to how the sudo impersonation is currently handled. Make this > override behavior configurable via a property, and default it to off for > backwards compatibility/security. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-823) Allow overriding default workspace via request parameter & cookie (like the sudo parameter)
[ https://issues.apache.org/jira/browse/SLING-823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-823: --- Attachment: metatype.properties Added config strings for workspace override > Allow overriding default workspace via request parameter & cookie (like the > sudo parameter) > --- > > Key: SLING-823 > URL: https://issues.apache.org/jira/browse/SLING-823 > Project: Sling > Issue Type: New Feature > Components: Engine >Affects Versions: Engine 2.0.2 >Reporter: Rory Douglas >Priority: Minor > Attachments: metatype.properties, SlingAuthenticator.java > > > Enable access to non-default workspace using a request parameter & cookie > analogous to how the sudo impersonation is currently handled. Make this > override behavior configurable via a property, and default it to off for > backwards compatibility/security. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (SLING-839) OpenID AuthenticationHandler
OpenID AuthenticationHandler Key: SLING-839 URL: https://issues.apache.org/jira/browse/SLING-839 Project: Sling Issue Type: New Feature Components: Engine, Extensions, General Reporter: Rory Douglas Priority: Minor An implementation of AuthenticationHandler for authenticating users against OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-839: --- Attachment: openidauth.zip Project was created under the extensions directory. It requires the OpenID4Java libraries - the maven repo for that is in the POM. > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General > Reporter: Rory Douglas >Priority: Minor > Attachments: openidauth.zip > > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-839: --- Attachment: (was: openidauth.zip) > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General > Reporter: Rory Douglas >Priority: Minor > Attachments: openidauth.zip > > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-839: --- Attachment: openidauth.zip Updated to remove "overwrite=true" from initial content instruction > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General >Reporter: Rory Douglas >Priority: Minor > Attachments: openidauth.zip > > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12667263#action_12667263 ] Rory Douglas commented on SLING-839: I absolutely agree about all the openid4java dependencies, a real pain. Unfortunately, icu4j and xalan were required & they add 6+MB. Higgins is only required for InfoCard, which is not being used (I included all the deps in the pom for clariy). Only the required deps (causing ClassNotFoundExceptions) were embedded. However, I wish I'd seen dyuproject earlier. It looks like it has all we need, and since the OpenID interaction in the handler is confined to 2 methods, I think I can easily rip out openid4java & replace with dyu - I'll give it a try. The OpenID provider was included because I figured eventually I might have to build integration/unit tests for the handler that could be run as part of the build, non-interactively & without access to an online provider or real OpenID credentials. It would definitely make sense to split that out, at least into a testing module. Given all the library dependencies, it may not be worth it though :-) I'll post an updated handler shortly (with all the license bits). > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General >Reporter: Rory Douglas >Priority: Minor > Attachments: openidauth.zip > > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12667271#action_12667271 ] Rory Douglas commented on SLING-839: I think a stupid provider would be fine, but it would need to handle the OpenID protocol details correctly (message signing, nonce generation), since the client verifies the response message. I didn't take the time to figure out if that was something easy to fake without using existing libraries. > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General >Reporter: Rory Douglas >Priority: Minor > Attachments: openidauth.zip > > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-839: --- Attachment: (was: openidauth.zip) > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General > Reporter: Rory Douglas >Priority: Minor > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-839: --- Attachment: openidauth.zip Updated OpenID handler now uses dyuproject libraries > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General > Reporter: Rory Douglas >Priority: Minor > Attachments: openidauth.zip > > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (SLING-849) Enhance SlingAuthenticator's handler selection mechanism
Enhance SlingAuthenticator's handler selection mechanism Key: SLING-849 URL: https://issues.apache.org/jira/browse/SLING-849 Project: Sling Issue Type: Improvement Components: Engine Affects Versions: Engine 2.0.2 Reporter: Rory Douglas Priority: Minor Currently, AuthenticationHandlers can only be registered by path. It would be useful to be able to register them with additional attributes, in particular hostname, to enable different authentication mechanisms for different virtual hosts. It may also be useful to indicate a priority, for ordering purposes when 2 or more handlers are registered for the same set of attributes (path, hostname etc). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-849) Enhance SlingAuthenticator's handler selection mechanism
[ https://issues.apache.org/jira/browse/SLING-849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-849: --- Attachment: SlingAuthenticator.java I've extended the current AuthenticationHandler.PATH property processing to include handling of hostname and protocol. Only the SlingAuthenticator is affected by this change. Existing path registrations (starting with '/') will work as-is. New mappings are possible: //hostname //hostname:port //hostname/path http://hostname https://hostname:port/path etc > Enhance SlingAuthenticator's handler selection mechanism > > > Key: SLING-849 > URL: https://issues.apache.org/jira/browse/SLING-849 > Project: Sling > Issue Type: Improvement > Components: Engine >Affects Versions: Engine 2.0.2 >Reporter: Rory Douglas >Priority: Minor > Attachments: SlingAuthenticator.java > > > Currently, AuthenticationHandlers can only be registered by path. It would > be useful to be able to register them with additional attributes, in > particular hostname, to enable different authentication mechanisms for > different virtual hosts. It may also be useful to indicate a priority, for > ordering purposes when 2 or more handlers are registered for the same set of > attributes (path, hostname etc). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (SLING-852) PluggableLoginModule to provide DefaultLoginModule extensions via bundle services
PluggableLoginModule to provide DefaultLoginModule extensions via bundle services - Key: SLING-852 URL: https://issues.apache.org/jira/browse/SLING-852 Project: Sling Issue Type: New Feature Components: JCR Affects Versions: JCR Jackrabbit Server 2.0.2 Reporter: Rory Douglas Priority: Minor Enhance the Jackrabbit Server module by adding a PluggableDefaultLoginModule extending DefualtLoginModule and a LoginModulePlugin interface. The PluggableDefaultLoginModule uses the LoginModulePlugin instances to verify the credentials presented by the user. The PluggableDefaultLoginModule falls back to the DefaultLoginModule implementation if there is not support for the Credentials instance presented. This approach allows custom AuthenticationHandlers to provide custom login behavior for the Credentials they pass to the SlingAuthenticator - particularly useful when no password is made available to the handler by the authentication process. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-852) PluggableLoginModule to provide DefaultLoginModule extensions via bundle services
[ https://issues.apache.org/jira/browse/SLING-852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-852: --- Attachment: jackrabbit-server.patch Path to jackrabbit-server to accomplish this. Includes changes to POM and manifest.mf related to package refactoring, but not the package refactoring of existing classes. > PluggableLoginModule to provide DefaultLoginModule extensions via bundle > services > - > > Key: SLING-852 > URL: https://issues.apache.org/jira/browse/SLING-852 > Project: Sling > Issue Type: New Feature > Components: JCR >Affects Versions: JCR Jackrabbit Server 2.0.2 > Reporter: Rory Douglas >Priority: Minor > Attachments: jackrabbit-server.patch > > > Enhance the Jackrabbit Server module by adding a PluggableDefaultLoginModule > extending DefualtLoginModule and a LoginModulePlugin interface. The > PluggableDefaultLoginModule uses the LoginModulePlugin instances to verify > the credentials presented by the user. > The PluggableDefaultLoginModule falls back to the DefaultLoginModule > implementation if there is not support for the Credentials instance presented. > This approach allows custom AuthenticationHandlers to provide custom login > behavior for the Credentials they pass to the SlingAuthenticator - > particularly useful when no password is made available to the handler by the > authentication process. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-839) OpenID AuthenticationHandler
[ https://issues.apache.org/jira/browse/SLING-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-839: --- Attachment: openidauth.patch Includes fix to detect when a successfully authenticated OpenID user fails repository-level login. Also adds LoginModulePlugin functionality described in SLING-852. > OpenID AuthenticationHandler > > > Key: SLING-839 > URL: https://issues.apache.org/jira/browse/SLING-839 > Project: Sling > Issue Type: New Feature > Components: Engine, Extensions, General > Reporter: Rory Douglas >Priority: Minor > Attachments: openidauth.patch, openidauth.zip > > > An implementation of AuthenticationHandler for authenticating users against > OpenID providers. Includes basic UI for login & logout. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-852) PluggableLoginModule to provide DefaultLoginModule extensions via bundle services
[ https://issues.apache.org/jira/browse/SLING-852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-852: --- Attachment: (was: jackrabbit-server.patch) > PluggableLoginModule to provide DefaultLoginModule extensions via bundle > services > - > > Key: SLING-852 > URL: https://issues.apache.org/jira/browse/SLING-852 > Project: Sling > Issue Type: New Feature > Components: JCR >Affects Versions: JCR Jackrabbit Server 2.0.2 > Reporter: Rory Douglas >Priority: Minor > > Enhance the Jackrabbit Server module by adding a PluggableDefaultLoginModule > extending DefualtLoginModule and a LoginModulePlugin interface. The > PluggableDefaultLoginModule uses the LoginModulePlugin instances to verify > the credentials presented by the user. > The PluggableDefaultLoginModule falls back to the DefaultLoginModule > implementation if there is not support for the Credentials instance presented. > This approach allows custom AuthenticationHandlers to provide custom login > behavior for the Credentials they pass to the SlingAuthenticator - > particularly useful when no password is made available to the handler by the > authentication process. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-852) PluggableLoginModule to provide DefaultLoginModule extensions via bundle services
[ https://issues.apache.org/jira/browse/SLING-852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rory Douglas updated SLING-852: --- Attachment: jackrabbit-server.patch Fixed an old class name in repository.xml > PluggableLoginModule to provide DefaultLoginModule extensions via bundle > services > - > > Key: SLING-852 > URL: https://issues.apache.org/jira/browse/SLING-852 > Project: Sling > Issue Type: New Feature > Components: JCR >Affects Versions: JCR Jackrabbit Server 2.0.2 > Reporter: Rory Douglas >Priority: Minor > Attachments: jackrabbit-server.patch > > > Enhance the Jackrabbit Server module by adding a PluggableDefaultLoginModule > extending DefualtLoginModule and a LoginModulePlugin interface. The > PluggableDefaultLoginModule uses the LoginModulePlugin instances to verify > the credentials presented by the user. > The PluggableDefaultLoginModule falls back to the DefaultLoginModule > implementation if there is not support for the Credentials instance presented. > This approach allows custom AuthenticationHandlers to provide custom login > behavior for the Credentials they pass to the SlingAuthenticator - > particularly useful when no password is made available to the handler by the > authentication process. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-882) SlingNodeStore.isDirty(item) always returns false
[
https://issues.apache.org/jira/browse/SLING-882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680530#action_12680530
]
Rory Douglas commented on SLING-882:
I think this is intentional. If you look at the setValue() implementation,
you'll see that any changes made via dojo.api.Write API methods are immediately
persisted via a POST to Sling, and there's no client-side caching of items, so
nothing is ever really dirty. That's always why the save() method is a no-op.
However, client-side caching & basic transactionality would be cool stuff to
have - I've been running into cases where I need that recently.
> SlingNodeStore.isDirty(item) always returns false
> -
>
> Key: SLING-882
> URL: https://issues.apache.org/jira/browse/SLING-882
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Reporter: Andreas Hartmann
>Priority: Minor
>
> isDirty: function(/* item? */ item) { console.log("isDirty");
> return false;
> },
> Is this on purpose, or is it just not implemented yet?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-883) SlingNodeStore.newItem() adds item URI as property
[
https://issues.apache.org/jira/browse/SLING-883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680540#action_12680540
]
Rory Douglas commented on SLING-883:
I think the problem is that non-Sling/3rd party widgets expect the item
attributes to exist directly on the item, not on an attribute called "content"
- in particular tables, grids etc. Perhaps we can rather do the following:
newItem: function(/* Object? */ keywordArgs, /*Object?*/ parentInfo) {
...
var item = keywordArgs;
delete item.uri;
..
it might also make sense then to use a more obscure naming scheme for these
internal housekeeping attributes (_uri, or _slingNodeStore:URI), and also allow
the attribute used to be configurable on the store, to avoid conflicts with
actual node item names.
> SlingNodeStore.newItem() adds item URI as property
> --
>
> Key: SLING-883
> URL: https://issues.apache.org/jira/browse/SLING-883
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Reporter: Andreas Hartmann
>Priority: Minor
>
> SlingNodeStore.newItem() uses the passed item argument directly to create the
> Sling resource. Since the item has a "uri" field, the corresponding "uri"
> property of the Sling resource will be set. This causes an exception if the
> JCR node type doesn't support this property.
> Maybe it makes sense to use a "content" field inside the item object to
> provide the content:
> store.newItem({
> uri: "/foo/bar/baz",
> content: {
> "jcr:primaryType": "foo:bar"
> }
> });
> Index: src/main/resources/dojox/data/SlingNodeStore.js
> ===
> --- src/main/resources/dojox/data/SlingNodeStore.js (revision 752029)
> +++ src/main/resources/dojox/data/SlingNodeStore.js (working copy)
> @@ -638,7 +638,7 @@
>
> var xhr = xhr = dojo.xhrPost({
> url: item.uri,
> -content: item,
> +content: item.content,
> load: function(response, ioargs) {
>item.dirty = false;
>console.log("onNew");
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-535) Align Node and Property Stores with Dojo's upcoming JsonRestStore
[ https://issues.apache.org/jira/browse/SLING-535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12681515#action_12681515 ] Rory Douglas commented on SLING-535: The current SlingNodeStore can be used with a dijit.Tree, there are examples of this in the example file /dojox/data/demo/demo4.html. Note, that file is a little outdated and refers to a /samplenodes URL that used to be included in the build prior to some reorg. Editing that file and setting all the urls of the SlingNodeStore's to / or some other existing URL should make the samples work. There are some extra options on SlingNodeStore that allow finer control of the content returned when attaching a store to the a TreeModel. > Align Node and Property Stores with Dojo's upcoming JsonRestStore > - > > Key: SLING-535 > URL: https://issues.apache.org/jira/browse/SLING-535 > Project: Sling > Issue Type: Improvement > Components: Extensions >Reporter: Lars Trieloff >Assignee: Lars Trieloff >Priority: Minor > > Dojo 1.2 will include (aside from widget beautification) a JsonRestStore that > works very closely to what we already have in the dojo extensions, but it > provides some additional features like object synchronization (which is good > performance-wise if you are doing many reads on a node) and integration with > Google Gears for offline support. > Thanks to Michael Marth for spotting this and please assign this issue to me > if possible. > http://www.sitepen.com/blog/2008/06/13/restful-json-dojo-data/ -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-535) Align Node and Property Stores with Dojo's upcoming JsonRestStore
[ https://issues.apache.org/jira/browse/SLING-535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12681716#action_12681716 ] Rory Douglas commented on SLING-535: I think both approaches are equally valid. I definitely see the advantage in your approach, where we rely on out-of-the-box Dojo components for stores & widgets, and customize the JSON-providing server-side to match what the stores expect. On the other hand, given the intent of the dojo.data API, I'm not sure it's a considerable maintenance burden implementing a Sling-specific store either. I don't think any server-side API intended for a dojo.data Store should really be widget-specific - it should be possible to plug the same JSON structure into a store, then that store into a Tree or a ComboBox and get the expected results. The current SlingNodeStore/SlingPropertyStore were based off of older DataStore examples, they could definitely benefit from being reworked as ServiceStore subclasses. However, in conjunction with latest Dojo 1.2 releases (i.e., not the one that's included with the build), they work correctly with a variety of widgets (Tree, ComboBox, Grid). I must admit, I haven't tested them with the Dojo 1.1 that comes with the build ;-) Regardless, having multiple ways to do things is always great, so I think a JSONRestStore API would be an excellent addition. > Align Node and Property Stores with Dojo's upcoming JsonRestStore > - > > Key: SLING-535 > URL: https://issues.apache.org/jira/browse/SLING-535 > Project: Sling > Issue Type: Improvement > Components: Extensions >Reporter: Lars Trieloff >Assignee: Lars Trieloff >Priority: Minor > > Dojo 1.2 will include (aside from widget beautification) a JsonRestStore that > works very closely to what we already have in the dojo extensions, but it > provides some additional features like object synchronization (which is good > performance-wise if you are doing many reads on a node) and integration with > Google Gears for offline support. > Thanks to Michael Marth for spotting this and please assign this issue to me > if possible. > http://www.sitepen.com/blog/2008/06/13/restful-json-dojo-data/ -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-883) SlingNodeStore.newItem() adds item URI as property
[
https://issues.apache.org/jira/browse/SLING-883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12681821#action_12681821
]
Rory Douglas commented on SLING-883:
Actually looking at this again, the issue with newItem() is actually improper
use of dojo.data.Write API. The docs for that API indicate the first argument
is not an item, but just a keywordArgs object whose attributes are intended to
be the attributes on the new item.
It's the store's responsibility to provide items, to validate that objects are
items, and to provide callers with a list of attributes & attribute values
given an item. So the internal structure of a returned item is intended to be
a blackbox to widgets & calling code & shouldn't be relied upon directly.
If you want to create a new item that's a copy of an existing item, you need to
use the store getValues/getAttributes methods to copy all the values &
attribute names off the source item into a simple object, and provide that to
the newItem method. So I think the code is correct in its current form.
> SlingNodeStore.newItem() adds item URI as property
> --
>
> Key: SLING-883
> URL: https://issues.apache.org/jira/browse/SLING-883
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Reporter: Andreas Hartmann
>Priority: Minor
>
> SlingNodeStore.newItem() uses the passed item argument directly to create the
> Sling resource. Since the item has a "uri" field, the corresponding "uri"
> property of the Sling resource will be set. This causes an exception if the
> JCR node type doesn't support this property.
> Maybe it makes sense to use a "content" field inside the item object to
> provide the content:
> store.newItem({
> uri: "/foo/bar/baz",
> content: {
> "jcr:primaryType": "foo:bar"
> }
> });
> Index: src/main/resources/dojox/data/SlingNodeStore.js
> ===
> --- src/main/resources/dojox/data/SlingNodeStore.js (revision 752029)
> +++ src/main/resources/dojox/data/SlingNodeStore.js (working copy)
> @@ -638,7 +638,7 @@
>
> var xhr = xhr = dojo.xhrPost({
> url: item.uri,
> -content: item,
> +content: item.content,
> load: function(response, ioargs) {
>item.dirty = false;
>console.log("onNew");
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
